Signify
=======
.. image:: https://github.com/ralphje/signify/actions/workflows/test.yml/badge.svg
:target: https://github.com/ralphje/signify/actions/workflows/test.yml
.. image:: https://codecov.io/gh/ralphje/signify/branch/master/graph/badge.svg
:target: https://codecov.io/gh/ralphje/signify
.. image:: https://readthedocs.org/projects/signify/badge/?version=latest
:target: http://signify.readthedocs.io/en/latest/?badge=latest
Signify, a portmanteau of *signature* and *verify*, is a Python module that provides
validation and inspection of digital code signatures. These types of signatures are
used to verify the authenticity and integrity of executable code, providing assurance
about who published a piece of software and whether is has been altered since it was
signed.
This library is mostly intended for malware analysts and security professionals to
allow validation of these signatures outside their normal ecosystem and enable close
inspection of the available data.
Currently, this library is only able to verify Windows Authenticode signatures, the
specific Microsoft technology that is used in Windows to verify software integrity.
Typically, Authenticode signatures are embedded into the file itself, without altering
the functionality of the software. However, these signatures can also be provided by
external Authenticode catalogs (.cat files), allowing virtually any file to be signed
using this technology.
The following file types are supported, with support for other file types being
expected:
* PE executables (.exe, .dll and various other Windows executables)
* MSI files (.msi)
* Catalog files (.stl and .cat)
* Any flat file that is signed through a catalog file
This module is compatible with Python 3.9+.
Installation
------------
Installation is very simple::
pip install signify
Support for some file types (including MSI) requires::
pip install signify[full]
Documentation
-------------
Documentation is available at http://signify.readthedocs.io/en/latest/ or in the docs/
directory.
Thanks
------
Huge thanks to Germano Caronni for writing the original code in the
`verify_sigs project <https://github.com/anthrotype/verify-sigs>`_, on which this
project was based.
A multitude of significant improvements and modifications was made on top of their
original contribution, including improving PE signature support, adding support for
various other files, and moving the original scripts into a modern Python module.
Raw data
{
"_id": null,
"home_page": null,
"name": "signify",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "authenticode, authentihash, fingerprinter, pe",
"author": null,
"author_email": "Ralph Broenink <ralph@ralphbroenink.net>",
"download_url": "https://files.pythonhosted.org/packages/84/d3/7466f644d65a086badfff5560e61300860929bf9b55863307b3931049134/signify-0.9.1.tar.gz",
"platform": null,
"description": "Signify\r\n=======\r\n.. image:: https://github.com/ralphje/signify/actions/workflows/test.yml/badge.svg\r\n :target: https://github.com/ralphje/signify/actions/workflows/test.yml\r\n.. image:: https://codecov.io/gh/ralphje/signify/branch/master/graph/badge.svg\r\n :target: https://codecov.io/gh/ralphje/signify\r\n.. image:: https://readthedocs.org/projects/signify/badge/?version=latest\r\n :target: http://signify.readthedocs.io/en/latest/?badge=latest\r\n\r\nSignify, a portmanteau of *signature* and *verify*, is a Python module that provides\r\nvalidation and inspection of digital code signatures. These types of signatures are\r\nused to verify the authenticity and integrity of executable code, providing assurance\r\nabout who published a piece of software and whether is has been altered since it was\r\nsigned.\r\n\r\nThis library is mostly intended for malware analysts and security professionals to\r\nallow validation of these signatures outside their normal ecosystem and enable close\r\ninspection of the available data.\r\n\r\nCurrently, this library is only able to verify Windows Authenticode signatures, the\r\nspecific Microsoft technology that is used in Windows to verify software integrity.\r\nTypically, Authenticode signatures are embedded into the file itself, without altering\r\nthe functionality of the software. However, these signatures can also be provided by\r\nexternal Authenticode catalogs (.cat files), allowing virtually any file to be signed\r\nusing this technology.\r\n\r\nThe following file types are supported, with support for other file types being\r\nexpected:\r\n\r\n* PE executables (.exe, .dll and various other Windows executables)\r\n* MSI files (.msi)\r\n* Catalog files (.stl and .cat)\r\n* Any flat file that is signed through a catalog file\r\n\r\nThis module is compatible with Python 3.9+.\r\n\r\nInstallation\r\n------------\r\nInstallation is very simple::\r\n\r\n pip install signify\r\n\r\nSupport for some file types (including MSI) requires::\r\n\r\n pip install signify[full]\r\n\r\nDocumentation\r\n-------------\r\nDocumentation is available at http://signify.readthedocs.io/en/latest/ or in the docs/\r\ndirectory.\r\n\r\nThanks\r\n------\r\nHuge thanks to Germano Caronni for writing the original code in the\r\n`verify_sigs project <https://github.com/anthrotype/verify-sigs>`_, on which this\r\nproject was based.\r\n\r\nA multitude of significant improvements and modifications was made on top of their\r\noriginal contribution, including improving PE signature support, adding support for\r\nvarious other files, and moving the original scripts into a modern Python module.\r\n",
"bugtrack_url": null,
"license": null,
"summary": "Module to generate and verify PE signatures",
"version": "0.9.1",
"project_urls": {
"Changelog": "https://signify.readthedocs.io/en/latest/changelog.html",
"Documentation": "http://signify.readthedocs.io/en/latest/",
"Repository": "https://github.com/ralphje/signify"
},
"split_keywords": [
"authenticode",
" authentihash",
" fingerprinter",
" pe"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "0b8e15ff1d7405028a53324d5a054abf2ef3e3badb0288d9b627a2b0d14c3e49",
"md5": "07ad5ab61f598dd186a67c777c6ccafc",
"sha256": "7818f4abf709b93c88cfebdd611ab38ec8332c6506281308d0de5c89b5c6391d"
},
"downloads": -1,
"filename": "signify-0.9.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "07ad5ab61f598dd186a67c777c6ccafc",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 86855,
"upload_time": "2025-10-07T10:51:13",
"upload_time_iso_8601": "2025-10-07T10:51:13.888110Z",
"url": "https://files.pythonhosted.org/packages/0b/8e/15ff1d7405028a53324d5a054abf2ef3e3badb0288d9b627a2b0d14c3e49/signify-0.9.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "84d37466f644d65a086badfff5560e61300860929bf9b55863307b3931049134",
"md5": "7c4b24e87ebbff549d31fdc448afd0dd",
"sha256": "4607b4c2b14ea448b54239361a051f1a20142c9cf4ea3cf1ecb3c8d1be447c4e"
},
"downloads": -1,
"filename": "signify-0.9.1.tar.gz",
"has_sig": false,
"md5_digest": "7c4b24e87ebbff549d31fdc448afd0dd",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 88720,
"upload_time": "2025-10-07T10:51:15",
"upload_time_iso_8601": "2025-10-07T10:51:15.206994Z",
"url": "https://files.pythonhosted.org/packages/84/d3/7466f644d65a086badfff5560e61300860929bf9b55863307b3931049134/signify-0.9.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-07 10:51:15",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ralphje",
"github_project": "signify",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "signify"
}
JSON
