@Jeffrey Goldberg Pardon my ignorance, but wouldn’t it be at least prudent to encrypt using the same master key that the user supplied for their main “vault” instead of sending data around in plaintext? Arguments about physical security and malware aside, it seems hard to see a downside to doing at least this.

I am sure I am just missing something fundamental here.