In a system I'm working with, we're using Schnorr signatures with scalars generated with libsodium's crypto_core_ed25519_scalar_random.
My goal is to use the crypto_box_easy / crypto_box_open_easy routines where Alice and Bob each have their own Scalars / Points already previously generated with crypto_core_ed25519_scalar_random and crypto_scalarmult_ed25519_base_noclamp, respectively.
I did not want to use crypto_box_keypair because I want to re-use the existing keys which Alice and Bob already have.
I've tried to use the crypto_sign_ed25519_sk_to_curve25519 / crypto_sign_ed25519_pk_to_curve25519 routines to convert the Ed25519 scalar/points to x25519. However decryption fails, so this does not seem to be the correct approach.
This routine only seems to work when the keypairs were generated with crypto_sign_ed25519_keypair, and not crypto_core_ed25519_scalar_random and crypto_scalarmult_ed25519_base_noclamp.
So the question is, what is the right way to derive a key-pair for encryption if I only have a key-pair for signing which was generated with crypto_core_ed25519_scalar_random and crypto_scalarmult_ed25519_base_noclamp?
