diff --git a/libraries/deno-commons-mod.ts b/libraries/deno-commons-mod.ts
index 24df67f..b730789 100644
--- a/libraries/deno-commons-mod.ts
+++ b/libraries/deno-commons-mod.ts
@@ -675,7 +675,7 @@ class Logger {
     _debug: boolean = false;
 
     constructor() {
-        this._debug = osEnv("LOGGER") === '*';
+        this._debug = osEnv("LOGGER") === "*";
     }
 
     // deno-lint-ignore no-explicit-any
@@ -960,8 +960,11 @@ export function encodeBase64Url(
 export async function getKeyRingPassword(
     service: string,
     user: string,
-): string | null {
-    const keyRingArgs = ["-g", "--json", "-S", service, "-U", user];
+): Promise<string | null> {
+    const keyRingArgs = ["-g", "--json", "-U", user];
+    if (service) {
+        keyRingArgs.push(...["-S", service]);
+    }
     const processOutput = await execCommand("keyring.rs", keyRingArgs);
     const stdoutString = processOutput.getStdoutAsStringThenTrim();
     const stderrString = processOutput.getStderrAsStringThenTrim();
@@ -983,8 +986,11 @@ export async function setKeyRingPassword(
     service: string,
     user: string,
     password: string,
-): void {
-    const keyRingArgs = ["-s", "-S", service, "-U", user, "-P", password];
+): Promise<void> {
+    const keyRingArgs = ["-s", "-U", user, "-P", password];
+    if (service) {
+        keyRingArgs.push(...["-S", service]);
+    }
     const processOutput = await execCommand("keyring.rs", keyRingArgs);
     const stdoutString = processOutput.getStdoutAsStringThenTrim();
     const stderrString = processOutput.getStderrAsStringThenTrim();
diff --git a/libraries/deno-piv-mod.ts b/libraries/deno-piv-mod.ts
index a7f3157..e3088f7 100644
--- a/libraries/deno-piv-mod.ts
+++ b/libraries/deno-piv-mod.ts
@@ -1,4 +1,4 @@
-import {execCommand} from "https://global.hatter.ink/script/get/@18/deno-commons-mod.ts";
+import {execCommand, getKeyRingPassword,} from "https://global.hatter.ink/script/get/@47/deno-commons-mod.ts";
 import {encodeHex} from "jsr:@std/encoding/hex";
 
 // example output
@@ -18,20 +18,37 @@ interface CardPivEcSignOutput {
     slot: string;
 }
 
+interface SignPivOptions {
+    pin?: string;
+    service?: string;
+    user?: string;
+}
+
+export async function signPivString(
+    slot: string,
+    message: string,
+    options?: SignPivOptions,
+): Promise<CardPivEcSignOutput> {
+    return await signPiv(slot, await sha256AndHexMessage(message), options);
+}
+
 export async function signPiv(
     slot: string,
     digestSha256Hex: string,
+    options?: SignPivOptions,
 ): Promise<CardPivEcSignOutput> {
-    const processOutput = await execCommand("card-cli", [
-        "piv-ecsign",
-        "-s",
-        slot,
-        "-x",
-        digestSha256Hex,
-        "--json",
-    ]);
-    processOutput.assertSuccess();
-    return JSON.parse(processOutput.stdout) as CardPivEcSignOutput;
+    if (!options?.pin && options?.user) {
+        options.pin = await getKeyRingPassword(
+            options.service,
+            options.user,
+        );
+    }
+    const args = ["piv-ecsign", "-s", slot, "-x", digestSha256Hex, "--json"];
+    if (options?.pin) {
+        args.push(...["--pin", options?.pin]);
+    }
+    return (await execCommand("card-cli", args))
+        .assertSuccess().stdoutAsJson() as CardPivEcSignOutput;
 }
 
 export async function sha256AndHexMessage(message: string): Promise<string> {