Metadata-Version: 2.4
Name: signify
Version: 0.9.1
Summary: Module to generate and verify PE signatures
Author-email: Ralph Broenink <ralph@ralphbroenink.net>
License-Expression: MIT
Project-URL: Documentation, http://signify.readthedocs.io/en/latest/
Project-URL: Repository, https://github.com/ralphje/signify
Project-URL: Changelog, https://signify.readthedocs.io/en/latest/changelog.html
Keywords: authenticode,authentihash,fingerprinter,pe
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Legal Industry
Classifier: Intended Audience :: System Administrators
Classifier: Programming Language :: Python
Classifier: Topic :: Scientific/Engineering :: Information Analysis
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: System :: Software Distribution
Classifier: Topic :: Utilities
Requires-Python: >=3.9
Description-Content-Type: text/x-rst
License-File: LICENSE
Requires-Dist: certvalidator>=0.11
Requires-Dist: asn1crypto<2,>=1.3
Requires-Dist: oscrypto<2,>=1.1
Requires-Dist: mscerts
Requires-Dist: typing_extensions>=4.6.0
Provides-Extra: msi
Requires-Dist: olefile; extra == "msi"
Provides-Extra: full
Requires-Dist: olefile; extra == "full"
Dynamic: license-file

Signify
=======
.. image:: https://github.com/ralphje/signify/actions/workflows/test.yml/badge.svg
    :target: https://github.com/ralphje/signify/actions/workflows/test.yml
.. image:: https://codecov.io/gh/ralphje/signify/branch/master/graph/badge.svg
    :target: https://codecov.io/gh/ralphje/signify
.. image:: https://readthedocs.org/projects/signify/badge/?version=latest
    :target: http://signify.readthedocs.io/en/latest/?badge=latest

Signify, a portmanteau of *signature* and *verify*, is a Python module that provides
validation and inspection of digital code signatures. These types of signatures are
used to verify the authenticity and integrity of executable code, providing assurance
about who published a piece of software and whether is has been altered since it was
signed.

This library is mostly intended for malware analysts and security professionals to
allow validation of these signatures outside their normal ecosystem and enable close
inspection of the available data.

Currently, this library is only able to verify Windows Authenticode signatures, the
specific Microsoft technology that is used in Windows to verify software integrity.
Typically, Authenticode signatures are embedded into the file itself, without altering
the functionality of the software. However, these signatures can also be provided by
external Authenticode catalogs (.cat files), allowing virtually any file to be signed
using this technology.

The following file types are supported, with support for other file types being
expected:

* PE executables (.exe, .dll and various other Windows executables)
* MSI files (.msi)
* Catalog files (.stl and .cat)
* Any flat file that is signed through a catalog file

This module is compatible with Python 3.9+.

Installation
------------
Installation is very simple::

    pip install signify

Support for some file types (including MSI) requires::

    pip install signify[full]

Documentation
-------------
Documentation is available at http://signify.readthedocs.io/en/latest/ or in the docs/
directory.

Thanks
------
Huge thanks to Germano Caronni for writing the original code in the
`verify_sigs project <https://github.com/anthrotype/verify-sigs>`_, on which this
project was based.

A multitude of significant improvements and modifications was made on top of their
original contribution, including improving PE signature support, adding support for
various other files, and moving the original scripts into a modern Python module.
