pivit
« Back to VersTracker
Description:
Sign and verify data using hardware (Yubikey) backed x509 certificates (PIV)
Type: Formula  |  Tracked Since: Dec 28, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: cryptography security yubikey x509 cli signing
Install: brew install pivit
About:
Pivit is a command-line tool that enables users to sign and verify data using hardware-backed X.509 certificates, specifically leveraging YubiKey's PIV (Personal Identity Verification) smart card functionality. It provides a secure alternative to software-based key storage by ensuring private keys never leave the hardware device. This enhances security posture for sensitive operations by protecting against key extraction and malware.
Key Features:
  • Hardware-backed signing using YubiKey PIV
  • X.509 certificate support for verification
  • Secure key generation and storage on device
  • CLI interface for easy integration into scripts
  • Cross-platform compatibility
Use Cases:
  • Signing Git commits with a YubiKey for enhanced identity verification
  • Verifying software artifacts or documents to ensure integrity and authenticity
  • Securing automated build pipelines by using hardware-backed keys for signing
  • Managing digital identities for secure communications
Alternatives:
  • OpenSSL – OpenSSL is a general-purpose cryptography toolkit that can perform similar operations but requires complex configuration for hardware token integration and stores keys in files by default.
  • GnuPG (GPG) – GPG is the standard for PGP/GPG signing but uses a different trust model and key format; Pivit specifically targets the X.509/PIV standard common in enterprise environments.
Version History
Detected Version Rev Change Commit
Sep 13, 2025 11:03am 0 VERSION_BUMP f8a7b56c
Nov 25, 2024 10:21am 0 VERSION_BUMP 4b2a10b1
Oct 11, 2024 10:45pm 0 VERSION_BUMP a1d631aa
Oct 11, 2024 9:56pm 0 VERSION_BUMP e2b5ecb7
Sep 13, 2024 5:48am 0 VERSION_BUMP a56726a8