cmd/age: offer a hint when the file was corrupted by PowerShell

I would still like to find a way to offer a warning while doing the encryption, rather than at decryption time, but better than nothing. Updates #290
2026-01-04 11:23:59 +00:00 · 2022-01-07 12:25:26 +01:00
parent 4169274d04
commit 3411802309
1 changed files with 13 additions and 0 deletions
--- a/cmd/age/age.go
+++ b/cmd/age/age.go
@@ -315,6 +315,12 @@ func encrypt(recipients []age.Recipient, in io.Reader, out io.Writer, withArmor
 	}
 }

+// crlfMangledIntro and utf16MangledIntro are the intro lines of the age format
+// after mangling by various versions of PowerShell redirection, truncated to
+// the length of the correct intro line. See issue 290.
+const crlfMangledIntro = "age-encryption.org/v1" + "\r"
+const utf16MangledIntro = "\xff\xfe" + "a\x00g\x00e\x00-\x00e\x00n\x00c\x00r\x00y\x00p\x00"
+
 func decrypt(keys []string, in io.Reader, out io.Writer) {
 	identities := []age.Identity{
 		// If there is an scrypt recipient (it will have to be the only one and)
@@ -331,6 +337,13 @@ func decrypt(keys []string, in io.Reader, out io.Writer) {
 	}

 	rr := bufio.NewReader(in)
+	if intro, _ := rr.Peek(len(crlfMangledIntro)); string(intro) == crlfMangledIntro ||
+		string(intro) == utf16MangledIntro {
+		errorWithHint("invalid header intro",
+			"it looks like this file was corrupted by PowerShell redirection",
+			"consider using -o or -a to encrypt files in PowerShell")
+	}
+
 	if start, _ := rr.Peek(len(armor.Header)); string(start) == armor.Header {
 		in = armor.NewReader(rr)
 	} else {