diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index 33998698819..eba84f0b856 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -530,6 +530,83 @@ static PyObject *py_gensec_unwrap(PyObject *self, PyObject *args)
 	return ret;
 }
 
+static PyObject *py_gensec_sig_size(PyObject *self, PyObject *args)
+{
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+	Py_ssize_t data_size = 0;
+	size_t sig_size = 0;
+
+	if (!PyArg_ParseTuple(args, "n", &data_size)) {
+		return NULL;
+	}
+
+	sig_size = gensec_sig_size(security, data_size);
+
+	return PyLong_FromSize_t(sig_size);
+}
+
+static PyObject *py_gensec_sign_packet(PyObject *self, PyObject *args)
+{
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx = NULL;
+	Py_ssize_t data_length = 0;
+	Py_ssize_t pdu_length = 0;
+	DATA_BLOB data, pdu, sig;
+	PyObject *py_sig;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+
+	if (!PyArg_ParseTuple(args, "z#z#", &data.data, &data_length, &pdu.data, &pdu_length)) {
+		return NULL;
+	}
+	data.length = data_length;
+	pdu.length = pdu_length;
+
+	mem_ctx = talloc_new(NULL);
+
+	status = gensec_sign_packet(security, mem_ctx,
+				    data.data, data.length,
+				    pdu.data, pdu.length, &sig);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		talloc_free(mem_ctx);
+		return NULL;
+	}
+
+	py_sig = PyBytes_FromStringAndSize((const char *)sig.data, sig.length);
+	talloc_free(mem_ctx);
+	return py_sig;
+}
+
+static PyObject *py_gensec_check_packet(PyObject *self, PyObject *args)
+{
+	NTSTATUS status;
+	Py_ssize_t data_length = 0;
+	Py_ssize_t pdu_length = 0;
+	Py_ssize_t sig_length = 0;
+	DATA_BLOB data, pdu, sig;
+	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
+
+	if (!PyArg_ParseTuple(args, "z#z#z#",
+			      &data.data, &data_length,
+			      &pdu.data, &pdu_length,
+			      &sig.data, &sig_length)) {
+		return NULL;
+	}
+	data.length = data_length;
+	pdu.length = pdu_length;
+	sig.length = sig_length;
+
+	status = gensec_check_packet(security,
+				     data.data, data.length,
+				     pdu.data, pdu.length, &sig);
+	if (!NT_STATUS_IS_OK(status)) {
+		PyErr_SetNTSTATUS(status);
+		return NULL;
+	}
+
+	Py_RETURN_NONE;
+}
+
 static PyMethodDef py_gensec_security_methods[] = {
 	{ "start_client", (PyCFunction)py_gensec_start_client, METH_VARARGS|METH_KEYWORDS|METH_CLASS, 
 		"S.start_client(settings) -> gensec" },
@@ -567,6 +644,12 @@ static PyMethodDef py_gensec_security_methods[] = {
 		"S.wrap(blob_in) -> blob_out\nPackage one clear packet into a wrapped GENSEC packet." },
 	{ "unwrap",  (PyCFunction)py_gensec_unwrap, METH_VARARGS,
 		"S.unwrap(blob_in) -> blob_out\nPerform one wrapped GENSEC packet into a clear packet." },
+	{ "sig_size",  (PyCFunction)py_gensec_sig_size, METH_VARARGS,
+		"S.sig_size(data_size) -> sig_size\nSize of the DCERPC packet signature" },
+	{ "sign_packet",  (PyCFunction)py_gensec_sign_packet, METH_VARARGS,
+		"S.sign_packet(data, whole_pdu) -> sig\nSign a DCERPC packet." },
+	{ "check_packet",  (PyCFunction)py_gensec_check_packet, METH_VARARGS,
+		"S.check_packet(data, whole_pdu, sig)\nCheck a DCERPC packet." },
 	{ NULL }
 };