Inclusion of ring crate now brings cryptographic operations and TLS clients to WASIX.
August 10, 2023
WASIX now supports cryptographic operations and TLS and as you may have guessed from the title, we will talk about the ring, what makes it so precious and how it is used with WASIX.
The cryptographic enhancements for WASI/WASIX have been eagerly anticipated. Currently, WASI is considering a proposal named WASI Crypto, championed by Frank Denis and Daiki Ueno, which is in the Phase 1 - Feature Proposal (CG) stage. As WebAssembly's future holds promising new avenues, Wasmer is committed to rapid innovation, ensuring that WebAssembly consistently leads in secure and optimized computing.
The implementation of cryptographic libraries like OpenSSL or BoringSSL in systems provides a foundational layer of security and functionality. Here's what these libraries bring to the table:
Secure Communication: These libraries enable secure communication protocols like TLS/SSL, which are used by web browsers, email clients, VPNs, and many other applications to encrypt data in transit. This ensures that sensitive data, such as login credentials or personal information, is protected.
Data Encryption: They provide tools for encrypting data at rest. This includes encrypting user data, databases, or entire filesystems, ensuring data confidentiality even if physical storage is compromised.
Digital Signatures: These libraries support the creation and verification of digital signatures, ensuring data integrity and non-repudiation.
Secure Random Number Generation: Cryptographically secure random number generation is essential for many security-related tasks, such as generating encryption keys or nonces.
VPN Support: Cryptographic libraries are fundamental for VPN (Virtual Private Network) functionality, allowing secure and private communication over public networks.
Standardization and Interoperability: By implementing standardized cryptographic algorithms and protocols, these libraries ensure compatibility and interoperability between different systems and applications.
The library that makes it all possible for cryptographic communication in WASI/WASIX is ring
a library focused on the implementation, testing, and optimization of a core set of cryptographic operations. This library is small and fast, and was the perfect candidate as there was some current work being done to compile it for WASI in these PRs:
However, our attempts were unsuccessful. But, this was not the end of the road. It caught our interest again when Frank Denis compiled ring for WASI and WASIX in his ring-wasi. This was really exciting and we started testing it out. We quickly forked the repo and started testing it out in WASIX. Sadly, it didn't work but it got us to a 99% working implementation.
So, after sleepless nights and lots of coffee we successfully integrated our fork of ring with WASIX. This was a huge milestone for us and we were really excited to share it with the community. But compiling standalone ring
isn't enough. It's just like giving people a key to a door that doesn't exist. We needed applications, and for applications we needed libraries. So we started making libraries compatible with WASIX and our fork of ring
.
Libraries that we made compatible with WASIX:
The libraries mentioned above make all sorts of applications and use cases possible in WASIX. First and foremost being bringing TLS to WASIX.
TLS was one of the most rewqested feature. (pun intended)
TLS is a cryptographic protocol that provides end-to-end encryption and authentication over the internet. Many protocols such as HTTPS, FTP over TLS, MQTT etc. use TLS to secure their communication.
TLS works by using a handshake protocol to establish a secure connection between two parties. This handshake protocol is implemented by any cryptographic library such as OpenSSL, LibreSSL, BoringSSL, etc.
Enablement of TLS using ring
means WASIX can now be used for outbound HTTPS requests, external API calls, etc. This opens up a lot of use cases for WASIX.
The benefits of having a cryptographic library like ring
in WASIX doesn't simply end at TLS. It opens up a lot of other use cases as well.
The inclusion of cryptographic library ring
in WASIX brings in support for TLS, SSL, and all other cryptographic operations and opens up a lot of use cases and possibilities for the community to build upon almost anything.
You can try out our starter tutorial for outbound proxies here. More examples will follow suit.
We would also like to extend our gratitude to Frank Denis for his work on the ring-wasi implementation.
If you have any questions, feel free to reach out to us on Discord.
wasixengineeringepollruntime
RudraAugust 8, 2023