npm - @protontech/openpgp - Versions diffs - 5.7.0 → 5.9.0 - Mend

@protontech/openpgp 5.7.0 → 5.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/dist/lightweight/argon2id.min.mjs +3 -0
package/dist/lightweight/argon2id.min.mjs.map +1 -0
package/dist/lightweight/{index.mjs → argon2id.mjs} +6 -7
package/dist/lightweight/bn.interface.min.mjs +1 -1
package/dist/lightweight/bn.interface.mjs +1 -1
package/dist/lightweight/bn.min.mjs +1 -1
package/dist/lightweight/bn.mjs +1 -1
package/dist/lightweight/elliptic.min.mjs +1 -1
package/dist/lightweight/elliptic.mjs +1 -1
package/dist/lightweight/openpgp.min.mjs +2 -2
package/dist/lightweight/openpgp.min.mjs.map +1 -1
package/dist/lightweight/openpgp.mjs +428 -205
package/dist/lightweight/ponyfill.es6.min.mjs +1 -1
package/dist/lightweight/ponyfill.es6.mjs +1 -1
package/dist/lightweight/web-streams-adapter.min.mjs +1 -1
package/dist/lightweight/web-streams-adapter.mjs +1 -1
package/dist/node/openpgp.js +1149 -213
package/dist/node/openpgp.min.js +3 -3
package/dist/node/openpgp.min.js.map +1 -1
package/dist/node/openpgp.min.mjs +3 -3
package/dist/node/openpgp.min.mjs.map +1 -1
package/dist/node/openpgp.mjs +1149 -214
package/dist/openpgp.js +1134 -204
package/dist/openpgp.min.js +3 -3
package/dist/openpgp.min.js.map +1 -1
package/dist/openpgp.min.mjs +3 -3
package/dist/openpgp.min.mjs.map +1 -1
package/dist/openpgp.mjs +1134 -205
package/openpgp.d.ts +31 -8
package/package.json +3 -1
package/dist/lightweight/index.min.mjs +0 -3
package/dist/lightweight/index.min.mjs.map +0 -1

package/dist/openpgp.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.7.0 - 2023-03-06 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.9.0 - 2023-05-15 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 const doneWritingPromise = Symbol('doneWritingPromise');
@@ -1907,7 +1907,7 @@ const util = {
     if (!util.isString(data)) {
       return false;
     }
-    const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}|xn--[a-zA-Z\-0-9]+)))$/;
+    const re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,}[0-9]*|xn--[a-zA-Z\-0-9]+)))$/;
     return re.test(data);
   },
@@ -2303,6 +2303,7 @@ var enums = {
     simple: 0,
     salted: 1,
     iterated: 3,
+    argon2: 4,
     gnu: 101
   },
@@ -2617,6 +2618,8 @@ var enums = {
     splitPrivateKey: 16,
     /** 0x20 - This key may be used for authentication. */
     authentication: 32,
+    /** This key may be used for forwarded communications */
+    forwardedCommunication: 64,
     /** 0x80 - The private component of this key may be in the
      *        possession of more than one person. */
     sharedPrivateKey: 128
@@ -2767,12 +2770,41 @@ var config = {
    */
   v5Keys: false,
   /**
-   * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}:
-   * Iteration Count Byte for S2K (String to Key)
+   * S2K (String to Key) type, used for key derivation in the context of secret key encryption
+   * and password-encrypted data. Weaker s2k options are not allowed.
+   * Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it
+   * (pending standardisation).
+   * @memberof module:config
+   * @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k}
+   */
+  s2kType: enums.s2k.iterated,
+  /**
+   * {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}:
+   * Iteration Count Byte for Iterated and Salted S2K (String to Key).
+   * Only relevant if `config.s2kType` is set to `enums.s2k.iterated`.
+   * Note: this is the exponent value, not the final number of iterations (refer to specs for more details).
    * @memberof module:config
    * @property {Integer} s2kIterationCountByte
    */
   s2kIterationCountByte: 224,
+  /**
+   * {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}:
+   * Argon2 parameters for S2K (String to Key).
+   * Only relevant if `config.s2kType` is set to `enums.s2k.argon2`.
+   * Default settings correspond to the second recommendation from RFC9106 ("uniformly safe option"),
+   * to ensure compatibility with memory-constrained environments.
+   * For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.
+   * @memberof module:config
+   * @property {Object} params
+   * @property {Integer} params.passes - number of iterations t
+   * @property {Integer} params.parallelism - degree of parallelism p
+   * @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes.
+   */
+  s2kArgon2Params: {
+    passes: 3,
+    parallelism: 4, // lanes
+    memoryExponent: 16 // 64 MiB of RAM
+  },
   /**
    * Allow decryption of messages without integrity protection.
    * This is an **insecure** setting:
@@ -2792,6 +2824,13 @@ var config = {
    * @property {Boolean} allowUnauthenticatedStream
    */
   allowUnauthenticatedStream: false,
+  /**
+   * Allow decrypting forwarded messages, using keys with 0x40 ('forwarded communication') flag.
+   * Note: this is related to a **non-standard feature**.
+   * @memberof module:config
+   * @property {Boolean} allowForwardedMessages
+   */
+  allowForwardedMessages: false,
   /**
    * @memberof module:config
    * @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum
@@ -2868,6 +2907,14 @@ var config = {
    * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error
    */
   ignoreMalformedPackets: false,
+  /**
+   * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only
+   * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable
+   * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).
+   * @memberof module:config
+   * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]
+   */
+  additionalAllowedPackets: [],
   /**
    * @memberof module:config
    * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages
@@ -2882,7 +2929,7 @@ var config = {
    * @memberof module:config
    * @property {String} versionString A version string to be included in armored messages
    */
-  versionString: 'OpenPGP.js 5.7.0',
+  versionString: 'OpenPGP.js 5.9.0',
   /**
    * @memberof module:config
    * @property {String} commentString A comment string to be included in armored messages
@@ -14372,7 +14419,7 @@ function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {
   return util.concatUint8Array([
     oid.write(),
     new Uint8Array([public_algo]),
-    kdfParams.replacementKDFParams || kdfParams.write(),
+    kdfParams.write(true),
     util.stringToUint8Array('Anonymous Sender    '),
     kdfParams.replacementFingerprint || fingerprint.subarray(0, 20)
   ]);
@@ -15214,32 +15261,28 @@ class ECDHSymmetricKey {
 // OpenPGP.js - An OpenPGP implementation in javascript
+const VERSION_FORWARDING = 0xFF;
 class KDFParams {
   /**
    * @param  {Integer}          version                 Version, defaults to 1
    * @param  {enums.hash}       hash                    Hash algorithm
    * @param  {enums.symmetric}  cipher                  Symmetric algorithm
-   * @param  {enums.kdfFlags}   flags                   (v2 only) flags
-   * @param  {Uint8Array}       replacementFingerprint  (v2 only) fingerprint to use instead of recipient one (v5 keys, the 20 leftmost bytes of the fingerprint)
-   * @param  {Uint8Array}       replacementKDFParams    (v2 only) serialized KDF params to use in KDF digest computation
+   * @param  {Uint8Array}       replacementFingerprint  (forwarding only) fingerprint to use instead of recipient one (v5 keys, the 20 leftmost bytes of the fingerprint)
    */
   constructor(data) {
     if (data) {
-      const { version, hash, cipher, flags, replacementFingerprint, replacementKDFParams } = data;
+      const { version, hash, cipher, replacementFingerprint } = data;
       this.version = version || 1;
       this.hash = hash;
       this.cipher = cipher;
-      this.flags = flags;
       this.replacementFingerprint = replacementFingerprint;
-      this.replacementKDFParams = replacementKDFParams;
     } else {
       this.version = null;
       this.hash = null;
       this.cipher = null;
-      this.flags = null;
       this.replacementFingerprint = null;
-      this.replacementKDFParams = null;
     }
   }
@@ -15249,44 +15292,41 @@ class KDFParams {
    * @returns {Number} Number of read bytes.
