Transform ed25519 secret/public keys into x25519 secret/public keys

[Alexis211]

According to this blog post, public and private ed25519 keys used for signing can be transformed into public and private x25519 keys for DH exchange, allowing for encrypted communications. This conversion would be quite useful in the case where one needs to do sometimes signing operations and sometimes encryption operations, as a single public key could be transmitted for both uses.

It looks like the underlying curve25519_dalek library could handle this conversion, however it is not exposed in either ed25519_dalek's or x25519_dalek's data types. Do you think such functionality could be added?

[hdevalence]

Yep, as you note, curve25519_dalek can do this conversion, so it's possible for people who want to do this to use the curve25519-dalek APIs to do this conversion.

But I'm not sure it makes sense to support it in general in the library, primarily because it is not technically part of X25519 nor Ed25519, and it's not totally clear whether there are any security implications (as noted in Filippo's blog post). For now, I think that it probably makes most sense for people who want to do this conversion to do it themselves using the curve25519-dalek APIs, because there is a little bit of rolling-their-own-protocol involved, and that's the use-case that curve25519-dalek is intended for. So I would prefer to close this issue for now and leave this note for anyone else who runs into the same question :)