winsign.sign¶
Functions for signing PE and MSI files.
- winsign.sign.key_signer(priv_key)¶
Create a signer function that signs with a private key.
- Parameters:
priv_key (key object) – A cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey instance
- Returns:
A signer function with signature signer(digest: bytes, digest_algo: str) -> bytes
- async winsign.sign.sign_file(infile, outfile, digest_algo, certs, signer, cafile=None, timestampfile=None, url=None, comment=None, crosscert=None, timestamp_style=None, timestamp_url=None)¶
Sign a PE or MSI file.
- Parameters:
infile (str) – Path to the unsigned file
outfile (str) – Path to where the signed file will be written
digest_algo (str) – Which digest algorithm to use. Generally ‘sha1’ or ‘sha256’
certs (list of x509 certificates) – certificates to attach to the new signature
cafile (str) – path to cafile of the cert we use to sign
timestampfile (str) – path to the ca for verifying the timestamp
signer (function) – Function that takes (digest, digest_algo) and returns bytes of the signature. Normally this will be using a private key object to sign the digest.
url (str) – A URL to embed into the signature
comment (str) – A string to embed into the signature
crosscert (str) – Extra certificates to attach to the signature
timestamp_style (str) – What kind of signed timestamp to include in the signature. Can be None, ‘old’, or ‘rfc3161’.
timestamp_url (str) – URL for the timestamp server to use. Required if timestamp_style is set.
- Returns:
True on success False otherwise