6

From this question we know that we cannot verify ipfs hash exist beforehand.

IPFS is a decentralized system, there is no central domain where you can do a lookup to find your hash. When looking up files, you're asking the network to find nodes storing the content behind a unique hash. You cannot know whether it exists beforehand.

When we add a folder or file into IPFS it will generate some ipfs hash for example: QmXjkFQjnD8i8ntmwehoAHBfJEApETx8ebScyVzAHqgjpD. It seems like all hashes start with "Qm" and has 46 characters (if I didn't count it wrong). Is these cases are always true?

$ ipfs add -r folder
added QmXjkFQjnD8i8ntmwehoAHBfJEApETx8ebScyVzAHqgjpD folder/avatar/avatar.c

[Q] How could I verify a input string if the string always have some properties to be an ipfs hash? The goal of this to force user to enter at least string that matches the size of the ipfs hash and other properties if exist.

Such as:

  • String should start with "Qm"
  • String should be 46 characters.
alper
  • 8,395
  • 11
  • 63
  • 152

2 Answers2

5

IPFS specifies that the hash should be a multihash. This consists of a byte indicating the hashing algorithm, followed by another byte for length. This is then base58-encoded.

The hashing algorithm is normally sha256, identified by 0x12, with a length of 0x20. This encodes as "Qm".

In theory other algorithms are legal in IPFS, so if you've got code you won't be able to change that needs to work in future you shouldn't assume the "Qm". You could detect some illegal cases by checking the length byte and seeing if it matches the length. There are some libraries listed here that will do this for you, or you can look at them to see how they work.

However I don't think other algorithms are commonly used at the moment, so if you're more worried about input mistakes than future compatibility you could probably just check for this format and update your code if people start using something else in serious numbers.

Edmund Edgar
  • 16,897
  • 1
  • 29
  • 58
  • My input will be as string. In order to check byte length would it be good idea to convert ipfs hash as string into byte and check its length, or do you have any other advice? could I just assume that ipfs hash string should have 46 characters? All my ipfs hashes seems to have 46 characters. @Edmund Edgar – alper Apr 07 '17 at 10:36
  • Does it this condition checks seems correct?: (bytes(ipfsHash).length == 46) @Edmund Edgar – alper Apr 07 '17 at 10:46
  • If you're checking the length as 46 expecting the current algorithm then I'D skip the bytes conversion, just count the characters, and check the first 2 are Qm, and check the rest are in the base-58 set. – Edmund Edgar Apr 07 '17 at 11:23
  • 1
    If you want to do the validation properly (ie also accommodate other algorithms) there are some libraries listed here: https://github.com/multiformats/multihash#implementations This one makes it fairly easy to see what's happening: https://github.com/multiformats/php-multihash/blob/master/multihash.php#L44 – Edmund Edgar Apr 07 '17 at 11:32
  • "check the rest are in the base-58 set": as with "Qm" or without "Qm". Also is there any library to checks base-58 in solidity ? @Edmund Edgar – alper Apr 07 '17 at 11:44
  • Qm will be part of the base-58 set. I don't know of libraries to do this in solidity - if you're making a DApp you're probably best doing in JavaScript. – Edmund Edgar Apr 07 '17 at 11:55
0

I used this in an old project to validate IPFS and IPNS addresse:

/^\/ipfs\/Qm[1-9A-HJ-NP-Za-km-z]{44}(\/.*)?|^\/ipns\/.+/
yhu420
  • 111
  • 1