Authenticode
The Authenticode support of Signify allows you to easily verify a PE File’s signature:
with open("file.exe", "rb") as f:
pefile = SignedPEFile(f)
pefile.verify()
This method will raise an error if it is invalid. A simpler API is also available, allowing you to interpret the error if one happens:
with open("file.exe", "rb") as f:
pefile = SignedPEFile(f)
status, err = pefile.explain_verify()
if status != AuthenticodeVerificationResult.OK:
print(f"Invalid: {err}")
If you need to get more information about the signature, you can use this:
with open("file.exe", "rb") as f:
pefile = SignedPEFile(f)
for signed_data in pefile.signed_datas:
print(signed_data.signer_info.program_name)
if signed_data.signer_info.countersigner is not None:
print(signed_data.signer_info.countersigner.signing_time)
A more thorough example is available in the examples directory of the Signify repository.
Note that the file must remain open as long as not all SignedData objects have been parsed.
Signed PE File
A regular PE file will contain zero or one AuthenticodeSignedData
objects. The SignedPEFile
class
contains helpers to ensure the correct objects can be extracted, and additionally, allows for validating the PE
signatures.
- class signify.authenticode.SignedPEFile(file_obj: BinaryIO)
A PE file that is to be parsed to find the relevant sections for Authenticode parsing.
- Parameters:
file_obj – A PE file opened in binary file
- explain_verify(*args: Any, **kwargs: Any) tuple[AuthenticodeVerificationResult, Exception | None]
This will return a value indicating the signature status of this PE file. This will not raise an error when the verification fails, but rather indicate this through the resulting enum
- Return type:
(signify.authenticode.AuthenticodeVerificationResult, Exception)
- Returns:
The verification result, and the exception containing more details (if available or None)
- get_authenticode_omit_sections() dict[str, RelRange] | None
Returns all ranges of the raw file that are relevant for exclusion for the calculation of the hash function used in Authenticode.
The relevant sections are (as per http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx, chapter Calculating the PE Image Hash):
The location of the checksum
The location of the entry of the Certificate Table in the Data Directory
The location of the Certificate Table.
- Returns:
dict if successful, or None if not successful
- get_fingerprinter() AuthenticodeFingerprinter
Returns a fingerprinter object for this file.
- Return type:
- iter_signed_datas(include_nested: bool = True) Iterator[AuthenticodeSignedData]
Returns an iterator over
AuthenticodeSignedData
objects relevant for this PE file.- Parameters:
include_nested – Boolean, if True, will also iterate over all nested SignedData structures
- Raises:
SignedPEParseError – For parse errors in the PEFile
signify.authenticode.AuthenticodeParseError – For parse errors in the SignedData
- Returns:
iterator of signify.authenticode.SignedData
- property signed_datas: Iterator[AuthenticodeSignedData]
Returns an iterator over
AuthenticodeSignedData
objects relevant for this PE file. Seeiter_signed_datas()
- verify(*, multi_verify_mode: Literal['any', 'first', 'all', 'best'] = 'any', expected_hashes: dict[str, bytes] | None = None, **kwargs: Any) bool
Verifies the SignedData structures. This is a little bit more efficient than calling all verify-methods separately.
- Parameters:
expected_hashes – When provided, should be a mapping of hash names to digests. This could speed up the verification process.
multi_verify_mode –
Indicates how to verify when there are multiple :cls:`AuthenticodeSignedData` objects in this PE file. Can be:
’any’ (default) to indicate that any of the signatures must validate correctly.
’first’ to indicate that the first signature must verify correctly (the default of tools such as sigcheck.exe)
’all’ to indicate that all signatures must verify
’best’ to indicate that the signature using the best hashing algorithm must verify (e.g. if both SHA-1 and SHA-256 are present, only SHA-256 is checked); if multiple signatures exist with the same algorithm, any may verify
This argument has no effect when only one signature is present.
- Raises:
AuthenticodeVerificationError – when the verification failed
- class signify.authenticode.AuthenticodeVerificationResult(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)
This represents the result of an Authenticode verification. If everything is OK, it will equal to
AuthenticodeVerificationResult.OK
, otherwise one of the other enum items will be returned. Remember that onl the first exception is processed - there may be more wrong.- CERTIFICATE_ERROR = 6
An error occurred during the processing of a certificate (e.g. during chain building), or when verifying the certificate’s signature.
- COUNTERSIGNER_ERROR = 9
Something went wrong when verifying the countersignature.
- INCONSISTENT_DIGEST_ALGORITHM = 7
A highly specific error raised when different digest algorithms are used in SignedData, SpcInfo or SignerInfo.
- INVALID_DIGEST = 8
The verified digest does not match the calculated digest of the file. This is a tell-tale sign that the file may have been tampered with.
- NOT_SIGNED = 2
The provided PE file is not signed.
- OK = 1
The signature is valid.
- PARSE_ERROR = 3
The Authenticode signature could not be parsed.
- UNKNOWN_ERROR = 5
An unknown error occurred during parsing or verifying.
- VERIFY_ERROR = 4
The Authenticode signature could not be verified. This is a more generic error than other possible statuses and is used as a catch-all.
PKCS7 objects
To help understand the specific SignedData and SignerInfo objects, the following graph may help:
- class signify.authenticode.AuthenticodeSignedData(data: SignedData | SignedData, pefile: SignedPEFile | None = None)
The
signify.pkcs7.SignedData
structure for Authenticode. It holds the same information as its superclass, with additionally theSpcInfo
:- spc_info
The parsed
content
of thisSignedData
object, being a SpcIndirectDataContent object.
- Parameters:
data (asn1.pkcs7.SignedData) – The ASN.1 structure of the SignedData object
pefile – The related PEFile.
- explain_verify(*args: Any, **kwargs: Any) tuple[AuthenticodeVerificationResult, Exception | None]
This will return a value indicating the signature status of this object. This will not raise an error when the verification fails, but rather indicate this through the resulting enum
- Return type:
Tuple[AuthenticodeVerificationResult, Exception]
- Returns:
The verification result, and the exception containing more details (if available or None)
- verify(*, expected_hash: bytes | None = None, verification_context: ~signify.x509.context.VerificationContext | None = None, cs_verification_context: ~signify.x509.context.VerificationContext | None = None, trusted_certificate_store: ~signify.x509.context.CertificateStore = [<signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>], verification_context_kwargs: dict[str, ~typing.Any] | None = None, countersignature_mode: ~typing.Literal['strict', 'permit', 'ignore'] = 'strict') None
Verifies the SignedData structure:
Verifies that the digest algorithms match across the structure (
SpcInfo
,AuthenticodeSignedData
andAuthenticodeSignerInfo
must have the same)Ensures that the hash in
SpcInfo.digest
matches the expected hash. If no expected hash is provided to this function, it is calculated using theFingerprinter
obtained from theSignedPEFile
object.Verifies that the
SpcInfo
, when hashed, is the same as the value inSignerInfo.message_digest
In the case of a countersigner, calls
check_message_digest()
on the countersigner to verify that the hashed value ofAuthenticodeSignerInfo.encrypted_digest
is contained in the countersigner.Verifies the chain of the countersigner up to a trusted root, see
SignerInfo.verify()
andRFC3161SignedData.verify()
Verifies the chain of the signer up to a trusted root, see
SignerInfo.verify()
In the case of a countersigner, the verification is performed using the timestamp of the
CounterSignerInfo
, otherwise now is assumed. If there is no countersigner, you can override this by specifying a different timestamp in theVerificationContext
. Note that you cannot set a timestamp when checking against the CRL; this is not permitted by the underlying library. If you need to do this, you must therefore set countersignature_mode toignore
.- Parameters:
expected_hash (bytes) – The expected hash digest of the
SignedPEFile
.verification_context (VerificationContext) – The VerificationContext for verifying the chain of the
SignerInfo
. The timestamp is overridden in the case of a countersigner. Default stores are TRUSTED_CERTIFICATE_STORE and the certificates of thisSignedData
object. EKU is code_signingcs_verification_context (VerificationContext) – The VerificationContext for verifying the chain of the
CounterSignerInfo
. The timestamp is overridden in the case of a countersigner. Default stores are TRUSTED_CERTIFICATE_STORE and the certificates of thisSignedData
object. EKU is time_stampingtrusted_certificate_store (CertificateStore) – A
CertificateStore
object that contains a list of trusted certificates to be used whenNone
is passed to eitherverification_context
orcs_verification_context
and aVerificationContext
is created.verification_context_kwargs (dict) – If provided, keyword arguments that are passed to the instantiation of
VerificationContext
s created in this function. Used for e.g. providing a timestamp.countersignature_mode (str) – Changes how countersignatures are handled. Defaults to ‘strict’, which means that errors in the countersignature result in verification failure. If set to ‘permit’, the countersignature is checked, but when it errors, it is verified as if the countersignature was never set. When set to ‘ignore’, countersignatures are never checked.
- Raises:
AuthenticodeVerificationError – when the verification failed
- Returns:
None
- class signify.authenticode.SpcInfo(data: SpcIndirectDataContent)
The Authenticode’s SpcIndirectDataContent information, and their children. This is expected to be part of the content of the SignedData structure in Authenticode.
