digestSRI example does not conform with SRI spec #1603
Description
I had posted this as a response to a closed issue so it may have gone unnoticed.
I think there is an issue with the way the examples for digestSRI in the vc-data-model spec are implemented, specifically this function: https://github.com/w3c/respec-vc/blob/main/index.js#L428
The base64 function provided by multiformats prefixes the final digest with an M, which could lead to some issues as the SRI spec does not mention this and an implementer might do a simple digestSRI.split('sha384-') instruction to retrieve the hash, especially since the VC spec does not make mention of that multiformat variation, rather says the algorithm complies with the SRI spec definition:
One or more cryptographic digests, as defined by the hash-expression ABNF grammar defined in the Subresource Integrity specification, Section 3.5: The integrity attribute.
It should be made explicit that the example uses multiformat, or better the SRI example should follow the spec requirements
(I had to spend time to figure out why my following function:
const targetUrl = 'https://www.w3.org/ns/credentials/v2';
const targetDigest = 'sha384-Ml/HrjlBCNWyAX91hr6LFV2Y3heB5Tcr6IeE4/Tje8YyzYBM8IhqjHWiWpr8+ZbYU';
const response = await fetch(targetUrl);
const hashData = new Uint8Array(await response.arrayBuffer());
console.log(hashData);
// hash the bytes
const hashBuffer = new Uint8Array(await crypto.subtle.digest('SHA-384', hashData));
console.log(hashBuffer);
// encode the hash as base64url
console.log('hashBuffer', hashBuffer);
const hash = base64.fromByteArray(hashBuffer);
const digest = `sha384-${hash}`;
console.log(digest, 'target:', targetDigest, 'match:', digest === targetDigest);
Was not yielding the same result)