@protontech/openpgp 6.0.0-beta.0 → 6.0.0-beta.1

package/dist/lightweight/openpgp.mjs

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v6.0.0-beta.0 - 2024-04-18 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v6.0.0-beta.1 - 2024-05-17 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
 const doneWritingPromise = Symbol('doneWritingPromise');
@@ -1465,6 +1465,14 @@ var config = {
    * @property {Boolean} aeadProtect
    */
   aeadProtect: false,
+  /**
+   * Whether to disable encrypton using SEIPDv2 even if the encryption keys include the SEIPDv2 feature flag.
+   * If true, SEIPDv1 (i.e. no AEAD) packets are always used instead.
+   * SEIPDv2 is a more secure and faster choice, but it is not necessarily compatible with other libs and our mobile apps.
+   * @memberof module:config
+   * @property {Boolean} ignoreSEIPDv2FeatureFlag
+   */
+  ignoreSEIPDv2FeatureFlag: false,
   /**
    * When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`)
    * which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`,
@@ -1652,7 +1660,7 @@ var config = {
    * @memberof module:config
    * @property {String} versionString A version string to be included in armored messages
    */
-  versionString: 'OpenPGP.js 6.0.0-beta.0',
+  versionString: 'OpenPGP.js 6.0.0-beta.1',
   /**
    * @memberof module:config
    * @property {String} commentString A comment string to be included in armored messages
@@ -1713,27 +1721,6 @@ var config = {
   rejectCurves: new Set([enums.curve.secp256k1])
 };
 
-/**
- * We don't use the BigIntegerInterface wrapper from noble-hashes because:
- * - importing the instance results in it being shared with noble-hashes, which separately calls `setImplementation()`
- *  on load, causing it to throw due to duplicate initialization.
- * - even duplicating the interface code here to keep a separate instance requires handing a race-conditions the first time
- * `getBigInteger` is called, when the code needs to check if the implementation is set, and initialize it if not.
- * Ultimately, the interface provides no advantages and it's only needed because of TS.
- */
-const detectBigInt = () => typeof BigInt !== 'undefined';
-async function getBigInteger() {
-  if (detectBigInt()) {
-    // NativeBigInteger is small, so it's imported in isolation (it could also be imported at the top level)
-    const { default: NativeBigInteger } = await import('./native.interface.mjs');
-    return NativeBigInteger;
-  } else {
-    // FallbackBigInteger relies on large BN.js lib, which is also used by noble-hashes and noble-curves
-    const { default: FallbackBigInteger } = await import('./bn.interface.mjs');
-    return FallbackBigInteger;
-  }
-}
-
 // GPG4Browsers - An OpenPGP implementation in javascript
 // Copyright (C) 2011 Recurity Labs GmbH
 //
@@ -1775,8 +1762,6 @@ const util = {
 
   isStream: isStream,
 
-  getBigInteger,
-
   /**
    * Load noble-curves lib on demand and return the requested curve function
    * @param {enums.publicKey} publicKeyAlgo
@@ -2498,7 +2483,7 @@ function b64ToUint8Array(base64) {
  */
 function uint8ArrayToB64(bytes, url) {
   let encoded = encode$1(bytes).replace(/[\r\n]/g, '');
-  if (url) {
+  {
     encoded = encoded.replace(/[+]/g, '-').replace(/[/]/g, '_').replace(/[=]/g, '');
   }
   return encoded;
@@ -4285,7 +4270,7 @@ function is_bytes(a) {
     return a instanceof Uint8Array;
 }
 function _heap_init(heap, heapSize) {
-    const size = heap ? heap.byteLength : heapSize || 65536;
+    const size = heap ? heap.byteLength : 65536;
     if (size & 0xfff || size <= 0)
         throw new Error('heap size must be a positive integer and a multiple of 4096');
     heap = heap || new Uint8Array(new ArrayBuffer(size));
@@ -5842,6 +5827,202 @@ var mode = {
   ocb: OCB
 };
 
+// Operations are not constant time, but we try and limit timing leakage where we can
+const _0n$1 = BigInt(0);
+const _1n$4 = BigInt(1);
+function uint8ArrayToBigInt(bytes) {
+    const hexAlphabet = '0123456789ABCDEF';
+    let s = '';
+    bytes.forEach(v => {
+        s += hexAlphabet[v >> 4] + hexAlphabet[v & 15];
+    });
+    return BigInt('0x0' + s);
+}
+function mod$1(a, m) {
+    const reduced = a % m;
+    return reduced < _0n$1 ? reduced + m : reduced;
+}
+/**
+ * Compute modular exponentiation using square and multiply
+ * @param {BigInt} a - Base
+ * @param {BigInt} e - Exponent
+ * @param {BigInt} n - Modulo
+ * @returns {BigInt} b ** e mod n.
+ */
+function modExp(b, e, n) {
+    if (n === _0n$1)
+        throw Error('Modulo cannot be zero');
+    if (n === _1n$4)
+        return BigInt(0);
+    if (e < _0n$1)
+        throw Error('Unsopported negative exponent');
+    let exp = e;
+    let x = b;
+    x %= n;
+    let r = BigInt(1);
+    while (exp > _0n$1) {
+        const lsb = exp & _1n$4;
+        exp >>= _1n$4; // e / 2
+        // Always compute multiplication step, to reduce timing leakage
+        const rx = (r * x) % n;
+        // Update r only if lsb is 1 (odd exponent)
+        r = lsb ? rx : r;
+        x = (x * x) % n; // Square
+    }
+    return r;
+}
+function abs(x) {
+    return x >= _0n$1 ? x : -x;
+}
+/**
+ * Extended Eucleadian algorithm (http://anh.cs.luc.edu/331/notes/xgcd.pdf)
+ * Given a and b, compute (x, y) such that ax + by = gdc(a, b).
+ * Negative numbers are also supported.
+ * @param {BigInt} a - First operand
+ * @param {BigInt} b - Second operand
+ * @returns {{ gcd, x, y: bigint }}
+ */
+function _egcd(aInput, bInput) {
+    let x = BigInt(0);
+    let y = BigInt(1);
+    let xPrev = BigInt(1);
+    let yPrev = BigInt(0);
+    // Deal with negative numbers: run algo over absolute values,
+    // and "move" the sign to the returned x and/or y.
+    // See https://math.stackexchange.com/questions/37806/extended-euclidean-algorithm-with-negative-numbers
+    let a = abs(aInput);
+    let b = abs(bInput);
+    const aNegated = aInput < _0n$1;
+    const bNegated = bInput < _0n$1;
+    while (b !== _0n$1) {
+        const q = a / b;
+        let tmp = x;
+        x = xPrev - q * x;
+        xPrev = tmp;
+        tmp = y;
+        y = yPrev - q * y;
+        yPrev = tmp;
+        tmp = b;
+        b = a % b;
+        a = tmp;
+    }
+    return {
+        x: aNegated ? -xPrev : xPrev,
+        y: bNegated ? -yPrev : yPrev,
+        gcd: a
+    };
+}
+/**
+ * Compute the inverse of `a` modulo `n`
+ * Note: `a` and and `n` must be relatively prime
+ * @param {BigInt} a
+ * @param {BigInt} n - Modulo
+ * @returns {BigInt} x such that a*x = 1 mod n
+ * @throws {Error} if the inverse does not exist
+ */
+function modInv(a, n) {
+    const { gcd, x } = _egcd(a, n);
+    if (gcd !== _1n$4) {
+        throw new Error('Inverse does not exist');
+    }
+    return mod$1(x + n, n);
+}
+/**
+ * Compute greatest common divisor between this and n
+ * @param {BigInt} aInput - Operand
+ * @param {BigInt} bInput - Operand
+ * @returns {BigInt} gcd
+ */
+function gcd(aInput, bInput) {
+    let a = aInput;
+    let b = bInput;
+    while (b !== _0n$1) {
+        const tmp = b;
+        b = a % b;
+        a = tmp;
+    }
+    return a;
+}
+/**
+ * Get this value as an exact Number (max 53 bits)
+ * Fails if this value is too large
+ * @returns {Number}
+ */
+function bigIntToNumber(x) {
+    const number = Number(x);
+    if (number > Number.MAX_SAFE_INTEGER) {
+        // We throw and error to conform with the bn.js implementation
+        throw new Error('Number can only safely store up to 53 bits');
+    }
+    return number;
+}
+/**
+ * Get value of i-th bit
+ * @param {BigInt} x
+ * @param {Number} i - Bit index
+ * @returns {Number} Bit value.
+ */
+function getBit(x, i) {
+    const bit = (x >> BigInt(i)) & _1n$4;
+    return bit === _0n$1 ? 0 : 1;
+}
+/**
+ * Compute bit length
+ */
+function bitLength(x) {
+    // -1n >> -1n is -1n
+    // 1n >> 1n is 0n
+    const target = x < _0n$1 ? BigInt(-1) : _0n$1;
+    let bitlen = 1;
+    let tmp = x;
+    // eslint-disable-next-line no-cond-assign
+    while ((tmp >>= _1n$4) !== target) {
+        bitlen++;
+    }
+    return bitlen;
+}
+/**
+ * Compute byte length
+ */
+function byteLength(x) {
+    const target = x < _0n$1 ? BigInt(-1) : _0n$1;
+    const _8n = BigInt(8);
+    let len = 1;
+    let tmp = x;
+    // eslint-disable-next-line no-cond-assign
+    while ((tmp >>= _8n) !== target) {
+        len++;
+    }
+    return len;
+}
+/**
+ * Get Uint8Array representation of this number
+ * @param {String} endian - Endianess of output array (defaults to 'be')
+ * @param {Number} length - Of output array
+ * @returns {Uint8Array}
+ */
+function bigIntToUint8Array(x, endian = 'be', length) {
+    // we get and parse the hex string (https://coolaj86.com/articles/convert-js-bigints-to-typedarrays/)
+    // this is faster than shift+mod iterations
+    let hex = x.toString(16);
+    if (hex.length % 2 === 1) {
+        hex = '0' + hex;
+    }
+    const rawLength = hex.length / 2;
+    const bytes = new Uint8Array(length || rawLength);
+    // parse hex
+    const offset = length ? length - rawLength : 0;
+    let i = 0;
+    while (i < rawLength) {
+        bytes[i + offset] = parseInt(hex.slice(2 * i, 2 * i + 2), 16);
+        i++;
+    }
+    if (endian !== 'be') {
+        bytes.reverse();
+    }
+    return bytes;
+}
+
 // GPG4Browsers - An OpenPGP implementation in javascript
 // Copyright (C) 2011 Recurity Labs GmbH
 //
@@ -5881,27 +6062,25 @@ function getRandomBytes(length) {
 }
 