    */
   read(input) {
+    const totalBytes = input[0];
     this.version = input[1];
     this.hash = input[2];
     this.cipher = input[3];
     let readBytes = 4;
-    if (this.version === 2) {
-      this.flags = input[readBytes++];
-      if (this.flags & enums.kdfFlags.replace_fingerprint) {
-        this.replacementFingerprint = input.slice(readBytes, readBytes + 20);
-        readBytes += 20;
-      }
-      if (this.flags & enums.kdfFlags.replace_kdf_params) {
-        const fieldLength = input[readBytes] + 1; // account for length
-        this.replacementKDFParams = input.slice(readBytes, readBytes + fieldLength);
-        readBytes += fieldLength;
-      }
+    if (this.version === VERSION_FORWARDING) {
+      const fingerprintLength = totalBytes - readBytes + 1; // acount for length byte
+      this.replacementFingerprint = input.slice(readBytes, readBytes + fingerprintLength);
+      readBytes += fingerprintLength;
     }
     return readBytes;
   }
   /**
    * Write KDFParams to an Uint8Array
+   * @param {Boolean} [forReplacementParams] - forwarding only: whether to serialize data to use for replacement params
    * @returns  {Uint8Array}  Array with the KDFParams value
    */
-  write() {
-    if (!this.version || this.version === 1) {
+  write(forReplacementParams) {
+    if (!this.version || this.version === 1 || forReplacementParams) {
       return new Uint8Array([3, 1, this.hash, this.cipher]);
     }
-    const v2Fields = util.concatUint8Array([
-      new Uint8Array([4, 2, this.hash, this.cipher, this.flags]),
-      this.replacementFingerprint || new Uint8Array(),
-      this.replacementKDFParams || new Uint8Array()
+    const forwardingFields = util.concatUint8Array([
+      new Uint8Array([
+        3 + this.replacementFingerprint.length,
+        this.version,
+        this.hash,
+        this.cipher
+      ]),
+      this.replacementFingerprint
     ]);
-    // update length field
-    v2Fields[0] = v2Fields.length - 1;
-    return new Uint8Array(v2Fields);
+    return forwardingFields;
   }
 }
@@ -15869,6 +15909,339 @@ const mod = {
 Object.assign(mod, crypto$1);
+const ARGON2_TYPE = 0x02; // id
+const ARGON2_VERSION = 0x13;
+const ARGON2_SALT_SIZE = 16;
+class Argon2OutOfMemoryError extends Error {
+  constructor(...params) {
+    super(...params);
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, Argon2OutOfMemoryError);
+    }
+    this.name = 'Argon2OutOfMemoryError';
+  }
+}
+// cache argon wasm module
+let loadArgonWasmModule;
+let argon2Promise;
+// reload wasm module above this treshold, to deallocated used memory
+const ARGON2_WASM_MEMORY_THRESHOLD_RELOAD = 2 << 19;
+class Argon2S2K {
+  /**
+  * @param {Object} [config] - Full configuration, defaults to openpgp.config
+  */
+  constructor(config$1 = config) {
+    const { passes, parallelism, memoryExponent } = config$1.s2kArgon2Params;
+    this.type = 'argon2';
+    /**  @type {Uint8Array} 16 bytes of salt */
+    this.salt = null;
+    /** @type {Integer} number of passes */
+    this.t = passes;
+    /** @type {Integer} degree of parallelism (lanes) */
+    this.p = parallelism;
+    /** @type {Integer} exponent indicating memory size */
+    this.encodedM = memoryExponent;
+  }
+  generateSalt() {
+    this.salt = mod.random.getRandomBytes(ARGON2_SALT_SIZE);
+  }
+  /**
+  * Parsing function for argon2 string-to-key specifier.
+  * @param {Uint8Array} bytes - Payload of argon2 string-to-key specifier
+  * @returns {Integer} Actual length of the object.
+  */
+  read(bytes) {
+    let i = 0;
+    this.salt = bytes.subarray(i, i + 16);
+    i += 16;
+    this.t = bytes[i++];
+    this.p = bytes[i++];
+    this.encodedM = bytes[i++]; // memory size exponent, one-octect
+    return i;
+  }
+  /**
+  * Serializes s2k information
+  * @returns {Uint8Array} Binary representation of s2k.
+  */
+  write() {
+    const arr = [
+      new Uint8Array([enums.write(enums.s2k, this.type)]),
+      this.salt,
+      new Uint8Array([this.t, this.p, this.encodedM])
+    ];
+    return util.concatUint8Array(arr);
+  }
+  /**
+  * Produces a key using the specified passphrase and the defined
+  * hashAlgorithm
+  * @param {String} passphrase - Passphrase containing user input
+  * @returns {Promise<Uint8Array>} Produced key with a length corresponding to `keySize`
+  * @throws {Argon2OutOfMemoryError|Errors}
+  * @async
+  */
+  async produceKey(passphrase, keySize) {
+    const decodedM = 2 << (this.encodedM - 1);
+    try {
+      if (!argon2Promise) { // first load
+        loadArgonWasmModule = loadArgonWasmModule || (await Promise.resolve().then(function () { return index; })).default;
+        argon2Promise = loadArgonWasmModule();
+      }
+      // important to keep local ref to argon2 in case the module is reloaded by another instance
+      const argon2 = await argon2Promise;
+      const passwordBytes = util.encodeUTF8(passphrase);
+      const hash = argon2({
+        version: ARGON2_VERSION,
+        type: ARGON2_TYPE,
+        password: passwordBytes,
+        salt: this.salt,
+        tagLength: keySize,
+        memorySize: decodedM,
+        parallelism: this.p,
+        passes: this.t
+      });
+      // a lot of memory was used, reload to deallocate
+      if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {
+        // it will be awaited if needed at the next `produceKey` invocation
+        argon2Promise = loadArgonWasmModule();
+      }
+      return hash;
+    } catch (e) {
+      if (e.message && (
+        e.message.includes('Unable to grow instance memory') || // Chrome
+        e.message.includes('failed to grow memory') || // Firefox
+        e.message.includes('WebAssembly.Memory.grow') || // Safari
+        e.message.includes('Out of memory') // Safari iOS
+      )) {
+        throw new Argon2OutOfMemoryError('Could not allocate required memory for Argon2');
+      } else {
+        throw e;
+      }
+    }
+  }
+}
+// GPG4Browsers - An OpenPGP implementation in javascript
+class GenericS2K {
+  /**
+   * @param {Object} [config] - Full configuration, defaults to openpgp.config
+   */
+  constructor(s2kType, config$1 = config) {
+    /**
+     * Hash function identifier, or 0 for gnu-dummy keys
+     * @type {module:enums.hash | 0}
+     */
+    this.algorithm = enums.hash.sha256;
+    /**
+     * enums.s2k identifier or 'gnu-dummy'
+     * @type {String}
+     */
+    this.type = enums.read(enums.s2k, s2kType);
+    /** @type {Integer} */
+    this.c = config$1.s2kIterationCountByte;
+    /** Eight bytes of salt in a binary string.
+     * @type {Uint8Array}
+     */
+    this.salt = null;
+  }
+  generateSalt() {
+    switch (this.type) {
+      case 'salted':
+      case 'iterated':
+        this.salt = mod.random.getRandomBytes(8);
+    }
+  }
+  getCount() {
+    // Exponent bias, defined in RFC4880
+    const expbias = 6;
+    return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);
+  }
+  /**
+   * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).
+   * @param {Uint8Array} bytes - Payload of string-to-key specifier
+   * @returns {Integer} Actual length of the object.
+   */
+  read(bytes) {
+    let i = 0;
+    this.algorithm = bytes[i++];
+    switch (this.type) {
+      case 'simple':
+        break;
+      case 'salted':
+        this.salt = bytes.subarray(i, i + 8);
+        i += 8;
+        break;
+      case 'iterated':
+        this.salt = bytes.subarray(i, i + 8);
+        i += 8;
+        // Octet 10: count, a one-octet, coded value
+        this.c = bytes[i++];
+        break;
+      case 'gnu':
+        if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {
+          i += 3; // GNU
+          const gnuExtType = 1000 + bytes[i++];
+          if (gnuExtType === 1001) {
+            this.type = 'gnu-dummy';
+            // GnuPG extension mode 1001 -- don't write secret key at all
+          } else {
+            throw new Error('Unknown s2k gnu protection mode.');
+          }
+        } else {
+          throw new Error('Unknown s2k type.');
+        }
+        break;
+      default:
+        throw new Error('Unknown s2k type.');
+    }
+    return i;
+  }
+  /**
+   * Serializes s2k information
+   * @returns {Uint8Array} Binary representation of s2k.
+   */
+  write() {
+    if (this.type === 'gnu-dummy') {
+      return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);
+    }
+    const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];
+    switch (this.type) {
+      case 'simple':
+        break;
+      case 'salted':
+        arr.push(this.salt);
+        break;
+      case 'iterated':
+        arr.push(this.salt);
+        arr.push(new Uint8Array([this.c]));
+        break;
+      case 'gnu':
+        throw new Error('GNU s2k type not supported.');
+      default:
+        throw new Error('Unknown s2k type.');
+    }
+    return util.concatUint8Array(arr);
+  }
+  /**
+   * Produces a key using the specified passphrase and the defined
+   * hashAlgorithm
+   * @param {String} passphrase - Passphrase containing user input
+   * @returns {Promise<Uint8Array>} Produced key with a length corresponding to.
