Decrypting Ed25519 private keys using python libraries without ssh-keygen -p

Question

I have private key, example generate RSA key pair:

ssh-keygen -t rsa -N 123456 -f /tmp/rsa

I can replace the call:

ssh-keygen -p -P 123456 -N "" -f /tmp/rsa

using python cryptography module:

from cryptography.hazmat.backends import default_backend
import cryptography.hazmat.primitives.serialization as crypto_serialization


priv_key = crypto_serialization.load_pem_private_key(open(key_path, "rb").read(),
                                                     passphrase.encode('utf-8'),
                                                     default_backend()
                                                     )
with open(key_path, "wb") as dest_pem:
    dest_pem.write(priv_key.private_bytes(crypto_serialization.Encoding.PEM,
                                          crypto_serialization.PrivateFormat.TraditionalOpenSSL,
                                          crypto_serialization.NoEncryption()
                                         )
                   )

But when I generate key with parameter -t ed25519, I get error:

  File "/usr/local/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 16, in load_pem_private_key
    return backend.load_pem_private_key(data, password)
  File "/usr/local/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1089, in load_pem_private_key
    password,
  File "/usr/local/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1315, in _load_key
    self._handle_key_loading_error()
  File "/usr/local/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1373, in _handle_key_loading_error
    raise ValueError("Could not deserialize key data.")
ValueError: Could not deserialize key data.

I load Ed25519 private key using python paramiko module, but I can't serialize private bytes:

import paramiko
key_priv = paramiko.Ed25519Key.from_private_key_file('ed25519', password=b'123456')

Answer 1

Generating key pair:

ssh-keygen -t ed25519 -N 123456 -f ed25519

Using load_ssh_private_key method I try to descrypt a private key:

from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend

priv_key = serialization.load_ssh_private_key(open('ed25519', 'rb').read(), b'123456', default_backend())

with open('ed25519_py', wb') as dest_key:
    dest_key.write(priv_key.private_bytes(serialization.Encoding.PEM,
                                          serialization.PrivateFormat.OpenSSH,
                                          serialization.NoEncryption()
                                         )
                   )

No error occurs and I get unencrypted openssh-format private key file.

On other hand, using ssk-keygen tool I change the passphrase of a private key file to empty:

ssh-keygen -p -P 123456 -N "" -f ed25519

As a result, I have two decrypted keys, which not matched .

How to get a key using python that will match the result of the call ssh-keygen?