 /**
- * Create a secure random BigInteger that is greater than or equal to min and less than max.
- * @param {module:BigInteger} min - Lower bound, included
- * @param {module:BigInteger} max - Upper bound, excluded
- * @returns {Promise<module:BigInteger>} Random BigInteger.
+ * Create a secure random BigInt that is greater than or equal to min and less than max.
+ * @param {bigint} min - Lower bound, included
+ * @param {bigint} max - Upper bound, excluded
+ * @returns {bigint} Random BigInt.
  * @async
  */
-async function getRandomBigInteger(min, max) {
-  const BigInteger = await util.getBigInteger();
-
-  if (max.lt(min)) {
+function getRandomBigInteger(min, max) {
+  if (max < min) {
     throw new Error('Illegal parameter value: max <= min');
   }
 
-  const modulus = max.sub(min);
-  const bytes = modulus.byteLength();
+  const modulus = max - min;
+  const bytes = byteLength(modulus);
 
   // Using a while loop is necessary to avoid bias introduced by the mod operation.
   // However, we request 64 extra random bits so that the bias is negligible.
   // Section B.1.1 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
-  const r = new BigInteger(getRandomBytes(bytes + 8));
-  return r.mod(modulus).add(min);
+  const r = uint8ArrayToBigInt(getRandomBytes(bytes + 8));
+  return mod$1(r, modulus) + min;
 }
 
