From b0d0aaa53dfd6aa6ac17739b797a7c5b8eacf5f5 Mon Sep 17 00:00:00 2001
From: Sameh Abouel-saad <samehabouelsaad@gmail.com>
Date: Mon, 2 Jun 2025 15:59:17 +0300
Subject: [PATCH] refactor: replace Ed25519 with Secp256k1 for default keypair
 generation

---
 vault/src/lib.rs | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/vault/src/lib.rs b/vault/src/lib.rs
index f602ab3..a5f9661 100644
--- a/vault/src/lib.rs
+++ b/vault/src/lib.rs
@@ -217,7 +217,7 @@ impl<S: KVStore> Vault<S> {
 
     // --- Keypair Management APIs ---
 
-    /// Create a default Ed25519 keypair for client identity
+    /// Create a default Secp256k1 keypair for client identity
     /// This keypair is deterministically generated from the password and salt
     /// and will always be the first keypair in the keyspace
     async fn create_default_keypair(
@@ -229,26 +229,32 @@ impl<S: KVStore> Vault<S> {
         // 1. Derive a deterministic seed using standard PBKDF2
         let seed = kdf::keyspace_key(password, salt);
         
-        // 2. Generate Ed25519 keypair from the seed
-        use ed25519_dalek::{SigningKey, VerifyingKey};
+        // 2. Generate Secp256k1 keypair from the seed
+        use k256::ecdsa::{SigningKey, VerifyingKey, signature::hazmat::PrehashSigner};
         
-        // Use the seed to create a deterministic keypair
-        let signing = SigningKey::from_bytes(seed.as_slice().try_into().unwrap());
-        let verifying: VerifyingKey = (&signing).into();
+        // Use the seed as the private key directly (32 bytes)
+        let mut secret_key_bytes = [0u8; 32];
+        secret_key_bytes.copy_from_slice(&seed[..32]);
         
-        let priv_bytes = signing.to_bytes().to_vec();
-        let pub_bytes = verifying.to_bytes().to_vec();
+        // Create signing key
+        let signing_key = SigningKey::from_bytes(&secret_key_bytes.into())
+            .map_err(|e| VaultError::Crypto(format!("Failed to create signing key: {}", e)))?;
         
-        // Create an ID for the default keypair
+        // Get verifying key
+        let verifying_key = VerifyingKey::from(&signing_key);
+        
+        // Convert keys to bytes
+        let priv_bytes = signing_key.to_bytes().to_vec();
+        let pub_bytes = verifying_key.to_encoded_point(false).as_bytes().to_vec();
         let id = hex::encode(&pub_bytes);
         
-        // 3. Unlock the keyspace to get its data
+        // 3. Unlock keyspace to add the keypair
         let mut data = self.unlock_keyspace(keyspace, password).await?;
         
-        // 4. Add to keypairs (as the first entry)
+        // 4. Create key entry
         let entry = KeyEntry {
             id: id.clone(),
-            key_type: KeyType::Ed25519,
+            key_type: KeyType::Secp256k1,
             private_key: priv_bytes,
             public_key: pub_bytes,
             metadata: Some(KeyMetadata {