Zcash: Decrypt Sapling Outputs

A Zcash transaction may consist of both transparent and shielded outputs. Shielded outputs describe funds which are moving to a private z-address. If you are using a wallet which manages your z-address for you, it likely handles your addresses "Incoming Viewing Key" to decrypt the shielded output which defines the payment being made. This key can be used to decrypt any payment made to that z-address, so it is likely not something which is recommended to be disclosed - as that would reveal all past and future payments to the address.

There are other viewing keys in Zcash which are more restrictive in terms of what information they disclose. This post is concerned with the "Outgoing Cipher Key" (OCK). The OCK is a 32-byte key which has the ability to decrypt a single output of a transaction. This is valuable because it allows specific payments to be disclosed to third parties, without revealing any information outside of the single output.

The following form accepts a raw transaction and an OCK. To decrypt, each shielded output of the transaction is applied against the given OCK until one is successfully decrypted.

To protect your privacy all decryption processing on this page is done entirely in your browser. This avoids your OCK from needing to be shared over the web, to be decrypted on some unknown server. This is done by using WebAssembly to take advantage of the Outgoing Cipher Key decryption already defined in the zcash_primitives rust crate. The WebAssembly/Rust interop can be found here.

Raw Transaction

Outgoing Cipher Key (Remove '0x' prefix)