Note that this structure is completely flattened out from this ASN.1 spec:
SpcIndirectDataContent ::= SEQUENCE { data SpcAttributeTypeAndOptionalValue, messageDigest DigestInfo } SpcAttributeTypeAndOptionalValue ::= SEQUENCE { type ObjectID, value [0] EXPLICIT ANY OPTIONAL } DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, digest OCTETSTRING } AlgorithmIdentifier ::= SEQUENCE { algorithm ObjectID, parameters [0] EXPLICIT ANY OPTIONAL }
- data
The underlying ASN.1 data object
- content_type
The contenttype class
- image_data
- digest_algorithm
- digest
- class signify.authenticode.AuthenticodeSignerInfo(data: SignerInfo | SignerInfo, parent: SignedData | None = None)
Subclass of
SignerInfo
that is used by the verification of Authenticode. Note that this will contain the same attributes asSignerInfo
, and additionally the following:- program_name
- more_info
This information is extracted from the SpcSpOpusInfo authenticated attribute, containing the program’s name and an URL with more information.
- nested_signed_datas
It is possible for Authenticode SignerInfo objects to contain nested
signify.pkcs7.SignedData
objects. This is similar to including multiple SignedData structures in thesignify.authenticode.SignedPEFile
. This field is extracted from the unauthenticated attributes.
The
countersigner
attribute can hold the same as in the normalSignerInfo
, but may also contain aRFC3161SignedData
class:- countersigner
Authenticode may use a different countersigning mechanism, rather than using a nested
AuthenticodeCounterSignerInfo
, it may use a nested RFC-3161 response, which is a nestedsignify.pkcs7.SignedData
structure (of typeRFC3161SignedData
). This is also assigned to the countersigner attribute if this is available.
- Parameters:
data – The ASN.1 structure of the SignerInfo.
parent – The parent
SignedData
object.
Countersignature
The countersignature is used to verify the timestamp of the signature. This is usually done by sending the signature to a time-stamping service, that provides the countersignature. This allows the signature to continue to be valid, even after the original certificate chain expiring.
There are two types of countersignature: a regular countersignature, as used in PKCS7, or a nested RFC3161 response.
This nested object is basically a authenticode.pkcs7.SignedData
object, which holds its own set of
certificates.
Regular
- class signify.authenticode.AuthenticodeCounterSignerInfo(data: SignerInfo | SignerInfo, parent: SignedData | None = None)
Subclass of
CounterSignerInfo
that is used to contain the countersignerinfo for Authenticode.- Parameters:
data – The ASN.1 structure of the SignerInfo.
parent – The parent
SignedData
object.
RFC3161
- class signify.authenticode.RFC3161SignedData(data: SignedData | SignedData)
Some samples have shown to include a RFC-3161 countersignature in the unauthenticated attributes (as OID 1.3.6.1.4.1.311.3.3.1, which is in the Microsoft private namespace). This attribute contains its own signed data structure.
This is a subclass of
signify.pkcs7.SignedData
, containing a RFC3161 TSTInfo in its content field.- Parameters:
data – The ASN.1 structure of the SignedData object
- check_message_digest(data: bytes) bool
Given the data, returns whether the hash_algorithm and message_digest match the data provided.
- property signing_time: datetime
Transparent attribute to ensure that the signing_time attribute is consistently available.
- verify(context: ~signify.x509.context.VerificationContext | None = None, *, trusted_certificate_store: ~signify.x509.context.CertificateStore = [<signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>]) Iterable[Iterable[Certificate]]
Verifies the RFC3161 SignedData object. The context that is passed in must account for the certificate store of this object, or be left None.
The object is verified by verifying that the hash of the
TSTInfo
matches theSignerInfo.message_digest
value. The remainder of the validation is done by callingSignerInfo.verify()
- class signify.authenticode.TSTInfo(data: TSTInfo)
This is an implementation of the TSTInfo class as defined by RFC3161, used as content for a SignedData structure. The following properties are available:
- data
The underlying ASN.1 data object
- policy
- hash_algorithm
The hash algorithm of the message imprint.
- message_digest
The hashed message
- serial_number
The serial number of this signature
- signing_time
The time this signature was generated
- signing_time_accuracy
The accuracy of the above time
- signing_authority
The authority generating this signature
- Parameters:
data – The ASN.1 structure of the TSTInfo object
- class signify.authenticode.RFC3161SignerInfo(data: SignerInfo | SignerInfo, parent: SignedData | None = None)
Subclass of SignerInfo that is used to contain the signerinfo for the RFC3161SignedData option.
- Parameters:
data – The ASN.1 structure of the SignerInfo.
parent – The parent
SignedData
object.