Search

Set-AuthenticodeSignature fails on scripts created from ISE by clarkalindsey

Closed
as Fixed Help for as Fixed

31
0
Sign in
 to vote
Type: Bug
ID: 483431
Opened: 8/17/2009 7:06:49 PM
Access Restriction: Public
4
Workaround(s)
23
User(s) can reproduce this bug
When you use the ISE to create a ps1, the default encoding is 'Unicode big endian'.

Then Set-AuthenticodeSignature returns
Status                 : UnknownError
StatusMessage         : The data is invalid
Path                 : C:\temp\Test-ScriptEncoding.ps1

Use notepad.exe to save the file as UTF-8 and the command returns
Status                 : Valid
StatusMessage         : Signature verified.
Path                 : C:\temp\Test-ScriptEncoding.ps1

-------

$PSVersionTable["BuildVersion"].ToString()
7.0.6002.18111
Details (expand)
How often does this happen?
Always Happens
Have you seen this problem before in this product?
I don't know if this issue existed previously
Reproduction Steps
Open ISE
In Untitled1.ps1 type: Write-Host "Test"
File -> Save C:\temp\Test-ScriptEncoding.ps1

Then sign the file by:
$certs = Get-ChildItem cert:\CurrentUser\My -codesigning;
[int]$count = $certs.Count;
[int]$index=-1

for ($i = 0; $i -lt $count; $i++)
{
if ([string]::Compare($certs[$i].SubjectName.Name, "CN=PowerShell User") -eq 0)
{
$index = $i;
}
}

if ($index -ge 0)
{
Set-AuthenticodeSignature C:\temp\Test-ScriptEncoding.ps1 $certs[$index] | fl
}

Expected Results
Either ISE default to a different encoding, or Set-AuthenticodeSignature succeeds with 'Unicode big endian'.
File Attachments
0 attachments
Sign in to post a comment.
Posted by Eduardo Walker on 1/2/2012 at 1:34 PM
I tell you I have to agree with the comment from "uSlackr"!!
Posted by Shawn Eary on 10/22/2010 at 7:16 PM
This also happens in the PowerShell ISE 2.0 Host Build Number 6.1.7600.16385 on Win 7 Ultimate 64 Bit. The "UnknownError" Status code is a really bad error message for this problem.
Posted by Aaron Hope on 5/24/2010 at 7:50 AM
Though a workaround exists and is easily discoverable, this is still well worth fixing.
Posted by Henry Gabryjelski - MSFT on 2/23/2010 at 2:14 PM
Ouch. I spent days trying to figure out this obscure error. That's not good.
Posted by gallwapa on 1/25/2010 at 8:36 AM
I can confirm this problem is an issue for us as well. The workaround does fix it.
Posted by uSlackr on 12/16/2009 at 6:20 AM
Dear MS, let me lay out a case for getting this fixed
As powershell was developed and deployed, MS took great care to make it secure by default. Most of the resources I've read encouraged secure coding practice by pushing scripterds to sign their code rather then turn down the security level. This is good stuff. With the introduction of this error, there is now a big barrier to entry (due to the lack of information on the internet and the obscurity of the error message.)

In order to maintain the security mindset of the powershell ecosystem, I challenge you to fix this quickly (and certainly before the internet anti-MS trolls pick up on this)

\\Greg
Sign in to post a workaround.
Posted by -_-_-_-_ on 10/2/2009 at 3:04 PM
# change the ISE's current script's encoding
$psISE.CurrentFile.Save([Text.Encoding]::UTF8)
Posted by RazielArcanum on 7/12/2010 at 6:26 AM
You can change the encoding of the script file from Powershell with the following (example is for a script called DependentServices.ps1 in the current directory):

type DependentServices.ps1 | out-file DependentServices.ps1 -encoding utf8

"type" is a default alias for "Get-Content" to aid cmd users. It's then just piped into a new file with UTF-8 encoding. See the comments for how I incorporated this into a script-signing script(!).

Posted by RazielArcanum on 7/12/2010 at 6:41 AM
Please don't run the command I put in above verbatim!

Turns out if you pipe output to the same filename, you lose the file contents (great stuff, huh?). You need to pipe the output to a different file and then replace the original.
Posted by Richard Vantrease on 10/12/2011 at 8:53 PM
Here is a Microsoft.PowerShellISE_profile.ps1 script that causes all files opened or created to be changed to ASCII encoding, and also changes Untitled1.ps1 to be ASCII encoded.

#--------------------------------------------------------------------------------------------------------------
$psise.CurrentPowerShellTab.Files | % {
    # set private field which holds default encoding to ASCII
    $_.gettype().getfield("encoding","nonpublic,instance").setvalue($_, [text.encoding]::ascii)
}

# watch for changes to the Files collection of the current Tab
register-objectevent $psise.CurrentPowerShellTab.Files collectionchanged -action {
    # iterate ISEFile objects
    $event.sender | % {
        # set private field which holds default encoding to ASCII
        $_.gettype().getfield("encoding","nonpublic,instance").setvalue($_, [text.encoding]::ascii)
    }
}
#--------------------------------------------------------------------------------------------------------------
© 2012 Microsoft Corporation. All rights reserved. Microsoft Connect Terms of Use | Trademarks | Privacy Statement