Issue: Use SHA-256 when hashing assets

[johanstenberg92]

Summary

I am working with the official Community Algorand .NET SDK.

I want to add a metadata hash to my asset when creating it. But The SDK restricts me - the metadata hash must be 32 bytes when Base64 encoded.

In order to achieve this, I need to take a substring of my SHA-256 hash of my asset. This loses entropy and is bad practice, and furthermore the hash is originally 32 bytes so there shouldn't be a problem here.

I understand that there needs to be a JSON-friendly representation of the bytes, but I don't understand if the Algorand node de-encodes the hash when retrieving it. If not, then it seems like it's a bug.

Example: hash(binary file) => 32 bytes encode64(hash(binary file)) => larger than 32 bytes

Then the SDK blocks me.

But it accepts (and the blockchain accepts) if the base 64 encoded hash is 32 bytes. Which seems weird? The REST API might need to have some extra field or something to provide a proper hash if you don't want to decode it for all inputs.

Scope/Requirements

N/A

Urgency/Relative Priority

N/A

[brianolson]

base64 is for transport across JSON APIs, the Algorand network cares about 32 bytes of payload (after base64 decoding).

[johanstenberg92]

So the SDK shouldn't restrict on base64 encoded size as long as deserialized is exactly 32 bytes?

[winder]

I believe you're referring to the Transaction objects, not the JSON API that Brian mentioned.

The AssetParams object nested within the AssetConfig transaction is not encoded whatsoever. It accepts arbitrary bytes which are messagepack encoded. If you choose to base64 encode this field it must fit inside the 32 bytes available for the metadata hash.

Here is an example of how the go SDK represents the object, this object is later messagepack encoded with no further processing: https://github.com/algorand/go-algorand-sdk/blob/bfd9fd3e15d8a5ac7e705ae64a985949644102e3/types/asset.go#L54