From 61de9222b029ab4e9b8ad8697945371ddd6cd855 Mon Sep 17 00:00:00 2001
From: John Ericson <John.Ericson@Obsidian.Systems>
Date: Mon, 8 Dec 2025 15:34:15 -0500
Subject: [PATCH] Use SRI hash (strings) as the official JSON format for Hash
 after all

The fact that we were introducing a conversion from the output of `nix
path-info` into the input of `builtins.fetchTree` was the deciding
factor. We want scripting outputs into inputs like that to be easy.

Since JSON strings and objects are trivially distinguishable, we still
have the option of introducing the JSON format as an alternative input
scheme in the future, should we want to. (The output format would still
be SRI in that case, presumably.)
---
 doc/manual/rl-next/json-format-changes.md     | 11 ++----
 doc/manual/source/protocols/json/hash.md      |  4 +--
 .../source/protocols/json/schema/hash-v1.yaml | 35 ++++---------------
 src/json-schema-checks/meson.build            |  4 +--
 .../data/common-protocol/content-address.json | 18 ++--------
 .../optional-content-address.json             |  6 +---
 .../data/content-address/nar.json             |  6 +---
 .../data/content-address/text.json            |  6 +---
 .../data/derivation/output-caFixedFlat.json   |  6 +---
 .../data/derivation/output-caFixedNAR.json    |  6 +---
 .../data/derivation/output-caFixedText.json   |  6 +---
 .../data/dummy-store/one-flat-file.json       | 12 ++-----
 .../data/nar-info/json-2/impure.json          | 18 ++--------
 .../data/nar-info/json-2/pure.json            | 12 ++-----
 .../data/path-info/json-2/empty_impure.json   |  6 +---
 .../data/path-info/json-2/empty_pure.json     |  6 +---
 .../data/path-info/json-2/impure.json         | 12 ++-----
 .../data/path-info/json-2/pure.json           | 12 ++-----
 .../data/serve-protocol/content-address.json  | 18 ++--------
 .../optional-content-address.json             |  6 +---
 .../unkeyed-valid-path-info-2.3.json          | 12 ++-----
 .../unkeyed-valid-path-info-2.4.json          | 18 ++--------
 .../data/worker-protocol/content-address.json | 18 ++--------
 .../optional-content-address.json             |  6 +---
 .../unkeyed-valid-path-info-1.15.json         | 12 ++-----
 .../worker-protocol/valid-path-info-1.15.json | 12 ++-----
 .../worker-protocol/valid-path-info-1.16.json | 24 +++----------
 .../data/hash/blake3-base16.json              |  5 ---
 src/libutil-tests/data/hash/blake3.json       |  1 +
 .../data/hash/sha256-base16.json              |  5 ---
 .../data/hash/sha256-base64.json              |  5 ---
 src/libutil-tests/data/hash/sha256-nix32.json |  5 ---
 src/libutil-tests/data/hash/sha256.json       |  1 +
 src/libutil-tests/data/hash/sha512.json       |  1 +
 src/libutil-tests/data/hash/simple.json       |  5 ---
 src/libutil-tests/hash.cc                     | 24 ++-----------
 src/libutil/hash.cc                           | 20 ++---------
 tests/functional/fixed.sh                     |  6 +---
 tests/functional/git-hashing/simple-common.sh | 13 ++++---
 tests/functional/impure-derivations.sh        |  2 +-
 tests/functional/nix-profile.sh               |  2 +-
 tests/functional/path-info.sh                 | 12 ++-----
 tests/functional/signing.sh                   |  2 +-
 tests/nixos/fetchers-substitute.nix           |  5 ++-
 44 files changed, 78 insertions(+), 348 deletions(-)
 delete mode 100644 src/libutil-tests/data/hash/blake3-base16.json
 create mode 100644 src/libutil-tests/data/hash/blake3.json
 delete mode 100644 src/libutil-tests/data/hash/sha256-base16.json
 delete mode 100644 src/libutil-tests/data/hash/sha256-base64.json
 delete mode 100644 src/libutil-tests/data/hash/sha256-nix32.json
 create mode 100644 src/libutil-tests/data/hash/sha256.json
 create mode 100644 src/libutil-tests/data/hash/sha512.json
 delete mode 100644 src/libutil-tests/data/hash/simple.json

diff --git a/doc/manual/rl-next/json-format-changes.md b/doc/manual/rl-next/json-format-changes.md
index e264daf04..78e543512 100644
--- a/doc/manual/rl-next/json-format-changes.md
+++ b/doc/manual/rl-next/json-format-changes.md
@@ -49,17 +49,10 @@ The new structured format follows the [JSON guidelines](@docroot@/development/js
   Content address is now a structured JSON object instead of a string:
 
   - Old: `"ca": "fixed:r:sha256:1abc..."`
-  - New: `"ca": {"method": "nar", "hash": {"algorithm": "sha256", "format": "base16", "hash": "10c209fa..."}}`
+  - New: `"ca": {"method": "nar", "hash": "sha256-ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0="}`
   - Still `null` values for input-addressed store objects
 
-- **Structured hash fields**:
-
-  Hash values (`narHash` and `downloadHash`) are now structured JSON objects instead of strings:
-
-  - Old: `"narHash": "sha256:FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc="`
-  - New: `"narHash": {"algorithm": "sha256", "format": "base16", "hash": "15e3c5608946..."}`
-  - Same structure applies to `downloadHash` in NAR info contexts
-  - The `format` field is always `"base16"` (hexadecimal)
+  The `hash` field uses the [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) format like other hashes.
 
 Nix currently only produces, and doesn't consume this format.
 
diff --git a/doc/manual/source/protocols/json/hash.md b/doc/manual/source/protocols/json/hash.md
index f2af5303f..3ecff4da0 100644
--- a/doc/manual/source/protocols/json/hash.md
+++ b/doc/manual/source/protocols/json/hash.md
@@ -5,13 +5,13 @@
 ### SHA-256
 
 ```json
-{{#include schema/hash-v1/sha256-base16.json}}
+{{#include schema/hash-v1/sha256.json}}
 ```
 
 ### BLAKE3
 
 ```json
-{{#include schema/hash-v1/blake3-base16.json}}
+{{#include schema/hash-v1/blake3.json}}
 ```
 
 <!-- need to convert YAML to JSON first
diff --git a/doc/manual/source/protocols/json/schema/hash-v1.yaml b/doc/manual/source/protocols/json/schema/hash-v1.yaml
index 762f67021..c7e46191d 100644
--- a/doc/manual/source/protocols/json/schema/hash-v1.yaml
+++ b/doc/manual/source/protocols/json/schema/hash-v1.yaml
@@ -4,36 +4,13 @@ title: Hash
 description: |
   A cryptographic hash value used throughout Nix for content addressing and integrity verification.
 
-  This schema describes the JSON representation of Nix's `Hash` type.
-type: object
-properties:
-  algorithm:
-    "$ref": "#/$defs/algorithm"
-  format:
-    type: string
-    enum:
-    - base16
-    title: Hash format
-    description: |
-      The encoding format of the hash value.
+  This schema describes the JSON representation of Nix's `Hash` type as an [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) string.
+type: string
+pattern: "^(blake3|md5|sha1|sha256|sha512)-[A-Za-z0-9+/]+=*$"
+examples:
+- "sha256-ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0="
+- "sha512-IEqPxt2oLwoM7XvrjgikFlfBbvRosiioJ5vjMacDwzWW/RXBOxsH+aodO+pXeJygMa2Fx6cd1wNU7GMSOMo0RQ=="
 
-      `base16` (lowercase hexadecimal) is the only format that is currently supported for JSON serialization.
-      This field exists primarily to reduce ambiguity about what the hash means.
-      It would also help us support other formats in the future, but there are no concrete plans to do so at this.
-  hash:
-    type: string
-    title: Hash
-    description: |
-      The encoded hash value, itself.
-
-      It is specified in the format specified by the `format` field.
-      It must be the right length for the hash algorithm specified in the `algorithm` field, also.
-      The hash value does not include any algorithm prefix.
-required:
-- algorithm
-- format
-- hash
-additionalProperties: false
 "$defs":
   algorithm:
     type: string
diff --git a/src/json-schema-checks/meson.build b/src/json-schema-checks/meson.build
index 1a30ec424..20acfe411 100644
--- a/src/json-schema-checks/meson.build
+++ b/src/json-schema-checks/meson.build
@@ -32,8 +32,8 @@ schemas = [
     'stem' : 'hash',
     'schema' : schema_dir / 'hash-v1.yaml',
     'files' : [
-      'sha256-base16.json',
-      'blake3-base16.json',
+      'sha256.json',
+      'blake3.json',
     ],
   },
   {
diff --git a/src/libstore-tests/data/common-protocol/content-address.json b/src/libstore-tests/data/common-protocol/content-address.json
index 674c5cc68..3c63e6d9b 100644
--- a/src/libstore-tests/data/common-protocol/content-address.json
+++ b/src/libstore-tests/data/common-protocol/content-address.json
@@ -1,26 +1,14 @@
 [
   {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "f9773d2e5ea670f96dc1a7b0ae4fc1010e7a6371b94ffff0ce1294734ceb62ed"
-    },
+    "hash": "sha256-+Xc9Ll6mcPltwaewrk/BAQ56Y3G5T//wzhKUc0zrYu0=",
     "method": "text"
   },
   {
-    "hash": {
-      "algorithm": "sha1",
-      "format": "base16",
-      "hash": "8067a60687a7562359337862c2a9ecfc5833ab0a"
-    },
+    "hash": "sha1-gGemBoenViNZM3hiwqns/Fgzqwo=",
     "method": "flat"
   },
   {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "10c209fa0890fe02c85a8c663ca8e7a37cc766bc5b1b29a0cc61b266f64121d3"
-    },
+    "hash": "sha256-EMIJ+giQ/gLIWoxmPKjno3zHZrxbGymgzGGyZvZBIdM=",
     "method": "nar"
   }
 ]
diff --git a/src/libstore-tests/data/common-protocol/optional-content-address.json b/src/libstore-tests/data/common-protocol/optional-content-address.json
index dc7d7d525..1c57fbf25 100644
--- a/src/libstore-tests/data/common-protocol/optional-content-address.json
+++ b/src/libstore-tests/data/common-protocol/optional-content-address.json
@@ -1,11 +1,7 @@
 [
   null,
   {
-    "hash": {
-      "algorithm": "sha1",
-      "format": "base16",
-      "hash": "8067a60687a7562359337862c2a9ecfc5833ab0a"
-    },
+    "hash": "sha1-gGemBoenViNZM3hiwqns/Fgzqwo=",
     "method": "flat"
   }
 ]
diff --git a/src/libstore-tests/data/content-address/nar.json b/src/libstore-tests/data/content-address/nar.json
index af61d7e43..511cb1c5c 100644
--- a/src/libstore-tests/data/content-address/nar.json
+++ b/src/libstore-tests/data/content-address/nar.json
@@ -1,8 +1,4 @@
 {
-  "hash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "f6f2ea8f45d8a057c9566a33f99474da2e5c6a6604d736121650e2730c6fb0a3"
-  },
+  "hash": "sha256-9vLqj0XYoFfJVmoz+ZR02i5camYE1zYSFlDicwxvsKM=",
   "method": "nar"
 }
diff --git a/src/libstore-tests/data/content-address/text.json b/src/libstore-tests/data/content-address/text.json
index a5636fe02..96da7874c 100644
--- a/src/libstore-tests/data/content-address/text.json
+++ b/src/libstore-tests/data/content-address/text.json
@@ -1,8 +1,4 @@
 {
-  "hash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "f0e4c2f76c58916ec258f246851bea091d14d4247a2fc3e18694461b1816e13b"
-  },
+  "hash": "sha256-8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts=",
   "method": "text"
 }
diff --git a/src/libstore-tests/data/derivation/output-caFixedFlat.json b/src/libstore-tests/data/derivation/output-caFixedFlat.json
index 0c1e8b017..86b4d2029 100644
--- a/src/libstore-tests/data/derivation/output-caFixedFlat.json
+++ b/src/libstore-tests/data/derivation/output-caFixedFlat.json
@@ -1,8 +1,4 @@
 {
-  "hash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "894517c9163c896ec31a2adbd33c0681fd5f45b2c0ef08a64c92a03fb97f390f"
-  },
+  "hash": "sha256-iUUXyRY8iW7DGirb0zwGgf1fRbLA7wimTJKgP7l/OQ8=",
   "method": "flat"
 }
diff --git a/src/libstore-tests/data/derivation/output-caFixedNAR.json b/src/libstore-tests/data/derivation/output-caFixedNAR.json
index 8963d3191..6f9654572 100644
--- a/src/libstore-tests/data/derivation/output-caFixedNAR.json
+++ b/src/libstore-tests/data/derivation/output-caFixedNAR.json
@@ -1,8 +1,4 @@
 {
-  "hash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "894517c9163c896ec31a2adbd33c0681fd5f45b2c0ef08a64c92a03fb97f390f"
-  },
+  "hash": "sha256-iUUXyRY8iW7DGirb0zwGgf1fRbLA7wimTJKgP7l/OQ8=",
   "method": "nar"
 }
diff --git a/src/libstore-tests/data/derivation/output-caFixedText.json b/src/libstore-tests/data/derivation/output-caFixedText.json
index 78c09adb7..2611e75da 100644
--- a/src/libstore-tests/data/derivation/output-caFixedText.json
+++ b/src/libstore-tests/data/derivation/output-caFixedText.json
@@ -1,8 +1,4 @@
 {
-  "hash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "894517c9163c896ec31a2adbd33c0681fd5f45b2c0ef08a64c92a03fb97f390f"
-  },
+  "hash": "sha256-iUUXyRY8iW7DGirb0zwGgf1fRbLA7wimTJKgP7l/OQ8=",
   "method": "text"
 }
diff --git a/src/libstore-tests/data/dummy-store/one-flat-file.json b/src/libstore-tests/data/dummy-store/one-flat-file.json
index a3f6bdcf3..804bbf07d 100644
--- a/src/libstore-tests/data/dummy-store/one-flat-file.json
+++ b/src/libstore-tests/data/dummy-store/one-flat-file.json
@@ -12,19 +12,11 @@
       },
       "info": {
         "ca": {
-          "hash": {
-            "algorithm": "sha256",
-            "format": "base16",
-            "hash": "7f579dbae488602d41a1f5c0d6dc9c17bf408b635230942d504af1e43c4b6125"
-          },
+          "hash": "sha256-f1eduuSIYC1BofXA1tycF79Ai2NSMJQtUErx5DxLYSU=",
           "method": "nar"
         },
         "deriver": null,
-        "narHash": {
-          "algorithm": "sha256",
-          "format": "base16",
-          "hash": "7f579dbae488602d41a1f5c0d6dc9c17bf408b635230942d504af1e43c4b6125"
-        },
+        "narHash": "sha256-f1eduuSIYC1BofXA1tycF79Ai2NSMJQtUErx5DxLYSU=",
         "narSize": 120,
         "references": [],
         "registrationTime": null,
diff --git a/src/libstore-tests/data/nar-info/json-2/impure.json b/src/libstore-tests/data/nar-info/json-2/impure.json
index acc458d33..b7b9f5118 100644
--- a/src/libstore-tests/data/nar-info/json-2/impure.json
+++ b/src/libstore-tests/data/nar-info/json-2/impure.json
@@ -1,25 +1,13 @@
 {
   "ca": {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "10c209fa0890fe02c85a8c663ca8e7a37cc766bc5b1b29a0cc61b266f64121d3"
-    },
+    "hash": "sha256-EMIJ+giQ/gLIWoxmPKjno3zHZrxbGymgzGGyZvZBIdM=",
     "method": "nar"
   },
   "compression": "xz",
   "deriver": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar.drv",
-  "downloadHash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-  },
+  "downloadHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
   "downloadSize": 4029176,
-  "narHash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-  },
+  "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
   "narSize": 34878,
   "references": [
     "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar",
diff --git a/src/libstore-tests/data/nar-info/json-2/pure.json b/src/libstore-tests/data/nar-info/json-2/pure.json
index 452d83361..0350349a9 100644
--- a/src/libstore-tests/data/nar-info/json-2/pure.json
+++ b/src/libstore-tests/data/nar-info/json-2/pure.json
@@ -1,17 +1,9 @@
 {
   "ca": {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "10c209fa0890fe02c85a8c663ca8e7a37cc766bc5b1b29a0cc61b266f64121d3"
-    },
+    "hash": "sha256-EMIJ+giQ/gLIWoxmPKjno3zHZrxbGymgzGGyZvZBIdM=",
     "method": "nar"
   },
-  "narHash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-  },
+  "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
   "narSize": 34878,
   "references": [
     "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar",
diff --git a/src/libstore-tests/data/path-info/json-2/empty_impure.json b/src/libstore-tests/data/path-info/json-2/empty_impure.json
index 11f400716..d22fbf7ec 100644
--- a/src/libstore-tests/data/path-info/json-2/empty_impure.json
+++ b/src/libstore-tests/data/path-info/json-2/empty_impure.json
@@ -1,11 +1,7 @@
 {
   "ca": null,
   "deriver": null,
-  "narHash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-  },
+  "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
   "narSize": 0,
   "references": [],
   "registrationTime": null,
diff --git a/src/libstore-tests/data/path-info/json-2/empty_pure.json b/src/libstore-tests/data/path-info/json-2/empty_pure.json
index 505a42914..9d50181da 100644
--- a/src/libstore-tests/data/path-info/json-2/empty_pure.json
+++ b/src/libstore-tests/data/path-info/json-2/empty_pure.json
@@ -1,10 +1,6 @@
 {
   "ca": null,
-  "narHash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-  },
+  "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
   "narSize": 0,
   "references": [],
   "storeDir": "/nix/store",
diff --git a/src/libstore-tests/data/path-info/json-2/impure.json b/src/libstore-tests/data/path-info/json-2/impure.json
index a339d9fd2..bed67610b 100644
--- a/src/libstore-tests/data/path-info/json-2/impure.json
+++ b/src/libstore-tests/data/path-info/json-2/impure.json
@@ -1,18 +1,10 @@
 {
   "ca": {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "10c209fa0890fe02c85a8c663ca8e7a37cc766bc5b1b29a0cc61b266f64121d3"
-    },
+    "hash": "sha256-EMIJ+giQ/gLIWoxmPKjno3zHZrxbGymgzGGyZvZBIdM=",
     "method": "nar"
   },
   "deriver": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar.drv",
-  "narHash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-  },
+  "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
   "narSize": 34878,
   "references": [
     "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar",
diff --git a/src/libstore-tests/data/path-info/json-2/pure.json b/src/libstore-tests/data/path-info/json-2/pure.json
index 452d83361..0350349a9 100644
--- a/src/libstore-tests/data/path-info/json-2/pure.json
+++ b/src/libstore-tests/data/path-info/json-2/pure.json
@@ -1,17 +1,9 @@
 {
   "ca": {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "10c209fa0890fe02c85a8c663ca8e7a37cc766bc5b1b29a0cc61b266f64121d3"
-    },
+    "hash": "sha256-EMIJ+giQ/gLIWoxmPKjno3zHZrxbGymgzGGyZvZBIdM=",
     "method": "nar"
   },
-  "narHash": {
-    "algorithm": "sha256",
-    "format": "base16",
-    "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-  },
+  "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
   "narSize": 34878,
   "references": [
     "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar",
diff --git a/src/libstore-tests/data/serve-protocol/content-address.json b/src/libstore-tests/data/serve-protocol/content-address.json
index 674c5cc68..3c63e6d9b 100644
--- a/src/libstore-tests/data/serve-protocol/content-address.json
+++ b/src/libstore-tests/data/serve-protocol/content-address.json
@@ -1,26 +1,14 @@
 [
   {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "f9773d2e5ea670f96dc1a7b0ae4fc1010e7a6371b94ffff0ce1294734ceb62ed"
-    },
+    "hash": "sha256-+Xc9Ll6mcPltwaewrk/BAQ56Y3G5T//wzhKUc0zrYu0=",
     "method": "text"
   },
   {
-    "hash": {
-      "algorithm": "sha1",
-      "format": "base16",
-      "hash": "8067a60687a7562359337862c2a9ecfc5833ab0a"
-    },
+    "hash": "sha1-gGemBoenViNZM3hiwqns/Fgzqwo=",
     "method": "flat"
   },
   {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "10c209fa0890fe02c85a8c663ca8e7a37cc766bc5b1b29a0cc61b266f64121d3"
-    },
+    "hash": "sha256-EMIJ+giQ/gLIWoxmPKjno3zHZrxbGymgzGGyZvZBIdM=",
     "method": "nar"
   }
 ]
diff --git a/src/libstore-tests/data/serve-protocol/optional-content-address.json b/src/libstore-tests/data/serve-protocol/optional-content-address.json
index dc7d7d525..1c57fbf25 100644
--- a/src/libstore-tests/data/serve-protocol/optional-content-address.json
+++ b/src/libstore-tests/data/serve-protocol/optional-content-address.json
@@ -1,11 +1,7 @@
 [
   null,
   {
-    "hash": {
-      "algorithm": "sha1",
-      "format": "base16",
-      "hash": "8067a60687a7562359337862c2a9ecfc5833ab0a"
-    },
+    "hash": "sha1-gGemBoenViNZM3hiwqns/Fgzqwo=",
     "method": "flat"
   }
 ]
diff --git a/src/libstore-tests/data/serve-protocol/unkeyed-valid-path-info-2.3.json b/src/libstore-tests/data/serve-protocol/unkeyed-valid-path-info-2.3.json
index 8afb64da9..0f593f424 100644
--- a/src/libstore-tests/data/serve-protocol/unkeyed-valid-path-info-2.3.json
+++ b/src/libstore-tests/data/serve-protocol/unkeyed-valid-path-info-2.3.json
@@ -2,11 +2,7 @@
   {
     "ca": null,
     "deriver": null,
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "0000000000000000000000000000000000000000000000000000000000000000"
-    },
+    "narHash": "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
     "narSize": 34878,
     "references": [],
     "registrationTime": null,
@@ -18,11 +14,7 @@
   {
     "ca": null,
     "deriver": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar.drv",
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "0000000000000000000000000000000000000000000000000000000000000000"
-    },
+    "narHash": "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
     "narSize": 34878,
     "references": [
       "g1w7hyyyy1w7hy3qg1w7hy3qgqqqqy3q-foo.drv"
diff --git a/src/libstore-tests/data/serve-protocol/unkeyed-valid-path-info-2.4.json b/src/libstore-tests/data/serve-protocol/unkeyed-valid-path-info-2.4.json
index 21667e5cb..801f20400 100644
--- a/src/libstore-tests/data/serve-protocol/unkeyed-valid-path-info-2.4.json
+++ b/src/libstore-tests/data/serve-protocol/unkeyed-valid-path-info-2.4.json
@@ -2,11 +2,7 @@
   {
     "ca": null,
     "deriver": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar.drv",
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-    },
+    "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
     "narSize": 34878,
     "references": [
       "g1w7hyyyy1w7hy3qg1w7hy3qgqqqqy3q-foo.drv"
@@ -19,19 +15,11 @@
   },
   {
     "ca": {
-      "hash": {
-        "algorithm": "sha256",
-        "format": "base16",
-        "hash": "10c209fa0890fe02c85a8c663ca8e7a37cc766bc5b1b29a0cc61b266f64121d3"
-      },
+      "hash": "sha256-EMIJ+giQ/gLIWoxmPKjno3zHZrxbGymgzGGyZvZBIdM=",
       "method": "nar"
     },
     "deriver": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar.drv",
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-    },
+    "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
     "narSize": 34878,
     "references": [
       "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar",
diff --git a/src/libstore-tests/data/worker-protocol/content-address.json b/src/libstore-tests/data/worker-protocol/content-address.json
index 674c5cc68..3c63e6d9b 100644
--- a/src/libstore-tests/data/worker-protocol/content-address.json
+++ b/src/libstore-tests/data/worker-protocol/content-address.json
@@ -1,26 +1,14 @@
 [
   {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "f9773d2e5ea670f96dc1a7b0ae4fc1010e7a6371b94ffff0ce1294734ceb62ed"
-    },
+    "hash": "sha256-+Xc9Ll6mcPltwaewrk/BAQ56Y3G5T//wzhKUc0zrYu0=",
     "method": "text"
   },
   {
-    "hash": {
-      "algorithm": "sha1",
-      "format": "base16",
-      "hash": "8067a60687a7562359337862c2a9ecfc5833ab0a"
-    },
+    "hash": "sha1-gGemBoenViNZM3hiwqns/Fgzqwo=",
     "method": "flat"
   },
   {
-    "hash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "10c209fa0890fe02c85a8c663ca8e7a37cc766bc5b1b29a0cc61b266f64121d3"
-    },
+    "hash": "sha256-EMIJ+giQ/gLIWoxmPKjno3zHZrxbGymgzGGyZvZBIdM=",
     "method": "nar"
   }
 ]
diff --git a/src/libstore-tests/data/worker-protocol/optional-content-address.json b/src/libstore-tests/data/worker-protocol/optional-content-address.json
index dc7d7d525..1c57fbf25 100644
--- a/src/libstore-tests/data/worker-protocol/optional-content-address.json
+++ b/src/libstore-tests/data/worker-protocol/optional-content-address.json
@@ -1,11 +1,7 @@
 [
   null,
   {
-    "hash": {
-      "algorithm": "sha1",
-      "format": "base16",
-      "hash": "8067a60687a7562359337862c2a9ecfc5833ab0a"
-    },
+    "hash": "sha1-gGemBoenViNZM3hiwqns/Fgzqwo=",
     "method": "flat"
   }
 ]
diff --git a/src/libstore-tests/data/worker-protocol/unkeyed-valid-path-info-1.15.json b/src/libstore-tests/data/worker-protocol/unkeyed-valid-path-info-1.15.json
index a0e4fb17a..9cc53c680 100644
--- a/src/libstore-tests/data/worker-protocol/unkeyed-valid-path-info-1.15.json
+++ b/src/libstore-tests/data/worker-protocol/unkeyed-valid-path-info-1.15.json
@@ -2,11 +2,7 @@
   {
     "ca": null,
     "deriver": null,
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-    },
+    "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
     "narSize": 34878,
     "references": [],
     "registrationTime": 23423,
@@ -18,11 +14,7 @@
   {
     "ca": null,
     "deriver": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar.drv",
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-    },
+    "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
     "narSize": 34878,
     "references": [
       "g1w7hyyyy1w7hy3qg1w7hy3qgqqqqy3q-foo.drv"
diff --git a/src/libstore-tests/data/worker-protocol/valid-path-info-1.15.json b/src/libstore-tests/data/worker-protocol/valid-path-info-1.15.json
index e5c1b1c40..427c286dd 100644
--- a/src/libstore-tests/data/worker-protocol/valid-path-info-1.15.json
+++ b/src/libstore-tests/data/worker-protocol/valid-path-info-1.15.json
@@ -2,11 +2,7 @@
   {
     "ca": null,
     "deriver": null,
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-    },
+    "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
     "narSize": 34878,
     "path": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar",
     "references": [],
@@ -19,11 +15,7 @@
   {
     "ca": null,
     "deriver": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar.drv",
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-    },
+    "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
     "narSize": 34878,
     "path": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar",
     "references": [
diff --git a/src/libstore-tests/data/worker-protocol/valid-path-info-1.16.json b/src/libstore-tests/data/worker-protocol/valid-path-info-1.16.json
index 82b21ffba..f980d8421 100644
--- a/src/libstore-tests/data/worker-protocol/valid-path-info-1.16.json
+++ b/src/libstore-tests/data/worker-protocol/valid-path-info-1.16.json
@@ -2,11 +2,7 @@
   {
     "ca": null,
     "deriver": null,
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-    },
+    "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
     "narSize": 34878,
     "path": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar",
     "references": [],
@@ -19,11 +15,7 @@
   {
     "ca": null,
     "deriver": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar.drv",
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-    },
+    "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
     "narSize": 34878,
     "path": "g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-bar",
     "references": [
@@ -41,19 +33,11 @@
   },
   {
     "ca": {
-      "hash": {
-        "algorithm": "sha256",
-        "format": "base16",
-        "hash": "10c209fa0890fe02c85a8c663ca8e7a37cc766bc5b1b29a0cc61b266f64121d3"
-      },
+      "hash": "sha256-EMIJ+giQ/gLIWoxmPKjno3zHZrxbGymgzGGyZvZBIdM=",
       "method": "nar"
     },
     "deriver": null,
-    "narHash": {
-      "algorithm": "sha256",
-      "format": "base16",
-      "hash": "15e3c560894cbb27085cf65b5a2ecb18488c999497f4531b6907a7581ce6d527"
-    },
+    "narHash": "sha256-FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc=",
     "narSize": 34878,
     "path": "n5wkd9frr45pa74if5gpz9j7mifg27fh-foo",
     "references": [
diff --git a/src/libutil-tests/data/hash/blake3-base16.json b/src/libutil-tests/data/hash/blake3-base16.json
deleted file mode 100644
index 6a7425c64..000000000
--- a/src/libutil-tests/data/hash/blake3-base16.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "algorithm": "blake3",
-  "format": "base16",
-  "hash": "9e70ee1449965fb62d049040a1ed06ec377430da6ec13173e7c4fffcd28be980"
-}
diff --git a/src/libutil-tests/data/hash/blake3.json b/src/libutil-tests/data/hash/blake3.json
new file mode 100644
index 000000000..bdb910670
--- /dev/null
+++ b/src/libutil-tests/data/hash/blake3.json
@@ -0,0 +1 @@
+"blake3-nnDuFEmWX7YtBJBAoe0G7Dd0MNpuwTFz58T//NKL6YA="
diff --git a/src/libutil-tests/data/hash/sha256-base16.json b/src/libutil-tests/data/hash/sha256-base16.json
deleted file mode 100644
index 59e10ed91..000000000
--- a/src/libutil-tests/data/hash/sha256-base16.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "algorithm": "sha256",
-  "format": "base16",
-  "hash": "f0e4c2f76c58916ec258f246851bea091d14d4247a2fc3e18694461b1816e13b"
-}
diff --git a/src/libutil-tests/data/hash/sha256-base64.json b/src/libutil-tests/data/hash/sha256-base64.json
deleted file mode 100644
index 838af80a7..000000000
--- a/src/libutil-tests/data/hash/sha256-base64.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "algorithm": "sha256",
-  "format": "base64",
-  "hash": "8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts="
-}
diff --git a/src/libutil-tests/data/hash/sha256-nix32.json b/src/libutil-tests/data/hash/sha256-nix32.json
deleted file mode 100644
index 0d6253a79..000000000
--- a/src/libutil-tests/data/hash/sha256-nix32.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-    "algorithm": "sha256",
-    "format": "nix32",
-    "hash": "0fz12qc1nillhvhw6bvs4ka18789x8dqaipjb316x4aqdkvw5r7h"
-}
diff --git a/src/libutil-tests/data/hash/sha256.json b/src/libutil-tests/data/hash/sha256.json
new file mode 100644
index 000000000..5ef584bf1
--- /dev/null
+++ b/src/libutil-tests/data/hash/sha256.json
@@ -0,0 +1 @@
+"sha256-8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts="
diff --git a/src/libutil-tests/data/hash/sha512.json b/src/libutil-tests/data/hash/sha512.json
new file mode 100644
index 000000000..5ef584bf1
--- /dev/null
+++ b/src/libutil-tests/data/hash/sha512.json
@@ -0,0 +1 @@
+"sha256-8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts="
diff --git a/src/libutil-tests/data/hash/simple.json b/src/libutil-tests/data/hash/simple.json
deleted file mode 100644
index 59e10ed91..000000000
--- a/src/libutil-tests/data/hash/simple.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "algorithm": "sha256",
-  "format": "base16",
-  "hash": "f0e4c2f76c58916ec258f246851bea091d14d4247a2fc3e18694461b1816e13b"
-}
diff --git a/src/libutil-tests/hash.cc b/src/libutil-tests/hash.cc
index d1b63c640..a6bb52d19 100644
--- a/src/libutil-tests/hash.cc
+++ b/src/libutil-tests/hash.cc
@@ -215,9 +215,6 @@ struct HashJsonTest : virtual HashTest,
                       ::testing::WithParamInterface<std::pair<std::string_view, Hash>>
 {};
 
-struct HashJsonParseFailureTest : virtual HashTest, ::testing::WithParamInterface<std::string_view>
-{};
-
 struct BLAKE3HashJsonTest : virtual HashTest,
                             BLAKE3HashTest,
                             JsonCharacterizationTest<Hash>,
@@ -236,14 +233,6 @@ TEST_P(HashJsonTest, to_json)
     writeJsonTest(name, value);
 }
 
-TEST_P(HashJsonParseFailureTest, from_json)
-{
-    auto & name = GetParam();
-    auto path = goldenMaster(Path{name} + ".json");
-    auto encoded = json::parse(readFile(path));
-    ASSERT_THROW(nlohmann::adl_serializer<Hash>::from_json(encoded), Error);
-}
-
 TEST_P(BLAKE3HashJsonTest, from_json)
 {
     auto & [name, expected] = GetParam();
@@ -256,32 +245,25 @@ TEST_P(BLAKE3HashJsonTest, to_json)
     writeJsonTest(name, expected);
 }
 
-// Round-trip tests (from_json + to_json) for base16 format only
-// (to_json always outputs base16)
 INSTANTIATE_TEST_SUITE_P(
     HashJSON,
     HashJsonTest,
     ::testing::Values(
         std::pair{
-            "simple",
+            "sha256",
             hashString(HashAlgorithm::SHA256, "asdf"),
         },
         std::pair{
-            "sha256-base16",
+            "sha512",
             hashString(HashAlgorithm::SHA256, "asdf"),
         }));
 
-// Failure tests for unsupported formats (base64, nix32, sri)
-// These verify that non-base16 formats are rejected
-INSTANTIATE_TEST_SUITE_P(
-    HashJSONParseFailure, HashJsonParseFailureTest, ::testing::Values("sha256-base64", "sha256-nix32"));
-
 INSTANTIATE_TEST_SUITE_P(BLAKE3HashJSON, BLAKE3HashJsonTest, ([] {
                              ExperimentalFeatureSettings mockXpSettings;
                              mockXpSettings.set("experimental-features", "blake3-hashes");
                              return ::testing::Values(
                                  std::pair{
-                                     "blake3-base16",
+                                     "blake3",
                                      hashString(HashAlgorithm::BLAKE3, "asdf", mockXpSettings),
                                  });
                          }()));
diff --git a/src/libutil/hash.cc b/src/libutil/hash.cc
index b5d503940..ea71ffff5 100644
--- a/src/libutil/hash.cc
+++ b/src/libutil/hash.cc
@@ -519,27 +519,13 @@ using namespace nix;
 
 Hash adl_serializer<Hash>::from_json(const json & json, const ExperimentalFeatureSettings & xpSettings)
 {
-    auto & obj = getObject(json);
-    auto algo = parseHashAlgo(getString(valueAt(obj, "algorithm")), xpSettings);
-    auto formatStr = getString(valueAt(obj, "format"));
-    auto format = parseHashFormat(formatStr);
-
-    // Only base16 format is supported for JSON serialization
-    if (format != HashFormat::Base16) {
-        throw Error("hash format '%s' is not supported in JSON; only 'base16' is currently supported", formatStr);
-    }
-
-    auto & hashS = getString(valueAt(obj, "hash"));
-    return Hash::parseExplicitFormatUnprefixed(hashS, algo, format, xpSettings);
+    auto & s = getString(json);
+    return Hash::parseSRI(s, xpSettings);
 }
 
 void adl_serializer<Hash>::to_json(json & json, const Hash & hash)
 {
-    json = {
-        {"format", printHashFormat(HashFormat::Base16)},
-        {"algorithm", printHashAlgo(hash.algo)},
-        {"hash", hash.to_string(HashFormat::Base16, false)},
-    };
+    json = hash.to_string(HashFormat::SRI, true);
 }
 
 } // namespace nlohmann
diff --git a/tests/functional/fixed.sh b/tests/functional/fixed.sh
index 3d37f5fbb..9d769a578 100755
--- a/tests/functional/fixed.sh
+++ b/tests/functional/fixed.sh
@@ -17,11 +17,7 @@ nix-build fixed.nix -A bad --no-out-link && fail "should fail"
 nix path-info --json --json-format 2 "$path" | jq -e \
     '.info.[].ca == {
         method: "flat",
-        hash: {
-            algorithm: "md5",
-            format: "base16",
-            hash: "8ddd8be4b179a529afa5f2ffae4b9858"
-        },
+        hash: "md5-jd2L5LF5pSmvpfL/rkuYWA=="
     }'
 
 echo 'testing good...'
diff --git a/tests/functional/git-hashing/simple-common.sh b/tests/functional/git-hashing/simple-common.sh
index fa523af61..a776ec43e 100644
--- a/tests/functional/git-hashing/simple-common.sh
+++ b/tests/functional/git-hashing/simple-common.sh
@@ -47,16 +47,15 @@ try2 () {
     hashFromGit=$(git -C "$repo" rev-parse "HEAD:$hashPath")
     [[ "$hashFromGit" == "$expected" ]]
 
