GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → wasmCloud → wascap

wasmCloud / wascap

Licence: Apache-2.0 license
Embed, extract, and validate capability claims in JWTs for WebAssembly modules

Programming Languages

rust
11053 projects

Labels

securityjwtsignaturewebassemblyed25519

Projects that are alternatives of or similar to wascap

Tweetnacl Js
Port of TweetNaCl cryptographic library to JavaScript
Stars: ✭ 1,176 (+1893.22%)
Mutual labels:  signature, ed25519
multi-party-eddsa
Rust implementation of multi party Ed25519 signature scheme.
Stars: ✭ 86 (+45.76%)
Mutual labels:  signature, ed25519
pasetors
PASETOrs: PASETO tokens in pure Rust
Stars: ✭ 46 (-22.03%)
Mutual labels:  ed25519
memory signature
A small wrapper class providing an unified interface to search for various memory signatures
Stars: ✭ 69 (+16.95%)
Mutual labels:  signature
leptin
🔗 Leptin is a PoW blockchain completely built in Nodejs.
Stars: ✭ 57 (-3.39%)
Mutual labels:  signature
server init harden
Server hardening on 1st login as "root"
Stars: ✭ 75 (+27.12%)
Mutual labels:  ed25519
rust-minisign
A pure Rust implementation of the Minisign signature tool.
Stars: ✭ 76 (+28.81%)
Mutual labels:  ed25519
sodalite
tweetnacl in rust
Stars: ✭ 26 (-55.93%)
Mutual labels:  ed25519
orchestrate-node
This Orchestrate library provides convenient access to the Orchestrate API from applications written in server-side NodeJS
Stars: ✭ 19 (-67.8%)
Mutual labels:  signature
pdf-sign-check
A java / spring boot application to help you sign and check signed pdf documents
Stars: ✭ 81 (+37.29%)
Mutual labels:  signature
SSL-TLS-ECDSA-timing-attack
Timing Attack on TLS' ECDSA signature
Stars: ✭ 41 (-30.51%)
Mutual labels:  signature
mpc
Secure Multi-Party Computation (MPC) with Go. This project implements secure two-party computation with Garbled circuit protocol.
Stars: ✭ 41 (-30.51%)
Mutual labels:  ed25519
iOS-Signature-Capture
iOS-Signature-Capture is helps to capture the user signature with name and signed date in iOS and supports both Objective-c and Swift languages.
Stars: ✭ 50 (-15.25%)
Mutual labels:  signature
signature
HMAC and RSA signature for Laravel and Lumen
Stars: ✭ 26 (-55.93%)
Mutual labels:  signature
mitome.in
Explore OpenPGP and other cryptography as an alternative for seals (mitome-in)
Stars: ✭ 30 (-49.15%)
Mutual labels:  signature
git-secure-tag
Secure git tag signing
Stars: ✭ 44 (-25.42%)
Mutual labels:  signature
GetApk
Show app or apk detail, and export apk file of installed app to sdcard
Stars: ✭ 42 (-28.81%)
Mutual labels:  signature
eosdart ecc
Elliptic curve cryptography functions in Dart. Private Key, Public Key, Signature, AES, Encryption, Decryption
Stars: ✭ 25 (-57.63%)
Mutual labels:  signature
huffin
Vanity ed25519 public keys, through Huffman Codes
Stars: ✭ 12 (-79.66%)
Mutual labels:  ed25519
binance-signature-examples
Examples of generating HMAC and RSA signature for Binance API
Stars: ✭ 170 (+188.14%)
Mutual labels:  signature
View All Similar Projects ➔

crates.io  Rust  license

WASCAP

In the wasmCloud host runtime, each actor securely declares the set of capabilities it requires. This library is used to embed, extract, and validate JSON Web Tokens (JWT) containing these capability attestations, as well as the hash of the wasm file and a provable issuer for verifying module provenance.

If you want to use the CLI that lets you sign and examine module claims, then you can install the wash CLI and use the wash claims set of commands. Note that earlier versions of wascap came with a CLI. This is no longer available and has been supercede by the wash CLI.

While there are some standard, well-known claims already defined in the library (such as wasmcloud:messaging and wasmcloud:keyvalue), you can add custom claims in your own namespaces.

The following example illustrates embedding a new set of claims into a WebAssembly module, then extracting, validating, and examining those claims:

use wascap::prelude::*;

let unsigned = read_unsigned_wasm(); // Read a Wasm file into a byte vector
let issuer = KeyPair::new_account(); // Create an Ed25519 key pair to sign the module
let module = KeyPair::new_module(); // Create a key pair for the module itself

// Grant the module some basic capabilities, with no date limits
let claims = ClaimsBuilder::new()
    .with_capability(caps::MESSAGING)
    .with_capability(caps::KEY_VALUE)
    .issuer(&issuer.public_key())
    .subject(&module.public_key())
    .build();

// Sign the JWT and embed it into the WebAssembly module, returning the signed bytes
let embedded = wasm::embed_claims(&unsigned, &claims, &issuer)?;

// Extract a signed JWT from a WebAssembly module's bytes (performs a check on
// the signed module hash)
let extracted = wasm::extract_claims(&embedded)?.unwrap();

// Validate dates, signature, JWT structure, etc.
let v = validate_token(&extracted.jwt)?;

assert_eq!(v.expired, false);
assert_eq!(v.cannot_use_yet, false);
assert_eq!(v.expires_human, "never");
assert_eq!(v.not_before_human, "immediately");
assert_eq!(extracted.claims.issuer, issuer.public_key());

The Ed25519 key functionality is provided by the nkeys crate.

The wash CLI allows you to examine and sign WebAssembly files from a terminal prompt:

 $ wash claims inspect examples/signed_loop.wasm
 ╔════════════════════════════════════════════════════════════════════════╗
 ║                          Secure Actor - Module                         ║
 ╠═════════════╦══════════════════════════════════════════════════════════╣
 ║ Account     ║ ACCHS57D3P2VEON5MQCJM4YA34GYBDFZR3IBG5EQNUONIHBO5X4NIURC ║
 ╠═════════════╬══════════════════════════════════════════════════════════╣
 ║ Module      ║ MBQ2RC3BARXFWTBFW5UJ6J3QSAVYJ7D64Z5LRCPR3UI44F65Q3OMNGYM ║
 ╠═════════════╬══════════════════════════════════════════════════════════╣
 ║ Expires     ║                                                    never ║
 ╠═════════════╬══════════════════════════════════════════════════════════╣
 ║ Can Be Used ║                                              immediately ║
 ╠═════════════╬══════════════════════════════════════════════════════════╣
 ║ Version     ║                                                1.0.0 (0) ║
 ╠═════════════╩══════════════════════════════════════════════════════════╣
 ║                              Capabilities                              ║
 ╠════════════════════════════════════════════════════════════════════════╣
 ║ K/V Store                                                              ║
 ║ Messaging                                                              ║
 ║ HTTP Client                                                            ║
 ║ HTTP Server                                                            ║
 ╠════════════════════════════════════════════════════════════════════════╣
 ║                                  Tags                                  ║
 ╠════════════════════════════════════════════════════════════════════════╣
 ║ None                                                                   ║
 ╚════════════════════════════════════════════════════════════════════════╝
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].