From 34118023094cf02fc68c84968df92a7495ce17e9 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Fri, 7 Jan 2022 12:25:26 +0100
Subject: [PATCH] cmd/age: offer a hint when the file was corrupted by
 PowerShell

I would still like to find a way to offer a warning while doing the
encryption, rather than at decryption time, but better than nothing.

Updates #290
---
 cmd/age/age.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/cmd/age/age.go b/cmd/age/age.go
index 9c1707d9..f1f459c4 100644
--- a/cmd/age/age.go
+++ b/cmd/age/age.go
@@ -315,6 +315,12 @@ func encrypt(recipients []age.Recipient, in io.Reader, out io.Writer, withArmor
 	}
 }
 
+// crlfMangledIntro and utf16MangledIntro are the intro lines of the age format
+// after mangling by various versions of PowerShell redirection, truncated to
+// the length of the correct intro line. See issue 290.
+const crlfMangledIntro = "age-encryption.org/v1" + "\r"
+const utf16MangledIntro = "\xff\xfe" + "a\x00g\x00e\x00-\x00e\x00n\x00c\x00r\x00y\x00p\x00"
+
 func decrypt(keys []string, in io.Reader, out io.Writer) {
 	identities := []age.Identity{
 		// If there is an scrypt recipient (it will have to be the only one and)
@@ -331,6 +337,13 @@ func decrypt(keys []string, in io.Reader, out io.Writer) {
 	}
 
 	rr := bufio.NewReader(in)
+	if intro, _ := rr.Peek(len(crlfMangledIntro)); string(intro) == crlfMangledIntro ||
+		string(intro) == utf16MangledIntro {
+		errorWithHint("invalid header intro",
+			"it looks like this file was corrupted by PowerShell redirection",
+			"consider using -o or -a to encrypt files in PowerShell")
+	}
+
 	if start, _ := rr.Peek(len(armor.Header)); string(start) == armor.Header {
 		in = armor.NewReader(rr)
 	} else {