feat(iroh-base)!: reduce external types in the iroh-base API for keys

[dignifiedquire]

Description

In preparation of stabilizing our APIs, this removes ed25519_dalek types from the public API of iroh-base, except for a few conversions, which are doc(hidden) to clearly mark them as not stable.

Ref #3177

Breaking Changes

• added iroh_base::Signature which replaces ed25519_dalek::Signature in the public API of iroh_base
• iroh_base error types have changed
• removed Into and From conversions for PublicKey - ed25519_dalek::VerifyingKey
• removed Into and From conversions for SecretKey - ed25519_dalek::SigningKey

[github-actions]

Documentation for this PR has been generated and is available at: https://n0-computer.github.io/iroh/pr/3529/docs/iroh/

Last updated: 2025-10-14T10:20:29Z

[github-actions]

Netsim report & logs for this PR have been generated and is available at: LOGS
This report will remain available for 3 days.

Last updated for commit: 6231a68

[Frando]

Not sure about #[doc(hidden)] on From impls. It is quite error-prone: Users may write key.into() just because you're used to it and - it works. But if we deem these impls fine to break in semver-compat releases, then people run into it nevertheless. So I'd suggest to remove the From impls and have private into_verifying_key etc. fns. And users would then have to go over the to_bytes/from_bytes route, right? Which is what we'd recommend anyway if we mark the From impls doc_hidden.

Edit: And if we need the conversions in downstream crates, maybe make them pub fns with doc_hidden and a doc comment that explains that these may break in semver-compat releases?

[dignifiedquire]

Not sure about #[doc(hidden)] on From impls. It is quite error-prone: Users may write key.into() just because you're used to it and - it works. But if we deem these impls fine to break in semver-compat releases, then people run into it nevertheless. So I'd suggest to remove the From impls and have private into_verifying_key etc. fns. And users would then have to go over the to_bytes/from_bytes route, right? Which is what we'd recommend anyway if we mark the From impls doc_hidden.

Edit: And if we need the conversions in downstream crates, maybe make them pub fns with doc_hidden and a doc comment that explains that these may break in semver-compat releases?

yeah we can do that as alternative

[dignifiedquire]

@Frando changed based on your suggestions

[Frando]

This will be validating the key twice, maybe add NodeId::from_public_key_der(&[u8]) -> Result<Self>? But can also be a separate PR, I think this is not changed from before.

We also really should cache the remote's node id on the Connection struct I think, it seems expensive to do this whenever it's accessed. But also separate PR ofc.

[Frando]

se could use key.as_verifying_key() here if we keep it pub. I think the only other usage atm is in iroh/src/tls/verifier.rs. So Either let's use as_verifying_key here and there, or make it not pub and use from_bytes/as_bytes in both places. But I think using the pub+doc_hidden fn here is fine.

[Frando]

nice! some comments but no blockers.