winsign is a python module for signing and manipulating Authenticode signatures in PE and MSI files.
- Works on Python 3.6 and up.
- Free software: MPL2
Most dependencies are specified in requirements/base.txt, however, currently you also need osslsigncode installed to perform signing. This utility can be fetched from your distribution's package repository, or from e.g. https://github.com/theuni/osslsigncode
Signing MSIX/APPX files currently requires Mozilla's fork of `msix-packaging`<https://github.com/mozilla/msix-packaging/tree/johnmcpms/signing>`_.
pip install winsign
usage: winsign [-h] --certs CERTS --key PRIV_KEY [-n COMMENT] [-i URL] -d
{sha1,sha256} [-t {old,rfc3161}] [-v] [-q]
infile [outfile]
positional arguments:
infile unsigned file to sign
outfile where to write output to. defaults to infile
optional arguments:
-h, --help show this help message and exit
--certs CERTS certificates to include in the signature
--key PRIV_KEY private key used to sign
-n COMMENT comment to include in signature
-i URL url to include in signature
-d {sha1,sha256} digest to use for signing. must be one of sha1 or sha256
-t {old,rfc3161}
-v, --verbose
-q, --quiet
- Stop using osslsigncode for PE signatures
- Refactor code so that osslsigncode functionality is in its own module
- Add python support for MSI, then we can drop dependency on osslsigncode
- Chris AtLee <catlee@mozilla.com>