On a related note, I cant seem to find how to backup the key in Nunchuk and as a result, cannot yet recommend this wallet.
Discussion
I thought it gave you the key when first making wallet and after that there is no way to get it again. ???
correct, but it starts with a key.
so really sends people down the wrong road.
Best course of action for this software is deleting any empty hot wallets it starts with, along with key, and creating (or restoring).
So force people to restore before they can use the wallet??
no. restore is optional. force them to create everything from scratch. i think there was a prompt that suggests making a quick hot wallet or something, and in doing so, you dont get the words for that key.
I never had this occur. I have the seed from my software key like I do any of them. Are you sure you aren’t mistaken? I’ve made and used a bunch of keys with Nunchuk and have never had the situation you describe.
dug into this further and found the cause...(yes, there are bugs)
when first entering the app, with no wallets or keys, create a wallet.
you cant make a normal wallet without keys so make a hot wallet.
this creates a key, and the wallet.
now decide you dont want a hot wallet, as you instead want a 2 of 2 multisig with a hotkey and a tapsigner.
delete the hot wallet.
at this point, you dont have any way to backup the seed words for the key that was created it for the hot wallet, but that key can be used in more wallets.
it would be better if users could always export their seed words.
You can also replace keys. Not sure if it works in this scenario. Maybe this is the fail safe. Maybe will test this scenario
nostr:npub1cvqlzvmjercdn0ypsmv8f7j9lge6ahsnueh5rparh53wuswftv4q49yjt3
Concur that's a decent option for an already created wallet using a key without seed words to sweep to a new one
Further to my last thought replacing key works. So I guess that helps if you realize after the fact and still have phone but of no help if you loose phone. Seems like a possible rugging possibility to me. Especially for people new to the space who don’t fully understand what they are doing.
Just to be clear, this is an edge case scenario (that might warrant a fix), but not how the majority of people use Nunchuk. When you create the key or hot wallet, best practice is to back up the key at the earliest.
This scenario you ran into is specifically about deleting the hot wallet (without having backed up the key) AND reuse the same key in a multisig.
We currently disable exporting the seed phrase more than once, for security reasons. After all, if one can view/export the seed phrase multiple times, it becomes a vulnerability, if someone gets a hold of your phone even for just 15 seconds.
• When you create a software key it gives you the seed like any normal wallet.
• If you are using a Coldcard then it’s just the Coldcard seed, there isn’t a new one for the wallet.
• If it’s multisig you need to also save a copy of the wallet config. I always simply email that to myself, it’s needed to restore, but isn’t terribly sensitive, I prioritize availability over privacy there. Although I send from a protonmail account to another protonmail account with the subject “BACKUP” so it’s just always searchable in email if I need it.
There is nothing uniquely different about Nunchuk and key backups. It forces you to save your seed during the key creation process like any of them. You might be remembering incorrectly or confusing how you set it up?
it does NOT force you to backup the seed for a key created as part of a hot wallet initialization.
Correct. There’s nothing Nunchuk does uniquely regarding backups. You can use Nunchuk with other hardware signing devices (for which seed generation/backup should be handled separately on the hardware), or you can use a Software key, which Nunchuk generates and gives you the seed phrase for.
The scenario the OP mentioned specifically has to do with an edge case where user created a hot wallet (with a hot key that you can back up later), then CHANGED THEIR MIND and delete the hot key AND REUSE THE SAME HOT KEY (that user hasn’t backed up) in a multisig wallet. This might warrant a fix, but not how the majority of people use Nunchuk.