+   * hashAlgorithm hash length
+   * @async
+   */
+  async produceKey(passphrase, numBytes) {
+    passphrase = util.encodeUTF8(passphrase);
+    const arr = [];
+    let rlength = 0;
+    let prefixlen = 0;
+    while (rlength < numBytes) {
+      let toHash;
+      switch (this.type) {
+        case 'simple':
+          toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);
+          break;
+        case 'salted':
+          toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);
+          break;
+        case 'iterated': {
+          const data = util.concatUint8Array([this.salt, passphrase]);
+          let datalen = data.length;
+          const count = Math.max(this.getCount(), datalen);
+          toHash = new Uint8Array(prefixlen + count);
+          toHash.set(data, prefixlen);
+          for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {
+            toHash.copyWithin(pos, prefixlen, pos);
+          }
+          break;
+        }
+        case 'gnu':
+          throw new Error('GNU s2k type not supported.');
+        default:
+          throw new Error('Unknown s2k type.');
+      }
+      const result = await mod.hash.digest(this.algorithm, toHash);
+      arr.push(result);
+      rlength += result.length;
+      prefixlen++;
+    }
+    return util.concatUint8Array(arr).subarray(0, numBytes);
+  }
+}
+const allowedS2KTypesForEncryption = new Set([enums.s2k.argon2, enums.s2k.iterated]);
+/**
+ * Instantiate a new S2K instance of the given type
+ * @param {module:enums.s2k} type
+ * @oaram {Object} [config]
+ * @returns {Object} New s2k object
+ * @throws {Error} for unknown or unsupported types
+ */
+function newS2KFromType(type, config$1 = config) {
+  switch (type) {
+    case enums.s2k.argon2:
+      return new Argon2S2K(config$1);
+    case enums.s2k.iterated:
+    case enums.s2k.gnu:
+    case enums.s2k.salted:
+    case enums.s2k.simple:
+      return new GenericS2K(type, config$1);
+    default:
+      throw new Error(`Unsupported S2K type ${type}`);
+  }
+}
+/**
+ * Instantiate a new S2K instance based on the config settings
+ * @oaram {Object} config
+ * @returns {Object} New s2k object
+ * @throws {Error} for unknown or unsupported types
+ */
+function newS2KFromConfig(config) {
+  const { s2kType } = config;
+  if (!allowedS2KTypesForEncryption.has(s2kType)) {
+    throw new Error('The provided `config.s2kType` value is not allowed');
+  }
+  return newS2KFromType(s2kType, config);
+}
 var TYPED_OK = typeof Uint8Array !== "undefined" &&
   typeof Uint16Array !== "undefined" &&
   typeof Int32Array !== "undefined";
@@ -23923,6 +24296,9 @@ class PacketList extends Array {
    * @async
    */
   async read(bytes, allowedPackets, config$1 = config) {
+    if (config$1.additionalAllowedPackets.length) {
+      allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config$1.additionalAllowedPackets) };
+    }
     this.stream = transformPair(bytes, async (readable, writable) => {
       const writer = getWriter(writable);
       try {
@@ -24690,166 +25066,6 @@ class PublicKeyEncryptedSessionKeyPacket {
 // GPG4Browsers - An OpenPGP implementation in javascript
-class S2K {
-  /**
-   * @param {Object} [config] - Full configuration, defaults to openpgp.config
-   */
-  constructor(config$1 = config) {
-    /**
-     * Hash function identifier, or 0 for gnu-dummy keys
-     * @type {module:enums.hash | 0}
-     */
-    this.algorithm = enums.hash.sha256;
-    /**
-     * enums.s2k identifier or 'gnu-dummy'
-     * @type {String}
-     */
-    this.type = 'iterated';
-    /** @type {Integer} */
-    this.c = config$1.s2kIterationCountByte;
-    /** Eight bytes of salt in a binary string.
-     * @type {Uint8Array}
-     */
-    this.salt = null;
-  }
-  getCount() {
-    // Exponent bias, defined in RFC4880
-    const expbias = 6;
-    return (16 + (this.c & 15)) << ((this.c >> 4) + expbias);
-  }
-  /**
-   * Parsing function for a string-to-key specifier ({@link https://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}).
-   * @param {Uint8Array} bytes - Payload of string-to-key specifier
-   * @returns {Integer} Actual length of the object.
-   */
-  read(bytes) {
-    let i = 0;
-    this.type = enums.read(enums.s2k, bytes[i++]);
-    this.algorithm = bytes[i++];
-    switch (this.type) {
-      case 'simple':
-        break;
-      case 'salted':
-        this.salt = bytes.subarray(i, i + 8);
-        i += 8;
-        break;
-      case 'iterated':
-        this.salt = bytes.subarray(i, i + 8);
-        i += 8;
-        // Octet 10: count, a one-octet, coded value
-        this.c = bytes[i++];
-        break;
-      case 'gnu':
-        if (util.uint8ArrayToString(bytes.subarray(i, i + 3)) === 'GNU') {
-          i += 3; // GNU
-          const gnuExtType = 1000 + bytes[i++];
-          if (gnuExtType === 1001) {
-            this.type = 'gnu-dummy';
-            // GnuPG extension mode 1001 -- don't write secret key at all
-          } else {
-            throw new Error('Unknown s2k gnu protection mode.');
-          }
-        } else {
-          throw new Error('Unknown s2k type.');
-        }
-        break;
-      default:
-        throw new Error('Unknown s2k type.');
-    }
-    return i;
-  }
-  /**
-   * Serializes s2k information
-   * @returns {Uint8Array} Binary representation of s2k.
-   */
-  write() {
-    if (this.type === 'gnu-dummy') {
-      return new Uint8Array([101, 0, ...util.stringToUint8Array('GNU'), 1]);
-    }
-    const arr = [new Uint8Array([enums.write(enums.s2k, this.type), this.algorithm])];
-    switch (this.type) {
-      case 'simple':
-        break;
-      case 'salted':
-        arr.push(this.salt);
-        break;
-      case 'iterated':
-        arr.push(this.salt);
-        arr.push(new Uint8Array([this.c]));
-        break;
-      case 'gnu':
-        throw new Error('GNU s2k type not supported.');
-      default:
-        throw new Error('Unknown s2k type.');
-    }
-    return util.concatUint8Array(arr);
-  }
-  /**
-   * Produces a key using the specified passphrase and the defined
-   * hashAlgorithm
-   * @param {String} passphrase - Passphrase containing user input
-   * @returns {Promise<Uint8Array>} Produced key with a length corresponding to.
-   * hashAlgorithm hash length
-   * @async
-   */
-  async produceKey(passphrase, numBytes) {
-    passphrase = util.encodeUTF8(passphrase);
-    const arr = [];
-    let rlength = 0;
-    let prefixlen = 0;
-    while (rlength < numBytes) {
-      let toHash;
-      switch (this.type) {
-        case 'simple':
-          toHash = util.concatUint8Array([new Uint8Array(prefixlen), passphrase]);
-          break;
-        case 'salted':
-          toHash = util.concatUint8Array([new Uint8Array(prefixlen), this.salt, passphrase]);
-          break;
-        case 'iterated': {
-          const data = util.concatUint8Array([this.salt, passphrase]);
-          let datalen = data.length;
-          const count = Math.max(this.getCount(), datalen);
-          toHash = new Uint8Array(prefixlen + count);
-          toHash.set(data, prefixlen);
-          for (let pos = prefixlen + datalen; pos < count; pos += datalen, datalen *= 2) {
-            toHash.copyWithin(pos, prefixlen, pos);
-          }
-          break;
-        }
-        case 'gnu':
-          throw new Error('GNU s2k type not supported.');
-        default:
-          throw new Error('Unknown s2k type.');
-      }
-      const result = await mod.hash.digest(this.algorithm, toHash);
-      arr.push(result);
-      rlength += result.length;
-      prefixlen++;
-    }
-    return util.concatUint8Array(arr).subarray(0, numBytes);
-  }
-}
-// GPG4Browsers - An OpenPGP implementation in javascript
 /**
  * Symmetric-Key Encrypted Session Key Packets (Tag 3)
  *
@@ -24917,7 +25133,8 @@ class SymEncryptedSessionKeyPacket {
     }
     // A string-to-key (S2K) specifier, length as defined above.
-    this.s2k = new S2K();
+    const s2kType = bytes[offset++];
+    this.s2k = newS2KFromType(s2kType);
     offset += this.s2k.read(bytes.subarray(offset, bytes.length));
     if (this.version === 5) {
@@ -25006,8 +25223,8 @@ class SymEncryptedSessionKeyPacket {
     this.sessionKeyEncryptionAlgorithm = algo;
-    this.s2k = new S2K(config$1);
-    this.s2k.salt = mod.random.getRandomBytes(8);
+    this.s2k = newS2KFromConfig(config$1);
+    this.s2k.generateSalt();
     const { blockSize, keySize } = mod.getCipher(algo);
     const encryptionKey = await this.s2k.produceKey(passphrase, keySize);
@@ -25633,7 +25850,8 @@ class SecretKeyPacket extends PublicKeyPacket {
       // - [Optional] If string-to-key usage octet was 255, 254, or 253, a
       //   string-to-key specifier.  The length of the string-to-key
       //   specifier is implied by its type, as described above.
