Skip to content
WebAssembly Standard Capabilities library
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples Initial commit Jun 20, 2019
src Adding travis integration and badges Jun 28, 2019
.gitignore Initial commit Jun 20, 2019
.travis.yml Adding travis integration and badges Jun 28, 2019
Cargo.lock Initial commit Jun 20, 2019
Cargo.toml Adding travis integration and badges Jun 28, 2019
LICENSE.txt Adding travis integration and badges Jun 28, 2019  travis  license


A WebAssembly Standard Capabilities Library for Rust

If you just want the CLI that signs and examines capabilities claims, then you can install it with cargo:

$ cargo install wascap --features "cli"

This library can be used for embedding, extracting, and validating capabilities claims in WebAssembly modules. While there are some standard, well-known claims already defined, you can add custom claims in your own namespaces if you like.

The following example illustrates embedding a new set of claims into a WebAssembly module, then extracting, validating, and examining those claims:

use wascap::prelude::*;
let unsigned = read_unsigned_wasm(); // Read a Wasm file into a byte vector
let issuer = KeyPair::new_account(); // Create an Ed25519 key pair to sign the module
let module = KeyPair::new_module(); // Create a key pair for the module itself
// Grant the module some basic capabilities, with no date limits
let claims = ClaimsBuilder::new()
// Sign the JWT and embed it into the WebAssembly module, returning the signed bytes
let embedded = wasm::embed_claims(&unsigned, &claims, &issuer)?;
// Extract a signed JWT from a WebAssembly module's bytes (performs a check on
// the signed module hash)
let extracted = wasm::extract_claims(&embedded)?.unwrap();
// Validate dates, signature, JWT structure, etc.
let v = validate_token(&extracted.jwt)?;
assert_eq!(v.expired, false);
assert_eq!(v.cannot_use_yet, false);
assert_eq!(v.expires_human, "never");
assert_eq!(v.not_before_human, "immediately");
assert_eq!(, issuer.public_key());

The Ed25519 key functionality is provided by the nkeys crate.

The wascap CLI allows you to examine and sign WebAssembly files from a terminal prompt:

 $ wascap caps examples/signed_loop.wasm 
║                                WASCAP Module                               ║
║ Expires       ║                                                      Never ║
║ Can Be Used   ║                                                Immediately ║
║                                Capabilities                                ║
║ K/V Store                                                                  ║
║ Messaging                                                                  ║
║ HTTP Client                                                                ║
║ HTTP Server                                                                ║
║                                    Tags                                    ║
║ None                                                                       ║
You can’t perform that action at this time.