ssh-keygen 9.9p1 created PKCS#1 encrypted RSA private key fails to use available 3DES encryption - uses aes-128-cbc instead

I'm trying to import an RSA key pair onto an older version of Cisco IOS (16.6.4). That old version seems to only accept PEM-encoded private keys that are encrypted with DES or 3DES. At least, those ciphers are the only options when exporting a key pair generated on IOS:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,AD1E5D9E9F639C34

5Mjt+X9hZ6UCEi12axx6YTf4tvrf4xs61+90/YaGAZPPcL+Tyk2AKtq8jY5kzQxf
...
8K0+Fl8xKFtTdnaiyuN1jKgBg7WcwkmlBAmh3UxrmQ5awuuZUETuiA==
-----END RSA PRIVATE KEY-----

This is a PKCS#1 encrypted, PEM-encoded file. I want to import a generated key pair from my Linux box. I gather I need the file to looks like like the export shown above that is encrypted with either DES or 3DES. Here is my failed attempt. First I generate an unencrypted RSA key pair using OpenSSL 3.4.0:

$ openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:1024 \
	-out key.pem -outpubkey pub.pem
$ cat key.pem
-----BEGIN PRIVATE KEY-----
MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAOC7vNjQatCODHKq
...
ImgXjyNR9xs=
-----END PRIVATE KEY-----

It looks like this is a PKCS#8-encoded private key (BEGIN PRIVATE KEY vs BEGIN RSA PRIVATE KEY; also openssl asn1parse shows a structure that identifies this as rsaEncryption and then a binary blob instead of just a dump of the private key material). I read that ssh-keygen can convert PKCS#8 to PKCS#1 and encrypt it. My version of OpenSSH (9.9p1) shows in [ssh-keygen(1)]: > **-Z cipher** > > Specifies the cipher to use for encryption when writing an > OpenSSH-format private key file. The list of available ciphers may > be obtained using "ssh -Q cipher". The default is “aes256-ctr”. So I list all the ciphers SSH knows about:

$ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

Then I try:

$ ssh-keygen -Z 3des-cbc -f key.pem -m pem -p -N foobarbaz
Your identification has been saved with the new passphrase.

However:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,40F4524E862B346BC384C20AEEC89C1C

VhjXes5OMDEfIkSiGWI89v2jZlxiPJ3KpBfhI0fr3d1ffVXvATK6F3K86SFfvikY
...
7K6eCoJ1+LE/e71Nrsm/SW3qcPJIEP3I8+DtwGerw5TYIH2wnFv/J6X6zfnLJjDn
-----END RSA PRIVATE KEY-----

It says it encrypted it with AES-128-CBC, despite being told to use 3des-cbc (and despite the manual saying that aes-256-ctr is the default). Whatever available cipher I put in from ssh -Q cipher, it will always output a file with AES-128-CBC. Where am I going wrong or what am I overlooking? ## Edit Reading closer, I just noticed the manual says > Specifies the cipher to use for encryption when writing an > **OpenSSH-format** private key file. And indeed:

$ ssh-keygen -Z 3des-cbc -p -N foobarbaz -f priv.key
$ tail -n +2 priv.key | head -n -1 | base64 -d | xxd -l 32
00000000: 6f70 656e 7373 682d 6b65 792d 7631 0000  openssh-key-v1..
00000010: 0000 0833 6465 732d 6362 6300 0000 0662  ...3des-cbc....b

So it uses AES-128-CBC when converting to PEM, but respects the -Z switch when using its own format. ## New Question Then the question becomes: what tool can I use to encrypt my private RSA key with 3DES?