-      this.s2k = new S2K();
+      const s2kType = bytes[i++];
+      this.s2k = newS2KFromType(s2kType);
       i += this.s2k.read(bytes.subarray(i, bytes.length));
       if (this.s2k.type === 'gnu-dummy') {
@@ -25771,7 +25989,7 @@ class SecretKeyPacket extends PublicKeyPacket {
     }
     this.isEncrypted = null;
     this.keyMaterial = null;
-    this.s2k = new S2K(config$1);
+    this.s2k = newS2KFromType(enums.s2k.gnu, config$1);
     this.s2k.algorithm = 0;
     this.s2k.c = 0;
     this.s2k.type = 'gnu-dummy';
@@ -25802,8 +26020,8 @@ class SecretKeyPacket extends PublicKeyPacket {
       throw new Error('A non-empty passphrase is required for key encryption.');
     }
-    this.s2k = new S2K(config$1);
-    this.s2k.salt = mod.random.getRandomBytes(8);
+    this.s2k = newS2KFromConfig(config$1);
+    this.s2k.generateSalt();
     const cleartext = mod.serializeParams(this.algorithm, this.privateParams);
     this.symmetric = enums.symmetric.aes256;
     const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);
@@ -27634,7 +27852,8 @@ function isValidDecryptionKeyPacket(signature, config) {
   return !signature.keyFlags ||
     (signature.keyFlags[0] & enums.keyFlags.encryptCommunication) !== 0 ||
-    (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0;
+    (signature.keyFlags[0] & enums.keyFlags.encryptStorage) !== 0 ||
+    (config.allowForwardedMessages && (signature.keyFlags[0] & enums.keyFlags.forwardedCommunication) !== 0);
 }
 /**
@@ -28582,7 +28801,7 @@ class Key {
       throw exception || new Error('Could not find primary user');
     }
     await Promise.all(users.map(async function (a) {
-      return a.user.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1);
+      return a.selfCertification.revoked || a.user.isRevoked(a.selfCertification, null, date, config$1);
     }));
     // sort by primary user flag and signature creation time
     const primaryUser = users.sort(function(a, b) {
@@ -28805,7 +29024,8 @@ class Key {
       results.push(...signatures.map(
         signature => ({
-          userID: user.userID.userID,
+          userID: user.userID ? user.userID.userID : null,
+          userAttribute: user.userAttribute,
           keyID: signature.keyID,
           valid: signature.valid
         }))
@@ -29681,6 +29901,9 @@ class Message {
             decryptedSessionKeyPackets.push(skeskPacket);
           } catch (err) {
             util.printDebugError(err);
+            if (err instanceof Argon2OutOfMemoryError) {
+              exception = err;
+            }
           }
         }));
       }));
@@ -43828,4 +44051,710 @@ var elliptic$1 = /*#__PURE__*/Object.freeze({
   __moduleExports: elliptic_1
 });
-export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, armor, config, createCleartextMessage, createMessage, decrypt$4 as decrypt, decryptKey, decryptSessionKeys, encrypt$4 as encrypt, encryptKey, encryptSessionKey, enums, generateKey, generateSessionKey$1 as generateSessionKey, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign$5 as sign, unarmor, verify$5 as verify };
+// Adapted from the reference implementation in RFC7693
+// Initial port to Javascript by https://github.com/dcposch and https://github.com/emilbayes
+// Uint64 values are represented using two Uint32s, stored as little endian
+// NB: Uint32Arrays endianness depends on the underlying system, so for interoperability, conversions between Uint8Array and Uint32Arrays
+// need to be manually handled
+// 64-bit unsigned addition (little endian, in place)
+// Sets a[i,i+1] += b[j,j+1]
+// `a` and `b` must be Uint32Array(2)
+function ADD64 (a, i, b, j) {
+  a[i] += b[j];
+  a[i+1] += b[j+1] + (a[i] < b[j]); // add carry
+}
+// Increment 64-bit little-endian unsigned value by `c` (in place)
+// `a` must be Uint32Array(2)
+function INC64 (a, c) {
+  a[0] += c;
+  a[1] += (a[0] < c);
+}
+// G Mixing function
+// The ROTRs are inlined for speed
+function G (v, m, a, b, c, d, ix, iy) {
+  ADD64(v, a, v, b); // v[a,a+1] += v[b,b+1]
+  ADD64(v, a, m, ix); // v[a, a+1] += x ... x0
+  // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated to the right by 32 bits
+  let xor0 = v[d] ^ v[a];
+  let xor1 = v[d + 1] ^ v[a + 1];
+  v[d] = xor1;
+  v[d + 1] = xor0;
+  ADD64(v, c, v, d);
+  // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 24 bits
+  xor0 = v[b] ^ v[c];
+  xor1 = v[b + 1] ^ v[c + 1];
+  v[b] = (xor0 >>> 24) ^ (xor1 << 8);
+  v[b + 1] = (xor1 >>> 24) ^ (xor0 << 8);
+  ADD64(v, a, v, b);
+  ADD64(v, a, m, iy);
+  // v[d,d+1] = (v[d,d+1] xor v[a,a+1]) rotated right by 16 bits
+  xor0 = v[d] ^ v[a];
+  xor1 = v[d + 1] ^ v[a + 1];
+  v[d] = (xor0 >>> 16) ^ (xor1 << 16);
+  v[d + 1] = (xor1 >>> 16) ^ (xor0 << 16);
+  ADD64(v, c, v, d);
+  // v[b,b+1] = (v[b,b+1] xor v[c,c+1]) rotated right by 63 bits
+  xor0 = v[b] ^ v[c];
+  xor1 = v[b + 1] ^ v[c + 1];
+  v[b] = (xor1 >>> 31) ^ (xor0 << 1);
+  v[b + 1] = (xor0 >>> 31) ^ (xor1 << 1);
+}
+// Initialization Vector
+const BLAKE2B_IV32 = new Uint32Array([
+  0xF3BCC908, 0x6A09E667, 0x84CAA73B, 0xBB67AE85,
+  0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A,
+  0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C,
+  0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19
+]);
+// These are offsets into a Uint64 buffer.
+// Multiply them all by 2 to make them offsets into a Uint32 buffer
+const SIGMA = new Uint8Array([
+  0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+  14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
+  11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
+  7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
+  9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
+  2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
+  12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,
+  13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,
+  6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,
+  10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,
+  0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+  14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3
+].map(x => x * 2));
+// Compression function. 'last' flag indicates last block.
+// Note: we're representing 16 uint64s as 32 uint32s
+function compress(S, last) {
+  const v = new Uint32Array(32);
+  const m = new Uint32Array(S.b.buffer, S.b.byteOffset, 32);
+  // init work variables
+  for (let i = 0; i < 16; i++) {
+    v[i] = S.h[i];
+    v[i + 16] = BLAKE2B_IV32[i];
+  }
+  // low 64 bits of offset
+  v[24] ^= S.t0[0];
+  v[25] ^= S.t0[1];
+  // high 64 bits not supported (`t1`), offset may not be higher than 2**53-1
+  // if last block
+  const f0 = last ? 0xFFFFFFFF : 0;
+  v[28] ^= f0;
+  v[29] ^= f0;
+  // twelve rounds of mixing
+  for (let i = 0; i < 12; i++) {
+    // ROUND(r)
+    const i16 = i << 4;
+    G(v, m, 0, 8, 16, 24,  SIGMA[i16 + 0], SIGMA[i16 + 1]);
+    G(v, m, 2, 10, 18, 26, SIGMA[i16 + 2], SIGMA[i16 + 3]);
+    G(v, m, 4, 12, 20, 28, SIGMA[i16 + 4], SIGMA[i16 + 5]);
+    G(v, m, 6, 14, 22, 30, SIGMA[i16 + 6], SIGMA[i16 + 7]);
+    G(v, m, 0, 10, 20, 30, SIGMA[i16 + 8], SIGMA[i16 + 9]);
+    G(v, m, 2, 12, 22, 24, SIGMA[i16 + 10], SIGMA[i16 + 11]);
+    G(v, m, 4, 14, 16, 26, SIGMA[i16 + 12], SIGMA[i16 + 13]);
+    G(v, m, 6, 8, 18, 28,  SIGMA[i16 + 14], SIGMA[i16 + 15]);
+  }
+  for (let i = 0; i < 16; i++) {
+    S.h[i] ^= v[i] ^ v[i + 16];
+  }
+}
+// Creates a BLAKE2b hashing context
+// Requires an output length between 1 and 64 bytes
+// Takes an optional Uint8Array key
+class Blake2b {
+  constructor(outlen, key, salt, personal) {
+    const params = new Uint8Array(64);
+    //  0: outlen, keylen, fanout, depth
+    //  4: leaf length, sequential mode
+    //  8: node offset
+    // 12: node offset
+    // 16: node depth, inner length, rfu
+    // 20: rfu
+    // 24: rfu
+    // 28: rfu
+    // 32: salt
+    // 36: salt
+    // 40: salt
+    // 44: salt
+    // 48: personal
+    // 52: personal
+    // 56: personal
+    // 60: personal
+    // init internal state
+    this.S = {
+      b: new Uint8Array(BLOCKBYTES),
+      h: new Uint32Array(OUTBYTES_MAX / 4),
+      t0: new Uint32Array(2), // input counter `t`, lower 64-bits only
+      c: 0, // `fill`, pointer within buffer, up to `BLOCKBYTES`
+      outlen // output length in bytes
+    };
+    // init parameter block
+    params[0] = outlen;
+    if (key) params[1] = key.length;
+    params[2] = 1; // fanout
+    params[3] = 1; // depth
+    if (salt) params.set(salt, 32);
+    if (personal) params.set(personal, 48);
+    const params32 = new Uint32Array(params.buffer, params.byteOffset, params.length / Uint32Array.BYTES_PER_ELEMENT);
+    // initialize hash state
+    for (let i = 0; i < 16; i++) {
+      this.S.h[i] = BLAKE2B_IV32[i] ^ params32[i];
+    }
+    // key the hash, if applicable
+    if (key) {
+      const block = new Uint8Array(BLOCKBYTES);
+      block.set(key);
+      this.update(block);
+    }
+  }
+  // Updates a BLAKE2b streaming hash
+  // Requires Uint8Array (byte array)
+  update(input) {
+    if (!(input instanceof Uint8Array)) throw new Error('Input must be Uint8Array or Buffer')
+    // for (let i = 0; i < input.length; i++) {
