Authenticode

The Authenticode support of Signify allows you to easily verify a PE File’s signature:

with open("file.exe", "rb") as f:
    pefile = SignedPEFile(f)
    pefile.verify()

This method will raise an error if it is invalid. A simpler API is also available, allowing you to interpret the error if one happens:

with open("file.exe", "rb") as f:
    pefile = SignedPEFile(f)
    status, err = pefile.explain_verify()

if status != AuthenticodeVerificationResult.OK:
    print(f"Invalid: {err}")

If you need to get more information about the signature, you can use this:

with open("file.exe", "rb") as f:
    pefile = SignedPEFile(f)
    for signed_data in pefile.signed_datas:
        print(signed_data.signer_info.program_name)
        if signed_data.signer_info.countersigner is not None:
            print(signed_data.signer_info.countersigner.signing_time)

A more thorough example is available in the examples directory of the Signify repository.

Note that the file must remain open as long as not all SignedData objects have been parsed.

Signed PE File

A regular PE file will contain zero or one AuthenticodeSignedData objects. The SignedPEFile class contains helpers to ensure the correct objects can be extracted, and additionally, allows for validating the PE signatures.

class signify.authenticode.SignedPEFile(file_obj: BinaryIO)

A PE file that is to be parsed to find the relevant sections for Authenticode parsing.

Parameters:

file_obj – A PE file opened in binary file

explain_verify(*args: Any, **kwargs: Any) tuple[AuthenticodeVerificationResult, Exception | None]

This will return a value indicating the signature status of this PE file. This will not raise an error when the verification fails, but rather indicate this through the resulting enum

Return type:

(signify.authenticode.AuthenticodeVerificationResult, Exception)

Returns:

The verification result, and the exception containing more details (if available or None)

get_authenticode_omit_sections() dict[str, RelRange] | None

Returns all ranges of the raw file that are relevant for exclusion for the calculation of the hash function used in Authenticode.

The relevant sections are (as per http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx, chapter Calculating the PE Image Hash):

  • The location of the checksum

  • The location of the entry of the Certificate Table in the Data Directory

  • The location of the Certificate Table.

Returns:

dict if successful, or None if not successful

get_fingerprinter() AuthenticodeFingerprinter

Returns a fingerprinter object for this file.

Return type:

signify.fingerprinter.AuthenticodeFingerprinter

iter_signed_datas(include_nested: bool = True) Iterator[AuthenticodeSignedData]

Returns an iterator over AuthenticodeSignedData objects relevant for this PE file.

Parameters:

include_nested – Boolean, if True, will also iterate over all nested SignedData structures

Raises:

  • SignedPEParseError – For parse errors in the PEFile

  • signify.authenticode.AuthenticodeParseError – For parse errors in the SignedData

Returns:

iterator of signify.authenticode.SignedData

property signed_datas: Iterator[AuthenticodeSignedData]

Returns an iterator over AuthenticodeSignedData objects relevant for this PE file. See iter_signed_datas()

verify(*, multi_verify_mode: Literal['any', 'first', 'all', 'best'] = 'any', expected_hashes: dict[str, bytes] | None = None, **kwargs: Any) bool

Verifies the SignedData structures. This is a little bit more efficient than calling all verify-methods separately.

Parameters:

  • expected_hashes – When provided, should be a mapping of hash names to digests. This could speed up the verification process.

  • multi_verify_mode

    Indicates how to verify when there are multiple :cls:`AuthenticodeSignedData` objects in this PE file. Can be:

    • ’any’ (default) to indicate that any of the signatures must validate correctly.

    • ’first’ to indicate that the first signature must verify correctly (the default of tools such as sigcheck.exe)

    • ’all’ to indicate that all signatures must verify

    • ’best’ to indicate that the signature using the best hashing algorithm must verify (e.g. if both SHA-1 and SHA-256 are present, only SHA-256 is checked); if multiple signatures exist with the same algorithm, any may verify

    This argument has no effect when only one signature is present.

Raises:

AuthenticodeVerificationError – when the verification failed

class signify.authenticode.AuthenticodeVerificationResult(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

This represents the result of an Authenticode verification. If everything is OK, it will equal to AuthenticodeVerificationResult.OK, otherwise one of the other enum items will be returned. Remember that onl the first exception is processed - there may be more wrong.

CERTIFICATE_ERROR = 6

An error occurred during the processing of a certificate (e.g. during chain building), or when verifying the certificate’s signature.

COUNTERSIGNER_ERROR = 9

Something went wrong when verifying the countersignature.

INCONSISTENT_DIGEST_ALGORITHM = 7

A highly specific error raised when different digest algorithms are used in SignedData, SpcInfo or SignerInfo.

