A comprehensive overview of YubiKey-related packages available through Homebrew, ranging from encryption tools to authentication managers. These packages provide various ways to leverage YubiKey hardware tokens for enhanced security.
Purpose: Plugin for encrypting files with age and PIV tokens such as YubiKeys
License: Apache-2.0 OR MIT
Status: Stable, actively maintained
A plugin that enables file encryption using secret key material stored on YubiKeys, compatible with age and rage encryption clients.
Key Features:
- Hardware-backed file encryption/decryption
- Supports YubiKey 4 and 5 series (including Nano and USB-C variants)
- Requires PIV support with ECDSA P-256 key
- PIN protection with cache support for smoother operations
Usage Examples:
# Generate YubiKey identity
age-plugin-yubikey --generate
# List YubiKey recipients
age-plugin-yubikey --list
# Encrypt files
rage -r age1yubikey1... file.txt > file.txt.age
# Decrypt files
rage -d -i yubikey-identity.txt file.txt.ageInstallation: brew install age-plugin-yubikey
Purpose: Command-line tool for the YubiKey PIV application
License: BSD-2-Clause
Status: Stable, widely used (6,521 annual installs)
Open-source software for interacting with the Personal Identity Verification (PIV) application on YubiKeys.
Key Capabilities:
- Generate keys directly on device in different slots
- Create certificate requests and self-signed certificates
- Import certificates from various sources
- Change management keys and read/verify certificates
- Set touch policies on supported YubiKey models
Usage Examples:
# Generate new ECC-P256 key on device in slot 9a
yubico-piv-tool -s9a -AECCP256 -agenerate
# Create certificate request
yubico-piv-tool -a verify-pin -a request-certificate -s 9a -S "/CN=test/"
# Import certificate
yubico-piv-tool -a import-certificate -s 9a < cert.pemInstallation: brew install yubico-piv-tool
Purpose: Seamless ssh-agent for YubiKeys and other PIV tokens
License: BSD-3-Clause
Status: Stable, growing adoption (649 annual installs)
A modern SSH agent written in Go that provides superior YubiKey integration compared to traditional SSH agents.
Key Benefits:
- Easy setup: One-command setup with single environment variable
- Indestructible: Tolerates unplugging, sleep, and suspend without restart
- Compatible: Works with all SSH services and servers
- Secure: Keys generated on YubiKey cannot be extracted
Setup:
# Install and start service
brew install yubikey-agent
brew services start yubikey-agent
# Add to shell profile
export SSH_AUTH_SOCK="/opt/homebrew/var/run/yubikey-agent.sock"
# Generate key on YubiKey (done automatically on first use)Security Features:
- Requires PIN for every session
- Requires physical touch for every login
- Automatic YubiKey management key and PUK setup
Installation: brew install yubikey-agent
Purpose: YubiKey personalization library and tool
License: BSD-2-Clause
Status: Stable (974 annual installs)
Library and command-line tool for personalizing YubiKeys by setting AES keys and configuring device settings.
Configuration Options:
- Static ticket mode
- Access lock codes
- Password strength options
- Custom AES key programming
Dependencies: json-c, libyubikey
Installation: brew install ykpers
Purpose: Yubico pluggable authentication module
License: BSD-2-Clause
Status: ykclient)
This package has been disabled due to dependency on deprecated ykclient library.
Purpose: Application for generating TOTP and HOTP codes
Status: Popular GUI app (2,652 annual installs)
Official companion app for YubiKey that provides comprehensive credential management.
Key Features:
- Manage OATH one-time passwords (TOTP/HOTP)
- Display YubiKey device information
- Configure PIN, passkeys, and WebAuthn settings
- Manage PIV credentials
- Provision YubiKey credentials
Platform Support:
- macOS 13 (Ventura) & above
- Works with both USB and NFC-enabled YubiKeys
- No internet connectivity required
Installation: brew install --cask yubico-authenticator
Purpose: Application for configuring any YubiKey
Status: Most popular GUI tool (4,504 annual installs)
Comprehensive graphical application for YubiKey configuration and management.
Installation: brew install --cask yubico-yubikey-manager
Purpose: Status bar application to enable/disable Yubikey Nano
Status: Niche utility (332 annual installs)
Simple macOS menu bar app for quickly enabling/disabling YubiKey Nano devices.
Installation: brew install --cask pallotron-yubiswitch
Purpose: Libraries and utilities to interact with a YubiHSM 2 natively and via PKCS#11
Status: Enterprise tool (102 annual installs)
Software development kit for interacting with YubiHSM 2 hardware security modules.
Installation: brew install --cask yubihsm2-sdk
Most popular packages by install count:
- yubico-piv-tool (6,521/year) - Core PIV operations
- yubico-yubikey-manager (4,504/year) - GUI management
- yubico-authenticator (2,652/year) - TOTP/HOTP codes
- ykpers (974/year) - Device personalization
- yubikey-agent (649/year) - SSH agent
- age-plugin-yubikey (537/year) - File encryption
For most users, start with:
yubico-yubikey-manager- Essential GUI for initial setupyubikey-agent- Modern SSH key managementyubico-authenticator- TOTP/HOTP code generationage-plugin-yubikey- Hardware-backed file encryption
Advanced users may also want yubico-piv-tool for command-line PIV operations and certificate management.
EOF < /dev/null