Metadata-Version: 2.1
Name: winsign
Version: 2.2.2
Summary: Utilities to support code signing Windows executable files
Home-page: https://github.com/mozilla/winsign
Author: Joel Maher
Author-email: jmaher@mozilla.com
License: MPL2.0
Keywords: winsign
Platform: UNKNOWN
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Requires-Dist: construct
Requires-Dist: cryptography
Requires-Dist: pyasn1
Requires-Dist: pyasn1-modules

=======
winsign
=======

.. image:: https://img.shields.io/pypi/v/winsign.svg
        :target: https://pypi.python.org/pypi/winsign

.. image:: https://readthedocs.org/projects/winsign/badge/?version=latest
        :target: https://winsign.readthedocs.io/en/latest/?badge=latest
        :alt: Documentation Status

`winsign` is a python module for signing and manipulating `Authenticode
<https://en.wikipedia.org/wiki/Code_signing#Implementations>`_ signatures in PE and MSI files.

* Works on Python 3.6 and up.
* Free software: MPL2

Requirements
============
Most dependencies are specified in requirements/base.txt, however, currently
you also need `osslsigncode` installed to perform signing. This utility can be
fetched from your distribution's package repository, or from e.g.
https://github.com/theuni/osslsigncode

Signing MSIX/APPX files currently requires Mozilla's fork of `msix-packaging
<https://github.com/mozilla/msix-packaging/tree/johnmcpms/signing>`_.

Installation
============
`pip install winsign`

CLI Usage
=========
::

   usage: winsign [-h] --certs CERTS --key PRIV_KEY [-n COMMENT] [-i URL] -d
                  {sha1,sha256} [-t {old,rfc3161}] [-v] [-q]
                  infile [outfile]

   positional arguments:
     infile            unsigned file to sign
     outfile           where to write output to. defaults to infile

   optional arguments:
     -h, --help        show this help message and exit
     --certs CERTS     certificates to include in the signature
     --key PRIV_KEY    private key used to sign
     -n COMMENT        comment to include in signature
     -i URL            url to include in signature
     -d {sha1,sha256}  digest to use for signing. must be one of sha1 or sha256
     -t {old,rfc3161}
     -v, --verbose
     -q, --quiet

Future plans
============
* Stop using osslsigncode for PE signatures
* Refactor code so that osslsigncode functionality is in its own module
* Add python support for MSI, then we can drop dependency on osslsigncode

Development
===========
Highly recommended to create a virtualenv, then run:
 * *python setup.py develop*
 * make your changes to the source files
 * run local tests: *tox*

upon successful r+ and merging to *master* branch, you need to release a new version on PyPi.
 * edit setup.py to adjust the version
 * generate .whl file locally: *python setup.py bdist_wheel*
 * file will exist in: *./dist/winsign-{version}-py3-none-any.whl*
 * (assuming you have pypi access to upload)
 * upload to pypi: *twine upload --verbose dist/winsign-{version}-py3-none-any.whl*

Credits
=======

* Chris AtLee
* Ben Hearsum <bhearsum@mozilla.com>
* Joel Maher <jmaher@mozilla.com>


History
=======

2.2.2 (2021-10-20)
------------------
* make CAfile an argument to sign_file
* small tweaks to readme, history, version number

2.2.0 (2021-10-13)
------------------
* Added support for osslsigncode 2.1+ (required -CAfile cli)
* updated documentation for packaging and ownership

2.1.0 (2021-07-14)
------------------
* Added support for MSIX/APPX signing

2.0.0 (2019-10-17)
------------------
* Breaking API: Some functions are now async. In particular, the top-level
  `sign_file` function is now an async function.
* Restructured module layout
* Added docs

1.3.0 (2019-09-12)
------------------

* Fixed old style timestamp generation
* Added signature verification code
* Removed autograph support. Client code can implement their own autograph
  signing hooks for `winsign.sign.sign_file`

1.2.0 (2019-09-10)
------------------

* Updated logging so that is_signed doesn't produce error logs when files aren't signed

1.1.0 (2019-09-05)
------------------

* Added is_signed method to check if files are signed


1.0.0 (2019-08-30)
------------------

* First release


