refactor: replace Ed25519 with Secp256k1 for default keypair generation

2025-06-02 15:59:17 +03:00 · 2025-06-02 15:59:17 +03:00 · b0d0aaa53d
commit b0d0aaa53d
parent e00c140396
1 changed files with 18 additions and 12 deletions
--- a/vault/src/lib.rs
+++ b/vault/src/lib.rs
@ -217,7 +217,7 @@ impl<S: KVStore> Vault<S> {

    // --- Keypair Management APIs ---

-    /// Create a default Ed25519 keypair for client identity
+    /// Create a default Secp256k1 keypair for client identity
    /// This keypair is deterministically generated from the password and salt
    /// and will always be the first keypair in the keyspace
    async fn create_default_keypair(
@ -229,26 +229,32 @@ impl<S: KVStore> Vault<S> {
        // 1. Derive a deterministic seed using standard PBKDF2
        let seed = kdf::keyspace_key(password, salt);
        
-        // 2. Generate Ed25519 keypair from the seed
-        use ed25519_dalek::{SigningKey, VerifyingKey};
+        // 2. Generate Secp256k1 keypair from the seed
+        use k256::ecdsa::{SigningKey, VerifyingKey, signature::hazmat::PrehashSigner};
        
-        // Use the seed to create a deterministic keypair
-        let signing = SigningKey::from_bytes(seed.as_slice().try_into().unwrap());
-        let verifying: VerifyingKey = (&signing).into();
+        // Use the seed as the private key directly (32 bytes)
+        let mut secret_key_bytes = [0u8; 32];
+        secret_key_bytes.copy_from_slice(&seed[..32]);
        
-        let priv_bytes = signing.to_bytes().to_vec();
-        let pub_bytes = verifying.to_bytes().to_vec();
+        // Create signing key
+        let signing_key = SigningKey::from_bytes(&secret_key_bytes.into())
+            .map_err(|e| VaultError::Crypto(format!("Failed to create signing key: {}", e)))?;
        
-        // Create an ID for the default keypair
+        // Get verifying key
+        let verifying_key = VerifyingKey::from(&signing_key);
+        
+        // Convert keys to bytes
+        let priv_bytes = signing_key.to_bytes().to_vec();
+        let pub_bytes = verifying_key.to_encoded_point(false).as_bytes().to_vec();
        let id = hex::encode(&pub_bytes);
        
-        // 3. Unlock the keyspace to get its data
+        // 3. Unlock keyspace to add the keypair
        let mut data = self.unlock_keyspace(keyspace, password).await?;
        
-        // 4. Add to keypairs (as the first entry)
+        // 4. Create key entry
        let entry = KeyEntry {
            id: id.clone(),
-            key_type: KeyType::Ed25519,
+            key_type: KeyType::Secp256k1,
            private_key: priv_bytes,
            public_key: pub_bytes,
            metadata: Some(KeyMetadata {