Comment 3 for bug 1945663

This is actually not a bug, just a format problem. The hash that is returned in the HTTP response from snapd is actually verbatim copied from the snapstore, which returns the hash as a hex-encoded byte array (the hash of the snap is indeed just a raw byte array so it could contain 0 or NUL which is not a valid ASCII string, hence encoding is necessary). However, snap assertions don't encode hashes as hex-encoded, instead they are URL base64 encoded, so this needs to be converted first before it works.

Not sure a bash + cURL equivalent of doing this conversion, but you can do this conversation with Go using:

b, _ := hex.DecodeString(foo)
assertKey := base64.RawURLEncoding.EncodeToString(b)

And there are of course other options in other programming languages.