TAPSIGNER basics
What Is TAPSIGNER?
A reusable NFC Bitcoin hardware signer that works with a companion wallet.
TAPSIGNER is a reusable NFC Bitcoin hardware signer. A compatible wallet manages balances, constructs transactions, and shows the details; TAPSIGNER holds a BIP-32 private key on a separate card and signs after a tap and PIN. It is not a complete wallet interface and has no onboard display.
Why separate the signing key from the phone?
A phone wallet that stores its own private key can sign whenever software gains access to that key. TAPSIGNER changes the boundary: the phone keeps the public wallet information and asks a separate physical card to sign. Normal signing does not give the phone the unencrypted master XPRV.
This can reduce exposure to key extraction from the phone. It does not make a compromised phone harmless. The companion wallet chooses the transaction digest sent for signing, and TAPSIGNER cannot show that transaction on its own screen because it has none.
What happens during setup
TAPSIGNER ships without a wallet private key. A compatible app supplies a 32-byte chain code, and the card generates a fresh random key pair using its internal true random number generator. The resulting BIP-32 master key incorporates both inputs, and the app can verify that its chain code was used.
The default hardened derivation path is m/84h/0h/0h, commonly used as the account prefix for native SegWit single-signature wallets. Wallet software can select another hardened account path, including a path used by its multisig design. The card then signs at non-hardened receive/change subpaths selected for individual addresses.
What happens when you sign
- The compatible wallet constructs a Bitcoin transaction and calculates the digest that each input requires.
- You review the wallet's displayed destination, amount, fee, inputs, and change.
- The wallet connects to TAPSIGNER over NFC and authenticates with the current CVC/PIN through an encrypted session.
- TAPSIGNER signs the requested digest at the applicable derivation path.
- The wallet adds the signature, finalizes when policy requirements are met, and broadcasts when you choose.
The card authorizes a digest, not a human-readable payment. The review in step two is therefore part of the security model, not decoration.
Backup without seed words
TAPSIGNER does not use a BIP-39 mnemonic. Its backup command exports a small file containing the master XPRV and current derivation path, encrypted with AES-128-CTR. The fixed 128-bit decryption key is printed in hexadecimal on the card.
Recovery needs the encrypted file and a preserved copy of that printed key. A complete wallet recovery may also need the wallet descriptor or configuration, script type, cosigner XPUBs, and quorum. There is no protocol command to restore an XPRV onto a replacement TAPSIGNER; recovery uses the key outside the original card.
Read the complete backup and recovery guide before funding a new wallet.
PIN/CVC behavior
The initial CVC is printed on the card. After at least one backup has been completed, it can be changed to a numeric value between 6 and 32 digits. The old factory value no longer works, and there is no reset path if the new PIN is forgotten.
Do not store the working PIN with the card. Do preserve the separate backup decryption key: changing the PIN does not change the fixed key printed for backup recovery.
TAPSIGNER compared with common options
| Option | Where the signing key lives | Independent transaction display | Normal recovery |
|---|---|---|---|
| Phone-only hot wallet | On the phone | Phone only | App's seed/backup model |
| TAPSIGNER | Separate NFC card | No; companion wallet only | Encrypted XPRV file + printed key + wallet configuration |
| Display-equipped hardware wallet | Separate hardware device | Yes, device-dependent | Device's documented seed/backup model |
| SATSCARD | One current bearer slot | No | Unseal that slot and sweep |
Who it is for
TAPSIGNER fits a user who wants convenient mobile signing without keeping the signing key in the phone, or a multisig user who wants a compact independent cosigner. Developers can integrate it through the public protocol.
Use a display-equipped hardware wallet when on-device transaction review is required, and use SATSCARD when the goal is to hand funded bitcoin to a new owner. Next, choose a compatible wallet or review screenless signer tradeoffs.
Official sources
Protocol claims on this page were checked against these first-party sources on 2026-07-10.