samehabouelsaad/sal-modular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: replace Ed25519 with Secp256k1 for default keypair generation

Browse Source
This commit is contained in:
Sameh Abouel-saad
2025-06-02 15:59:17 +03:00
parent e00c140396
commit b0d0aaa53d
1 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
vault/src/lib.rs
View File

@@ -217,7 +217,7 @@ impl<S: KVStore> Vault<S> {
// --- Keypair Management APIs --- // --- Keypair Management APIs ---
/// Create a default Ed25519 keypair for client identity /// Create a default Secp256k1 keypair for client identity
/// This keypair is deterministically generated from the password and salt /// This keypair is deterministically generated from the password and salt
/// and will always be the first keypair in the keyspace /// and will always be the first keypair in the keyspace
async fn create_default_keypair( async fn create_default_keypair(
@@ -229,26 +229,32 @@ impl<S: KVStore> Vault<S> {
// 1. Derive a deterministic seed using standard PBKDF2 // 1. Derive a deterministic seed using standard PBKDF2
let seed = kdf::keyspace_key(password, salt); let seed = kdf::keyspace_key(password, salt);
// 2. Generate Ed25519 keypair from the seed // 2. Generate Secp256k1 keypair from the seed
use ed25519_dalek::{SigningKey, VerifyingKey}; use k256::ecdsa::{SigningKey, VerifyingKey, signature::hazmat::PrehashSigner};
// Use the seed to create a deterministic keypair // Use the seed as the private key directly (32 bytes)
let signing = SigningKey::from_bytes(seed.as_slice().try_into().unwrap()); let mut secret_key_bytes = [0u8; 32];
let verifying: VerifyingKey = (&signing).into(); secret_key_bytes.copy_from_slice(&seed[..32]);
let priv_bytes = signing.to_bytes().to_vec(); // Create signing key
let pub_bytes = verifying.to_bytes().to_vec(); let signing_key = SigningKey::from_bytes(&secret_key_bytes.into())
.map_err(|e| VaultError::Crypto(format!("Failed to create signing key: {}", e)))?;
// Create an ID for the default keypair // Get verifying key
let verifying_key = VerifyingKey::from(&signing_key);
// Convert keys to bytes
let priv_bytes = signing_key.to_bytes().to_vec();
let pub_bytes = verifying_key.to_encoded_point(false).as_bytes().to_vec();
let id = hex::encode(&pub_bytes); let id = hex::encode(&pub_bytes);
// 3. Unlock the keyspace to get its data // 3. Unlock keyspace to add the keypair
let mut data = self.unlock_keyspace(keyspace, password).await?; let mut data = self.unlock_keyspace(keyspace, password).await?;
// 4. Add to keypairs (as the first entry) // 4. Create key entry
let entry = KeyEntry { let entry = KeyEntry {
id: id.clone(), id: id.clone(),
key_type: KeyType::Ed25519, key_type: KeyType::Secp256k1,
private_key: priv_bytes, private_key: priv_bytes,
public_key: pub_bytes, public_key: pub_bytes,
metadata: Some(KeyMetadata { metadata: Some(KeyMetadata {