Fix Identity encryption to derive keys from the transmitted ephemeral key

## Summary

For Python compatibility, the same ephemeral X25519 key that appears in the ciphertext header must be used to derive the shared secret and encryption key.

Current Rust code risks deriving keys from a different ephemeral instance, breaking interoperability.

## Affected code

- src/identity.rs
  - Identity::encrypt
  - DerivedKey / ephemeral helpers

# Required changes

* Ensure encryption flow is:
  1. Generate ephemeral X25519 secret
  2. Derive shared secret with target public key
  3. HKDF with recipient identity hash as salt
  4. Emit ephemeral_pub || token
* Remove or restrict APIs that generate independent ephemerals implicitly.

## Acceptance criteria

- Deterministic test vectors match Python output.
- Rust → Python decryption works reliably.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Identity encryption to derive keys from the transmitted ephemeral key #34

Summary

Affected code

Required changes

Acceptance criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Fix Identity encryption to derive keys from the transmitted ephemeral key #34

Description

Summary

Affected code

Required changes

Acceptance criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions