Code to verify signatures.

class winsign.verify.VerifyStatus

Object to represent signature verification status.

add_result(name, value, message)

Add a new result to the verificatoin status.


Convert an ASN1 name to a x509 name.

winsign.verify.get_attribute(attributes, type_)

Return the first attribute with the given type from a sequence of attributes.


Returns a mapping of (issuer, serial) to x509 certificates.


Removes PKCS1 padding from a byte string.

e.g. 00 01 FF FF FF FF 00 12 34 -> 12 34


Verifies the given pefile.


f (file object) – open pefile. This must be open in binary mode.


A VerifyStatus object, which evaluates to True if all checks pass, or False if one or more checks fail. A list of checks and their statuses can be found in the .results attribute.

winsign.verify.verify_pefile_checksum(f, pe)

Verifies the PE file checksum.

winsign.verify.verify_pefile_digest(f, pe)

Verifies that the authenticode digest in this PE file is valid.

winsign.verify.verify_pefile_old_timestamp(f, pe)

Verifies that the timestamp in this PE file is valid.

winsign.verify.verify_pefile_rfc3161_timestamp(f, pe)

Verifies that the timestamp in this PE file is valid.

winsign.verify.verify_pefile_signature(f, pe)

Verifies that the signature in this PE file is valid.

winsign.verify.verify_signed_data(signed_data, x509_certs_by_serial)

Verify a SignedData object.

winsign.verify.verify_signer_info(signer_info, x509_certs_by_serial)

Verifies a SignerInfo object from a signature.