@hugohanoi Are you able to provide a bit more info here?
When Claimant puts in Magic Words and Backup Password from Tapsigner to unlock, and does this in the Nunchuk app, how does this not potentially give Nunchuk access to this key and your key (giving you 2 of 3)?
Just want to be completely clear on this and appreciate your time.
You got it mostly correct the first time.
So it’s the Claimant unlocking their Tapigner locally, signing a PSBT, then Nunchuk adding its key to comprise the 2 of 3 for transfer of fund and initiate the send?
  1. Encrypted file downloaded onto Beneficiary's device
  2. Decryption happens locally
  3. Recovered Tapsigner's private key now is in Beneficiary's device
  4. Beneficiary selects a withdrawal address
  5. Sweep transaction is created
  6. Beneficiary signs the sweep transaction with the recovered Tapsigner key
  7. Platform Key co-signs the sweep transaction
  8. Sweep transaction is broadcast
You can test this flow out on testnet for free by the way.