# Install smimesign with Homebrew, MacPorts, Nix, scoop, winget

S/MIME signing utility for use with Git. Version 0.2.0 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:smimesign
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install smimesign
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install smimesign
```

  Evidence: MacPorts ports tree: security/smimesign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#smimesign
```

  Evidence: nixpkgs package indexes: pkgs/by-name/sm/smimesign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

### Windows

- Scoop (92%):

```sh
scoop install main/smimesign
```

  Evidence: Scoop official bucket manifest trees: bucket/smimesign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id GitHub.smimesign -e
```

  Evidence: Windows Package Manager source index: GitHub.smimesign from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:smimesign
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/smimesign>
- **Version:** 0.2.0
- **Source summary:** S/MIME signing utility for use with Git
- **Homepage:** <https://github.com/github/smimesign>
- **Repository:** <https://github.com/github/smimesign>
- **Upstream docs:** <https://github.com/github/smimesign#readme>
- **License:** MIT
- **Source archive:** <https://github.com/github/smimesign/archive/refs/tags/v0.2.0.tar.gz>
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- smimesign (cli)
- smimesign (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_big_sur, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.2.0
- Local data: ok
- Upstream repository: https://github.com/github/smimesign
- Upstream latest detected: v0.2.0 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

smimesign is GitHub's S/MIME signing utility for Git commits and tags on macOS and Windows. It matters in CLI packaging because it bridges Git's signing hooks with native X.509 certificate stores instead of requiring GnuPG keys.

### Project history

The official README describes smimesign as an S/MIME signing utility compatible with Git, using X.509 certificates from public or internal certificate authorities. It also states that the tool uses keys and certificates already stored in macOS Keychain or Windows Certificate Store.

### Adoption history

The README documents Homebrew installation on macOS and Scoop installation on Windows, while the supplied package metadata also lists MacPorts, Nix, and winget. This made it installable through the same package managers developers already use for Git tooling.

### How it is used

Users configure Git to invoke smimesign for signing. For Git 2.19 and newer, the README shows setting `gpg.x509.program` to `smimesign` and `gpg.format` to `x509`, either locally per repository or globally for all repositories.

### Why package nerds care

Package maintainers care because smimesign is security-sensitive, platform-specific, and tied to native certificate stores and smart cards. It is also a clear example of package managers distributing small developer-security helpers that integrate with a larger tool, Git.

### Timeline

- 2018: First GitHub release returned by the releases API was 0.0.1.
- 2018: README documents the Git 2.19 configuration split for X.509 signing.
- 2021: Repository release list shows v0.2.0-rc1 as the latest listed release.

### Related projects

- The README discusses Git, GnuPG, PKI, S/MIME, macOS Keychain, Windows Certificate Store, smart cards, OpenSC, and YubiKey PIV tooling.

### Sources

- GitHub releases API for github/smimesign: first listed release 0.0.1 on 2018-09-11.
- <https://github.com/github/smimesign README: purpose, platform support, certificate stores, Git configuration, package-manager installation, smart-card notes.>
- input source_facts.package-manager: Homebrew, MacPorts, Nix, Scoop, and winget package names.


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** smimesign
- **Version Scheme:** 0
- **Revision:** 0
- **Requirements:** macos
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - smimesign: normalized package name match | nixpkgs package indexes: pkgs/by-name/sm/smimesign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- MacPorts - smimesign: normalized package name match | MacPorts ports tree: security/smimesign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Scoop - main/smimesign: normalized package name match | Scoop official bucket manifest trees: bucket/smimesign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
- winget - GitHub.smimesign: normalized package name match | Windows Package Manager source index: GitHub.smimesign from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [cfssl](https://www.automicvault.com/pkg/brew/cfssl/) - Shares av.db curated category or tags: certificates, cli, cryptography, security.
- [mbedtls](https://www.automicvault.com/pkg/brew/mbedtls/) - Shares av.db curated category or tags: cli, cryptography, security, x509.
- [botan](https://www.automicvault.com/pkg/brew/botan/) - Shares av.db curated category or tags: cli, cryptography, security.
- [ccrypt](https://www.automicvault.com/pkg/brew/ccrypt/) - Shares av.db curated category or tags: cli, cryptography, security.
- [gmssl](https://www.automicvault.com/pkg/brew/gmssl/) - Shares av.db curated category or tags: cli, cryptography, security.
- [gnupg-pkcs11-scd](https://www.automicvault.com/pkg/brew/gnupg-pkcs11-scd/) - Shares av.db curated category or tags: cli, cryptography, security.
- [gnutls](https://www.automicvault.com/pkg/brew/gnutls/) - Shares av.db curated category or tags: cli, cryptography, security.
- [gpgme](https://www.automicvault.com/pkg/brew/gpgme/) - Shares av.db curated category or tags: cli, cryptography, security.
- [jose](https://www.automicvault.com/pkg/brew/jose/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, cryptography, security, signing.
- [pius](https://www.automicvault.com/pkg/brew/pius/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, cryptography, security, signing.
- [showcert](https://www.automicvault.com/pkg/brew/showcert/) - Security-sensitive metadata or terminology overlaps. Shared terms: certificates, cli, cryptography, security, x509.

## Combined YAML source

View the package source record on GitHub. [combined/smimesign.yml](https://github.com/automic-vault/db/blob/main/combined/smimesign.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
