delvison/tapsigner-decrypt-backup.md

Last active January 14, 2025 14:11

Star (1) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/delvison/548dfed98d6802554d797da5738a2f0c.js"></script>
Save delvison/548dfed98d6802554d797da5738a2f0c to your computer and use it in GitHub Desktop.

How to decrypt Tapsigner backup

Raw

Tapsigner is an inexpensive Bitcoin signing device that holds your private keys on an NFC card. As of writing this, nunchuck is the only mobile wallet to support it.

Backups of the private key are done so in a AES-128-CTR encryption using a key printed on the back of the card.

To decrypt this key and obtain its xprv value with openssl in cli run the following:

openssl aes-128-ctr -iv 0 -K "<BACKUP_KEY_ON_CARD>" -in backup.aes

The xprv key can then be used in any other standard Bitcoin wallet that supports importing a bip32 xprv to it.

More info here: https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md

intek71 commented Mar 7, 2024

Hi, openssl does not support aes-128-ctr. Downloaded 3.2.1. Any ideas?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment