diff --git a/acceptance/exporter_test.go b/acceptance/exporter_test.go
index 1c45beace..c29a8e30c 100644
--- a/acceptance/exporter_test.go
+++ b/acceptance/exporter_test.go
@@ -56,7 +56,6 @@ func TestExporter(t *testing.T) {
 
 	exportImage = exportTest.testImageRef
 	exporterPath = exportTest.containerBinaryPath
-	cacheFixtureDir = filepath.Join("testdata", "exporter", "cache-dir")
 	exportRegAuthConfig = exportTest.targetRegistry.authConfig
 	exportRegNetwork = exportTest.targetRegistry.network
 	exportDaemonFixtures = exportTest.targetDaemon.fixtures
@@ -404,9 +403,16 @@ func testExporterFunc(platformAPI string) func(t *testing.T, when spec.G, it spe
 							var err error
 							cacheDir, err = os.MkdirTemp("", "cache")
 							h.AssertNil(t, err)
+							h.AssertNil(t, os.Chmod(cacheDir, 0777)) // Override umask
 
 							cacheFixtureDir := filepath.Join("testdata", "exporter", "cache-dir")
 							h.AssertNil(t, fsutil.Copy(cacheFixtureDir, cacheDir))
+							// We have to pre-create the tar files so that their digests do not change due to timestamps
+							// But, ':' in the filepath on Windows is not allowed
+							h.AssertNil(t, os.Rename(
+								filepath.Join(cacheDir, "committed", "sha256_258dfa0cc987efebc17559694866ebc91139e7c0e574f60d1d4092f53d7dff59.tar"),
+								filepath.Join(cacheDir, "committed", "sha256:258dfa0cc987efebc17559694866ebc91139e7c0e574f60d1d4092f53d7dff59.tar"),
+							))
 						})
 
 						it.After(func() {
@@ -415,7 +421,7 @@ func testExporterFunc(platformAPI string) func(t *testing.T, when spec.G, it spe
 
 						it("overwrites the original layer", func() {
 							exportFlags := []string{
-								"-cache-dir", "/cache/committed",
+								"-cache-dir", "/cache",
 								"-log-level", "debug",
 							}
 							exportArgs := append([]string{ctrPath(exporterPath)}, exportFlags...)
@@ -428,10 +434,11 @@ func testExporterFunc(platformAPI string) func(t *testing.T, when spec.G, it spe
 									"--env", "CNB_PLATFORM_API="+platformAPI,
 									"--env", "CNB_REGISTRY_AUTH="+exportRegAuthConfig,
 									"--network", exportRegNetwork,
-									"--volume", fmt.Sprintf("%s:/cache/committed", cacheDir),
+									"--volume", fmt.Sprintf("%s:/cache", cacheDir),
 								),
 								h.WithArgs(exportArgs...),
 							)
+							h.AssertStringContains(t, output, "Skipping reuse for layer corrupted_buildpack:corrupted-layer: expected layer contents to have SHA 'sha256:258dfa0cc987efebc17559694866ebc91139e7c0e574f60d1d4092f53d7dff59'; found 'sha256:9e0b77ed599eafdab8611f7eeefef084077f91f02f1da0a3870c7ff20a08bee8'")
 							h.AssertStringContains(t, output, "Saving "+exportedImageName)
 							h.Run(t, exec.Command("docker", "pull", exportedImageName))
 							defer h.Run(t, exec.Command("docker", "image", "rm", exportedImageName))
diff --git a/acceptance/testdata/exporter/cache-dir/committed/sha256:258dfa0cc987efebc17559694866ebc91139e7c0e574f60d1d4092f53d7dff59.tar b/acceptance/testdata/exporter/cache-dir/committed/sha256_258dfa0cc987efebc17559694866ebc91139e7c0e574f60d1d4092f53d7dff59.tar
similarity index 100%
rename from acceptance/testdata/exporter/cache-dir/committed/sha256:258dfa0cc987efebc17559694866ebc91139e7c0e574f60d1d4092f53d7dff59.tar
rename to acceptance/testdata/exporter/cache-dir/committed/sha256_258dfa0cc987efebc17559694866ebc91139e7c0e574f60d1d4092f53d7dff59.tar
diff --git a/acceptance/testdata/restorer/Dockerfile b/acceptance/testdata/restorer/Dockerfile
index f676cb75e..a176ba1b7 100644
--- a/acceptance/testdata/restorer/Dockerfile
+++ b/acceptance/testdata/restorer/Dockerfile
@@ -8,12 +8,10 @@ ENV CNB_GROUP_ID=${cnb_gid}
 
