openssh unix dev - May 2024 - PEM_write_ed25519

For no particular reason, i'm looking to convert my ed25519 private key 
to pem. A user on stackoverflow suggested running `ssh-keygen -p -f 
path/to/your/key -m pem` [^1], which errors, printing 
`do_convert_to_pem: unsupported key type ED25519`. Looking at the 
corresponding line in source, it seems that only RSA, DSA, & ECDSA keys 
can be converted to pem.[^2] With new keys defaulting to ED25519 as of 
[1.471][^3], are there plans to add support for exporting ed25519 to pem?

- Anabelle

[^1]: <https://stackoverflow.com/a/69207820/13224318>

[^2]: ssh-keygen.c, line 385: 
<https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-keygen.c?annotate=1.472&amp;only_with_tag=MAIN#385>

[^3]: 
<https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-keygen.c?rev=1.471&content-type=text/x-cvsweb-markup>

On Thu, 16 May 2024, Anabelle VanDenburgh wrote:
> For no particular reason, i'm looking to convert my ed25519 private key
to
> pem. A user on stackoverflow suggested running `ssh-keygen -p -f
> path/to/your/key -m pem` [^1], which errors, printing `do_convert_to_pem:
> unsupported key type ED25519`. Looking at the corresponding line in source,
it
> seems that only RSA, DSA, & ECDSA keys can be converted to pem.[^2]
With new
> keys defaulting to ED25519 as of [1.471][^3], are there plans to add
support
> for exporting ed25519 to pem?
Nobody has asked before, so it wasn't planned. It will probably be trivial
to implement once https://github.com/djmdjm/openssh-wip/pull/27 is merged.

BTW if your keys have passphrases then the PEM format is usually weaker
than OpenSSH's native private key format. The OpenSSH format uses a
KDF (key derivation function) that is considerably more resistant to
offline cracking that anything that was available in PEM*

-d

* at least when I last checked.