Is there a way to check if a Private Key is passphrase-protected without using Exception control flow?

[NyanHeart]

Hi,

I am using SSH.NET and I need to determine if a given SSH key file is protected by a passphrase.

Currently, I am using a try-catch approach: I attempt to load the key with an empty password, and if it throws an SshPassPhraseNullOrEmptyException, I consider it encrypted.

Here is my current implementation:

using Renci.SshNet;
using Renci.SshNet.Common;

public bool IsPrivateKeyEncrypted(string keyFilePath)
{
    if (!File.Exists(keyFilePath)) throw new FileNotFoundException();

    try
    {
        // Try to load the private key without a password
        using (var stream = File.OpenRead(keyFilePath))
        {
            var keyFile = new PrivateKeyFile(stream);
            return false; // Loaded successfully, so no passphrase is required
        }
    }
    catch (SshPassPhraseNullOrEmptyException)
    {
        // Specific exception indicates a passphrase is required
        return true;
    }
    catch (SshException ex)
    {
        // Handle other potential passphrase-related messages
        if (ex.Message.Contains("passphrase", StringComparison.OrdinalIgnoreCase))
        {
            return true;
        }
        throw;
    }
}

However, I am concerned about the performance overhead of using exceptions for control flow.

Is there a built-in property, a public API, or a more lightweight mechanism in SSH.NET to simply check the encryption status (e.g., IsEncrypted) without triggering an exception?

Thanks!