Skip to content

[2.8.0] Clarify XEdDSA material on keygen-excluded identity restore #10982

Description

@RCGV1

Problem

In builds with MESHTASTIC_EXCLUDE_PKI_KEYGEN but without MESHTASTIC_EXCLUDE_PKI, boot restores an existing 32-byte Curve25519 keypair through CryptoEngine::setDHPrivateKey() without first calling regeneratePublicKey(). The in-memory XEdDSA signing material is therefore not rebuilt.

Normal keygen-capable builds call regeneratePublicKey() before installing the private key and already derive this material. This issue is limited to the keygen-excluded restore path.

Decision needed

Confirm whether XEdDSA signing is expected to operate on keygen-excluded builds that restore an existing PKI identity. If yes, loading the valid persisted identity should rebuild its matching in-memory XEdDSA private/public material and a focused regression should cover that configuration. If not, the proposed fix should not proceed.

Related: #10966
Design: meshtastic/design#122

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions