winsign.asn1¶
ASN.1 structures and methods specific for windows signing.
- class winsign.asn1.SpcAttributeTypeAndOptionalValue(**kwargs)¶
SPC type/value attributes.
- componentType = <NamedTypes object, types <NamedType object, type type=<ObjectIdentifier schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<SpcPeImageData schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type flags=<SpcPeImageFlags schema object, tagSet <TagSet object, tags 0:0:3>, namedValues <NamedValues object, enums includeResources=0, includeDebug...o=1, includeImportAddressTable=2>>>, <OptionalNamedType object, type file=<SpcLink schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type url=<IA5String schema object, tagSet <TagSet object, tags 128:0:0>, encoding us-ascii>>, <NamedType object, type moniker=<Any schema object, tagSet <TagSet object, tags 128:0:1>, encoding iso-8859-1>>, <NamedType object, type file=<SpcString schema object, tagSet=<TagSet object, tags 128:0:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type unicode=<BMPString schema object, tagSet <TagSet object, tags 128:0:0>, encoding utf-16-be>>, <NamedType object, type ascii=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>>¶
Default collection of ASN.1 types of component (e.g.
NamedType) object imposing size constraint on |ASN.1| objects
- class winsign.asn1.SpcIndirectDataContent(**kwargs)¶
SPC Indirect Data Content.
- componentType = <NamedTypes object, types <NamedType object, type data=<SpcAttributeTypeAndOptionalValue schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type=<ObjectIdentifier schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<SpcPeImageData schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type flags=<SpcPeImageFlags schema object, tagSet <TagSet object, tags 0:0:3>, namedValues <NamedValues object, enums includeResources=0, includeDebug...o=1, includeImportAddressTable=2>>>, <OptionalNamedType object, type file=<SpcLink schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type url=<IA5String schema object, tagSet <TagSet object, tags 128:0:0>, encoding us-ascii>>, <NamedType object, type moniker=<Any schema object, tagSet <TagSet object, tags 128:0:1>, encoding iso-8859-1>>, <NamedType object, type file=<SpcString schema object, tagSet=<TagSet object, tags 128:0:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type unicode=<BMPString schema object, tagSet <TagSet object, tags 128:0:0>, encoding utf-16-be>>, <NamedType object, type ascii=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type messageDigest=<DigestInfo schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type digestAlgorithm=<DigestAlgorithmIdentifier schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type algorithm=<ObjectIdentifier schema object, tagSet <TagSet object, tags 0:0:6>>>, <OptionalNamedType object, type parameters=<Any schema object, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type digest=<Digest schema object, tagSet <TagSet object, tags 0:0:4>, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>>>¶
Default collection of ASN.1 types of component (e.g.
NamedType) object imposing size constraint on |ASN.1| objects
- class winsign.asn1.SpcLink(**kwargs)¶
SPC Link class for holding references to URLs or files.
- componentType = <NamedTypes object, types <NamedType object, type url=<IA5String schema object, tagSet <TagSet object, tags 128:0:0>, encoding us-ascii>>, <NamedType object, type moniker=<Any schema object, tagSet <TagSet object, tags 128:0:1>, encoding iso-8859-1>>, <NamedType object, type file=<SpcString schema object, tagSet=<TagSet object, tags 128:0:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type unicode=<BMPString schema object, tagSet <TagSet object, tags 128:0:0>, encoding utf-16-be>>, <NamedType object, type ascii=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>>¶
Default collection of ASN.1 types of component (e.g.
NamedType) object representing ASN.1 type allowed within |ASN.1| type
- class winsign.asn1.SpcPeImageData(**kwargs)¶
SPC PE Image Data.
- componentType = <NamedTypes object, types <NamedType object, type flags=<SpcPeImageFlags schema object, tagSet <TagSet object, tags 0:0:3>, namedValues <NamedValues object, enums includeResources=0, includeDebug...o=1, includeImportAddressTable=2>>>, <OptionalNamedType object, type file=<SpcLink schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type url=<IA5String schema object, tagSet <TagSet object, tags 128:0:0>, encoding us-ascii>>, <NamedType object, type moniker=<Any schema object, tagSet <TagSet object, tags 128:0:1>, encoding iso-8859-1>>, <NamedType object, type file=<SpcString schema object, tagSet=<TagSet object, tags 128:0:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type unicode=<BMPString schema object, tagSet <TagSet object, tags 128:0:0>, encoding utf-16-be>>, <NamedType object, type ascii=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>>¶
Default collection of ASN.1 types of component (e.g.
NamedType) object imposing size constraint on |ASN.1| objects
- class winsign.asn1.SpcPeImageFlags(value=<NoValue object>, **kwargs)¶
SPC PE Image Flags.
