I found this code snippet, here it is serializing an RSA private key into an encrypted cipher text. I wanted to know which algorithm in this code serialization.BestAvailableEncryption(b'mypassword') will be used to do so.
from cryptography.hazmat.primitives import serialization
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.BestAvailableEncryption(b'mypassword')
)
It's up to the implementation of the private_key object. The BestAvailableEncryption just says that you don't have a specific preference and would like the library to pick an encryption type for the key for you.
In the OpenSSL backend (which is the only one, it seems), the best encryption is chosen here, where it currently selects the 'aes-256-cbc' cypher. That may change in future versions. Leaving the choice up to the implementation is the reason to have the BestAvailableEncryption class.