INVALID_DIGEST = 8

The verified digest does not match the calculated digest of the file. This is a tell-tale sign that the file may have been tampered with.

NOT_SIGNED = 2

The provided PE file is not signed.

OK = 1

The signature is valid.

PARSE_ERROR = 3

The Authenticode signature could not be parsed.

UNKNOWN_ERROR = 5

An unknown error occurred during parsing or verifying.

VERIFY_ERROR = 4

The Authenticode signature could not be verified. This is a more generic error than other possible statuses and is used as a catch-all.

PKCS7 objects

To help understand the specific SignedData and SignerInfo objects, the following graph may help:

http://yuml.me/f68f2b83.svg
class signify.authenticode.AuthenticodeSignedData(data: SignedData | SignedData, pefile: SignedPEFile | None = None)

The signify.pkcs7.SignedData structure for Authenticode. It holds the same information as its superclass, with additionally the SpcInfo:

spc_info

The parsed content of this SignedData object, being a SpcIndirectDataContent object.

Parameters:

  • data (asn1.pkcs7.SignedData) – The ASN.1 structure of the SignedData object

  • pefile – The related PEFile.

explain_verify(*args: Any, **kwargs: Any) tuple[AuthenticodeVerificationResult, Exception | None]

This will return a value indicating the signature status of this object. This will not raise an error when the verification fails, but rather indicate this through the resulting enum

Return type:

Tuple[AuthenticodeVerificationResult, Exception]

Returns:

The verification result, and the exception containing more details (if available or None)

verify(*, expected_hash: bytes | None = None, verification_context: ~signify.x509.context.VerificationContext | None = None, cs_verification_context: ~signify.x509.context.VerificationContext | None = None, trusted_certificate_store: ~signify.x509.context.CertificateStore = [<signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>], verification_context_kwargs: dict[str, ~typing.Any] | None = None, countersignature_mode: ~typing.Literal['strict', 'permit', 'ignore'] = 'strict') None

Verifies the SignedData structure:

  • Verifies that the digest algorithms match across the structure (SpcInfo, AuthenticodeSignedData and AuthenticodeSignerInfo must have the same)

  • Ensures that the hash in SpcInfo.digest matches the expected hash. If no expected hash is provided to this function, it is calculated using the Fingerprinter obtained from the SignedPEFile object.

  • Verifies that the SpcInfo, when hashed, is the same as the value in SignerInfo.message_digest

  • In the case of a countersigner, calls check_message_digest() on the countersigner to verify that the hashed value of AuthenticodeSignerInfo.encrypted_digest is contained in the countersigner.

  • Verifies the chain of the countersigner up to a trusted root, see SignerInfo.verify() and RFC3161SignedData.verify()

  • Verifies the chain of the signer up to a trusted root, see SignerInfo.verify()

In the case of a countersigner, the verification is performed using the timestamp of the CounterSignerInfo, otherwise now is assumed. If there is no countersigner, you can override this by specifying a different timestamp in the VerificationContext. Note that you cannot set a timestamp when checking against the CRL; this is not permitted by the underlying library. If you need to do this, you must therefore set countersignature_mode to ignore.

Parameters:

  • expected_hash (bytes) – The expected hash digest of the SignedPEFile.

  • verification_context (VerificationContext) – The VerificationContext for verifying the chain of the SignerInfo. The timestamp is overridden in the case of a countersigner. Default stores are TRUSTED_CERTIFICATE_STORE and the certificates of this SignedData object. EKU is code_signing

  • cs_verification_context (VerificationContext) – The VerificationContext for verifying the chain of the CounterSignerInfo. The timestamp is overridden in the case of a countersigner. Default stores are TRUSTED_CERTIFICATE_STORE and the certificates of this SignedData object. EKU is time_stamping

  • trusted_certificate_store (CertificateStore) – A CertificateStore object that contains a list of trusted certificates to be used when None is passed to either verification_context or cs_verification_context and a VerificationContext is created.

  • verification_context_kwargs (dict) – If provided, keyword arguments that are passed to the instantiation of VerificationContext s created in this function. Used for e.g. providing a timestamp.

  • countersignature_mode (str) – Changes how countersignatures are handled. Defaults to ‘strict’, which means that errors in the countersignature result in verification failure. If set to ‘permit’, the countersignature is checked, but when it errors, it is verified as if the countersignature was never set. When set to ‘ignore’, countersignatures are never checked.

Raises:

AuthenticodeVerificationError – when the verification failed

Returns:

None

class signify.authenticode.SpcInfo(data: SpcIndirectDataContent)

The Authenticode’s SpcIndirectDataContent information, and their children. This is expected to be part of the content of the SignedData structure in Authenticode.

