- keytypes

-- dsa, ecdsa, ecdsa-sk, ed25519, ed25519-sk, rsa ("-sk" variant is FIDO key)

-- if rsa, signature types:

--- ssh-rsa (sha1), rsa-sha2-256, rsa-sha2-512 (new default)


- ciphers:
-- 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, chacha20-poly1305@openssh.com

-- finish trimming copypasta for aes.
   we COULD have a unified AllocateEncrypt and AllocatedDecrypt for AesCipher, but that'd require a func argument for encryption/decryption - which means breakage.

-- test AES GCM?
   (and other unit tests)

provide marshal, unmarshal for keytypes/* keys.
https://golangexample.com/encode-and-decode-binary-message-and-file-formats-in-go/ (?)

create separate package, go_sshdh