+    //   if (this.S.c === BLOCKBYTES) { // buffer full
+    //     INC64(this.S.t0, this.S.c) // add counters
+    //     compress(this.S, false)
+    //     this.S.c = 0 // empty buffer
+    //   }
+    //   this.S.b[this.S.c++] = input[i]
+    // }
+    let i = 0;
+    while(i < input.length) {
+      if (this.S.c === BLOCKBYTES) { // buffer full
+        INC64(this.S.t0, this.S.c); // add counters
+        compress(this.S, false);
+        this.S.c = 0; // empty buffer
+      }
+      let left = BLOCKBYTES - this.S.c;
+      this.S.b.set(input.subarray(i, i + left), this.S.c); // end index can be out of bounds
+      const fill = Math.min(left, input.length - i);
+      this.S.c += fill;
+      i += fill;
+    }
+    return this
+  }
+  /**
+   * Return a BLAKE2b hash, either filling the given Uint8Array or allocating a new one
+   * @param {Uint8Array} [prealloc] - optional preallocated buffer
+   * @returns {ArrayBuffer} message digest
+   */
+  digest(prealloc) {
+    INC64(this.S.t0, this.S.c); // mark last block offset
+    // final block, padded
+    this.S.b.fill(0, this.S.c);
+    this.S.c = BLOCKBYTES;
+    compress(this.S, true);
+    const out = prealloc || new Uint8Array(this.S.outlen);
+    for (let i = 0; i < this.S.outlen; i++) {
+      // must be loaded individually since default Uint32 endianness is platform dependant
+      out[i] = this.S.h[i >> 2] >> (8 * (i & 3));
+    }
+    this.S.h = null; // prevent calling `update` after `digest`
+    return out.buffer;
+  }
+}
+function createHash(outlen, key, salt, personal) {
+  if (outlen > OUTBYTES_MAX) throw new Error(`outlen must be at most ${OUTBYTES_MAX} (given: ${outlen})`)
+  if (key) {
+    if (!(key instanceof Uint8Array)) throw new Error('key must be Uint8Array or Buffer')
+    if (key.length > KEYBYTES_MAX) throw new Error(`key size must be at most ${KEYBYTES_MAX} (given: ${key.length})`)
+  }
+  if (salt) {
+    if (!(salt instanceof Uint8Array)) throw new Error('salt must be Uint8Array or Buffer')
+    if (salt.length !== SALTBYTES) throw new Error(`salt must be exactly ${SALTBYTES} (given: ${salt.length}`)
+  }
+  if (personal) {
+    if (!(personal instanceof Uint8Array)) throw new Error('personal must be Uint8Array or Buffer')
+    if (personal.length !== PERSONALBYTES) throw new Error(`salt must be exactly ${PERSONALBYTES} (given: ${personal.length}`)
+  }
+  return new Blake2b(outlen, key, salt, personal)
+}
+const OUTBYTES_MAX = 64;
+const KEYBYTES_MAX = 64;
+const SALTBYTES = 16;
+const PERSONALBYTES = 16;
+const BLOCKBYTES = 128;
+const TYPE$2 = 2;  // Argon2id
+const VERSION$4 = 0x13;
+const TAGBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;
+const TAGBYTES_MIN = 4; // Math.pow(2, 32) - 1;
+const SALTBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1;
+const SALTBYTES_MIN = 8;
+const passwordBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;
+const passwordBYTES_MIN = 8;
+const MEMBYTES_MAX = 0xFFFFFFFF;// Math.pow(2, 32) - 1;
+const ADBYTES_MAX = 0xFFFFFFFF; // Math.pow(2, 32) - 1; // associated data (optional)
+const SECRETBYTES_MAX = 32; // key (optional)
+const ARGON2_BLOCK_SIZE = 1024;
+const ARGON2_PREHASH_DIGEST_LENGTH = 64;
+const isLittleEndian$1 = new Uint8Array(new Uint16Array([0xabcd]).buffer)[0] === 0xcd;
+// store n as a little-endian 32-bit Uint8Array inside buf (at buf[i:i+3])
+function LE32(buf, n, i) {
+  buf[i+0] = n;
+  buf[i+1] = n >>  8;
+  buf[i+2] = n >> 16;
+  buf[i+3] = n >> 24;
+  return buf;
+}
+/**
+ * Store n as a 64-bit LE number in the given buffer (from buf[i] to buf[i+7])
+ * @param {Uint8Array} buf
+ * @param {Number} n
+ * @param {Number} i
+ */
+function LE64(buf, n, i) {
+  if (n > Number.MAX_SAFE_INTEGER) throw new Error("LE64: large numbers unsupported");
+  // ECMAScript standard has engines convert numbers to 32-bit integers for bitwise operations
+  // shifting by 32 or more bits is not supported (https://stackoverflow.com/questions/6729122/javascript-bit-shift-number-wraps)
+  // so we manually extract each byte
+  let remainder = n;
+  for (let offset = i; offset < i+7; offset++) { // last byte can be ignored as it would overflow MAX_SAFE_INTEGER
+    buf[offset] = remainder; // implicit & 0xff
+    remainder = (remainder - buf[offset]) / 256;
+  }
+  return buf;
+}
+/**
+ * Variable-Length Hash Function H'
+ * @param {Number} outlen - T
+ * @param {Uint8Array} X - value to hash
+ * @param {Uint8Array} res - output buffer, of length `outlength` or larger
+ */
+function H_(outlen, X, res) {
+  const V = new Uint8Array(64); // no need to keep around all V_i
+  const V1_in = new Uint8Array(4 + X.length);
+  LE32(V1_in, outlen, 0);
+  V1_in.set(X, 4);
+  if (outlen <= 64) {
+    // H'^T(A) = H^T(LE32(T)||A)
+    createHash(outlen).update(V1_in).digest(res);
+    return res
+  }
+  const r = Math.ceil(outlen / 32) - 2;
+  // Let V_i be a 64-byte block and W_i be its first 32 bytes.
+  // V_1 = H^(64)(LE32(T)||A)
+  // V_2 = H^(64)(V_1)
+  // ...
+  // V_r = H^(64)(V_{r-1})
+  // V_{r+1} = H^(T-32*r)(V_{r})
+  // H'^T(X) = W_1 || W_2 || ... || W_r || V_{r+1}
+  for (let i = 0; i < r; i++) {
+    createHash(64).update(i === 0 ? V1_in : V).digest(V);
+    // store W_i in result buffer already
+    res.set(V.subarray(0, 32), i*32);
+  }
+  // V_{r+1}
+  const V_r1 = new Uint8Array(createHash(outlen - 32*r).update(V).digest());
+  res.set(V_r1, r*32);
+  return res;
+}
+// compute buf = xs ^ ys
+function XOR(wasmContext, buf, xs, ys) {
+  wasmContext.fn.XOR(
+    buf.byteOffset,
+    xs.byteOffset,
+    ys.byteOffset,
+  );
+  return buf
+}
+/**
+ * @param {Uint8Array} X (read-only)
+ * @param {Uint8Array} Y (read-only)
+ * @param {Uint8Array} R - output buffer
+ * @returns
+ */
+function G$1(wasmContext, X, Y, R) {
+  wasmContext.fn.G(
+    X.byteOffset,
+    Y.byteOffset,
+    R.byteOffset,
+    wasmContext.refs.gZ.byteOffset
+  );
+  return R;
+}
+function G2(wasmContext, X, Y, R) {
+  wasmContext.fn.G2(
+    X.byteOffset,
+    Y.byteOffset,
+    R.byteOffset,
+    wasmContext.refs.gZ.byteOffset
+  );
+  return R;
+}
+// Generator for data-independent J1, J2. Each `next()` invocation returns a new pair of values.
+function* makePRNG(wasmContext, pass, lane, slice, m_, totalPasses, segmentLength, segmentOffset) {
+  // For each segment, we do the following. First, we compute the value Z as:
+  // Z= ( LE64(r) || LE64(l) || LE64(sl) || LE64(m') || LE64(t) || LE64(y) )
+  wasmContext.refs.prngTmp.fill(0);
+  const Z = wasmContext.refs.prngTmp.subarray(0, 6 * 8);
+  LE64(Z, pass, 0);
+  LE64(Z, lane, 8);
+  LE64(Z, slice, 16);
+  LE64(Z, m_, 24);
+  LE64(Z, totalPasses, 32);
+  LE64(Z, TYPE$2, 40);
+  // Then we compute q/(128*SL) 1024-byte values
+  // G( ZERO(1024),
+  //    G( ZERO(1024), Z || LE64(1) || ZERO(968) ) ),
+  // ...,
+  // G( ZERO(1024),
+  //    G( ZERO(1024), Z || LE64(q/(128*SL)) || ZERO(968) )),
+  for(let i = 1; i <= segmentLength; i++) {
+    // tmp.set(Z); // no need to re-copy
+    LE64(wasmContext.refs.prngTmp, i, Z.length); // tmp.set(ZER0968) not necessary, memory already zeroed
+    const g2 = G2(wasmContext, wasmContext.refs.ZERO1024, wasmContext.refs.prngTmp, wasmContext.refs.prngR );
+    // each invocation of G^2 outputs 1024 bytes that are to be partitioned into 8-bytes values, take as X1 || X2
+    // NB: the first generated pair must be used for the first block of the segment, and so on.
+    // Hence, if some blocks are skipped (e.g. during the first pass), the corresponding J1J2 are discarded based on the given segmentOffset.
+    for(let k = i === 1 ? segmentOffset*8 : 0; k < g2.length; k += 8) {
+       yield g2.subarray(k, k+8);
+    }
+  }
+  return [];
+}
+function validateParams$7({ type, version, tagLength, password, salt, ad, secret, parallelism, memorySize, passes }) {
+  const assertLength = (name, value, min, max) => {
+    if (value < min || value > max) { throw new Error(`${name} size should be between ${min} and ${max} bytes`); }
+  };
+  if (type !== TYPE$2 || version !== VERSION$4) throw new Error('Unsupported type or version');
+  assertLength('password', password, passwordBYTES_MIN, passwordBYTES_MAX);
+  assertLength('salt', salt, SALTBYTES_MIN, SALTBYTES_MAX);
+  assertLength('tag', tagLength, TAGBYTES_MIN, TAGBYTES_MAX);
+  assertLength('memory', memorySize, 8*parallelism, MEMBYTES_MAX);
+  // optional fields
+  ad && assertLength('associated data', ad, 0, ADBYTES_MAX);
+  secret && assertLength('secret', secret, 0, SECRETBYTES_MAX);
+  return { type, version, tagLength, password, salt, ad, secret, lanes: parallelism, memorySize, passes };
+}
+const KB = 1024;
+const WASM_PAGE_SIZE = 64 * KB;
+function argon2id(params, { memory, instance: wasmInstance }) {
+  if (!isLittleEndian$1) throw new Error('BigEndian system not supported'); // optmisations assume LE system
+  const ctx = validateParams$7({ type: TYPE$2, version: VERSION$4, ...params });
+  const { G:wasmG, G2:wasmG2, xor:wasmXOR, getLZ:wasmLZ } = wasmInstance.exports;
+  const wasmRefs = {};
+  const wasmFn = {};
+  wasmFn.G = wasmG;
+  wasmFn.G2 = wasmG2;
+  wasmFn.XOR = wasmXOR;
+  // The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p.