 var random = /*#__PURE__*/Object.freeze({
@@ -5926,177 +6105,159 @@ var random = /*#__PURE__*/Object.freeze({
 // You should have received a copy of the GNU Lesser General Public
 // License along with this library; if not, write to the Free Software
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-
+/**
+ * @fileoverview Algorithms for probabilistic random prime generation
+ * @module crypto/public_key/prime
+ */
+const _1n$3 = BigInt(1);
 /**
  * Generate a probably prime random number
- * @param {Integer} bits - Bit length of the prime
- * @param {BigInteger} e - Optional RSA exponent to check against the prime
- * @param {Integer} k - Optional number of iterations of Miller-Rabin test
- * @returns BigInteger
- * @async
+ * @param bits - Bit length of the prime
+ * @param e - Optional RSA exponent to check against the prime
+ * @param k - Optional number of iterations of Miller-Rabin test
  */
-async function randomProbablePrime(bits, e, k) {
-  const BigInteger = await util.getBigInteger();
-
-  const one = new BigInteger(1);
-  const min = one.leftShift(new BigInteger(bits - 1));
-  const thirty = new BigInteger(30);
-  /*
-   * We can avoid any multiples of 3 and 5 by looking at n mod 30
-   * n mod 30 = 0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
-   * the next possible prime is mod 30:
-   *            1  7  7  7  7  7  7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1
-   */
-  const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];
-
-  const n = await getRandomBigInteger(min, min.leftShift(one));
-  let i = n.mod(thirty).toNumber();
-
-  do {
-    n.iadd(new BigInteger(adds[i]));
-    i = (i + adds[i]) % adds.length;
-    // If reached the maximum, go back to the minimum.
-    if (n.bitLength() > bits) {
-      n.imod(min.leftShift(one)).iadd(min);
-      i = n.mod(thirty).toNumber();
-    }
-  } while (!await isProbablePrime(n, e, k));
-  return n;
+function randomProbablePrime(bits, e, k) {
+    const _30n = BigInt(30);
+    const min = _1n$3 << BigInt(bits - 1);
+    /*
+     * We can avoid any multiples of 3 and 5 by looking at n mod 30
+     * n mod 30 = 0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
+     * the next possible prime is mod 30:
+     *            1  7  7  7  7  7  7 11 11 11 11 13 13 17 17 17 17 19 19 23 23 23 23 29 29 29 29 29 29 1
+     */
+    const adds = [1, 6, 5, 4, 3, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 2, 1, 4, 3, 2, 1, 6, 5, 4, 3, 2, 1, 2];
+    let n = getRandomBigInteger(min, min << _1n$3);
+    let i = bigIntToNumber(mod$1(n, _30n));
+    do {
+        n += BigInt(adds[i]);
+        i = (i + adds[i]) % adds.length;
+        // If reached the maximum, go back to the minimum.
+        if (bitLength(n) > bits) {
+            n = mod$1(n, min << _1n$3);
+            n += min;
+            i = bigIntToNumber(mod$1(n, _30n));
+        }
+    } while (!isProbablePrime(n, e, k));
+    return n;
 }
-
 /**
  * Probabilistic primality testing
- * @param {BigInteger} n - Number to test
- * @param {BigInteger} e - Optional RSA exponent to check against the prime
- * @param {Integer} k - Optional number of iterations of Miller-Rabin test
- * @returns {boolean}
- * @async
+ * @param n - Number to test
+ * @param e - Optional RSA exponent to check against the prime
+ * @param k - Optional number of iterations of Miller-Rabin test
  */
-async function isProbablePrime(n, e, k) {
-  if (e && !n.dec().gcd(e).isOne()) {
-    return false;
-  }
-  if (!await divisionTest(n)) {
-    return false;
-  }
-  if (!await fermat(n)) {
-    return false;
-  }
-  if (!await millerRabin(n, k)) {
-    return false;
-  }
-  // TODO implement the Lucas test
-  // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
-  return true;
+function isProbablePrime(n, e, k) {
+    if (e && gcd(n - _1n$3, e) !== _1n$3) {
+        return false;
+    }
+    if (!divisionTest(n)) {
+        return false;
+    }
+    if (!fermat(n)) {
+        return false;
+    }
+    if (!millerRabin(n, k)) {
+        return false;
+    }
+    // TODO implement the Lucas test
+    // See Section C.3.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
+    return true;
 }
-
 /**
  * Tests whether n is probably prime or not using Fermat's test with b = 2.
  * Fails if b^(n-1) mod n != 1.
- * @param {BigInteger} n - Number to test
- * @param {BigInteger} b - Optional Fermat test base
- * @returns {boolean}
+ * @param n - Number to test
+ * @param b - Optional Fermat test base
  */
-async function fermat(n, b) {
-  const BigInteger = await util.getBigInteger();
-
-  b = b || new BigInteger(2);
-  return b.modExp(n.dec(), n).isOne();
+function fermat(n, b = BigInt(2)) {
+    return modExp(b, n - _1n$3, n) === _1n$3;
 }
-
-async function divisionTest(n) {
-  const BigInteger = await util.getBigInteger();
-
-  return smallPrimes.every(m => {
-    return n.mod(new BigInteger(m)) !== 0;
-  });
+function divisionTest(n) {
+    const _0n = BigInt(0);
+    return smallPrimes.every(m => mod$1(n, m) !== _0n);
 }
-
 // https://github.com/gpg/libgcrypt/blob/master/cipher/primegen.c
 const smallPrimes = [
-  7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
-  47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
-  103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
-  157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
-  211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
-  269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
-  331, 337, 347, 349, 353, 359, 367, 373, 379, 383,
-  389, 397, 401, 409, 419, 421, 431, 433, 439, 443,
-  449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
-  509, 521, 523, 541, 547, 557, 563, 569, 571, 577,
-  587, 593, 599, 601, 607, 613, 617, 619, 631, 641,
-  643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
-  709, 719, 727, 733, 739, 743, 751, 757, 761, 769,
-  773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
-  853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
-  919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
-  991, 997, 1009, 1013, 1019, 1021, 1031, 1033,
-  1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
-  1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
-  1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
-  1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,
-  1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,
-  1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,
-  1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,
-  1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,
-  1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,
-  1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
-  1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,
-  1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,
-  1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,
-  1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,
-  1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,
-  1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,
-  1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,
-  2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,
-  2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,
-  2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,
-  2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
-  2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,
-  2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,
-  2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,
-  2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,
-  2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,
-  2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,
-  2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,
-  2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,
-  2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,
-  2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,
-  2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
-  3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,
-  3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,
-  3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,
-  3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,
-  3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,
-  3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,
-  3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,
-  3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,
-  3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,
-  3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,
-  3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
-  3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,
-  3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,
-  3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,
-  3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,
-  4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,
-  4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,
-  4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,
-  4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,
-  4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,
-  4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,
-  4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
-  4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,
-  4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,
-  4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,
-  4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,
-  4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,
-  4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
-  4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
-  4957, 4967, 4969, 4973, 4987, 4993, 4999
-];
-
-
+    7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
+    47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
+    103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
+    157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
+    211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
+    269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
+    331, 337, 347, 349, 353, 359, 367, 373, 379, 383,
+    389, 397, 401, 409, 419, 421, 431, 433, 439, 443,
+    449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
+    509, 521, 523, 541, 547, 557, 563, 569, 571, 577,
+    587, 593, 599, 601, 607, 613, 617, 619, 631, 641,
+    643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
+    709, 719, 727, 733, 739, 743, 751, 757, 761, 769,
+    773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
+    853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
+    919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
+    991, 997, 1009, 1013, 1019, 1021, 1031, 1033,
+    1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
+    1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
+    1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
+    1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,
+    1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,
+    1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,
+    1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,
+    1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,
+    1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,
+    1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
+    1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,
+    1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,
+    1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,
+    1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,
+    1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,
+    1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,
+    1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,
+    2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,
+    2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,
+    2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,
+    2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
+    2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,
+    2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,
+    2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,
+    2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,
+    2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,
+    2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,
+    2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,
+    2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,
+    2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,
+    2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,
+    2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
+    3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,
+    3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,
+    3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,
+    3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,
+    3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,
+    3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,
+    3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,
+    3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,
+    3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,
+    3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,
+    3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
+    3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,
+    3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,
+    3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,
+    3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,
+    4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,
+    4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,
+    4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,
+    4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,
+    4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,
+    4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,
+    4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
+    4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,
+    4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,
+    4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,
+    4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,
+    4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,
+    4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
+    4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
+    4957, 4967, 4969, 4973, 4987, 4993, 4999
+].map(n => BigInt(n));
 // Miller-Rabin - Miller Rabin algorithm for primality test
 // Copyright Fedor Indutny, 2014.
 //
@@ -6120,63 +6281,51 @@ const smallPrimes = [
 // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 // USE OR OTHER DEALINGS IN THE SOFTWARE.
-
 // Adapted on Jan 2018 from version 4.0.1 at https://github.com/indutny/miller-rabin
-
 // Sample syntax for Fixed-Base Miller-Rabin:
 // millerRabin(n, k, () => new BN(small_primes[Math.random() * small_primes.length | 0]))
-
 /**
  * Tests whether n is probably prime or not using the Miller-Rabin test.
  * See HAC Remark 4.28.
- * @param {BigInteger} n - Number to test
- * @param {Integer} k - Optional number of iterations of Miller-Rabin test
- * @param {Function} rand - Optional function to generate potential witnesses
+ * @param n - Number to test
+ * @param k - Optional number of iterations of Miller-Rabin test
+ * @param rand - Optional function to generate potential witnesses
  * @returns {boolean}
  * @async
  */
-async function millerRabin(n, k, rand) {
-  const BigInteger = await util.getBigInteger();
-
-  const len = n.bitLength();
-
-  if (!k) {
-    k = Math.max(1, (len / 48) | 0);
-  }
-
-  const n1 = n.dec(); // n - 1
-
-  // Find d and s, (n - 1) = (2 ^ s) * d;
-  let s = 0;
-  while (!n1.getBit(s)) { s++; }
-  const d = n.rightShift(new BigInteger(s));
-
-  for (; k > 0; k--) {
-    const a = rand ? rand() : await getRandomBigInteger(new BigInteger(2), n1);
-
-    let x = a.modExp(d, n);
-    if (x.isOne() || x.equal(n1)) {
-      continue;
+function millerRabin(n, k, rand) {
+    const len = bitLength(n);
+    if (!k) {
+        k = Math.max(1, (len / 48) | 0);
     }
-
-    let i;
-    for (i = 1; i < s; i++) {
-      x = x.mul(x).mod(n);
-
-      if (x.isOne()) {
-        return false;
-      }
-      if (x.equal(n1)) {
-        break;
-      }
-    }
-
-    if (i === s) {
-      return false;
+    const n1 = n - _1n$3; // n - 1
+    // Find d and s, (n - 1) = (2 ^ s) * d;
+    let s = 0;
+    while (!getBit(n1, s)) {
+        s++;
+    }
+    const d = n >> BigInt(s);
+    for (; k > 0; k--) {
+        const a = getRandomBigInteger(BigInt(2), n1);
+        let x = modExp(a, d, n);
+        if (x === _1n$3 || x === n1) {
+            continue;
+        }
+        let i;
+        for (i = 1; i < s; i++) {
+            x = mod$1(x * x, n);
+            if (x === _1n$3) {
+                return false;
+            }
+            if (x === n1) {
+                break;
+            }
+        }
+        if (i === s) {
+            return false;
+        }
     }
-  }
-
-  return true;
+    return true;
 }
 
 // GPG4Browsers - An OpenPGP implementation in javascript
@@ -6302,7 +6451,7 @@ function emeDecode(encoded, randomPayload) {
  * @param {Integer} emLen - Intended length in octets of the encoded message
  * @returns {Uint8Array} Encoded message.
  */
-async function emsaEncode(algo, hashed, emLen) {
+function emsaEncode(algo, hashed, emLen) {
   let i;
   if (hashed.length !== hash.getHashByteLength(algo)) {
     throw new Error('Invalid hash length');
@@ -6359,6 +6508,7 @@ var pkcs1 = /*#__PURE__*/Object.freeze({
 
 const webCrypto$6 = util.getWebCrypto();
 const nodeCrypto$4 = util.getNodeCrypto();
+const _1n$2 = BigInt(1);
 
 /** Create signature
  * @param {module:enums.hash} hashAlgo - Hash algorithm
@@ -6472,16 +6622,14 @@ async function decrypt$4(data, n, e, d, p, q, u, randomPayload) {
  * @async
  */
 async function generate$5(bits, e) {
-  const BigInteger = await util.getBigInteger();
-
-  e = new BigInteger(e);
+  e = BigInt(e);
 
   // Native RSA keygen using Web Crypto
   if (util.getWebCrypto()) {
     const keyGenOpt = {
       name: 'RSASSA-PKCS1-v1_5',
       modulusLength: bits, // the specified keysize in bits
-      publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent
+      publicExponent: bigIntToUint8Array(e), // take three bytes (max 65537) for exponent
       hash: {
         name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'
       }
@@ -6496,7 +6644,7 @@ async function generate$5(bits, e) {
   } else if (util.getNodeCrypto()) {
     const opts = {
       modulusLength: bits,
-      publicExponent: e.toNumber(),
+      publicExponent: bigIntToNumber(e),
       publicKeyEncoding: { type: 'pkcs1', format: 'jwk' },
       privateKeyEncoding: { type: 'pkcs1', format: 'jwk' }
     };
@@ -6519,26 +6667,26 @@ async function generate$5(bits, e) {
   let q;
   let n;
   do {
-    q = await randomProbablePrime(bits - (bits >> 1), e, 40);
-    p = await randomProbablePrime(bits >> 1, e, 40);
-    n = p.mul(q);
-  } while (n.bitLength() !== bits);
+    q = randomProbablePrime(bits - (bits >> 1), e, 40);
+    p = randomProbablePrime(bits >> 1, e, 40);
+    n = p * q;
+  } while (bitLength(n) !== bits);
 
-  const phi = p.dec().imul(q.dec());
+  const phi = (p - _1n$2) * (q - _1n$2);
 
-  if (q.lt(p)) {
+  if (q < p) {
     [p, q] = [q, p];
   }
 
   return {
-    n: n.toUint8Array(),
-    e: e.toUint8Array(),
-    d: e.modInv(phi).toUint8Array(),
-    p: p.toUint8Array(),
-    q: q.toUint8Array(),
+    n: bigIntToUint8Array(n),
+    e: bigIntToUint8Array(e),
+    d: bigIntToUint8Array(modInv(e, phi)),
+    p: bigIntToUint8Array(p),
+    q: bigIntToUint8Array(q),
     // dp: d.mod(p.subn(1)),
     // dq: d.mod(q.subn(1)),
-    u: p.modInv(q).toUint8Array()
+    u: bigIntToUint8Array(modInv(p, q))
   };
 }
 
@@ -6554,26 +6702,24 @@ async function generate$5(bits, e) {
  * @async
  */
 async function validateParams$8(n, e, d, p, q, u) {
-  const BigInteger = await util.getBigInteger();
-
-  n = new BigInteger(n);
-  p = new BigInteger(p);
-  q = new BigInteger(q);
+  n = uint8ArrayToBigInt(n);
+  p = uint8ArrayToBigInt(p);
+  q = uint8ArrayToBigInt(q);
 
   // expect pq = n
-  if (!p.mul(q).equal(n)) {
+  if ((p * q) !== n) {
     return false;
   }
 
-  const two = new BigInteger(2);
+  const _2n = BigInt(2);
   // expect p*u = 1 mod q
-  u = new BigInteger(u);
-  if (!p.mul(u).mod(q).isOne()) {
+  u = uint8ArrayToBigInt(u);
+  if (mod$1(p * u, q) !== BigInt(1)) {
     return false;
   }
 
-  e = new BigInteger(e);
-  d = new BigInteger(d);
+  e = uint8ArrayToBigInt(e);
+  d = uint8ArrayToBigInt(d);
   /**
    * In RSA pkcs#1 the exponents (d, e) are inverses modulo lcm(p-1, q-1)
    * We check that [de = 1 mod (p-1)] and [de = 1 mod (q-1)]
@@ -6581,11 +6727,11 @@ async function validateParams$8(n, e, d, p, q, u) {
    *
    * We blind the multiplication with r, and check that rde = r mod lcm(p-1, q-1)
    */
-  const nSizeOver3 = new BigInteger(Math.floor(n.bitLength() / 3));
-  const r = await getRandomBigInteger(two, two.leftShift(nSizeOver3)); // r in [ 2, 2^{|n|/3} ) < p and q
-  const rde = r.mul(d).mul(e);
+  const nSizeOver3 = BigInt(Math.floor(bitLength(n) / 3));
+  const r = getRandomBigInteger(_2n, _2n << nSizeOver3); // r in [ 2, 2^{|n|/3} ) < p and q
+  const rde = r * d * e;
 
