diff --git a/Cargo.lock b/Cargo.lock
index 8672d10..898ae45 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -508,7 +508,7 @@ dependencies = [
 
 [[package]]
 name = "card-cli"
-version = "1.12.7"
+version = "1.12.8"
 dependencies = [
  "aes-gcm-stream",
  "authenticator 0.3.1",
diff --git a/Cargo.toml b/Cargo.toml
index ca7e8eb..26717d4 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "card-cli"
-version = "1.12.7"
+version = "1.12.8"
 authors = ["Hatter Jiang <jht5945@gmail.com>"]
 edition = "2018"
 
diff --git a/src/cmd_hmac_encrypt.rs b/src/cmd_hmac_encrypt.rs
index 760ffe9..0b02e52 100644
--- a/src/cmd_hmac_encrypt.rs
+++ b/src/cmd_hmac_encrypt.rs
@@ -22,6 +22,7 @@ impl Command for CommandImpl {
                     .help("Plaintext"),
             )
             .arg(Arg::with_name("with-pbe").long("with-pbe").help("With PBE encryption"))
+            .arg(Arg::with_name("double-pin-check").long("double-pin-check").help("Double PIN check"))
             .arg(Arg::with_name("pbe-iteration").long("pbe-iteration").takes_value(true).help("PBE iteration, default 100000"))
             .arg(cmdutil::build_json_arg())
     }
@@ -32,9 +33,10 @@ impl Command for CommandImpl {
         let mut text = sub_arg_matches.value_of("plaintext").unwrap().to_string();
         let with_pbe = sub_arg_matches.is_present("with-pbe");
         if with_pbe {
+            let double_pin_check = sub_arg_matches.is_present("double-pin-check");
             let iteration = sub_arg_matches.value_of("pbe-iteration")
                 .map(|x| x.parse::<u32>().unwrap()).unwrap_or(100000);
-            text = pbeutil::simple_pbe_encrypt_with_prompt_from_string(iteration, &text)?;
+            text = pbeutil::simple_pbe_encrypt_with_prompt_from_string(iteration, &text, double_pin_check)?;
         }
         let hmac_encrypt_ciphertext = hmacutil::hmac_encrypt_from_string(&text)?;
 
diff --git a/src/pbeutil.rs b/src/pbeutil.rs
index 8dce37b..0919946 100644
--- a/src/pbeutil.rs
+++ b/src/pbeutil.rs
@@ -7,8 +7,8 @@ use rust_util::XResult;
 
 const PBE_ENC_PREFIX: &str = "pbe_enc:";
 
-pub fn simple_pbe_encrypt_with_prompt_from_string(iteration: u32, plaintext: &str) -> XResult<String> {
-    simple_pbe_encrypt_with_prompt(iteration, plaintext.as_bytes())
+pub fn simple_pbe_encrypt_with_prompt_from_string(iteration: u32, plaintext: &str, password_double_check: bool) -> XResult<String> {
+    simple_pbe_encrypt_with_prompt(iteration, plaintext.as_bytes(), password_double_check)
 }
 
 pub fn simple_pbe_decrypt_with_prompt_to_string(ciphertext: &str) -> XResult<String> {
@@ -16,9 +16,15 @@ pub fn simple_pbe_decrypt_with_prompt_to_string(ciphertext: &str) -> XResult<Str
     Ok(String::from_utf8(plaintext)?)
 }
 
-pub fn simple_pbe_encrypt_with_prompt(iteration: u32, plaintext: &[u8]) -> XResult<String> {
-    let pin = opt_value_result!(pinutil::get_pin(None), "Simple PBE password required");
-    simple_pbe_encrypt(&pin, iteration, plaintext)
+pub fn simple_pbe_encrypt_with_prompt(iteration: u32, plaintext: &[u8], password_double_check: bool) -> XResult<String> {
+    let pin1 = opt_value_result!(pinutil::get_pin(None), "Simple PBE password required");
+    if password_double_check {
+        let pin2 = opt_value_result!(pinutil::get_pin(None), "Simple PBE password required");
+        if pin1 != pin2 {
+            return simple_error!("Two PINs mismatch");
+        }
+    }
+    simple_pbe_encrypt(&pin1, iteration, plaintext)
 }
 
 pub fn simple_pbe_decrypt_with_prompt(ciphertext: &str) -> XResult<Vec<u8>> {