From 86688c1b9d37dd75f99b6eefb00200a1abb4cf51 Mon Sep 17 00:00:00 2001
From: Jeff Forcier <jeff@bitprophet.org>
Date: Tue, 6 Jun 2017 17:35:49 -0700
Subject: Hand-picked backport of #912, fixes #741

---
 paramiko/pkey.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'paramiko/pkey.py')

diff --git a/paramiko/pkey.py b/paramiko/pkey.py
index f5b0cd18..35a26fc7 100644
--- a/paramiko/pkey.py
+++ b/paramiko/pkey.py
@@ -48,6 +48,12 @@ class PKey(object):
             'blocksize': 16,
             'mode': modes.CBC
         },
+        'AES-256-CBC': {
+            'cipher': algorithms.AES,
+            'keysize': 32,
+            'blocksize': 16,
+            'mode': modes.CBC
+        },
         'DES-EDE3-CBC': {
             'cipher': algorithms.TripleDES,
             'keysize': 24,
@@ -344,13 +350,13 @@ class PKey(object):
         """
         with open(filename, 'w') as f:
             os.chmod(filename, o600)
-            self._write_private_key(f, key, format)
+            self._write_private_key(f, key, format, password=password)
 
     def _write_private_key(self, f, key, format, password=None):
         if password is None:
             encryption = serialization.NoEncryption()
         else:
-            encryption = serialization.BestEncryption(password)
+            encryption = serialization.BestAvailableEncryption(b(password))
 
         f.write(key.private_bytes(
             serialization.Encoding.PEM,
-- 
cgit v1.2.1