Ron Frederick

I needed functionality like what's being asked about here in my AsyncSSH package (https://github.com/ronf/asyncssh/blob/develop/asyncssh/crypto/ec_params.py), since SSH identifies curves by a string or OID, and not explicit EC parameters. That module...

There's a lightweight DER encoder and decoder in AsyncSSH which could be used for this. Here's an example: ```python from asyncssh.asn1 import der_decode, der_encode from cryptography import x509 def fix_cert(filename:...

Good point. This isn't an issue with load_der_x509_certificate() because it doesn't do any signature validation itself, and generally speaking you wouldn't do a signature check when loading a root CA...

Closing this for now, but feel free to re-open if you see an issue like this again. There have also been a few improvements in this area, particularly when trying...

Keep in mind that the server_requested method is running on the server side, so any output using print() or sys.stdout.write() would be going to the terminal that the AsyncSSH server...

Yes - that should work. The only possible issue is if the SSH client tried to set up the port forwarding before starting the session, or if it did these...

If you only ever open one session on an SSH connection, there's no issue of leakage. In that case, the only potential issue is the order that the session is...

Closing due to inactivity, but feel free to re-open if you'd like to provide additional information.

For PKCS#8, I need this for both public & private keys. For PKCS#1, I couldn't find support in other tools for public EC keys (either named curve or explicit parameters),...

Do you know which key formats you'd be looking to support? Explicit parameters wouldn't apply to keys already in SSH format, so I think the main use case would be...