Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest released version
• Search the existing issues.
• Refer to the FAQ.
• Refer to Differences between Windows PowerShell 5.1 and PowerShell.

Steps to reproduce

1. Obtain a code signing cert and assign it to $Certificate
2. Sign a file using that certificate Get-ChildItem dbatools.dll -Recurse | Set-AuthenticodeSignature -Certificate $certificate

That file is signed as SHA1

The docs say:

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-authenticodesignature?view=powershell-7.2

-HashAlgorithm
Specifies the hashing algorithm that Windows uses to compute the digital signature for the file.

For PowerShell 3.0, the default is SHA256, which is the Windows default hashing algorithm. For PowerShell 2.0, the default is SHA1. Files that are signed with a different hashing algorithm might not be recognized on other systems. Which algorithms are supported depends on the version of the operating system.

Please please please also update the Microsoft.PowerShell.Security module that 5.1 uses, too. The world would appreciate this more secure default.

Expected behavior

Considering SHA1 is deprecated, insecure and not the expected algorithm per the docs, the `HashAlgorithm` should default to SHA256 instead of SHA1

Actual behavior

The default is SHA1

Error details

No response

Environment data

Name                           Value
----                           -----
PSVersion                      7.2.4
PSEdition                      Core
GitCommitId                    7.2.4
OS                             Microsoft Windows 10.0.22000
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Visuals

No response