winsign.sign

Functions for signing PE and MSI files.

winsign.sign.key_signer(priv_key)

Create a signer function that signs with a private key.

Parameters:

priv_key (key object) – A cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey instance

Returns:

A signer function with signature signer(digest: bytes, digest_algo: str) -> bytes

async winsign.sign.sign_file(infile, outfile, digest_algo, certs, signer, cafile=None, timestampfile=None, url=None, comment=None, crosscert=None, timestamp_style=None, timestamp_url=None)

Sign a PE or MSI file.

Parameters:

• infile (str) – Path to the unsigned file

• outfile (str) – Path to where the signed file will be written

• digest_algo (str) – Which digest algorithm to use. Generally ‘sha1’ or ‘sha256’

• certs (list of x509 certificates) – certificates to attach to the new signature

• cafile (str) – path to cafile of the cert we use to sign

• timestampfile (str) – path to the ca for verifying the timestamp

• signer (function) – Function that takes (digest, digest_algo) and returns bytes of the signature. Normally this will be using a private key object to sign the digest.

• url (str) – A URL to embed into the signature

• comment (str) – A string to embed into the signature

• crosscert (str) – Extra certificates to attach to the signature

• timestamp_style (str) – What kind of signed timestamp to include in the signature. Can be None, ‘old’, or ‘rfc3161’.

• timestamp_url (str) – URL for the timestamp server to use. Required if timestamp_style is set.

Returns:

True on success False otherwise