-  const areInverses = rde.mod(p.dec()).equal(r) && rde.mod(q.dec()).equal(r);
+  const areInverses = mod$1(rde, p - _1n$2) === r && mod$1(rde, q - _1n$2) === r;
   if (!areInverses) {
     return false;
   }
@@ -6594,15 +6740,13 @@ async function validateParams$8(n, e, d, p, q, u) {
 }
 
 async function bnSign(hashAlgo, n, d, hashed) {
-  const BigInteger = await util.getBigInteger();
-
-  n = new BigInteger(n);
-  const m = new BigInteger(await emsaEncode(hashAlgo, hashed, n.byteLength()));
-  d = new BigInteger(d);
-  if (m.gte(n)) {
+  n = uint8ArrayToBigInt(n);
+  const m = uint8ArrayToBigInt(emsaEncode(hashAlgo, hashed, byteLength(n)));
+  d = uint8ArrayToBigInt(d);
+  if (m >= n) {
     throw new Error('Message size cannot exceed modulus size');
   }
-  return m.modExp(d, n).toUint8Array('be', n.byteLength());
+  return bigIntToUint8Array(modExp(m, d, n), 'be', byteLength(n));
 }
 
 async function webSign$1(hashName, data, n, e, d, p, q, u) {
@@ -6632,16 +6776,14 @@ async function nodeSign$1(hashAlgo, data, n, e, d, p, q, u) {
 }
 
 async function bnVerify(hashAlgo, s, n, e, hashed) {
-  const BigInteger = await util.getBigInteger();
-
-  n = new BigInteger(n);
-  s = new BigInteger(s);
-  e = new BigInteger(e);
-  if (s.gte(n)) {
+  n = uint8ArrayToBigInt(n);
+  s = uint8ArrayToBigInt(s);
+  e = uint8ArrayToBigInt(e);
+  if (s >= n) {
     throw new Error('Signature size cannot exceed modulus size');
   }
-  const EM1 = s.modExp(e, n).toUint8Array('be', n.byteLength());
-  const EM2 = await emsaEncode(hashAlgo, hashed, n.byteLength());
+  const EM1 = bigIntToUint8Array(modExp(s, e, n), 'be', byteLength(n));
+  const EM2 = emsaEncode(hashAlgo, hashed, byteLength(n));
   return util.equalsUint8Array(EM1, EM2);
 }
 
@@ -6663,7 +6805,7 @@ async function nodeVerify$1(hashAlgo, data, s, n, e) {
   verify.end();
 
   try {
-    return await verify.verify(key, s);
+    return verify.verify(key, s);
   } catch (err) {
     return false;
   }
@@ -6677,15 +6819,13 @@ async function nodeEncrypt(data, n, e) {
 }
 
 async function bnEncrypt(data, n, e) {
-  const BigInteger = await util.getBigInteger();
-
-  n = new BigInteger(n);
-  data = new BigInteger(emeEncode(data, n.byteLength()));
-  e = new BigInteger(e);
-  if (data.gte(n)) {
+  n = uint8ArrayToBigInt(n);
+  data = uint8ArrayToBigInt(emeEncode(data, byteLength(n)));
+  e = uint8ArrayToBigInt(e);
+  if (data >= n) {
     throw new Error('Message size cannot exceed modulus size');
   }
-  return data.modExp(e, n).toUint8Array('be', n.byteLength());
+  return bigIntToUint8Array(modExp(data, e, n), 'be', byteLength(n));
 }
 
 async function nodeDecrypt(data, n, e, d, p, q, u) {
@@ -6700,36 +6840,32 @@ async function nodeDecrypt(data, n, e, d, p, q, u) {
 }
 
 async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {
-  const BigInteger = await util.getBigInteger();
-
-  data = new BigInteger(data);
-  n = new BigInteger(n);
-  e = new BigInteger(e);
-  d = new BigInteger(d);
-  p = new BigInteger(p);
-  q = new BigInteger(q);
-  u = new BigInteger(u);
-  if (data.gte(n)) {
+  data = uint8ArrayToBigInt(data);
+  n = uint8ArrayToBigInt(n);
+  e = uint8ArrayToBigInt(e);
+  d = uint8ArrayToBigInt(d);
+  p = uint8ArrayToBigInt(p);
+  q = uint8ArrayToBigInt(q);
+  u = uint8ArrayToBigInt(u);
+  if (data >= n) {
     throw new Error('Data too large.');
   }
-  const dq = d.mod(q.dec()); // d mod (q-1)
-  const dp = d.mod(p.dec()); // d mod (p-1)
-
-  const unblinder = (await getRandomBigInteger(new BigInteger(2), n)).mod(n);
-  const blinder = unblinder.modInv(n).modExp(e, n);
-  data = data.mul(blinder).mod(n);
+  const dq = mod$1(d, q - _1n$2); // d mod (q-1)
+  const dp = mod$1(d, p - _1n$2); // d mod (p-1)
 
+  const unblinder = getRandomBigInteger(BigInt(2), n);
+  const blinder = modExp(modInv(unblinder, n), e, n);
+  data = mod$1(data * blinder, n);
 
-  const mp = data.modExp(dp, p); // data**{d mod (q-1)} mod p
-  const mq = data.modExp(dq, q); // data**{d mod (p-1)} mod q
-  const h = u.mul(mq.sub(mp)).mod(q); // u * (mq-mp) mod q (operands already < q)
+  const mp = modExp(data, dp, p); // data**{d mod (q-1)} mod p
+  const mq = modExp(data, dq, q); // data**{d mod (p-1)} mod q
+  const h = mod$1(u * (mq - mp), q); // u * (mq-mp) mod q (operands already < q)
 
-  let result = h.mul(p).add(mp); // result < n due to relations above
+  let result = h * p + mp; // result < n due to relations above
 
-  result = result.mul(unblinder).mod(n);
+  result = mod$1(result * unblinder, n);
 
-
-  return emeDecode(result.toUint8Array('be', n.byteLength()), randomPayload);
+  return emeDecode(bigIntToUint8Array(result, 'be', byteLength(n)), randomPayload);
 }
 
