Don't use the ledger unless both keys are for ledger

applications/minotari_ledger_wallet/wallet/src/main.rs

@@ -149,6 +149,7 @@ pub enum KeyType {
     OneSidedSenderOffset = 0x04,
     Random = 0x06,
     PreMine = 0x07,
+    MetadataEphemeralNonce = 0x08,
 }
 
 impl KeyType {
@@ -166,6 +167,7 @@ impl KeyType {
                 BranchMapping::Spend => Ok(Self::Spend),
                 BranchMapping::RandomKey => Ok(Self::Random),
                 BranchMapping::PreMine => Ok(Self::PreMine),
+                BranchMapping::MetadataEphemeralNonce => Ok(Self::MetadataEphemeralNonce),
                 _ => Err(AppSW::BadBranchKey),
             }
         } else {

base_layer/common_types/src/key_branches.rs

@@ -105,6 +105,18 @@ impl TransactionKeyManagerBranch {
             None => None,
         }
     }
+
+    pub fn is_ledger_branch(value: &str) -> bool {
+        let branch = TransactionKeyManagerBranch::from_key(value);
+        matches!(
+            branch,
+            TransactionKeyManagerBranch::OneSidedSenderOffset |
+                TransactionKeyManagerBranch::Spend |
+                TransactionKeyManagerBranch::RandomKey |
+                TransactionKeyManagerBranch::PreMine |
+                TransactionKeyManagerBranch::MetadataEphemeralNonce
+        )
+    }
 }
 
 #[cfg(test)]

base_layer/core/src/transactions/key_manager/inner.rs

@@ -1318,16 +1318,27 @@ where TBackend: KeyManagerBackend<PublicKey> + 'static
                                 branch: nonce_branch,
                                 index: nonce_index,
                             } => {
-                                let signature = ledger_get_raw_schnorr_signature(
-                                    ledger.account,
-                                    *private_key_index,
-                                    TransactionKeyManagerBranch::from_key(private_key_branch),
-                                    *nonce_index,
-                                    TransactionKeyManagerBranch::from_key(nonce_branch),
-                                    challenge,
-                                )
-                                .map_err(|e| KeyManagerServiceError::LedgerError(e.to_string()))?;
-                                Ok(signature)
+                                if TransactionKeyManagerBranch::is_ledger_branch(&private_key_branch) &&
+                                    TransactionKeyManagerBranch::is_ledger_branch(&nonce_branch)
+                                {
+                                    let signature = ledger_get_raw_schnorr_signature(
+                                        ledger.account,
+                                        *private_key_index,
+                                        TransactionKeyManagerBranch::from_key(private_key_branch),
+                                        *nonce_index,
+                                        TransactionKeyManagerBranch::from_key(nonce_branch),
+                                        challenge,
+                                    )
+                                    .map_err(|e| KeyManagerServiceError::LedgerError(e.to_string()))?;
+                                    Ok(signature)
+                                } else {
+                                    let private_key = self.get_private_key(private_key_id).await?;
+                                    let private_nonce = self.get_private_key(nonce_key_id).await?;
+                                    let signature =
+                                        Signature::sign_raw_uniform(&private_key, private_nonce, challenge)?;
+
+                                    Ok(signature)
+                                }
                             },
                             _ => Err(self.key_id_not_supported_error(
                                 "sign_with_nonce_and_challenge",