Implement z_importkey and z_exportkey for Sapling

[oxarbitrage]

Adds two new RPC methods:

• z_importkey: Imports a Sapling extended spending key into the wallet. The key is encrypted with age and stored in the keystore. A UFVK is derived and imported into the wallet database so the sync engine can track transactions. The rescan parameter controls whether historical blocks are scanned ("yes", "no", or "whenkeyisnew"), and start_height sets the birthday for the imported account. Real treestates are fetched from the chain indexer for non-zero start heights.

• z_exportkey: Exports the spending key for a Sapling payment address. Requires the wallet to be unlocked. Looks up the key by iterating standalone sapling DFVKs and using decrypt_diversifier to match the address.

Also adds fetch_account_birthday to json_rpc::utils as a shared helper for building an AccountBirthday from a chain treestate.

Includes unit tests for parameter validation, key encoding/decoding roundtrips, and address parsing.

Close #69
Close #79
Closes COR-254 and COR-259

[nuttycom]

I'm not sure that it makes sense to implement the legacy versions of these methods; their utility is extremely limited and I would prefer that we avoid introducing API surface that we then have to maintain. Both of these methods got zero points in our survey of what people are using: https://docs.google.com/spreadsheets/d/1UJxH1cowexGqadU32Uei5Qak6jGhXjb18-T_QBPmDAA/edit?gid=0#gid=0

[nuttycom]

I guess that I can see implementing z_importkey for Sapling paper wallet users. But key export in particular I'm skeptical of - it seems like an avenue to lose funds if you trust z_exportkey for backup without realizing that there might be Orchard funds associated with the same root of spending authority.

[oxarbitrage]

Thanks for the feedback.

I'm not sure that it makes sense to implement the legacy versions of these methods; their utility is extremely limited and I would prefer that we avoid introducing API surface that we then have to maintain. Both of these methods got zero points in our survey of what people are using: https://docs.google.com/spreadsheets/d/1UJxH1cowexGqadU32Uei5Qak6jGhXjb18-T_QBPmDAA/edit?gid=0#gid=0

I wasn’t aware of the survey, thanks for sharing it. I’ll consider it for future work. It might also make sense to close or re-evaluate issues in the repository that correspond to methods with zero usage.

That said, I do think import-related APIs may become more valuable as zcashd is deprecated and users look for ways to migrate into the new stack.

I guess that I can see implementing z_importkey for Sapling paper wallet users.

Not only for paper wallets. If you have a legacy Sapling key (with funds) and want to import it into the new stack without relying on zcashd, this provides a viable path. I used this same RPC method in zcashd to achieve that migration.

But key export in particular I'm skeptical of - it seems like an avenue to lose funds if you trust z_exportkey for backup without realizing that there might be Orchard funds associated with the same root of spending authority.

That makes sense. The export functionality was mainly added for completeness. I’m happy to remove it, or alternatively keep it with clearer documentation highlighting the risks.

Let me know how you’d prefer to proceed. Happy to adjust the PR accordingly.

[oxarbitrage]

By the way, I should have provided more context earlier. The main motivation here was recovering legacy funds that were otherwise inaccessible.

I had the mnemonic, but none of the available tools worked for recovery (zeccavator, zodl/zashi, and ywallet all failed in this case). The only viable path was to derive the Sapling key from the mnemonic (I wrote a small tool for that: https://github.com/oxarbitrage/zcash-sapling-derive) and then import it into zcashd using z_importkey.

That worked for me, but it made me realize that this recovery path would no longer be available once zcashd is deprecated. That’s what motivated porting these calls into zallet.

[ValarDragon]

I suggest we add the import key logic here, so zcashd folks can migrate

[nullcopy]

Looks good to me! I left a few minor comments, but nothing blocking (modulo merge conflicts)

utACK 532371e

[nullcopy]

s/LegacyCode::InvalidParameter/RpcErrorCode::InternalError/

[oxarbitrage]

Done — now InternalError (kept the message via ErrorObjectOwned, since ErrorCode has no with_message).

[nullcopy]

(not blocking) might be nice to skip this check if rescan="no".

[oxarbitrage]

Done — the start_height > tip check is now skipped when rescan="no".

[nullcopy]

The recently added rewind_to_height() method should do this for you now

[oxarbitrage]

Deferred — rewind_to_height rewinds the whole wallet (all accounts), not just this key, so I left the TODO (now referencing it) rather than trigger a global rewind on import.

[nullcopy]

Not sure how I feel about silently failing over to 0 here

[nullcopy]

Thinking on it some more, I'm actually ok with it. I would support logging a warning here, though (not blocking)

[oxarbitrage]

Superseded by your follow-up below — added a warning log.

[oxarbitrage]

Done — tracing::warn! when the rescan="no" path falls back to genesis.

[nullcopy]

Should this at least include the real genesis hash?

[oxarbitrage]

Left as zeros, with a comment explaining why: the chain state is the state before the birthday, and nothing precedes genesis, so the zero parent hash is the correct anchor — the real genesis hash would be the hash of block 0 itself.

[oxarbitrage]

Thanks for the review, and apologies for the delay in getting back to this!

Rebased onto main and resolved the keystore.rs conflict from the migration refactor: the encrypt helpers are now Encryptor methods on main, so I dropped the branch's duplicate free functions and kept only the new decrypt_standalone_sapling_extsk; I also dropped the zcashd-import cfg from Encryptor::encrypt_standalone_sapling_key, since the always-built z_importkey path needs it.

Addressed the review comments (replied inline on each thread):

• fetch_account_birthday: treestate-fetch failure now returns InternalError instead of InvalidParameter.
• import_key: skip the start_height > tip check when rescan="no" (start_height is unused there); tracing::warn! when the rescan="no" path falls back to genesis; refined the existing-key-rescan TODO to note rewind_to_height (deferred, since it rewinds the whole wallet rather than just this key).
• Genesis ChainState: left as BlockHash([0; 32]) with a comment explaining why (no block precedes genesis, so the zero parent hash is the correct anchor).

Re @nuttycom's concern: z_exportkey's help text now warns that it is not a complete backup (Orchard funds under the same spending authority are not exported). Added a CHANGELOG entry for both methods.

Note: the two CI failures (Test NU7 and Latest build) look pre-existing and dependency-related (zebra-chain not covering NetworkUpgrade::Nu7, and orchard = "^0.13" failing to resolve), not from this PR.

[linear]

COR-254

COR-259

[oxarbitrage]

Validated this PR end-to-end against the dedicated integration test (zcash/integration-tests#76, wallet_import_export_key.py) by running it through the interop CI (ZIT-Revision), building zallet from this branch:

• ✅ wallet_import_export_key.py | True | 16 s — covers import → listaddresses (sapling UA under imported_watchonly) → re-import idempotency → z_exportkey round-trip → cross-wallet isolation → rescan param values → and the error paths (out-of-range height, invalid rescan, invalid key, address-not-in-wallet).

The only red shard in that run was an unrelated, pre-existing failure on nuparams.py (getblocksubsidy subsidy assertion), which this PR's diff doesn't touch — tracking that separately on the integration-tests side.

This is approved + mergeable + green, and now interop-validated. Planning to merge shortly.