You could simply place seedb unencrypted in the encrypted private key instead of encryptedpart1 and 2.
Bump.
Question is still being asked. If the party generating the addresses, knowing seedb, cannot compute the private keys then why is seedb ever encrypted? The address passpoint*factorb cannot be redeemed without knowing passphrase and ownersalt.
Is there another reason to encrypt seedb?
Because it can be, and little more.
The same reason we use SHA256(SHA256(whatever)) instead of SHA256(whatever).
I don't know why we use double-hash.
Recommended reading: Practical Cryptography, Ferguson & Schneier
The attack could be: You have two encrypted keys, decrypt one of them, partially spend it and keep the decrypted version around for later spending. Suppose they are both based on the same intermediate code and produced without the AES encryption part. If someone finds them (one decrypted, one encrypted), then that person can spend also the encrypted one. So I see your point for AES now, unless you forbid reusing intermediate codes.
Different question: what is the purpose of the confirmation code? If I can decrypt the encrypted key with my passphrase I can also be sure the address depends on the passphrase, and that it is only spendable with the passphrase. No need for a confirmation code it seems.
Confirmation code allows generator (Bob) to prove he has produced an encrypted private key without revealing the private key. When the confirmation code is given to the owner (Alice), they both now have an address that can be funded, but neither can spend the funds. Alice needs the encrypted private key (to decrypt), or Bob needs the passphrase (to decrypt).
It's almost a zero-knowledge transaction, in that both parties know there is a private key, but neither knows what it is.