 /** Convert Openpgp private key params to jwk key according to
@@ -6743,28 +6879,26 @@ async function bnDecrypt(data, n, e, d, p, q, u, randomPayload) {
  * @param {Uint8Array} u
  */
 async function privateToJWK$1(n, e, d, p, q, u) {
-  const BigInteger = await util.getBigInteger();
-
-  const pNum = new BigInteger(p);
-  const qNum = new BigInteger(q);
-  const dNum = new BigInteger(d);
-
-  let dq = dNum.mod(qNum.dec()); // d mod (q-1)
-  let dp = dNum.mod(pNum.dec()); // d mod (p-1)
-  dp = dp.toUint8Array();
-  dq = dq.toUint8Array();
+  const pNum = uint8ArrayToBigInt(p);
+  const qNum = uint8ArrayToBigInt(q);
+  const dNum = uint8ArrayToBigInt(d);
+
+  let dq = mod$1(dNum, qNum - _1n$2); // d mod (q-1)
+  let dp = mod$1(dNum, pNum - _1n$2); // d mod (p-1)
+  dp = bigIntToUint8Array(dp);
+  dq = bigIntToUint8Array(dq);
   return {
     kty: 'RSA',
-    n: uint8ArrayToB64(n, true),
-    e: uint8ArrayToB64(e, true),
-    d: uint8ArrayToB64(d, true),
+    n: uint8ArrayToB64(n),
+    e: uint8ArrayToB64(e),
+    d: uint8ArrayToB64(d),
     // switch p and q
-    p: uint8ArrayToB64(q, true),
-    q: uint8ArrayToB64(p, true),
+    p: uint8ArrayToB64(q),
+    q: uint8ArrayToB64(p),
     // switch dp and dq
-    dp: uint8ArrayToB64(dq, true),
-    dq: uint8ArrayToB64(dp, true),
-    qi: uint8ArrayToB64(u, true),
+    dp: uint8ArrayToB64(dq),
+    dq: uint8ArrayToB64(dp),
+    qi: uint8ArrayToB64(u),
     ext: true
   };
 }
@@ -6778,8 +6912,8 @@ async function privateToJWK$1(n, e, d, p, q, u) {
 function publicToJWK(n, e) {
   return {
     kty: 'RSA',
-    n: uint8ArrayToB64(n, true),
-    e: uint8ArrayToB64(e, true),
+    n: uint8ArrayToB64(n),
+    e: uint8ArrayToB64(e),
     ext: true
   };
 }
@@ -6788,7 +6922,7 @@ function publicToJWK(n, e) {
 function jwkToPrivate(jwk, e) {
   return {
     n: b64ToUint8Array(jwk.n),
-    e: e.toUint8Array(),
+    e: bigIntToUint8Array(e),
     d: b64ToUint8Array(jwk.d),
     // switch p and q
     p: b64ToUint8Array(jwk.q),
@@ -6826,6 +6960,8 @@ var rsa = /*#__PURE__*/Object.freeze({
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 
+const _1n$1 = BigInt(1);
+
 /**
  * ElGamal Encryption function
  * Note that in OpenPGP, the message needs to be padded with PKCS#1 (same as RSA)
@@ -6837,21 +6973,19 @@ var rsa = /*#__PURE__*/Object.freeze({
  * @async
  */
 async function encrypt$3(data, p, g, y) {
-  const BigInteger = await util.getBigInteger();
-
-  p = new BigInteger(p);
-  g = new BigInteger(g);
-  y = new BigInteger(y);
+  p = uint8ArrayToBigInt(p);
+  g = uint8ArrayToBigInt(g);
+  y = uint8ArrayToBigInt(y);
 
-  const padded = emeEncode(data, p.byteLength());
-  const m = new BigInteger(padded);
+  const padded = emeEncode(data, byteLength(p));
+  const m = uint8ArrayToBigInt(padded);
 
   // OpenPGP uses a "special" version of ElGamal where g is generator of the full group Z/pZ*
   // hence g has order p-1, and to avoid that k = 0 mod p-1, we need to pick k in [1, p-2]
-  const k = await getRandomBigInteger(new BigInteger(1), p.dec());
+  const k = getRandomBigInteger(_1n$1, p - _1n$1);
   return {
-    c1: g.modExp(k, p).toUint8Array(),
-    c2: y.modExp(k, p).imul(m).imod(p).toUint8Array()
+    c1: bigIntToUint8Array(modExp(g, k, p)),
+    c2: bigIntToUint8Array(mod$1(modExp(y, k, p) * m, p))
   };
 }
 
@@ -6868,15 +7002,13 @@ async function encrypt$3(data, p, g, y) {
  * @async
  */
 async function decrypt$3(c1, c2, p, x, randomPayload) {
-  const BigInteger = await util.getBigInteger();
-
-  c1 = new BigInteger(c1);
-  c2 = new BigInteger(c2);
-  p = new BigInteger(p);
-  x = new BigInteger(x);
+  c1 = uint8ArrayToBigInt(c1);
+  c2 = uint8ArrayToBigInt(c2);
+  p = uint8ArrayToBigInt(p);
+  x = uint8ArrayToBigInt(x);
 
-  const padded = c1.modExp(x, p).modInv(p).imul(c2).imod(p);
-  return emeDecode(padded.toUint8Array('be', p.byteLength()), randomPayload);
+  const padded = mod$1(modInv(modExp(c1, x, p), p) * c2, p);
+  return emeDecode(bigIntToUint8Array(padded, 'be', byteLength(p)), randomPayload);
 }
 
 /**
@@ -6889,22 +7021,19 @@ async function decrypt$3(c1, c2, p, x, randomPayload) {
  * @async
  */
 async function validateParams$7(p, g, y, x) {
-  const BigInteger = await util.getBigInteger();
+  p = uint8ArrayToBigInt(p);
+  g = uint8ArrayToBigInt(g);
+  y = uint8ArrayToBigInt(y);
 
-  p = new BigInteger(p);
-  g = new BigInteger(g);
-  y = new BigInteger(y);
-
-  const one = new BigInteger(1);
   // Check that 1 < g < p
-  if (g.lte(one) || g.gte(p)) {
+  if (g <= _1n$1 || g >= p) {
     return false;
   }
 
   // Expect p-1 to be large
-  const pSize = new BigInteger(p.bitLength());
-  const n1023 = new BigInteger(1023);
-  if (pSize.lt(n1023)) {
+  const pSize = BigInt(bitLength(p));
+  const _1023n = BigInt(1023);
+  if (pSize < _1023n) {
     return false;
   }
 
@@ -6912,7 +7041,7 @@ async function validateParams$7(p, g, y, x) {
    * g should have order p-1
    * Check that g ** (p-1) = 1 mod p
    */
-  if (!g.modExp(p.dec(), p).isOne()) {
+  if (modExp(g, p - _1n$1, p) !== _1n$1) {
     return false;
   }
 
@@ -6923,14 +7052,15 @@ async function validateParams$7(p, g, y, x) {
    * We just check g**i != 1 for all i up to a threshold
    */
   let res = g;
-  const i = new BigInteger(1);
-  const threshold = new BigInteger(2).leftShift(new BigInteger(17)); // we want order > threshold
-  while (i.lt(threshold)) {
-    res = res.mul(g).imod(p);
-    if (res.isOne()) {
+  let i = BigInt(1);
+  const _2n = BigInt(2);
+  const threshold = _2n << BigInt(17); // we want order > threshold
+  while (i < threshold) {
+    res = mod$1(res * g, p);
+    if (res === _1n$1) {
       return false;
     }
-    i.iinc();
+    i++;
   }
 
   /**
@@ -6939,11 +7069,10 @@ async function validateParams$7(p, g, y, x) {
    *
    * Blinded exponentiation computes g**{r(p-1) + x} to compare to y
    */
-  x = new BigInteger(x);
-  const two = new BigInteger(2);
-  const r = await getRandomBigInteger(two.leftShift(pSize.dec()), two.leftShift(pSize)); // draw r of same size as p-1
-  const rqx = p.dec().imul(r).iadd(x);
-  if (!y.equal(g.modExp(rqx, p))) {
+  x = uint8ArrayToBigInt(x);
+  const r = getRandomBigInteger(_2n << (pSize - _1n$1), _2n << pSize); // draw r of same size as p-1
+  const rqx = (p - _1n$1) * r + x;
+  if (y !== modExp(g, rqx, p)) {
     return false;
   }
 
@@ -9087,8 +9216,8 @@ function rawPublicToJWK(payloadSize, name, publicKey) {
   const jwk = {
     kty: 'EC',
     crv: name,
-    x: uint8ArrayToB64(bufX, true),
-    y: uint8ArrayToB64(bufY, true),
+    x: uint8ArrayToB64(bufX),
+    y: uint8ArrayToB64(bufY),
     ext: true
   };
   return jwk;
@@ -9104,7 +9233,7 @@ function rawPublicToJWK(payloadSize, name, publicKey) {
  */
 function privateToJWK(payloadSize, name, publicKey, privateKey) {
   const jwk = rawPublicToJWK(payloadSize, name, publicKey);
-  jwk.d = uint8ArrayToB64(privateKey, true);
+  jwk.d = uint8ArrayToB64(privateKey);
   return jwk;
 }
 