+  const m_ = 4 * ctx.lanes * Math.floor(ctx.memorySize / (4 * ctx.lanes));
+  const requiredMemory = m_ * ARGON2_BLOCK_SIZE + 10 * KB; // Additional KBs for utility references
+  if (memory.buffer.byteLength < requiredMemory) {
+    const missing = Math.ceil((requiredMemory - memory.buffer.byteLength) / WASM_PAGE_SIZE);
+    // If enough memory is available, the `memory.buffer` is internally detached and the reference updated.
+    // Otherwise, the operation fails, and the original memory can still be used.
+    memory.grow(missing);
+  }
+  let offset = 0;
+  // Init wasm memory needed in other functions
+  wasmRefs.gZ = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+= wasmRefs.gZ.length;
+  wasmRefs.prngR = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngR.length;
+  wasmRefs.prngTmp = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=wasmRefs.prngTmp.length;
+  wasmRefs.ZERO1024 = new Uint8Array(memory.buffer, offset, 1024); offset+=wasmRefs.ZERO1024.length;
+  // Init wasm memory needed locally
+  const lz = new Uint32Array(memory.buffer, offset, 2); offset+=lz.length * Uint32Array.BYTES_PER_ELEMENT;
+  const wasmContext = { fn: wasmFn, refs: wasmRefs };
+  const newBlock = new Uint8Array(memory.buffer, offset, ARGON2_BLOCK_SIZE); offset+=newBlock.length;
+  const blockMemory = new Uint8Array(memory.buffer, offset, ctx.memorySize * ARGON2_BLOCK_SIZE);
+  const allocatedMemory = new Uint8Array(memory.buffer, 0, offset);
+  // 1. Establish H_0
+  const H0 = getH0(ctx);
+  // 2. Allocate the memory as m' 1024-byte blocks
+  // For p lanes, the memory is organized in a matrix B[i][j] of blocks with p rows (lanes) and q = m' / p columns.
+  const q = m_ / ctx.lanes;
+  const B = new Array(ctx.lanes).fill(null).map(() => new Array(q));
+  const initBlock = (i, j) => {
+    B[i][j] = blockMemory.subarray(i*q*1024 + j*1024, (i*q*1024 + j*1024) + ARGON2_BLOCK_SIZE);
+    return B[i][j];
+  };
+  for (let i = 0; i < ctx.lanes; i++) {
+    // const LEi = LE0; //  since p = 1 for us
+    const tmp = new Uint8Array(H0.length + 8);
+    // 3. Compute B[i][0] for all i ranging from (and including) 0 to (not including) p
+    // B[i][0] = H'^(1024)(H_0 || LE32(0) || LE32(i))
+    tmp.set(H0); LE32(tmp, 0, H0.length); LE32(tmp, i, H0.length + 4);
+    H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 0));
+    // 4. Compute B[i][1] for all i ranging from (and including) 0 to (not including) p
+    // B[i][1] = H'^(1024)(H_0 || LE32(1) || LE32(i))
+    LE32(tmp, 1, H0.length);
+    H_(ARGON2_BLOCK_SIZE, tmp, initBlock(i, 1));
+  }
+    // 5. Compute B[i][j] for all i ranging from (and including) 0 to (not including) p and for all j ranging from (and including) 2
+    // to (not including) q. The computation MUST proceed slicewise (Section 3.4) : first, blocks from slice 0 are computed for all lanes
+    // (in an arbitrary order of lanes), then blocks from slice 1 are computed, etc.
+  const SL = 4; // vertical slices
+  const segmentLength = q / SL;
+  for (let pass = 0; pass < ctx.passes; pass++) {
+      // The intersection of a slice and a lane is called a segment, which has a length of q/SL. Segments of the same slice can be computed in parallel
+    for (let sl = 0; sl < SL; sl++) {
+      const isDataIndependent = pass === 0 && sl <= 1;
+      for (let i = 0; i < ctx.lanes; i++) { // lane
+        // On the first slice of the first pass, blocks 0 and 1 are already filled
+        let segmentOffset = sl === 0 && pass === 0 ? 2 : 0;
+        // no need to generate all J1J2s, use iterator/generator that creates the value on the fly (to save memory)
+        const PRNG = isDataIndependent ? makePRNG(wasmContext, pass, i, sl, m_, ctx.passes, segmentLength, segmentOffset) : null;
+        for (segmentOffset; segmentOffset < segmentLength; segmentOffset++) {
+          const j = sl * segmentLength + segmentOffset;
+          const prevBlock = j > 0 ? B[i][j-1] : B[i][q-1]; // B[i][(j-1) mod q]
+          // we can assume the PRNG is never done
+          const J1J2 = isDataIndependent ? PRNG.next().value : prevBlock; // .subarray(0, 8) not required since we only pass the byteOffset to wasm
+          // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.
+          wasmLZ(lz.byteOffset, J1J2.byteOffset, i, ctx.lanes, pass, sl, segmentOffset, SL, segmentLength);
+          const l = lz[0]; const z = lz[1];
+          // for (let i = 0; i < p; i++ )
+          // B[i][j] = G(B[i][j-1], B[l][z])
+          // The block indices l and z are determined for each i, j differently for Argon2d, Argon2i, and Argon2id.
+          if (pass === 0) initBlock(i, j);
+          G$1(wasmContext, prevBlock, B[l][z], pass > 0 ? newBlock : B[i][j]);
+          // 6. If the number of passes t is larger than 1, we repeat step 5. However, blocks are computed differently as the old value is XORed with the new one
+          if (pass > 0) XOR(wasmContext, B[i][j], newBlock, B[i][j]);
+        }
+      }
+    }
+  }
+  // 7. After t steps have been iterated, the final block C is computed as the XOR of the last column:
+  // C = B[0][q-1] XOR B[1][q-1] XOR ... XOR B[p-1][q-1]
+  const C = B[0][q-1];
+  for(let i = 1; i < ctx.lanes; i++) {
+    XOR(wasmContext, C, C, B[i][q-1]);
+  }
+  const tag = H_(ctx.tagLength, C, new Uint8Array(ctx.tagLength));
+  // clear memory since the module might be cached
+  allocatedMemory.fill(0); // clear sensitive contents
+  memory.grow(0); // allow deallocation
+  // 8. The output tag is computed as H'^T(C).
+  return tag;
+}
+function getH0(ctx) {
+  const H = createHash(ARGON2_PREHASH_DIGEST_LENGTH);
+  const ZERO32 = new Uint8Array(4);
+  const params = new Uint8Array(24);
+  LE32(params, ctx.lanes, 0);
+  LE32(params, ctx.tagLength, 4);
+  LE32(params, ctx.memorySize, 8);
+  LE32(params, ctx.passes, 12);
+  LE32(params, ctx.version, 16);
+  LE32(params, ctx.type, 20);
+  const toHash = [params];
+  if (ctx.password) {
+    toHash.push(LE32(new Uint8Array(4), ctx.password.length, 0));
+    toHash.push(ctx.password);
+  } else {
+    toHash.push(ZERO32); // context.password.length
+  }
+  if (ctx.salt) {
+    toHash.push(LE32(new Uint8Array(4), ctx.salt.length, 0));
+    toHash.push(ctx.salt);
+  } else {
+    toHash.push(ZERO32); // context.salt.length
+  }
+  if (ctx.secret) {
+    toHash.push(LE32(new Uint8Array(4), ctx.secret.length, 0));
+    toHash.push(ctx.secret);
+    // todo clear secret?