Note that this structure is completely flattened out from this ASN.1 spec:

SpcIndirectDataContent ::= SEQUENCE {
    data SpcAttributeTypeAndOptionalValue,
    messageDigest  DigestInfo
}
SpcAttributeTypeAndOptionalValue ::= SEQUENCE {
    type ObjectID,
    value [0] EXPLICIT ANY OPTIONAL
}
DigestInfo ::= SEQUENCE {
    digestAlgorithm  AlgorithmIdentifier,
    digest OCTETSTRING
}
AlgorithmIdentifier ::= SEQUENCE {
    algorithm ObjectID,
    parameters [0] EXPLICIT ANY OPTIONAL
}
data

The underlying ASN.1 data object

content_type

The contenttype class

image_data
digest_algorithm
digest
class signify.authenticode.AuthenticodeSignerInfo(data: SignerInfo | SignerInfo, parent: SignedData | None = None)

Subclass of SignerInfo that is used by the verification of Authenticode. Note that this will contain the same attributes as SignerInfo, and additionally the following:

program_name
more_info

This information is extracted from the SpcSpOpusInfo authenticated attribute, containing the program’s name and an URL with more information.

nested_signed_datas

It is possible for Authenticode SignerInfo objects to contain nested signify.pkcs7.SignedData objects. This is similar to including multiple SignedData structures in the signify.authenticode.SignedPEFile. This field is extracted from the unauthenticated attributes.

The countersigner attribute can hold the same as in the normal SignerInfo, but may also contain a RFC3161SignedData class:

countersigner

Authenticode may use a different countersigning mechanism, rather than using a nested AuthenticodeCounterSignerInfo, it may use a nested RFC-3161 response, which is a nested signify.pkcs7.SignedData structure (of type RFC3161SignedData). This is also assigned to the countersigner attribute if this is available.

Parameters:

  • data – The ASN.1 structure of the SignerInfo.

  • parent – The parent SignedData object.

Countersignature

The countersignature is used to verify the timestamp of the signature. This is usually done by sending the signature to a time-stamping service, that provides the countersignature. This allows the signature to continue to be valid, even after the original certificate chain expiring.

There are two types of countersignature: a regular countersignature, as used in PKCS7, or a nested RFC3161 response. This nested object is basically a authenticode.pkcs7.SignedData object, which holds its own set of certificates.

Regular

class signify.authenticode.AuthenticodeCounterSignerInfo(data: SignerInfo | SignerInfo, parent: SignedData | None = None)

Subclass of CounterSignerInfo that is used to contain the countersignerinfo for Authenticode.

Parameters:

  • data – The ASN.1 structure of the SignerInfo.

  • parent – The parent SignedData object.

RFC3161

class signify.authenticode.RFC3161SignedData(data: SignedData | SignedData)

Some samples have shown to include a RFC-3161 countersignature in the unauthenticated attributes (as OID 1.3.6.1.4.1.311.3.3.1, which is in the Microsoft private namespace). This attribute contains its own signed data structure.

This is a subclass of signify.pkcs7.SignedData, containing a RFC3161 TSTInfo in its content field.

tst_info: TSTInfo

Contains the TSTInfo class for this SignedData.

Parameters:

data – The ASN.1 structure of the SignedData object

check_message_digest(data: bytes) bool

Given the data, returns whether the hash_algorithm and message_digest match the data provided.

property signing_time: datetime

Transparent attribute to ensure that the signing_time attribute is consistently available.

verify(context: ~signify.x509.context.VerificationContext | None = None, *, trusted_certificate_store: ~signify.x509.context.CertificateStore = [<signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>, <signify.x509.certificates.Certificate object>]) Iterable[Iterable[Certificate]]

Verifies the RFC3161 SignedData object. The context that is passed in must account for the certificate store of this object, or be left None.

The object is verified by verifying that the hash of the TSTInfo matches the SignerInfo.message_digest value. The remainder of the validation is done by calling SignerInfo.verify()

class signify.authenticode.TSTInfo(data: TSTInfo)

This is an implementation of the TSTInfo class as defined by RFC3161, used as content for a SignedData structure. The following properties are available:

data

The underlying ASN.1 data object

policy
hash_algorithm

The hash algorithm of the message imprint.

message_digest

The hashed message

serial_number

The serial number of this signature

signing_time

The time this signature was generated

signing_time_accuracy

The accuracy of the above time

signing_authority

The authority generating this signature

Parameters:

data – The ASN.1 structure of the TSTInfo object

class signify.authenticode.RFC3161SignerInfo(data: SignerInfo | SignerInfo, parent: SignedData | None = None)

Subclass of SignerInfo that is used to contain the signerinfo for the RFC3161SignedData option.

Parameters:

  • data – The ASN.1 structure of the SignerInfo.

  • parent – The parent SignedData object.