1 files changed, 24 insertions, 18 deletions

diff --git a/paramiko/pkey.py b/paramiko/pkey.py
index af9370fc..35a26fc7 100644
--- a/paramiko/pkey.py
+++ b/paramiko/pkey.py
@@ -48,6 +48,12 @@ class PKey(object):
             'blocksize': 16,
             'mode': modes.CBC
         },
+        'AES-256-CBC': {
+            'cipher': algorithms.AES,
+            'keysize': 32,
+            'blocksize': 16,
+            'mode': modes.CBC
+        },
         'DES-EDE3-CBC': {
             'cipher': algorithms.TripleDES,
             'keysize': 24,
@@ -68,7 +74,7 @@ class PKey(object):
         :param str data: an optional string containing a public key
             of this type
 
-        :raises SSHException:
+        :raises: `.SSHException` --
             if a key cannot be created from the ``data`` or ``msg`` given, or
             no key was passed in.
         """
@@ -95,7 +101,7 @@ class PKey(object):
         of the key are compared, so a public key will compare equal to its
         corresponding private key.
 
-        :param .Pkey other: key to compare to.
+        :param .PKey other: key to compare to.
         """
         hs = hash(self)
         ho = hash(other)
@@ -191,10 +197,10 @@ class PKey(object):
             encrypted
         :return: a new `.PKey` based on the given private key
 
-        :raises IOError: if there was an error reading the file
-        :raises PasswordRequiredException: if the private key file is
+        :raises: ``IOError`` -- if there was an error reading the file
+        :raises: `.PasswordRequiredException` -- if the private key file is
             encrypted, and ``password`` is ``None``
-        :raises SSHException: if the key file is invalid
+        :raises: `.SSHException` -- if the key file is invalid
         """
         key = cls(filename=filename, password=password)
         return key
@@ -212,10 +218,10 @@ class PKey(object):
             an optional password to use to decrypt the key, if it's encrypted
         :return: a new `.PKey` based on the given private key
 
-        :raises IOError: if there was an error reading the key
-        :raises PasswordRequiredException:
+        :raises: ``IOError`` -- if there was an error reading the key
+        :raises: `.PasswordRequiredException` --
             if the private key file is encrypted, and ``password`` is ``None``
-        :raises SSHException: if the key file is invalid
+        :raises: `.SSHException` -- if the key file is invalid
         """
         key = cls(file_obj=file_obj, password=password)
         return key
@@ -229,8 +235,8 @@ class PKey(object):
         :param str password:
             an optional password to use to encrypt the key file
 
-        :raises IOError: if there was an error writing the file
-        :raises SSHException: if the key is invalid
+        :raises: ``IOError`` -- if there was an error writing the file
+        :raises: `.SSHException` -- if the key is invalid
         """
         raise Exception('Not implemented in PKey')
 
@@ -242,8 +248,8 @@ class PKey(object):
         :param file_obj: the file-like object to write into
         :param str password: an optional password to use to encrypt the key
 
-        :raises IOError: if there was an error writing to the file
-        :raises SSHException: if the key is invalid
+        :raises: ``IOError`` -- if there was an error writing to the file
+        :raises: `.SSHException` -- if the key is invalid
         """
         raise Exception('Not implemented in PKey')
 
@@ -263,10 +269,10 @@ class PKey(object):
             encrypted.
         :return: data blob (`str`) that makes up the private key.
 
-        :raises IOError: if there was an error reading the file.
-        :raises PasswordRequiredException: if the private key file is
+        :raises: ``IOError`` -- if there was an error reading the file.
+        :raises: `.PasswordRequiredException` -- if the private key file is
             encrypted, and ``password`` is ``None``.
-        :raises SSHException: if the key file is invalid.
+        :raises: `.SSHException` -- if the key file is invalid.
         """
         with open(filename, 'r') as f:
             data = self._read_private_key(tag, f, password)
@@ -340,17 +346,17 @@ class PKey(object):
         :param str data: data blob that makes up the private key.
         :param str password: an optional password to use to encrypt the file.
 
-        :raises IOError: if there was an error writing the file.
+        :raises: ``IOError`` -- if there was an error writing the file.
         """
         with open(filename, 'w') as f:
             os.chmod(filename, o600)
-            self._write_private_key(f, key, format)
+            self._write_private_key(f, key, format, password=password)
 
     def _write_private_key(self, f, key, format, password=None):
         if password is None:
             encryption = serialization.NoEncryption()
         else:
-            encryption = serialization.BestEncryption(password)
+            encryption = serialization.BestAvailableEncryption(b(password))
 
         f.write(key.private_bytes(
             serialization.Encoding.PEM,