8. windows.wintrust – Checking signature

Note

See sample windows.wintrust

The wintrust module offers wrapper around wintrust.dll. It allows to check the signature of a file.

The signature of a file can be at two differents place:

8.1. API

windows.wintrust.is_signed(filename)[source]

Check if filename is signed:

  • File embeds a valid signature

  • File is part of a signed catalog file

Returns:

bool

windows.wintrust.full_signature_information(filename)[source]

Returns more information about the signature of filename

Returns:

SignatureData

windows.wintrust.check_signature(filename)[source]

Check if filename embeds a valid signature.

Returns:

int: 0 if filename have a valid signature else the error

8.1.1. SignatureData

class windows.wintrust.SignatureData(signed, catalog, catalogsigned, additionalinfo)

Signature information for FILENAME:

  • signed: True if FILENAME embeds a valide signature

  • catalog: The filename of the catalog FILENAME is part of (if any)

  • catalogsigned: True if catalog embeds a valide signature

  • additionalinfo: The return error of check_signature(FILENAME)

additionalinfo is useful to know if FILENAME signature was rejected for an invalid root / expired cert.

additionalinfo

Alias for field number 3

catalog

Alias for field number 1

catalogsigned

Alias for field number 2

signed

Alias for field number 0