endesive

2.19.3 verified Fri May 01 auth: no python

endesive is a Python library for digital signing and verification of digital signatures in email (S/MIME), PDF (PAdES), and XML (XAdES) documents. Current version is 2.19.3, with a rapid release cadence. Requires Python >=3.0.

pip install endesive

Common errors

error ModuleNotFoundError: No module named 'endesive' ↓

cause Library not installed or installed in wrong environment.

fix

Run 'pip install endesive' in the correct Python environment.

error ImportError: cannot import name 'xades' from 'endesive' ↓

cause Old import path 'from endesive.xades import ...' is no longer valid. XAdES functions are now directly under endesive.

fix

Use 'from endesive import xades' and call xades.sign() etc.

error AttributeError: module 'endesive.signer' has no attribute 'sign' ↓

cause Incorrect usage of signer module. The sign function is top-level in signer, not a method.

fix

Use 'from endesive import signer' and call 'signer.sign(key, data, hash_alg)'.

Warnings

breaking In version 2.18.0, the PAdES signature validation API changed. Old verification code using `pdf.verify()` may break. Use `from endesive.pdf import verify` and check the new parameters. ↓

fix Update calls to `verify()` to match the new signature: pass the PDF bytes and signature dictionary.

deprecated The 'oscrypto' backend was removed in 2.18.4. Code relying on oscrypto for cryptographic operations will fail. ↓

fix Remove oscrypto imports. Use 'cryptography' as the default backend.

gotcha Certificate dates after 2040-01-04 may cause signature creation failures (fixed in 2.17.3). If you encounter 'timestamp out of range' errors, upgrade to >=2.17.3. ↓

fix Upgrade to version 2.17.3 or later.

gotcha Google Cloud KMS HSM signatures may flag as 'not intact' in older versions (fixed in 2.17.2). Upgrade to >=2.17.2 if using external HSM. ↓

fix Upgrade to version 2.17.2 or later.

Imports

signer
```
from endesive import signer
```
verifier
```
from endesive import verifier
```

xades

wrong

from endesive.xades import ... (deprecated nested module)

correct

from endesive import xades

In older versions, xades was a submodule; now it's a top-level import.

pdf
```
from endesive import pdf
```
smime
```
from endesive import smime
```

Quickstart

Generate key pair, sign data, and verify signature using endesive's signer and verifier modules.

from endesive import signer, verifier
import cryptography.hazmat.primitives.asymmetric.rsa as rsa
from cryptography.hazmat.primitives import serialization, hashes

# Generate a key pair (example)
private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
public_key = private_key.public_key()

# Serialize private key (PKCS#8 PEM)
pem_private = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.NoEncryption()
)

# Sign data
data = b"Hello, endesive!"
signature = signer.sign(private_key, data, hashes.SHA256())
print(f"Signature: {signature.hex()}")

# Verify
verified = verifier.verify(public_key, data, signature, hashes.SHA256())
print(f"Verified: {verified}")