Home Dashboard Directory Help
Search

Set-AuthenticodeSignature fails on scripts created from ISE by clarkalindsey


Status: 

Closed
 as Fixed Help for as Fixed


38
0
Sign in
to vote
Type: Bug
ID: 483431
Opened: 8/17/2009 7:06:49 PM
Access Restriction: Public
4
Workaround(s)
view
27
User(s) can reproduce this bug

Description

When you use the ISE to create a ps1, the default encoding is 'Unicode big endian'.

Then Set-AuthenticodeSignature returns
Status                 : UnknownError
StatusMessage         : The data is invalid
Path                 : C:\temp\Test-ScriptEncoding.ps1

Use notepad.exe to save the file as UTF-8 and the command returns
Status                 : Valid
StatusMessage         : Signature verified.
Path                 : C:\temp\Test-ScriptEncoding.ps1

-------

$PSVersionTable["BuildVersion"].ToString()
7.0.6002.18111


Details
Sign in to post a comment.
Posted by Ab Ye on 3/26/2014 at 8:17 AM
This workaround works on windows 7 but does not work on Windows Server 2012 ...

On Windows Server 2012
- I've saved the ps1 file in utf-8 format
- Opened the file in ISE and saved using "$psISE.CurrentFile.Save([Text.Encoding]::UTF8)"
- Saved the file using the command -- type "file1.ps1" | out-file "File2.ps1" -encoding utf8

Always get Status = "UnknownError".
Also attempted with a Copy of the file authenticated on Windows 7 with the same certificates installed on the server, that doesn't work either. I get the error ... " because the hash of the file does not match the hash stored in the digital signature"

Has this workaround worked for anyone on Windows Server 2012?
Posted by John Kavanagh on 2/8/2014 at 6:38 AM
This is marked as fixed?
Posted by danloughney on 3/22/2013 at 5:23 AM
Completely agree with uSlackr. Until I found this post, I had no idea why some of my scripts would sign and others would not. Turns out I was seeing my scripts written in VS vs. those written in ISE. My workaround was set-executionPolicy Unrestricted and that was just no good.
Posted by kestasjk2 on 5/28/2012 at 12:40 AM
I also agree with uSlackr..
Posted by Eduardo Walker on 1/2/2012 at 1:34 PM
I tell you I have to agree with the comment from "uSlackr"!!
Posted by Shawn Eary on 10/22/2010 at 7:16 PM
This also happens in the PowerShell ISE 2.0 Host Build Number 6.1.7600.16385 on Win 7 Ultimate 64 Bit. The "UnknownError" Status code is a really bad error message for this problem.
Posted by Aaron Hope on 5/24/2010 at 7:50 AM
Though a workaround exists and is easily discoverable, this is still well worth fixing.
Posted by Henry Gabryjelski - MSFT on 2/23/2010 at 2:14 PM
Ouch. I spent days trying to figure out this obscure error. That's not good.
Posted by gallwapa on 1/25/2010 at 8:36 AM
I can confirm this problem is an issue for us as well. The workaround does fix it.
Posted by uSlackr on 12/16/2009 at 6:20 AM
Dear MS, let me lay out a case for getting this fixed
As powershell was developed and deployed, MS took great care to make it secure by default. Most of the resources I've read encouraged secure coding practice by pushing scripterds to sign their code rather then turn down the security level. This is good stuff. With the introduction of this error, there is now a big barrier to entry (due to the lack of information on the internet and the obscurity of the error message.)

In order to maintain the security mindset of the powershell ecosystem, I challenge you to fix this quickly (and certainly before the internet anti-MS trolls pick up on this)

\\Greg
Sign in to post a workaround.
Posted by Richard Vantrease on 10/12/2011 at 8:53 PM
Here is a Microsoft.PowerShellISE_profile.ps1 script that causes all files opened or created to be changed to ASCII encoding, and also changes Untitled1.ps1 to be ASCII encoded.

#--------------------------------------------------------------------------------------------------------------
$psise.CurrentPowerShellTab.Files | % {
    # set private field which holds default encoding to ASCII
    $_.gettype().getfield("encoding","nonpublic,instance").setvalue($_, [text.encoding]::ascii)
}

# watch for changes to the Files collection of the current Tab
register-objectevent $psise.CurrentPowerShellTab.Files collectionchanged -action {
    # iterate ISEFile objects
    $event.sender | % {
        # set private field which holds default encoding to ASCII
        $_.gettype().getfield("encoding","nonpublic,instance").setvalue($_, [text.encoding]::ascii)
    }
}
#--------------------------------------------------------------------------------------------------------------
Posted by RazielArcanum on 7/12/2010 at 6:41 AM
Please don't run the command I put in above verbatim!

Turns out if you pipe output to the same filename, you lose the file contents (great stuff, huh?). You need to pipe the output to a different file and then replace the original.
Posted by RazielArcanum on 7/12/2010 at 6:26 AM
You can change the encoding of the script file from Powershell with the following (example is for a script called DependentServices.ps1 in the current directory):

type DependentServices.ps1 | out-file DependentServices.ps1 -encoding utf8

"type" is a default alias for "Get-Content" to aid cmd users. It's then just piped into a new file with UTF-8 encoding. See the comments for how I incorporated this into a script-signing script(!).

Posted by -_-_-_-_ on 10/2/2009 at 3:04 PM
# change the ISE's current script's encoding
$psISE.CurrentFile.Save([Text.Encoding]::UTF8)