+    # Convert base16 hash to SRI format for comparison
+    local hashSRI
+    hashSRI=$(nix hash convert --from base16 --to sri --hash-algo "$hashAlgo" "$hashFromGit")
+
     nix path-info --json --json-format 2 "$path" | jq -e \
-        --arg algo "$hashAlgo" \
-        --arg hash "$hashFromGit" \
+        --arg hashSRI "$hashSRI" \
         '.info.[].ca == {
             method: "git",
-            hash: {
-                algorithm: $algo,
-                format: "base16",
-                hash: $hash
-            },
+            hash: $hashSRI
         }'
 }
 
diff --git a/tests/functional/impure-derivations.sh b/tests/functional/impure-derivations.sh
index 3f78036c2..b35cc6784 100755
--- a/tests/functional/impure-derivations.sh
+++ b/tests/functional/impure-derivations.sh
@@ -30,7 +30,7 @@ path1_stuff=$(echo "$json" | jq -r .[].outputs.stuff)
 [[ $(< "$path1"/n) = 0 ]]
 [[ $(< "$path1_stuff"/bla) = 0 ]]
 
-nix path-info --json --json-format 2 "$path1" | jq -e '.info.[].ca | .method == "nar" and .hash.algorithm == "sha256"'
+nix path-info --json --json-format 2 "$path1" | jq -e '.info.[].ca | .method == "nar" and (.hash | startswith("sha256-"))'
 
 path2=$(nix build -L --no-link --json --file ./impure-derivations.nix impure | jq -r .[].outputs.out)
 [[ $(< "$path2"/n) = 1 ]]
diff --git a/tests/functional/nix-profile.sh b/tests/functional/nix-profile.sh
index 8934c27fc..cf84088d7 100755
--- a/tests/functional/nix-profile.sh
+++ b/tests/functional/nix-profile.sh
@@ -166,7 +166,7 @@ printf 4.0 > "$flake1Dir"/version
 printf Utrecht > "$flake1Dir"/who
 nix profile add "$flake1Dir"
 [[ $("$TEST_HOME"/.nix-profile/bin/hello) = "Hello Utrecht" ]]
-nix path-info --json --json-format 2 "$(realpath "$TEST_HOME"/.nix-profile/bin/hello)" | jq -e '.info.[].ca | .method == "nar" and .hash.algorithm == "sha256"'
+nix path-info --json --json-format 2 "$(realpath "$TEST_HOME"/.nix-profile/bin/hello)" | jq -e '.info.[].ca | .method == "nar" and (.hash | startswith("sha256-"))'
 
 # Override the outputs.
 nix profile remove simple flake1
diff --git a/tests/functional/path-info.sh b/tests/functional/path-info.sh
index de1f45151..712b52678 100755
--- a/tests/functional/path-info.sh
+++ b/tests/functional/path-info.sh
@@ -20,16 +20,8 @@ diff --unified --color=always \
         jq --sort-keys '.info | map_values(.narHash)') \
     <(jq --sort-keys <<-EOF
         {
-          "$fooBase": {
-            "algorithm": "sha256",
-            "format": "base16",
-            "hash": "42fb4031b525feebe2f8b08e6e6a8e86f34e6a91dd036ada888e311b9cc8e690"
-          },
-          "$barBase": {
-            "algorithm": "sha256",
-            "format": "base16",
-            "hash": "f5f8581aef5fab17100b629cf35aa1d91328d5070b054068f14fa93e7fa3b614"
-          },
+          "$fooBase": "sha256-QvtAMbUl/uvi+LCObmqOhvNOapHdA2raiI4xG5zI5pA=",
+          "$barBase": "sha256-9fhYGu9fqxcQC2Kc81qh2RMo1QcLBUBo8U+pPn+jthQ=",
           "$bazBase": null
         }
 EOF
diff --git a/tests/functional/signing.sh b/tests/functional/signing.sh
index 5a3bdc81d..bfa21fcff 100755
--- a/tests/functional/signing.sh
+++ b/tests/functional/signing.sh
@@ -58,7 +58,7 @@ nix store verify -r "$outPath2" --sigs-needed 1 --trusted-public-keys "$pk1"
 # Build something content-addressed.
 outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no-out-link)
 
-nix path-info --json --json-format 2 "$outPathCA" | jq -e '.info.[].ca | .method == "flat" and .hash.algorithm == "md5"'
+nix path-info --json --json-format 2 "$outPathCA" | jq -e '.info.[].ca | .method == "flat" and (.hash | startswith("md5-"))'
 
 # Content-addressed paths don't need signatures, so they verify
 # regardless of --sigs-needed.
diff --git a/tests/nixos/fetchers-substitute.nix b/tests/nixos/fetchers-substitute.nix
index 5363f8e72..bfe15c5c3 100644
--- a/tests/nixos/fetchers-substitute.nix
+++ b/tests/nixos/fetchers-substitute.nix
@@ -120,9 +120,8 @@
       # Get the NAR hash of the unpacked tarball in SRI format
       path_info_json = substituter.succeed(f"nix path-info --json-format 2 --json {tarball_store_path}").strip()
       path_info_dict = json.loads(path_info_json)["info"]
-      narHash_obj = path_info_dict[os.path.basename(tarball_store_path)]["narHash"]
-      # Convert from structured format {"algorithm": "sha256", "format": "base16", "hash": "..."} to SRI string
-      tarball_hash_sri = substituter.succeed(f"nix hash convert --to sri {narHash_obj['algorithm']}:{narHash_obj['hash']}").strip()
+      # narHash is already in SRI format
+      tarball_hash_sri = path_info_dict[os.path.basename(tarball_store_path)]["narHash"]
       print(f"Tarball NAR hash (SRI): {tarball_hash_sri}")
 
       # Also get the old format hash for fetchTarball (which uses sha256 parameter)