From b547409d93399b2060270147ea2e6aa5ae092107 Mon Sep 17 00:00:00 2001
From: Maksim Nabokikh <max.nabokih@gmail.com>
Date: Thu, 12 Feb 2026 11:02:44 +0100
Subject: [PATCH] Update server/signer_vault.go

Co-authored-by: Alwx <alwxsin@gmail.com>
Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com>
---
 server/signer_vault.go | 39 +++++++++++++--------------------------
 1 file changed, 13 insertions(+), 26 deletions(-)

diff --git a/server/signer_vault.go b/server/signer_vault.go
index 15327110..f30bb42b 100644
--- a/server/signer_vault.go
+++ b/server/signer_vault.go
@@ -255,34 +255,21 @@ func parsePEMToJWK(pemStr string) (*jose.JSONWebKey, error) {
 		}
 
 		// Check if it's a raw 32-byte ED25519 key
+        var ed25519Key ed25519.PublicKey
 		if len(keyBytes) == 32 {
 			ed25519Key := ed25519.PublicKey(keyBytes)
-
-			jwk := &jose.JSONWebKey{
-				Key:       ed25519Key,
-				Algorithm: "EdDSA",
-				Use:       "sig",
-			}
-
-			thumbprint, err := jwk.Thumbprint(crypto.SHA256)
-			if err != nil {
-				return nil, err
-			}
-			jwk.KeyID = base64.RawURLEncoding.EncodeToString(thumbprint)
-
-			return jwk, nil
-		}
-
-		// Try to parse as PKIX public key
-		pub, err := x509.ParsePKIXPublicKey(keyBytes)
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse raw key: %v", err)
-		}
-
-		// Create JWK for ED25519 key
-		ed25519Key, ok := pub.(ed25519.PublicKey)
-		if !ok {
-			return nil, fmt.Errorf("expected ED25519 key, got %T", pub)
+		} else {
+		    // Try to parse as PKIX public key
+		    pub, err := x509.ParsePKIXPublicKey(keyBytes)
+		    if err != nil {
+			    return nil, fmt.Errorf("failed to parse raw key: %v", err)
+		    }
+
+		    // Create JWK for ED25519 key
+		    ed25519Key, ok := pub.(ed25519.PublicKey)
+		    if !ok {
+			    return nil, fmt.Errorf("expected ED25519 key, got %T", pub)
+		    }
 		}
 
 		jwk := &jose.JSONWebKey{