+  } else {
+    toHash.push(ZERO32); // context.secret.length
+  }
+  if (ctx.ad) {
+    toHash.push(LE32(new Uint8Array(4), ctx.ad.length, 0));
+    toHash.push(ctx.ad);
+  } else {
+    toHash.push(ZERO32); // context.ad.length
+  }
+  H.update(concatArrays(toHash));
+  const outputBuffer = H.digest();
+  return new Uint8Array(outputBuffer);
+}
+function concatArrays(arrays) {
+  if (arrays.length === 1) return arrays[0];
+  let totalLength = 0;
+  for (let i = 0; i < arrays.length; i++) {
+      if (!(arrays[i] instanceof Uint8Array)) {
+          throw new Error('concatArrays: Data must be in the form of a Uint8Array');
+      }
+      totalLength += arrays[i].length;
+  }
+  const result = new Uint8Array(totalLength);
+  let pos = 0;
+  arrays.forEach((element) => {
+      result.set(element, pos);
+      pos += element.length;
+  });
+  return result;
+}
+let isSIMDSupported;
+async function wasmLoader(memory, getSIMD, getNonSIMD) {
+  const importObject = { env: { memory } };
+  if (isSIMDSupported === undefined) {
+    try {
+      isSIMDSupported = true; // will be overwritten in the catch
+      return await getSIMD(importObject);
+    } catch(e) {
+      isSIMDSupported = false;
+    }
+  }
+  const loader = isSIMDSupported ? getSIMD : getNonSIMD;
+  return loader(importObject);
+}
+async function setupWasm(getSIMD, getNonSIMD) {
+  const memory = new WebAssembly.Memory({
+    // in pages of 64KiB each
+    // these values need to be compatible with those declared when building in `build-wasm`
+    initial: 1040,  // 65MB
+    maximum: 65536, // 4GB
+  });
+  const wasmModule = await wasmLoader(memory, getSIMD, getNonSIMD);
+  /**
+   * Argon2id hash function
+   * @callback computeHash
+   * @param {Object} params
+   * @param {Uint8Array} params.password - password
+   * @param {Uint8Array} params.salt - salt
+   * @param {Integer} params.parallelism
+   * @param {Integer} params.passes
+   * @param {Integer} params.memorySize - in kibibytes
+   * @param {Integer} params.tagLength - output tag length
+   * @param {Uint8Array} [params.ad] - associated data (optional)
+   * @param {Uint8Array} [params.secret] - secret data (optional)
+   * @return {Uint8Array} argon2id hash
+   */
+  const computeHash = (params) => argon2id(params, { instance: wasmModule.instance, memory });
+  return computeHash;
+}
+function _loadWasmModule (sync, filepath, src, imports) {
+  function _instantiateOrCompile(source, imports, stream) {
+    var instantiateFunc = stream ? WebAssembly.instantiateStreaming : WebAssembly.instantiate;
+    var compileFunc = stream ? WebAssembly.compileStreaming : WebAssembly.compile;
+    if (imports) {
+      return instantiateFunc(source, imports)
+    } else {
+      return compileFunc(source)
+    }
+  }
+var buf = null;
+if (filepath) {
+return _instantiateOrCompile(fetch(filepath), imports, true);
+}
+var raw = globalThis.atob(src);
+var rawLength = raw.length;
+buf = new Uint8Array(new ArrayBuffer(rawLength));
+for(var i = 0; i < rawLength; i++) {
+   buf[i] = raw.charCodeAt(i);
+}
+  if(sync) {
+    var mod = new WebAssembly.Module(buf);
+    return imports ? new WebAssembly.Instance(mod, imports) : mod
+  } else {
+    return _instantiateOrCompile(buf, imports, false)
+  }
+}
+function wasmSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABKwdgBH9/f38AYAABf2AAAGADf39/AGAJf39/f39/f39/AX9gAX8AYAF/AX8CEwEDZW52Bm1lbW9yeQIBkAiAgAQDCgkCAwAABAEFBgEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwACAkcyAAMFZ2V0TFoABBlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAgJc3RhY2tTYXZlAAUMc3RhY2tSZXN0b3JlAAYKc3RhY2tBbGxvYwAHCQcBAEEBCwEACs0gCQMAAQtYAQJ/A0AgACAEQQR0IgNqIAIgA2r9AAQAIAEgA2r9AAQA/VH9CwQAIAAgA0EQciIDaiACIANq/QAEACABIANq/QAEAP1R/QsEACAEQQJqIgRBwABHDQALC7ceAgt7A38DQCADIBFBBHQiD2ogASAPav0ABAAgACAPav0ABAD9USIF/QsEACACIA9qIAX9CwQAIAMgD0EQciIPaiABIA9q/QAEACAAIA9q/QAEAP1RIgX9CwQAIAIgD2ogBf0LBAAgEUECaiIRQcAARw0ACwNAIAMgEEEHdGoiAEEQaiAA/QAEcCAA/QAEMCIFIAD9AAQQIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEUCIG/c4BIAkgCf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAX9USIFQSj9ywEgBUEY/c0B/VAiCCAE/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAEIAT9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAogCf1RIgVBMP3LASAFQRD9zQH9UCIFIAb9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCP1RIgRBAf3LASAEQT/9zQH9UCIMIAD9AARgIAD9AAQgIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIABBQGsiAf0ABAAiB/3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiByAE/VEiBEEo/csBIARBGP3NAf1QIgsgBv3OASALIAv9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAI/VEiBEEw/csBIARBEP3NAf1QIgQgB/3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgByAH/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAL/VEiB0EB/csBIAdBP/3NAf1QIg0gDf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eHyIH/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIKIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/VEiC0Eg/csBIAtBIP3NAf1QIgsgCP3OASALIAv9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCCAH/VEiB0Eo/csBIAdBGP3NAf1QIgcgCv3OASAHIAf9DQABAgMICQoLAAECAwgJCgsgCiAK/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiDv0LBAAgACAGIA0gDCAM/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgr9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgYgBSAEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USIFQSD9ywEgBUEg/c0B/VAiBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAr9USIEQSj9ywEgBEEY/c0B/VAiCiAG/c4BIAogCv0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAQgBf1RIgVBMP3LASAFQRD9zQH9UCIFIA4gC/1RIgRBMP3LASAEQRD9zQH9UCIEIAT9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRgIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwRwIAEgBCAI/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIE/QsEACAAIAUgCf3OASAFIAX9DQABAgMICQoLAAECAwgJCgsgCSAJ/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCf0LBFAgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEICAAIAQgBSAF/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEMCAQQQFqIhBBCEcNAAtBACEQA0AgAyAQQQR0aiIAQYABaiAA/QAEgAcgAP0ABIADIgUgAP0ABIABIgT9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAQgBP0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9USIJQSD9ywEgCUEg/c0B/VAiCSAA/QAEgAUiBv3OASAJIAn9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAF/VEiBUEo/csBIAVBGP3NAf1QIgggBP3OASAIIAj9DQABAgMICQoLAAECAwgJCgsgBCAE/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiCiAKIAn9USIFQTD9ywEgBUEQ/c0B/VAiBSAG/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJIAj9USIEQQH9ywEgBEE//c0B/VAiDCAA/QAEgAYgAP0ABIACIgQgAP0ABAAiBv3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBv1RIghBIP3LASAIQSD9zQH9UCIIIAD9AASABCIH/c4BIAggCP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIHIAT9USIEQSj9ywEgBEEY/c0B/VAiCyAG/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAGIAb9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIGIAj9USIEQTD9ywEgBEEQ/c0B/VAiBCAH/c4BIAQgBP0NAAECAwgJCgsAAQIDCAkKCyAHIAf9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAv9USIHQQH9ywEgB0E//c0B/VAiDSAN/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4fIgf9zgEgByAH/Q0AAQIDCAkKCwABAgMICQoLIAogCv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgogBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9USILQSD9ywEgC0Eg/c0B/VAiCyAI/c4BIAsgC/0NAAECAwgJCgsAAQIDCAkKCyAIIAj9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIIIAf9USIHQSj9ywEgB0EY/c0B/VAiByAK/c4BIAcgB/0NAAECAwgJCgsAAQIDCAkKCyAKIAr9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIO/QsEACAAIAYgDSAMIAz9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh8iCv3OASAKIAr9DQABAgMICQoLAAECAwgJCgsgBiAG/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBiAFIAQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/1RIgVBIP3LASAFQSD9zQH9UCIFIAn9zgEgBSAF/Q0AAQIDCAkKCwABAgMICQoLIAkgCf0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgkgCv1RIgRBKP3LASAEQRj9zQH9UCIKIAb9zgEgCiAK/Q0AAQIDCAkKCwABAgMICQoLIAYgBv0NAAECAwgJCgsAAQIDCAkKC/3eAUEB/csB/c4BIgT9CwQAIAAgBCAF/VEiBUEw/csBIAVBEP3NAf1QIgUgDiAL/VEiBEEw/csBIARBEP3NAf1QIgQgBP0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIAGIAAgBCAFIAX9DQABAgMEBQYHEBESExQVFhf9DQgJCgsMDQ4PGBkaGxwdHh/9CwSAByAAIAQgCP3OASAEIAT9DQABAgMICQoLAAECAwgJCgsgCCAI/Q0AAQIDCAkKCwABAgMICQoL/d4BQQH9ywH9zgEiBP0LBIAEIAAgBSAJ/c4BIAUgBf0NAAECAwgJCgsAAQIDCAkKCyAJIAn9DQABAgMICQoLAAECAwgJCgv93gFBAf3LAf3OASIJ/QsEgAUgACAEIAf9USIFQQH9ywEgBUE//c0B/VAiBSAJIAr9USIEQQH9ywEgBEE//c0B/VAiBCAE/Q0AAQIDBAUGBxAREhMUFRYX/Q0ICQoLDA0ODxgZGhscHR4f/QsEgAIgACAEIAUgBf0NAAECAwQFBgcQERITFBUWF/0NCAkKCwwNDg8YGRobHB0eH/0LBIADIBBBAWoiEEEIRw0AC0EAIRADQCACIBBBBHQiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACACIABBEHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBIHIiAWoiDyABIANq/QAEACAP/QAEAP1R/QsEACACIABBMHIiAGoiASAAIANq/QAEACAB/QAEAP1R/QsEACAQQQRqIhBBwABHDQALCxYAIAAgASACIAMQAiAAIAIgAiADEAILewIBfwF+IAIhCSABNQIAIQogBCAFcgRAIAEoAgQgA3AhCQsgACAJNgIAIAAgB0EBayAFIAQbIAhsIAZBAWtBAEF/IAYbIAIgCUYbaiIBIAVBAWogCGxBACAEG2ogAa0gCiAKfkIgiH5CIIinQX9zaiAHIAhscDYCBCAACwQAIwALBgAgACQACxAAIwAgAGtBcHEiACQAIAALBQBBgAgL', imports)}
+function wasmNonSIMD(imports){return _loadWasmModule(0, null, 'AGFzbQEAAAABPwhgBH9/f38AYAABf2AAAGADf39/AGARf39/f39/f39/f39/f39/f38AYAl/f39/f39/f38Bf2ABfwBgAX8BfwITAQNlbnYGbWVtb3J5AgGQCICABAMLCgIDBAAABQEGBwEEBQFwAQICBgkBfwFBkIjAAgsHfQoDeG9yAAEBRwADAkcyAAQFZ2V0TFoABRlfX2luZGlyZWN0X2Z1bmN0aW9uX3RhYmxlAQALX2luaXRpYWxpemUAABBfX2Vycm5vX2xvY2F0aW9uAAkJc3RhY2tTYXZlAAYMc3RhY2tSZXN0b3JlAAcKc3RhY2tBbGxvYwAICQcBAEEBCwEACssaCgMAAQtQAQJ/A0AgACAEQQN0IgNqIAIgA2opAwAgASADaikDAIU3AwAgACADQQhyIgNqIAIgA2opAwAgASADaikDAIU3AwAgBEECaiIEQYABRw0ACwveDwICfgF/IAAgAUEDdGoiEyATKQMAIhEgACAFQQN0aiIBKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA1BA3RqIgUgESAFKQMAhUIgiSIRNwMAIAAgCUEDdGoiCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIoiSIRNwMAIBMgESATKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAFIBEgBSkDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgASARIAEpAwCFQgGJNwMAIAAgAkEDdGoiDSANKQMAIhEgACAGQQN0aiICKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA5BA3RqIgYgESAGKQMAhUIgiSIRNwMAIAAgCkEDdGoiCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIoiSIRNwMAIA0gESANKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAKIBEgCikDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAiARIAIpAwCFQgGJNwMAIAAgA0EDdGoiDiAOKQMAIhEgACAHQQN0aiIDKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIA9BA3RqIgcgESAHKQMAhUIgiSIRNwMAIAAgC0EDdGoiCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAMgESADKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAHIBEgBykDAIVCMIkiETcDACALIBEgCykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQgGJNwMAIAAgBEEDdGoiDyAPKQMAIhEgACAIQQN0aiIEKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAAIBBBA3RqIgggESAIKQMAhUIgiSIRNwMAIAAgDEEDdGoiACARIAApAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA8gESAPKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAIIBEgCCkDAIVCMIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIBMgEykDACIRIAIpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAggESAIKQMAhUIgiSIRNwMAIAsgESALKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACACIBEgAikDAIVCKIkiETcDACATIBEgEykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgCCARIAgpAwCFQjCJIhE3AwAgCyARIAspAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAIgESACKQMAhUIBiTcDACANIA0pAwAiESADKQMAIhJ8IBFCAYZC/v///x+DIBJC/////w+DfnwiETcDACAFIBEgBSkDAIVCIIkiETcDACAAIBEgACkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgAyARIAMpAwCFQiiJIhE3AwAgDSARIA0pAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAUgESAFKQMAhUIwiSIRNwMAIAAgESAAKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACADIBEgAykDAIVCAYk3AwAgDiAOKQMAIhEgBCkDACISfCARQgGGQv7///8fgyASQv////8Pg358IhE3AwAgBiARIAYpAwCFQiCJIhE3AwAgCSARIAkpAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAQgESAEKQMAhUIoiSIRNwMAIA4gESAOKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACAGIBEgBikDAIVCMIkiETcDACAJIBEgCSkDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgBCARIAQpAwCFQgGJNwMAIA8gDykDACIRIAEpAwAiEnwgEUIBhkL+////H4MgEkL/////D4N+fCIRNwMAIAcgESAHKQMAhUIgiSIRNwMAIAogESAKKQMAIhJ8IBFC/////w+DIBJCAYZC/v///x+DfnwiETcDACABIBEgASkDAIVCKIkiETcDACAPIBEgDykDACISfCARQv////8PgyASQgGGQv7///8fg358IhE3AwAgByARIAcpAwCFQjCJIhE3AwAgCiARIAopAwAiEnwgEUL/////D4MgEkIBhkL+////H4N+fCIRNwMAIAEgESABKQMAhUIBiTcDAAvdCAEPfwNAIAIgBUEDdCIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAIgBkEIciIGaiABIAZqKQMAIAAgBmopAwCFNwMAIAVBAmoiBUGAAUcNAAsDQCADIARBA3QiAGogACACaikDADcDACADIARBAXIiAEEDdCIBaiABIAJqKQMANwMAIAMgBEECciIBQQN0IgVqIAIgBWopAwA3AwAgAyAEQQNyIgVBA3QiBmogAiAGaikDADcDACADIARBBHIiBkEDdCIHaiACIAdqKQMANwMAIAMgBEEFciIHQQN0IghqIAIgCGopAwA3AwAgAyAEQQZyIghBA3QiCWogAiAJaikDADcDACADIARBB3IiCUEDdCIKaiACIApqKQMANwMAIAMgBEEIciIKQQN0IgtqIAIgC2opAwA3AwAgAyAEQQlyIgtBA3QiDGogAiAMaikDADcDACADIARBCnIiDEEDdCINaiACIA1qKQMANwMAIAMgBEELciINQQN0Ig5qIAIgDmopAwA3AwAgAyAEQQxyIg5BA3QiD2ogAiAPaikDADcDACADIARBDXIiD0EDdCIQaiACIBBqKQMANwMAIAMgBEEOciIQQQN0IhFqIAIgEWopAwA3AwAgAyAEQQ9yIhFBA3QiEmogAiASaikDADcDACADIARB//8DcSAAQf//A3EgAUH//wNxIAVB//8DcSAGQf//A3EgB0H//wNxIAhB//8DcSAJQf//A3EgCkH//wNxIAtB//8DcSAMQf//A3EgDUH//wNxIA5B//8DcSAPQf//A3EgEEH//wNxIBFB//8DcRACIARB8ABJIQAgBEEQaiEEIAANAAtBACEBIANBAEEBQRBBEUEgQSFBMEExQcAAQcEAQdAAQdEAQeAAQeEAQfAAQfEAEAIgA0ECQQNBEkETQSJBI0EyQTNBwgBBwwBB0gBB0wBB4gBB4wBB8gBB8wAQAiADQQRBBUEUQRVBJEElQTRBNUHEAEHFAEHUAEHVAEHkAEHlAEH0AEH1ABACIANBBkEHQRZBF0EmQSdBNkE3QcYAQccAQdYAQdcAQeYAQecAQfYAQfcAEAIgA0EIQQlBGEEZQShBKUE4QTlByABByQBB2ABB2QBB6ABB6QBB+ABB+QAQAiADQQpBC0EaQRtBKkErQTpBO0HKAEHLAEHaAEHbAEHqAEHrAEH6AEH7ABACIANBDEENQRxBHUEsQS1BPEE9QcwAQc0AQdwAQd0AQewAQe0AQfwAQf0AEAIgA0EOQQ9BHkEfQS5BL0E+QT9BzgBBzwBB3gBB3wBB7gBB7wBB/gBB/wAQAgNAIAIgAUEDdCIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAiAAQQhyIgRqIgUgAyAEaikDACAFKQMAhTcDACACIABBEHIiBGoiBSADIARqKQMAIAUpAwCFNwMAIAIgAEEYciIAaiIEIAAgA2opAwAgBCkDAIU3AwAgAUEEaiIBQYABRw0ACwsWACAAIAEgAiADEAMgACACIAIgAxADC3sCAX8BfiACIQkgATUCACEKIAQgBXIEQCABKAIEIANwIQkLIAAgCTYCACAAIAdBAWsgBSAEGyAIbCAGQQFrQQBBfyAGGyACIAlGG2oiASAFQQFqIAhsQQAgBBtqIAGtIAogCn5CIIh+QiCIp0F/c2ogByAIbHA2AgQgAAsEACMACwYAIAAkAAsQACMAIABrQXBxIgAkACAACwUAQYAICw==', imports)}
+const loadWasm = async () => setupWasm(
+  (instanceObject) => wasmSIMD(instanceObject),
+  (instanceObject) => wasmNonSIMD(instanceObject),
+);
+var index = /*#__PURE__*/Object.freeze({
+  __proto__: null,
+  'default': loadWasm
+});
+export { AEADEncryptedDataPacket, CleartextMessage, CompressedDataPacket, KDFParams, LiteralDataPacket, MarkerPacket, Message, OnePassSignaturePacket, PacketList, PrivateKey, PublicKey, PublicKeyEncryptedSessionKeyPacket, PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket, Signature, SignaturePacket, Subkey, SymEncryptedIntegrityProtectedDataPacket, SymEncryptedSessionKeyPacket, SymmetricallyEncryptedDataPacket, TrustPacket, UnparseablePacket, UserAttributePacket, UserIDPacket, armor, config, createCleartextMessage, createMessage, decrypt$4 as decrypt, decryptKey, decryptSessionKeys, encrypt$4 as encrypt, encryptKey, encryptSessionKey, enums, generateKey, generateSessionKey$1 as generateSessionKey, readCleartextMessage, readKey, readKeys, readMessage, readPrivateKey, readPrivateKeys, readSignature, reformatKey, revokeKey, sign$5 as sign, unarmor, verify$5 as verify };