@@ -9172,8 +9301,8 @@ async function sign$6(oid, hashAlgo, message, publicKey, privateKey, hashed) {
   // lowS: non-canonical sig: https://stackoverflow.com/questions/74338846/ecdsa-signature-verification-mismatch
   const signature = nobleCurve.sign(hashed, privateKey, { lowS: false });
   return {
-    r: signature.r.toUint8Array('be', curve.payloadSize),
-    s: signature.s.toUint8Array('be', curve.payloadSize)
+    r: bigIntToUint8Array(signature.r, 'be', curve.payloadSize),
+    s: bigIntToUint8Array(signature.s, 'be', curve.payloadSize)
   };
 }
 
@@ -9256,6 +9385,7 @@ async function validateParams$6(oid, Q, d) {
       const hashed = await hash.digest(hashAlgo, message);
       try {
         const signature = await sign$6(oid, hashAlgo, message, Q, d, hashed);
+        // eslint-disable-next-line @typescript-eslint/return-await
         return await verify$6(oid, hashAlgo, signature, message, Q, hashed);
       } catch (err) {
         return false;
@@ -10514,6 +10644,9 @@ var elliptic = /*#__PURE__*/Object.freeze({
    https://tools.ietf.org/html/rfc4880#section-14
 */
 
+const _0n = BigInt(0);
+const _1n = BigInt(1);
+
 /**
  * DSA Sign function
  * @param {Integer} hashAlgo
@@ -10526,26 +10659,24 @@ var elliptic = /*#__PURE__*/Object.freeze({
  * @async
  */
 async function sign$3(hashAlgo, hashed, g, p, q, x) {
-  const BigInteger = await util.getBigInteger();
-
-  const one = new BigInteger(1);
-  p = new BigInteger(p);
-  q = new BigInteger(q);
-  g = new BigInteger(g);
-  x = new BigInteger(x);
+  const _0n = BigInt(0);
+  p = uint8ArrayToBigInt(p);
+  q = uint8ArrayToBigInt(q);
+  g = uint8ArrayToBigInt(g);
+  x = uint8ArrayToBigInt(x);
 
   let k;
   let r;
   let s;
   let t;
-  g = g.mod(p);
-  x = x.mod(q);
+  g = mod$1(g, p);
+  x = mod$1(x, q);
   // If the output size of the chosen hash is larger than the number of
   // bits of q, the hash result is truncated to fit by taking the number
   // of leftmost bits equal to the number of bits of q.  This (possibly
   // truncated) hash function result is treated as a number and used
   // directly in the DSA signature algorithm.
-  const h = new BigInteger(hashed.subarray(0, q.byteLength())).mod(q);
+  const h = mod$1(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);
   // FIPS-186-4, section 4.6:
   // The values of r and s shall be checked to determine if r = 0 or s = 0.
   // If either r = 0 or s = 0, a new value of k shall be generated, and the
@@ -10553,22 +10684,22 @@ async function sign$3(hashAlgo, hashed, g, p, q, x) {
   // or s = 0 if signatures are generated properly.
   while (true) {
     // See Appendix B here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
-    k = await getRandomBigInteger(one, q); // returns in [1, q-1]
-    r = g.modExp(k, p).imod(q); // (g**k mod p) mod q
-    if (r.isZero()) {
+    k = getRandomBigInteger(_1n, q); // returns in [1, q-1]
+    r = mod$1(modExp(g, k, p), q); // (g**k mod p) mod q
+    if (r === _0n) {
       continue;
     }
-    const xr = x.mul(r).imod(q);
-    t = h.add(xr).imod(q); // H(m) + x*r mod q
-    s = k.modInv(q).imul(t).imod(q); // k**-1 * (H(m) + x*r) mod q
-    if (s.isZero()) {
+    const xr = mod$1(x * r, q);
+    t = mod$1(h + xr, q); // H(m) + x*r mod q
+    s = mod$1(modInv(k, q) * t, q); // k**-1 * (H(m) + x*r) mod q
+    if (s === _0n) {
       continue;
     }
     break;
   }
   return {
-    r: r.toUint8Array('be', q.byteLength()),
-    s: s.toUint8Array('be', q.byteLength())
+    r: bigIntToUint8Array(r, 'be', byteLength(p)),
+    s: bigIntToUint8Array(s, 'be', byteLength(p))
   };
 }
 
@@ -10586,37 +10717,34 @@ async function sign$3(hashAlgo, hashed, g, p, q, x) {
  * @async
  */
 async function verify$3(hashAlgo, r, s, hashed, g, p, q, y) {
-  const BigInteger = await util.getBigInteger();
-
-  const zero = new BigInteger(0);
-  r = new BigInteger(r);
-  s = new BigInteger(s);
+  r = uint8ArrayToBigInt(r);
+  s = uint8ArrayToBigInt(s);
 
-  p = new BigInteger(p);
-  q = new BigInteger(q);
-  g = new BigInteger(g);
-  y = new BigInteger(y);
+  p = uint8ArrayToBigInt(p);
+  q = uint8ArrayToBigInt(q);
+  g = uint8ArrayToBigInt(g);
+  y = uint8ArrayToBigInt(y);
 
-  if (r.lte(zero) || r.gte(q) ||
-      s.lte(zero) || s.gte(q)) {
+  if (r <= _0n || r >= q ||
+      s <= _0n || s >= q) {
     util.printDebug('invalid DSA Signature');
     return false;
   }
-  const h = new BigInteger(hashed.subarray(0, q.byteLength())).imod(q);
-  const w = s.modInv(q); // s**-1 mod q
-  if (w.isZero()) {
+  const h = mod$1(uint8ArrayToBigInt(hashed.subarray(0, byteLength(q))), q);
+  const w = modInv(s, q); // s**-1 mod q
+  if (w === _0n) {
     util.printDebug('invalid DSA Signature');
     return false;
   }
 
-  g = g.mod(p);
-  y = y.mod(p);
-  const u1 = h.mul(w).imod(q); // H(m) * w mod q
-  const u2 = r.mul(w).imod(q); // r * w mod q
-  const t1 = g.modExp(u1, p); // g**u1 mod p
-  const t2 = y.modExp(u2, p); // y**u2 mod p
-  const v = t1.mul(t2).imod(p).imod(q); // (g**u1 * y**u2 mod p) mod q
-  return v.equal(r);
+  g = mod$1(g, p);
+  y = mod$1(y, p);
+  const u1 = mod$1(h * w, q); // H(m) * w mod q
+  const u2 = mod$1(r * w, q); // r * w mod q
+  const t1 = modExp(g, u1, p); // g**u1 mod p
+  const t2 = modExp(y, u2, p); // y**u2 mod p
+  const v = mod$1(mod$1(t1 * t2, p), q); // (g**u1 * y**u2 mod p) mod q
+  return v === r;
 }
 
