PowerShell code signing issue

So, I've taken the plunge and signed all my modules that I'll be using on the servers in our datacenter. The actual signing process was much easier than I thought it would be. Locally when I ask powershell about my modules I get the following output:

# jspatton@IT08082 | 10:59:08 | 09-05-2013 | C:\powershell\Production\includes $  [master]
ls |Get-AuthenticodeSignature


    Directory: C:\powershell\Production\includes


SignerCertificate                         Status                                 Path
-----------------                         ------                                 ----
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  ActiveDirectoryManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  CarsonADLibraries.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  ComputerManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  DellWebsiteFunctions.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  FileManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  FlexLMLibrary.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  MueggeLogParser.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  NetworkManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  PerformanceTesting.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  PrintServerManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  PSISELibrary.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  QfeLibrary.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  SharePointManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  SpnLibrary.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  SubversionManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  VMwareManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  WindowsFirewallManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  WindowsUpdateLibrary.psm1

I have cloned that repo to a fileshare so i dont' have to worry about keeping roughly 700 servers up to date with code changes. When I ask Powershell about these files i get the following:

# jspatton@IT08082 | 10:53:09 | 09-05-2013 | Microsoft.PowerShell.Core\FileSystem::\\groups1.home.ku.edu\IT\Units\EIO\IT
SA\PowerShell\Production\includes $  [master]
ls |Get-AuthenticodeSignature


    Directory: \\groups1.home.ku.edu\IT\Units\EIO\ITSA\PowerShell\Production\includes


SignerCertificate                         Status                                 Path
-----------------                         ------                                 ----
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  HashMismatch                           ActiveDirectoryManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  CarsonADLibraries.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  ComputerManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  DellWebsiteFunctions.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  FileManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  FlexLMLibrary.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  MueggeLogParser.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  NetworkManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  PSISELibrary.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  PerformanceTesting.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  PrintServerManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  QfeLibrary.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  SharePointManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  SubversionManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  VMwareManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  WindowsFirewallManagement.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  WindowsUpdateLibrary.psm1
7DD4FEECEB19EE3CE35F28D265EED569805C3F16  Valid                                  SpnLibrary.psm1

So, I have one file that shows hashmismatch. Originally i had some other issues where some of my files were ascii, some were unicode and some utf-8. So my assumption was that perhaps the one file listed about had some unicode in it. So for each file i created a new file

Out-File .\temp.psm1 -Encoding ASCII

Then i opened each file in notepad and copied into the temp file, and i verified that each file is encoded in ascii

# jspatton@IT08082 | 11:02:50 | 09-05-2013 | C:\powershell\Production\includes $  [master]
ls | select FullName, @{n='Encoding';e={Get-FileEncoding $_.FullName}}

FullName                                                    Encoding
--------                                                    --------
C:\powershell\Production\includes\ActiveDirectoryManagem... ASCII
C:\powershell\Production\includes\CarsonADLibraries.psm1    ASCII
C:\powershell\Production\includes\ComputerManagement.psm1   ASCII
C:\powershell\Production\includes\DellWebsiteFunctions.psm1 ASCII
C:\powershell\Production\includes\FileManagement.psm1       ASCII
C:\powershell\Production\includes\FlexLMLibrary.psm1        ASCII
C:\powershell\Production\includes\MueggeLogParser.psm1      ASCII
C:\powershell\Production\includes\NetworkManagement.psm1    ASCII
C:\powershell\Production\includes\PerformanceTesting.psm1   ASCII
C:\powershell\Production\includes\PrintServerManagement.... ASCII
C:\powershell\Production\includes\PSISELibrary.psm1         ASCII
C:\powershell\Production\includes\QfeLibrary.psm1           ASCII
C:\powershell\Production\includes\SharePointManagement.psm1 ASCII
C:\powershell\Production\includes\SpnLibrary.psm1           ASCII
C:\powershell\Production\includes\SubversionManagement.psm1 ASCII
C:\powershell\Production\includes\VMwareManagement.psm1     ASCII
C:\powershell\Production\includes\WindowsFirewallManagem... ASCII
C:\powershell\Production\includes\WindowsUpdateLibrary.psm1 ASCII

I used the function from here http://poshcode.org/2059

I then resigned each file

ls |Set-AuthenticodeSignature -Certificate $Cert

Then I committed and pushed those changes up to the server

git add *
git commit * -m "Re-encoded each file in ASCII and Re-signed each file"
git push

So, now that you know what I've done, can someone point to what the potential issue here is? The only help i get from my cert provider is that make sure no-one has tampered with that file. I have verified that in order for someone to have tampered with the file they would have needed to edit and change that file inside of a second.

A friend of mine thinks that perhaps there is a Unicode character or odd cr-lf in that file.

Does this sound plausible? If so, how would I go about finding it? Short of hand copying each line of code :(

Thanks,

Jeffrey S. Patton Jeffrey S. Patton Systems Specialist, Enterprise Systems University of Kansas 1001 Sunnyside Ave. Lawrence, KS. 66045(785) 864-0242 | http://patton-tech.com