Skip to content

mozilla-releng/winsign

Repository files navigation

winsign

Documentation Status

winsign is a python module for signing and manipulating Authenticode signatures in PE and MSI files.

  • Works on Python 3.11 and up.
  • Free software: MPL2

Requirements

Most dependencies are specified in pyproject.toml, however, currently you also need osslsigncode installed to perform signing. This utility can be fetched from your distribution's package repository, or from e.g. https://github.com/mtrojnar/osslsigncode

Signing MSIX/APPX files currently requires Mozilla's fork of msix-packaging.

Installation

pip install winsign

CLI Usage

usage: winsign [-h] --certs CERTS --key PRIV_KEY [-n COMMENT] [-i URL] -d
               {sha1,sha256} [-t {old,rfc3161}] [-v] [-q]
               infile [outfile]

positional arguments:
  infile            unsigned file to sign
  outfile           where to write output to. defaults to infile

optional arguments:
  -h, --help        show this help message and exit
  --certs CERTS     certificates to include in the signature
  --key PRIV_KEY    private key used to sign
  -n COMMENT        comment to include in signature
  -i URL            url to include in signature
  -d {sha1,sha256}  digest to use for signing. must be one of sha1 or sha256
  -t {old,rfc3161}
  -v, --verbose
  -q, --quiet

Future plans

  • Stop using osslsigncode for PE signatures
  • Refactor code so that osslsigncode functionality is in its own module
  • Add python support for MSI, then we can drop dependency on osslsigncode

Development

Highly recommended to create a virtualenv, then run:
  • pip install -e .
  • make your changes to the source files
  • run local tests: tox
upon successful r+ and merging to master branch, you need to release a new version on PyPi.
  • edit pyproject.toml to adjust the version
  • generate .whl file locally: python setup.py bdist_wheel
  • file will exist in: ./dist/winsign-{version}-py3-none-any.whl
  • (assuming you have pypi access to upload)
  • upload to pypi: twine upload --verbose dist/winsign-{version}-py3-none-any.whl

Credits

About

Tools for signing Windows files

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

 
 
 

Contributors