Preface: I am not an expert in encryption, so sorry for any inaccuracies with how I am describing the issue here.

In the documentation, it states:

// Note: CBC and ECB modes use PKCS#7 padding as default

Is it possible to configure what padding is used? I am working with a system where they are not expecting padding. Is that something that even makes sense/is possible?

The tool should be smart enough to support reading pkcs8 private keys.

Ideally, we should support writing pkcs8 private keys if the user desires.

I spent a lot of time at work tracking down an issue where certificates were being generated with the wrong public key, not the one given in the CSR. After some intense debugging, replacing the OpenSSL binary with a script that logs stuff, etc - I determined that it was using the -signkey option, which (as you know) is for self-signed certificates, and OpenSSL was silently replacing the CSR key

I use Ubuntu Eoan with python3-asn1crypto 0.24.0-1.
It looks like PrivateKeyInfo.bit_size and PublicKeyInfo.bit_size returns non-integer.
I can see that *.byte_size returns a value with int() but the *.bit_size functions does not. The documentation in the function says it should return an integer.

print(certificate.public_key.bit_size) returns in my case "256.0"

Shouldn't it return only "2

Today the etcd example in CI is tagged on latest so it doesn't test the current branch in the pupernetes build.