- namedValues = <NamedValues object, enums includeResources=0, includeDebug...o=1, includeImportAddressTable=2>¶
Default
NamedValuesobject representing symbolic aliases for numbers
- class winsign.asn1.SpcSpOpusInfo(**kwargs)¶
SPC Information class for holding additional information about a signature.
- componentType = <NamedTypes object, types <OptionalNamedType object, type programName=<SpcString schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type unicode=<BMPString schema object, tagSet <TagSet object, tags 128:0:0>, encoding utf-16-be>>, <NamedType object, type ascii=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type moreInfo=<SpcLink schema object, tagSet=<TagSet object, tags 128:32:1>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type url=<IA5String schema object, tagSet <TagSet object, tags 128:0:0>, encoding us-ascii>>, <NamedType object, type moniker=<Any schema object, tagSet <TagSet object, tags 128:0:1>, encoding iso-8859-1>>, <NamedType object, type file=<SpcString schema object, tagSet=<TagSet object, tags 128:0:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type unicode=<BMPString schema object, tagSet <TagSet object, tags 128:0:0>, encoding utf-16-be>>, <NamedType object, type ascii=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>>¶
Default collection of ASN.1 types of component (e.g.
NamedType) object imposing size constraint on |ASN.1| objects
- class winsign.asn1.SpcString(**kwargs)¶
SPC String class represetning unicode or ascii strings.
- componentType = <NamedTypes object, types <NamedType object, type unicode=<BMPString schema object, tagSet <TagSet object, tags 128:0:0>, encoding utf-16-be>>, <NamedType object, type ascii=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>>¶
Default collection of ASN.1 types of component (e.g.
NamedType) object representing ASN.1 type allowed within |ASN.1| type
- winsign.asn1.calc_signerinfo_digest(signer_info, digest_algo)¶
Calcuate the digest of authenticatedAttributes.
- Parameters:
signer_info (SignerInfo object) – object with authenticatedAttributes over which we will calculate the digest.
digest_algo (str) – digest algorithm to use. e.g. ‘sha256’
- Returns:
digest as a byte string
- winsign.asn1.calc_spc_digest(encoded_content, digest_algo)¶
Calculate the digest of an encoded SPC object.
- winsign.asn1.copy_signer_info(old_si, pkcs7_cert)¶
Copy SignerInfo object, replacing the certificate information.
- Parameters:
old_si (SignerInfo object) – original SignerInfo to copy
pkcs7_cert (TBSCertificate object) – certificate to inject
- Returns:
New SignerInfo object.
- winsign.asn1.der_header_length(encoded)¶
Returns the length of the header of a DER encoded object.
- Parameters:
encoded (bytes) – DER encoded bytestring
- Returns:
length (int)
- winsign.asn1.get_signatures_from_certificates(certificates)¶
Retrieve the signatures from a list of certificates.
- winsign.asn1.get_signeddata(s)¶
Gets the SignedData from an encoded ContentInfo object.
- async winsign.asn1.make_authenticode_signeddata(cert, signer, authenticode_digest, digest_algo, timestamp=None, opus_info=None, opus_url=None)¶
Creates a SignedData object containing the signature for a PE file.
- Parameters:
cert (X509) – public certificate used for signing
signer (function) – signing function
authenticode_digest (bytes) – Authenticode digest of PE file to sign NB. This is not simply the hash of the file!
digest_algo (str) – digest algorithm to use. e.g. ‘sha256’
timestamp (UTCTime) – optional. timestamp to include in the signature. If not provided, the current time is used.
opus_info (string) – Additional information to include in the signature
opus_url (string) – URL to include in the signature
- Returns:
A ContentInfo ASN1 object
- winsign.asn1.make_signer_info(pkcs7_cert, digest_algo, timestamp, spc_digest, opus_info=None, opus_url=None)¶
Create a SignerInfo object representing an Authenticode signature.
- winsign.asn1.make_spc(digest_algo, authenticode_digest)¶
Create a new SPC object.
- async winsign.asn1.resign(old_sig, certs, signer)¶
Resigns an old signature with a new certificate.
Replaces the encrypted signature digest in the given signature with new one generated with the given signer function.
- Parameters:
old_sig (SignedData) – the original signature as a SignedData object
certs (list of x509 certificates) – certificates to attach to the new signature
signer (function) – function to call to generate the new encrypted digest. The function is passed two arguments: (signer_digest, digest_algo)
- Returns:
ContentInfo object with the new signature embedded
- winsign.asn1.x509_to_pkcs7(cert)¶
Convert an x509 certificate to a PKCS7 TBSCertificate.
- Parameters:
cert (x509 object) – x509 certificate to convert
- Returns:
TBSCertificate that represents the same x509 cert