As this patch touches a lot of EP11 code, should there be a corresponding test case to ensure we are not regressing support for non-AES EP11 keys? (I haven't checked but I'm guessing from the code there'll be a syntax like `zkey generate --key-type EP11` or `zkey generate --key-type EP11-ECC`)
As this patch touches a lot of EP11 code, should there be a corresponding test case to ensure we are not regressing support for non-AES EP11 keys? (I haven't checked but I'm guessing from the code there'll be a syntax like `zkey generate --key-type EP11` or `zkey generate --key-type EP11-ECC`)