flag.Parse()

	if *genkey {
		generateKeys()
		os.Exit(0)
	}
	var privateKey []byte
	if *keyHex == "" {
		if b, err := os.ReadFile(*privKeyPath); err == nil {
			privateKey = b
			fmt.Println("Using private key from", *privKeyPath)
		}

		// Prompt for decryption key if no --key or --private-key are provided
		if len(privateKey) == 0 {
			reader := bufio.NewReader(os.Stdin)
			fmt.Print("Enter Decryption Key: ")

	})
	for i, testCase := range loadX509KeyPairTests {
		privateKey, err := createTempFile("private.key", testCase.privateKey)
		if err != nil {
			t.Fatalf("Test %d: failed to create tmp private key file: %v", i, err)
		}
		certificate, err := createTempFile("public.crt", testCase.certificate)
		if err != nil {
			os.Remove(privateKey)
			t.Fatalf("Test %d: failed to create tmp certificate file: %v", i, err)
		}

     */
    public String getPrivateKey() {
        return privateKey;
    }

    /**
     * Set the absolute path to private key file.
     *
     * @param privateKey path to private key in local file system
     */
    public void setPrivateKey(final String privateKey) {
        this.privateKey = privateKey;
    }

pkg crypto, method (Hash) String() string
pkg crypto/ecdsa, func SignASN1(io.Reader, *PrivateKey, []uint8) ([]uint8, error)
pkg crypto/ecdsa, func VerifyASN1(*PublicKey, []uint8, []uint8) bool
pkg crypto/ecdsa, method (*PrivateKey) Equal(crypto.PrivateKey) bool
pkg crypto/ecdsa, method (*PublicKey) Equal(crypto.PublicKey) bool
pkg crypto/ed25519, method (PrivateKey) Equal(crypto.PrivateKey) bool
pkg crypto/ed25519, method (PublicKey) Equal(crypto.PublicKey) bool

     * Sets the public/private key pair used for this certificate. If unset a key pair will be
     * generated.
     */
    fun keyPair(
      publicKey: PublicKey,
      privateKey: PrivateKey,
    ) = apply {
      keyPair(KeyPair(publicKey, privateKey))
    }

    /**
     * Set the certificate that will issue this certificate. If unset the certificate will be
     * self-signed.
     */

          sslSocket.startHandshake()
          return@submit sslSocket.session.handshake()
        }
      }
    }
  }

  private fun assertPrivateKeysEquals(
    expected: PrivateKey,
    actual: PrivateKey,
  ) {
    assertThat(actual.encoded.toByteString()).isEqualTo(expected.encoded.toByteString())
  }

   *
   * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
   *
   * PrivateKey ::= OCTET STRING
   *
   * OneAsymmetricKey ::= SEQUENCE {
   *   version                   Version,
   *   privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
   *   privateKey                PrivateKey,
   *   attributes            [0] Attributes OPTIONAL,
   *   ...,

  val version: Long,
  val algorithmIdentifier: AlgorithmIdentifier,
  val privateKey: ByteString,
) {
  // Avoid Long.hashCode(long) which isn't available on Android 5.
  override fun hashCode(): Int {
    var result = 0
    result = 31 * result + version.toInt()
    result = 31 * result + algorithmIdentifier.hashCode()
    result = 31 * result + privateKey.hashCode()
    return result
  }

          "aFjez/MwxFNOHaxc9VgCwYPXCLOtdf7AVovdyG0XWgbUXH+NyxKwboE"
      ).decodeBase64()!!
    val privateKey =
      keyFactory.generatePrivate(
        PKCS8EncodedKeySpec(privateKeyBytes.toByteArray()),
      )
    val heldCertificate =
      HeldCertificate.Builder()
        .keyPair(publicKey, privateKey)
        .commonName("cash.app")
        .validityInterval(0L, 1000L)
        .rsa2048()
        .build()

     |       used together.
     |
    <server>
      <id>deploymentRepo</id>
      <username>repouser</username>
      <password>repopwd</password>
    </server>
    -->

    <!-- Another sample, using keys to authenticate.
    <server>
      <id>siteServer</id>
      <privateKey>/path/to/private/key</privateKey>