Metadata-Version: 2.1
Name: winsign
Version: 2.0.0
Summary: Utilities to support code signing Windows executable files
Home-page: https://github.com/catlee/winsign
Author: Chris AtLee
Author-email: catlee@mozilla.com
License: MPL2.0
Keywords: winsign
Platform: UNKNOWN
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Requires-Dist: construct
Requires-Dist: cryptography
Requires-Dist: pyasn1
Requires-Dist: pyasn1-modules

=======
winsign
=======

.. image:: https://img.shields.io/pypi/v/winsign.svg
        :target: https://pypi.python.org/pypi/winsign

.. image:: https://readthedocs.org/projects/winsign/badge/?version=latest
        :target: https://winsign.readthedocs.io/en/latest/?badge=latest
        :alt: Documentation Status

`winsign` is a python module for signing and manipulating `Authenticode
<https://en.wikipedia.org/wiki/Code_signing#Implementations>`_ signatures in PE and MSI files.

* Works on Python 3.6 and up.
* Free software: MPL2

Requirements
============
Most dependencies are specified in requirements/base.txt, however, currently
you also need `osslsigncode` installed to perform signing. This utility can be
fetched from your distribution's package repository, or from e.g.
https://github.com/theuni/osslsigncode

Installation
============
`pip install winsign`

CLI Usage
=========
::

   usage: winsign [-h] --certs CERTS --key PRIV_KEY [-n COMMENT] [-i URL] -d
                  {sha1,sha256} [-t {old,rfc3161}] [-v] [-q]
                  infile [outfile]

   positional arguments:
     infile            unsigned file to sign
     outfile           where to write output to. defaults to infile

   optional arguments:
     -h, --help        show this help message and exit
     --certs CERTS     certificates to include in the signature
     --key PRIV_KEY    private key used to sign
     -n COMMENT        comment to include in signature
     -i URL            url to include in signature
     -d {sha1,sha256}  digest to use for signing. must be one of sha1 or sha256
     -t {old,rfc3161}
     -v, --verbose
     -q, --quiet

Future plans
============
* Stop using osslsigncode for PE signatures
* Refactor code so that osslsigncode functionality is in its own module
* Add python support for MSI, then we can drop dependency on osslsigncode

Credits
=======

* Chris AtLee <catlee@mozilla.com>


History
=======

2.0.0 (2019-10-17)
------------------
* Breaking API: Some functions are now async. In particular, the top-level
  `sign_file` function is now an async function.
* Restructured module layout
* Added docs

1.3.0 (2019-09-12)
------------------

* Fixed old style timestamp generation
* Added signature verification code
* Removed autograph support. Client code can implement their own autograph
  signing hooks for `winsign.sign.sign_file`

1.2.0 (2019-09-10)
------------------

* Updated logging so that is_signed doesn't produce error logs when files aren't signed

1.1.0 (2019-09-05)
------------------

* Added is_signed method to check if files are signed


1.0.0 (2019-08-30)
------------------

* First release