 /**
@@ -10630,22 +10758,19 @@ async function verify$3(hashAlgo, r, s, hashed, g, p, q, y) {
  * @async
  */
 async function validateParams$1(p, q, g, y, x) {
-  const BigInteger = await util.getBigInteger();
-
-  p = new BigInteger(p);
-  q = new BigInteger(q);
-  g = new BigInteger(g);
-  y = new BigInteger(y);
-  const one = new BigInteger(1);
+  p = uint8ArrayToBigInt(p);
+  q = uint8ArrayToBigInt(q);
+  g = uint8ArrayToBigInt(g);
+  y = uint8ArrayToBigInt(y);
   // Check that 1 < g < p
-  if (g.lte(one) || g.gte(p)) {
+  if (g <= _1n || g >= p) {
     return false;
   }
 
   /**
    * Check that subgroup order q divides p-1
    */
-  if (!p.dec().mod(q).isZero()) {
+  if (mod$1(p - _1n, q) !== _0n) {
     return false;
   }
 
@@ -10653,16 +10778,16 @@ async function validateParams$1(p, q, g, y, x) {
    * g has order q
    * Check that g ** q = 1 mod p
    */
-  if (!g.modExp(q, p).isOne()) {
+  if (modExp(g, q, p) !== _1n) {
     return false;
   }
 
   /**
    * Check q is large and probably prime (we mainly want to avoid small factors)
    */
-  const qSize = new BigInteger(q.bitLength());
-  const n150 = new BigInteger(150);
-  if (qSize.lt(n150) || !(await isProbablePrime(q, null, 32))) {
+  const qSize = BigInt(bitLength(q));
+  const _150n = BigInt(150);
+  if (qSize < _150n || !isProbablePrime(q, null, 32)) {
     return false;
   }
 
@@ -10672,11 +10797,11 @@ async function validateParams$1(p, q, g, y, x) {
    *
    * Blinded exponentiation computes g**{rq + x} to compare to y
    */
-  x = new BigInteger(x);
-  const two = new BigInteger(2);
-  const r = await getRandomBigInteger(two.leftShift(qSize.dec()), two.leftShift(qSize)); // draw r of same size as q
-  const rqx = q.mul(r).add(x);
-  if (!y.equal(g.modExp(rqx, p))) {
+  x = uint8ArrayToBigInt(x);
+  const _2n = BigInt(2);
+  const r = getRandomBigInteger(_2n << (qSize - _1n), _2n << qSize); // draw r of same size as q
+  const rqx = q * r + x;
+  if (y !== modExp(g, rqx, p)) {
     return false;
   }
 
@@ -16049,7 +16174,7 @@ async function runAEAD(packet, fn, key, data) {
           done = true;
         }
         cryptedBytes += chunk.length - tagLengthIfDecrypting;
-        // eslint-disable-next-line no-loop-func
+        // eslint-disable-next-line @typescript-eslint/no-loop-func
         latestPromise = latestPromise.then(() => cryptedPromise).then(async crypted => {
           await writer.ready;
           await writer.write(crypted);
@@ -17185,7 +17310,7 @@ class PublicSubkeyPacket extends PublicKeyPacket {
    * @param {Date} [date] - Creation date
    * @param {Object} [config] - Full configuration, defaults to openpgp.config
    */
-  // eslint-disable-next-line no-useless-constructor
+  // eslint-disable-next-line @typescript-eslint/no-useless-constructor
   constructor(date, config) {
     super(date, config);
   }
@@ -18090,7 +18215,7 @@ class PaddingPacket {
    * Read a padding packet
    * @param {Uint8Array | ReadableStream<Uint8Array>} bytes
    */
-  read(bytes) { // eslint-disable-line no-unused-vars
+  read(bytes) { // eslint-disable-line @typescript-eslint/no-unused-vars
     // Padding packets are ignored, so this function is never called.
   }
 
@@ -18374,7 +18499,7 @@ async function getPreferredCompressionAlgo(keys = [], date = new Date(), userIDs
 async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config$1 = config) {
   const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config$1)));
   const withAEAD = keys.length ?
-    selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :
+    !config$1.ignoreSEIPDv2FeatureFlag && selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :
     config$1.aeadProtect;
 
   if (withAEAD) {
@@ -19644,6 +19769,7 @@ class Key {
       }
     }
     if (!users.length) {
+      // eslint-disable-next-line @typescript-eslint/no-throw-literal
       throw exception || new Error('Could not find primary user');
     }
     await Promise.all(users.map(async function (a) {
@@ -20554,7 +20680,12 @@ async function readKey({ armoredKey, binaryKey, config: config$1, ...rest }) {
     input = binaryKey;
   }
   const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1);
-  return createKey(packetlist);
+  const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);
+  if (keyIndex.length === 0) {
+    throw new Error('No key packet found');
+  }
+  const firstKeyPacketList = packetlist.slice(keyIndex[0], keyIndex[1]);
+  return createKey(firstKeyPacketList);
 }
 
 /**
@@ -20591,7 +20722,15 @@ async function readPrivateKey({ armoredKey, binaryKey, config: config$1, ...rest
     input = binaryKey;
   }
   const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1);
-  return new PrivateKey(packetlist);
+  const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);
+  for (let i = 0; i < keyIndex.length; i++) {
+    if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {
+      continue;
+    }
+    const firstPrivateKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);
+    return new PrivateKey(firstPrivateKeyList);
+  }
+  throw new Error('No secret key packet found');
 }
 
 /**
@@ -20670,15 +20809,18 @@ async function readPrivateKeys({ armoredKeys, binaryKeys, config: config$1 }) {
   }
   const keys = [];
   const packetlist = await PacketList.fromBinary(input, allowedKeyPackets, config$1);
-  const keyIndex = packetlist.indexOfTag(enums.packet.secretKey);
-  if (keyIndex.length === 0) {
-    throw new Error('No secret key packet found');
-  }
+  const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);
   for (let i = 0; i < keyIndex.length; i++) {
+    if (packetlist[keyIndex[i]].constructor.tag === enums.packet.publicKey) {
+      continue;
+    }
     const oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]);
     const newKey = new PrivateKey(oneKeyList);
     keys.push(newKey);
   }
+  if (keys.length === 0) {
+    throw new Error('No secret key packet found');
+  }
   return keys;
 }
 
@@ -22092,7 +22234,7 @@ async function encrypt({ message, encryptionKeys, signingKeys, passwords, sessio
     // serialize data
     const armor = format === 'armored';
     const data = armor ? message.armor(config$1) : message.write();
-    return convertStream(data);
+    return await convertStream(data);
   } catch (err) {
     throw util.wrapError('Error encrypting message', err);
   }
@@ -22229,7 +22371,7 @@ async function sign({ message, signingKeys, format = 'armored', detached = false
         ]);
       });
     }
-    return convertStream(signature);
+    return await convertStream(signature);
   } catch (err) {
     throw util.wrapError('Error signing message', err);
   }
@@ -22412,12 +22554,12 @@ async function decryptSessionKeys({ message, decryptionKeys, passwords, date = n
  */
 function checkString(data, name) {
   if (!util.isString(data)) {
-    throw new Error('Parameter [' + (name || 'data') + '] must be of type String');
+    throw new Error('Parameter [' + (name ) + '] must be of type String');
   }
 }
 function checkBinary(data, name) {
   if (!util.isUint8Array(data)) {
-    throw new Error('Parameter [' + (name || 'data') + '] must be of type Uint8Array');
+    throw new Error('Parameter [' + ('data') + '] must be of type Uint8Array');
   }
 }
 function checkMessage(message) {