Companion-wallet guide
Set Up TAPSIGNER with Nunchuk
Use Nunchuk's current in-app flow, then complete the backup and PIN steps before funding the wallet.
To set up TAPSIGNER with Nunchuk, install Nunchuk from an official source, use its current TAPSIGNER onboarding flow, verify and initialize the card, capture the encrypted backup, change the PIN, and create the intended single-signature or multisignature wallet. Test receiving, signing, and recovery before adding meaningful funds.
The Nunchuk interface can change. This guide describes the security sequence that should remain stable; follow the official Nunchuk TAPSIGNER starter page for current screen names and download links.
Before setup
Prepare:
- an NFC-capable phone supported by the current Nunchuk release;
- a TAPSIGNER with readable factory CVC and backup key;
- two or more controlled storage locations for the encrypted backup and copied decryption key;
- a decision between single-signature and multisignature;
- for multisig, the other cosigners and a written quorum/recovery plan.
Download Nunchuk through its official site or verified app-store listing. Check the publisher and release information rather than following sponsored search results or direct messages.
Step 1: add and verify TAPSIGNER
Open the current add-key or hardware-key workflow and select TAPSIGNER. Tap the card at the NFC antenna position for your phone. The application should identify the product, verify the factory certificate, and confirm that a new card has not already been initialized unexpectedly.
Stop if the app reports a certificate failure, wrong product, or unexplained existing wallet key. Do not type the CVC into an unrelated NFC utility.
Step 2: initialize the BIP-32 key
Nunchuk supplies the required 32-byte chain code, while TAPSIGNER generates its secret key contribution internally. The app should verify the chain code in the resulting BIP-32 data. The default single-signature account path is commonly m/84h/0h/0h; multisig or service policies may use another hardened path.
Record the actual path and key fingerprint shown by the wallet. Do not replace observed values with a path copied from a generic guide.
Step 3: capture the encrypted backup
Run Nunchuk's TAPSIGNER backup workflow before funding. Save the encrypted file in more than one controlled place. Copy the fixed 128-bit hexadecimal backup key from the card and store that copy separately from the file.
Nunchuk's official starter page describes how to inspect the backup with OpenSSL or its key utilities. Decryption reveals the master XPRV, so test only in a trusted offline environment and treat that environment as secret-bearing afterward. Read the full backup and recovery guide.
Step 4: change the working PIN
After at least one backup, change the factory CVC to a new numeric PIN between 6 and 32 digits. Use a value you can enter accurately but do not store it with the card. The old factory CVC stops working immediately, and there is no PIN reset.
The printed 32-character backup key is different from the working PIN. Do not erase or obscure it until independently verified copies exist.
Step 5: create the wallet
Single signature
Use TAPSIGNER as the wallet's only signing key when you accept that card loss will require the encrypted-XPRV recovery process. Export the wallet configuration or descriptor and record the derivation path.
Multisignature
Add TAPSIGNER as one cosigner in the intended quorum. Confirm every key fingerprint, XPUB, derivation path, script type, and threshold. Export the complete wallet configuration to more than one location. A pile of private-key backups without the correct multisig policy is not a complete recovery plan.
Nunchuk also offers subscription and collaborative-custody workflows. Those add service and policy assumptions beyond the card itself; review Nunchuk's current terms and recovery documentation for the chosen plan.
Step 6: verify a receive address
Generate a fresh receive address in Nunchuk and verify that it belongs to the wallet configuration you intended. TAPSIGNER has no screen on which to show the address. For meaningful deposits, compare the descriptor-derived address using another trusted tool or a separately restored watch-only copy of the wallet.
Send a small amount first, confirm it, and verify that the wallet reports the expected transaction before transferring more.
Step 7: make a test transaction
Create a small payment back to an address you control. Review amount, destination, fee, inputs, and change in Nunchuk before tapping. Authenticate with the current PIN and complete the NFC signing step. Confirm the finalized transaction matches what you reviewed before broadcasting.
The tap proves physical participation by the card; it does not give the card an independent view of the transaction.
Step 8: test recovery records
Before increasing the balance, confirm that you can locate:
- the encrypted TAPSIGNER backup file;
- the separately stored printed decryption key copy;
- the wallet descriptor/configuration;
- the derivation path and key fingerprint;
- every multisig cosigner and the threshold;
- current instructions for reconstructing or sweeping the wallet.
Do not post screenshots of these materials to support chats. Nunchuk and Coinkite support do not need your PIN, XPRV, backup key, or seed material.
What this setup does not protect against
TAPSIGNER does not make a compromised Nunchuk installation display the truth, verify the destination on-card, or preserve wallet configuration automatically. It also does not provide a BIP-39 phrase or restore a lost key onto a replacement card.
Next: review screenless signing tradeoffs, compatible wallets, or the TAPSIGNER security model.
Official sources
Protocol claims on this page were checked against these first-party sources on 2026-07-10.