NFC Bitcoin hardware signer

Your Bitcoin key.
Not on your phone.

Your wallet builds the transaction. TAPSIGNER keeps the BIP-32 key on a separate card. Review, tap, enter your PIN, and sign.

  • No battery
  • Open protocol
  • Bitcoin only
For brands Custom TAPSIGNER editions
Front of the TAPSIGNER NFC Bitcoin hardware signer

Credit-card size. Tap to authorize.

TAPSIGNER is the signing key your phone does not keep. A compatible wallet manages balances, addresses, and transaction details. The card holds the key and participates only when you physically tap it.

Put your brand on a Bitcoin signer.

Coinkite produces custom-branded TAPSIGNER editions for organizations, wallets, conferences, communities, and client programs. Custom artwork, powered by the same TAPSIGNER security model and open protocol.

Previous custom editions include Nunchuk, Human Rights Foundation, PubKey, and Satsconf.

YOUR
BRAND
TAPSIGNER®
NFC BITCOIN SIGNER

Your artwork on the card. TAPSIGNER underneath.

Pair. Back up. Tap to sign.

Simple enough for daily use. Explicit enough to know where the key and recovery material live.

01

Pair a wallet

Verify the factory certificate, create the BIP-32 key, and record the actual derivation path.

02

Back up before funding

Save the encrypted XPRV file, copy the printed decryption key separately, then change the factory PIN.

03

Review, then tap

Check destination, amount, fee, inputs, and change in the wallet before authorizing its signature request.

One card. A choice of wallets.

Current integrations include Nunchuk, Cove, Bitcoin Keeper, and Sparrow. Choose by platform, policy, and recovery workflow—not by logo alone.

Compare compatible wallets

Your phone is the interface.
TAPSIGNER is the signer.

ModelWhere the key livesWhere you review
Phone-only walletOn the phonePhone
TAPSIGNERSeparate NFC cardCompanion wallet
Display hardware walletSeparate deviceHardware device

Normal signing keeps the unencrypted master XPRV off the phone. The wallet still decides what digest to request, so software and transaction review remain part of the security model.

No seed words.
Two recovery materials.

TAPSIGNER exports the master XPRV and current path in an AES-128-CTR encrypted file. Recovery requires that file, a separate copy of the fixed 128-bit key printed on the card, and the wallet configuration that defines the addresses or multisig policy.

No restore-to-card command. Recovery decrypts the XPRV for use outside the original card, so the recovery environment becomes part of your security boundary.

Plan backup and recovery

One signer. Different roles.

Mobile single signature

Keep the one signing key on a separate card while your wallet manages the interface and public data.

Understand the model →

Multisig cosigner

Use TAPSIGNER as one independent key, with the complete descriptor and recovery plan preserved.

Plan a multisig role →

Open integration

Build with the public protocol, reference implementation, certificate checks, and documented command flow.

Read the developer guide →

No screen means
the wallet matters.

TAPSIGNER signs a requested digest; it cannot independently display the payment. Verify the wallet, review the finalized transaction, and choose a display-equipped signer when on-device confirmation is required.

Keep this one.
Hand the other one over.

Keep TAPSIGNER under one owner's control and use it repeatedly to sign. Choose SATSCARD when funded bitcoin should travel with a physical card to a new owner.

Compare SATSCARD and TAPSIGNER

Wallet builds.
Card signs.

A short walkthrough of pairing TAPSIGNER with Nunchuk and authorizing with NFC.

Keep the key in your pocket.