Problem
In builds with MESHTASTIC_EXCLUDE_PKI_KEYGEN but without MESHTASTIC_EXCLUDE_PKI, boot restores an existing 32-byte Curve25519 keypair through CryptoEngine::setDHPrivateKey() without first calling regeneratePublicKey(). The in-memory XEdDSA signing material is therefore not rebuilt.
Normal keygen-capable builds call regeneratePublicKey() before installing the private key and already derive this material. This issue is limited to the keygen-excluded restore path.
Decision needed
Confirm whether XEdDSA signing is expected to operate on keygen-excluded builds that restore an existing PKI identity. If yes, loading the valid persisted identity should rebuild its matching in-memory XEdDSA private/public material and a focused regression should cover that configuration. If not, the proposed fix should not proceed.
Related: #10966
Design: meshtastic/design#122
Problem
In builds with
MESHTASTIC_EXCLUDE_PKI_KEYGENbut withoutMESHTASTIC_EXCLUDE_PKI, boot restores an existing 32-byte Curve25519 keypair throughCryptoEngine::setDHPrivateKey()without first callingregeneratePublicKey(). The in-memory XEdDSA signing material is therefore not rebuilt.Normal keygen-capable builds call
regeneratePublicKey()before installing the private key and already derive this material. This issue is limited to the keygen-excluded restore path.Decision needed
Confirm whether XEdDSA signing is expected to operate on keygen-excluded builds that restore an existing PKI identity. If yes, loading the valid persisted identity should rebuild its matching in-memory XEdDSA private/public material and a focused regression should cover that configuration. If not, the proposed fix should not proceed.
Related: #10966
Design: meshtastic/design#122