pivit ☆

« Back to VersTracker

Description:
Sign and verify data using hardware (Yubikey) backed x509 certificates (PIV)

Type: Formula | Tracked Since: Dec 28, 2025

Links: Homepage | formulae.brew.sh

Category: Security

Tags: cryptography security yubikey x509 cli signing

Install: brew install pivit

About:
Pivit is a command-line tool that enables users to sign and verify data using hardware-backed X.509 certificates, specifically leveraging YubiKey's PIV (Personal Identity Verification) smart card functionality. It provides a secure alternative to software-based key storage by ensuring private keys never leave the hardware device. This enhances security posture for sensitive operations by protecting against key extraction and malware.

Key Features:

Hardware-backed signing using YubiKey PIV
X.509 certificate support for verification
Secure key generation and storage on device
CLI interface for easy integration into scripts
Cross-platform compatibility

Use Cases:

Signing Git commits with a YubiKey for enhanced identity verification
Verifying software artifacts or documents to ensure integrity and authenticity
Securing automated build pipelines by using hardware-backed keys for signing
Managing digital identities for secure communications

Alternatives:

OpenSSL – OpenSSL is a general-purpose cryptography toolkit that can perform similar operations but requires complex configuration for hardware token integration and stores keys in files by default.
GnuPG (GPG) – GPG is the standard for PGP/GPG signing but uses a different trust model and key format; Pivit specifically targets the X.509/PIV standard common in enterprise environments.

Version History

Detected	Change	Commit
Sep 13, 2025 11:03am	VERSION_BUMP	f8a7b56c
Nov 25, 2024 10:21am	VERSION_BUMP	4b2a10b1
Oct 11, 2024 10:45pm	VERSION_BUMP	a1d631aa
Oct 11, 2024 9:56pm	VERSION_BUMP	e2b5ecb7
Sep 13, 2024 5:48am	VERSION_BUMP	a56726a8
Aug 19, 2024 12:27pm	VERSION_BUMP	bb1c0c3f