Critical recovery guide

TAPSIGNER Backup and Recovery

There is no BIP-39 seed phrase and no restore-to-card command. Preserve the encrypted file, decryption key, and wallet configuration.

TAPSIGNER recovery requires its encrypted backup file, the separate 128-bit decryption key printed on the card, and enough wallet-configuration data to reconstruct the same addresses and policy. It has no BIP-39 seed phrase and no restore-to-card command. Recovery exposes the master XPRV to the environment that decrypts it.

Back up before funding. The protocol requires at least one backup before it allows the factory CVC to be changed, but creating one file is not the same as having a tested recovery plan.

What the backup file contains

The TAPSIGNER backup command returns a small binary file. After AES-128-CTR decryption, the defined contents are:

  1. the Base58-encoded master XPRV;
  2. the current hardened derivation path.

The encryption key is a fixed 16-byte value printed as 32 hexadecimal characters on the card. The protocol uses AES-128-CTR with a zero initialization vector. Compatible wallets should save the encrypted bytes without asking for or learning the printed decryption key during ordinary backup.

Future protocol versions may add lines to the decrypted format, so recovery tooling should follow the current specification rather than assuming only two forever.

What else a complete recovery needs

An XPRV can reproduce descendant keys, but it does not by itself describe every wallet rule. Preserve:

  • the encrypted TAPSIGNER backup file;
  • an accurate copy of the printed 128-bit decryption key;
  • the current derivation path recorded in the file and wallet;
  • wallet type and script type;
  • the output descriptor or wallet configuration;
  • for multisig, every cosigner XPUB, origin/fingerprint, order convention, and signing threshold;
  • the network and any application-specific policy information.

A descriptor or exported wallet configuration is often the best compact record of address construction. Test the publisher's documented export and recovery process before relying on the wallet.

Keep the two backup factors separate

The encrypted file and printed key are designed to be useful together. If an attacker obtains both, they can decrypt the master XPRV without the card or current PIN. If you lose either one and lose the card, recovery may fail.

Store multiple durable copies of the encrypted file. Store a precise copy of the decryption key in a different failure domain. Do not keep the only file and only key in the same phone, cloud account, envelope, or location. Do not photograph the card into an automatically synchronized photo library unless that exposure is part of your explicit threat model.

The decryption key is not the working PIN. Changing the PIN does not rotate the printed backup key or re-encrypt prior backup files under a new key.

Create the backup

  1. Verify that the companion app recognizes a genuine TAPSIGNER and checks its factory certificate.
  2. Complete key setup and select the intended hardened derivation path.
  3. Use the app's TAPSIGNER backup function and authenticate with the current CVC.
  4. Save the returned encrypted file in more than one controlled location.
  5. Copy the printed hexadecimal decryption key exactly and verify the copy character by character.
  6. Export the wallet descriptor/configuration and record the policy.
  7. Confirm that the card reports at least one completed backup before changing the PIN.

Never type the printed decryption key into an app merely to create the encrypted backup. The card performs encryption internally; the printed key is for emergency decryption.

Test without normalizing secret exposure

A recovery test should prove that the file is present, the copied hexadecimal key is accurate, the expected XPRV/path format can be obtained, and the wallet configuration maps to known addresses. Decryption reveals the master private key, so perform the test in a controlled offline environment you are prepared to treat as secret-bearing.

The official Nunchuk starter page documents an OpenSSL recovery command and a GUI key utility. Follow the current publisher instructions and verify downloaded tools. After a decryption test, remove temporary plaintext and assume any environment that saw the XPRV could have retained it.

For the strongest operational separation, a test can use a dedicated offline device and a small, newly created wallet before significant funding. Security cannot be restored by merely deleting a file from a system that may already be compromised.

Recovery after loss or damage

  1. Isolate a trusted offline recovery environment.
  2. Obtain the encrypted file and the separately stored 128-bit decryption key.
  3. Verify the file and tool provenance before decryption.
  4. Decrypt and confirm the output contains the expected XPRV and path.
  5. Reconstruct the wallet using the preserved descriptor/configuration.
  6. Verify derived receive addresses against records from before the loss.
  7. If funds are at risk, create and verify a new destination wallet, then sweep.
  8. Treat the recovered XPRV as exposed and do not return to the old security assumptions.

There is no restore-to-card command

The Coinkite Tap Protocol explicitly has no command that imports the recovered XPRV into another TAPSIGNER. Recovery means signing or importing outside the original card. That may be enough to move funds, but the replacement setup is a different security state.

For multisig, you may only need enough recovered keys to satisfy the threshold, but you still need the correct wallet configuration. Read TAPSIGNER as a multisig cosigner before designing the policy.

Failure cases to plan for

Failure Consequence Control
Card lost, file and key preserved XPRV can be recovered externally Preserve wallet configuration and test the procedure
File lost, card works Create a fresh encrypted backup immediately Maintain redundant file copies from the start
Printed key lost, card works Old files cannot be decrypted without the key Make verified separate copies before funding
New PIN forgotten Card cannot reset to the factory CVC Recover externally with file + printed key, then move funds
File + printed key stolen Attacker can decrypt the XPRV Separate storage and move funds if joint exposure is suspected
Descriptor/config lost Keys may exist but wallet reconstruction is harder Export and preserve the wallet policy with every setup change

Next: set up with Nunchuk, understand screenless signing, or review the security model.

Official sources

Protocol claims on this page were checked against these first-party sources on 2026-07-10.