 COPY ./container/ /
 
-# turn /to_cache/<buildpack> directories into cache tarballs
-# these are referenced by sha in /cache/committed/io.buildpacks.lifecycle.cache.metadata
-RUN tar cvf /cache/committed/sha256:2d9c9c638d5c4f0df067eeae7b9c99ad05776a89d19ab863c28850a91e5f2944.tar -C /to_cache/cacher_buildpack layers
-RUN tar cvf /cache/committed/sha256:58bafa1e79c8e44151141c95086beb37ca85b69578fc890bce33bb4c6c8e851f.tar -C /to_cache/unused_buildpack layers
-# this layer has the wrong sha to mimic corrupted data
-RUN tar cvf /cache/committed/sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c.tar -C /to_cache/corrupted_buildpack layers
+# We have to pre-create the tar files so that their digests do not change due to timestamps
+# But, ':' in the filepath on Windows is not allowed
+RUN mv /cache/committed/sha256_2d9c9c638d5c4f0df067eeae7b9c99ad05776a89d19ab863c28850a91e5f2944.tar /cache/committed/sha256:2d9c9c638d5c4f0df067eeae7b9c99ad05776a89d19ab863c28850a91e5f2944.tar
+RUN mv /cache/committed/sha256_430338f576c11e5236669f9c843599d96afe28784cffcb2d46ddb07beb00df78.tar /cache/committed/sha256:430338f576c11e5236669f9c843599d96afe28784cffcb2d46ddb07beb00df78.tar
 
 ENTRYPOINT ["/cnb/lifecycle/restorer"]
 
diff --git a/acceptance/testdata/restorer/container/cache/committed/io.buildpacks.lifecycle.cache.metadata b/acceptance/testdata/restorer/container/cache/committed/io.buildpacks.lifecycle.cache.metadata
index b94d82c76..51c7edd77 100644
--- a/acceptance/testdata/restorer/container/cache/committed/io.buildpacks.lifecycle.cache.metadata
+++ b/acceptance/testdata/restorer/container/cache/committed/io.buildpacks.lifecycle.cache.metadata
@@ -31,7 +31,7 @@
       "version": "v1",
       "layers": {
         "cached-layer": {
-          "sha": "sha256:58bafa1e79c8e44151141c95086beb37ca85b69578fc890bce33bb4c6c8e851f",
+          "sha": "sha256:430338f576c11e5236669f9c843599d96afe28784cffcb2d46ddb07beb00df78",
           "data": null,
           "build": false,
           "launch": false,
diff --git a/acceptance/testdata/restorer/container/cache/committed/sha256_2d9c9c638d5c4f0df067eeae7b9c99ad05776a89d19ab863c28850a91e5f2944.tar b/acceptance/testdata/restorer/container/cache/committed/sha256_2d9c9c638d5c4f0df067eeae7b9c99ad05776a89d19ab863c28850a91e5f2944.tar
new file mode 100644
index 000000000..2dae6cc55
Binary files /dev/null and b/acceptance/testdata/restorer/container/cache/committed/sha256_2d9c9c638d5c4f0df067eeae7b9c99ad05776a89d19ab863c28850a91e5f2944.tar differ
diff --git a/acceptance/testdata/restorer/container/cache/committed/sha256_430338f576c11e5236669f9c843599d96afe28784cffcb2d46ddb07beb00df78.tar b/acceptance/testdata/restorer/container/cache/committed/sha256_430338f576c11e5236669f9c843599d96afe28784cffcb2d46ddb07beb00df78.tar
new file mode 100644
index 000000000..af9874ef3
Binary files /dev/null and b/acceptance/testdata/restorer/container/cache/committed/sha256_430338f576c11e5236669f9c843599d96afe28784cffcb2d46ddb07beb00df78.tar differ
diff --git a/cache/volume_cache.go b/cache/volume_cache.go
index 4dfd6e2a9..22ef827d2 100644
--- a/cache/volume_cache.go
+++ b/cache/volume_cache.go
@@ -2,7 +2,6 @@ package cache
 
 import (
 	"crypto/sha256"
-	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -241,7 +240,7 @@ func (c *VolumeCache) VerifyLayer(diffID string) error {
 	if _, err := io.Copy(hasher, layerRC); err != nil {
 		return errors.Wrap(err, "hashing layer")
 	}
-	foundDiffID := "sha256:" + hex.EncodeToString(hasher.Sum(make([]byte, 0, hasher.Size())))
+	foundDiffID := fmt.Sprintf("sha256:%x", hasher.Sum(nil))
 	if diffID != foundDiffID {
 		return NewReadErr(fmt.Sprintf("expected layer contents to have SHA '%s'; found '%s'", diffID, foundDiffID))
 	}