This JavaScript verifier brings Tinfoil's enclave verification capabilities directly to web browsers. Built from the same Go source code as the main Tinfoil Go client, it's compiled to WebAssembly to run natively in browsers without requiring server-side verification.
When new versions are tagged, our GitHub Actions workflow automatically:
- Compiles the Go verification logic to WebAssembly
- Generates versioned WASM files with integrity guarantees
- Deploys them to GitHub Pages for secure, cached distribution
- Updates version tags so clients always load the correct module
This ensures that browser-based applications can perform an audit of Tinfoil without additional infrastructure dependencies. For more details on the underlying attestation process, see the Tinfoil verification documentation.
Try it now: The hosted WASM verifier is available at tinfoil.sh/verifier
Usage: This WASM verifier is also integrated into Tinfoil Chat to provide transparent verification of the Tinfoil private chat. The verification center UI can be found in tinfoil-chat/verifier.
Include required scripts:
<script src="wasm_exec.js"></script>
<script src="main.js"></script>
<!-- Load and use the verifier -->
<script>
// Dynamically fetch the current version and load the corresponding WASM file
fetch("tinfoil-verifier.tag")
.then(response => response.text())
.then(version => {
const go = new Go(); // Create verifier instance
WebAssembly.instantiateStreaming(fetch(`tinfoil-verifier-${version}.wasm`), go.importObject)
.then((result) => {
go.run(result.instance);
// Verify an enclave
verifyEnclave("inference.example.com")
.then(result => {
console.log("Certificate fingerprint:", result.certificate);
console.log("Enclave measurement:", result.measurement);
});
});
});
</script>This verifier is compiled from the same Go source code as the main Tinfoil Verifier, but targets WebAssembly to run directly in browsers.
// 1. Verify enclave attestation
const enclaveResult = await verifyEnclave("inference.example.com");
console.log("Enclave measurement:", enclaveResult.measurement);
// 2. Verify code matches GitHub release
const repo = "org/repo";
const codeResult = await verifyCode(repo, expectedDigest);
console.log("Code measurement:", codeResult);
// 3. Compare measurements
if (enclaveResult.measurement === codeResult) {
console.log("Verification successful!");
} else {
console.error("Measurements don't match!");
}Please report security vulnerabilities by either:
- Emailing [email protected]
- Opening an issue on GitHub on this repository
We aim to respond to security reports within 24 hours and will keep you updated on our progress.