The import-fvk command stores the 96-byte orchard FullViewingKey as raw bytes in the sled wallet db (~/.zcli/wallet).
An FVK can't spend funds, but it can reveal all transactions, balances, and addresses — it's a privacy-sensitive key.
Proposal
Age-encrypt the FVK with the ssh identity key before storing, matching the existing ~/.config/zcli/mnemonic.age pattern. Either:
- Store as
~/.config/zcli/fvk.age (separate file, consistent with mnemonic)
- Or encrypt in-place within sled (simpler, self-contained)
Decrypt on-demand via -i / ZCLI_IDENTITY ssh key, same as mnemonic decryption flow.
Context
- FVK import landed in the
import-fvk command (watch-only wallet support)
- Current storage:
wallet.store_fvk() → sled key b"full_viewing_key" → raw 96 bytes
- Low priority since it's view-only, but good hygiene for privacy at rest
The
import-fvkcommand stores the 96-byte orchard FullViewingKey as raw bytes in the sled wallet db (~/.zcli/wallet).An FVK can't spend funds, but it can reveal all transactions, balances, and addresses — it's a privacy-sensitive key.
Proposal
Age-encrypt the FVK with the ssh identity key before storing, matching the existing
~/.config/zcli/mnemonic.agepattern. Either:~/.config/zcli/fvk.age(separate file, consistent with mnemonic)Decrypt on-demand via
-i/ZCLI_IDENTITYssh key, same as mnemonic decryption flow.Context
import-fvkcommand (watch-only wallet support)wallet.store_fvk()→ sled keyb"full_viewing_key"→ raw 96 bytes