npm - @protontech/openpgp - Versions diffs - 6.1.1-patch.0 → 6.1.1-patch.2 - Mend

@protontech/openpgp 6.1.1-patch.0 → 6.1.1-patch.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/dist/lightweight/argon2id.min.mjs +1 -1
package/dist/lightweight/argon2id.mjs +1 -1
package/dist/lightweight/legacy_ciphers.min.mjs +1 -1
package/dist/lightweight/legacy_ciphers.mjs +1 -1
package/dist/lightweight/noble_curves.min.mjs +1 -1
package/dist/lightweight/noble_curves.mjs +1 -1
package/dist/lightweight/noble_hashes.min.mjs +1 -1
package/dist/lightweight/noble_hashes.mjs +1 -1
package/dist/lightweight/noble_post_quantum.min.mjs +1 -1
package/dist/lightweight/noble_post_quantum.mjs +1 -1
package/dist/lightweight/openpgp.min.mjs +4 -4
package/dist/lightweight/openpgp.min.mjs.map +1 -1
package/dist/lightweight/openpgp.mjs +190 -27
package/dist/lightweight/seek-bzip.min.mjs +1 -1
package/dist/lightweight/seek-bzip.mjs +1 -1
package/dist/lightweight/sha3.min.mjs +1 -1
package/dist/lightweight/sha3.mjs +1 -1
package/dist/lightweight/sha512.min.mjs +1 -1
package/dist/lightweight/sha512.mjs +1 -1
package/dist/node/openpgp.cjs +190 -26
package/dist/node/openpgp.min.cjs +16 -16
package/dist/node/openpgp.min.cjs.map +1 -1
package/dist/node/openpgp.min.mjs +16 -16
package/dist/node/openpgp.min.mjs.map +1 -1
package/dist/node/openpgp.mjs +190 -27
package/dist/openpgp.js +190 -26
package/dist/openpgp.min.js +16 -16
package/dist/openpgp.min.js.map +1 -1
package/dist/openpgp.min.mjs +16 -16
package/dist/openpgp.min.mjs.map +1 -1
package/dist/openpgp.mjs +190 -27
package/openpgp.d.ts +4 -241
package/package.json +3 -2
package/src/config/config.d.ts +68 -0
package/src/config/index.d.ts +13 -0
package/src/enums.d.ts +195 -0

package/dist/lightweight/openpgp.min.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
-/*! OpenPGP.js v6.1.1-patch.0 - 2025-02-12 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
-const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),n=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function a(e){return e&&e.getReader&&Array.isArray(e)}function s(e){if(!a(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function o(t){if(a(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function c(e){return Uint8Array.prototype.isPrototypeOf(e)}function u(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!c(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let i=0;return e.forEach((function(e){r.set(e,i),i+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[n]&&(this[n]=0),{read:async()=>(await this[t],this[n]===this.length?{value:void 0,done:!0}:{value:this[this[n]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[n]));return this.length=0,r},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[t]=this[t].then((()=>{e.push(...this)})),e},s.prototype.write=async function(e){this.stream.push(e)},s.prototype.close=async function(){this.stream[r]()},s.prototype.abort=async function(e){return this.stream[i](e),e},s.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const h=new WeakSet,l=Symbol("externalBuffer");function y(e){if(this.stream=e,e[l]&&(this[l]=e[l].slice()),a(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||h.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{h.add(e)}catch(e){}}}function p(e){return o(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function g(e){if(o(e))return e;const t=new ArrayStream;return(async()=>{const r=I(t);await r.write(e),await r.close()})(),t}function d(e){return e.some((e=>o(e)&&!a(e)))?function(e){e=e.map(p);const t=w((async function(e){await Promise.all(i.map((t=>U(t,e))))}));let r=Promise.resolve();const i=e.map(((i,n)=>k(i,((i,a)=>(r=r.then((()=>f(i,t.writable,{preventClose:n!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>a(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((i,n)=>(r=r.then((()=>f(i,t,{preventClose:n!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):u(e)}async function f(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:n=!1}={}){if(o(e)&&!a(e)){e=p(e);try{if(e[l]){const r=I(t);for(let t=0;t<e[l].length;t++)await r.ready,await r.write(e[l][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:i,preventCancel:n})}catch(e){}return}const s=x(e=g(e)),c=I(t);try{for(;;){await c.ready;const{done:e,value:t}=await s.read();if(e){r||await c.close();break}await c.write(t)}}catch(e){i||await c.abort(e)}finally{s.releaseLock(),c.releaseLock()}}function m(e,t){const r=new TransformStream(t);return f(e,r.writable),r.readable}function w(e){let t,r,i,n=!1,a=!1;return{readable:new ReadableStream({start(e){i=e},pull(){t?t():n=!0},async cancel(t){a=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(a)throw Error("Stream is cancelled");i.enqueue(e),n?n=!1:(await new Promise(((e,i)=>{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function b(e,t=()=>{},r=()=>{}){if(a(e)){const i=new ArrayStream;return(async()=>{const n=I(i);try{const i=await P(e),a=t(i),s=r();let o;o=void 0!==a&&void 0!==s?d([a,s]):void 0!==a?a:s,await n.write(o),await n.close()}catch(e){await n.abort(e)}})(),i}if(o(e))return m(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),n=r();return void 0!==i&&void 0!==n?d([i,n]):void 0!==i?i:n}function k(e,t){if(o(e)&&!a(e)){let r;const i=new TransformStream({start(e){r=e}}),n=f(e,i.writable),a=w((async function(e){r.error(e),await n,await new Promise(setTimeout)}));return t(i.readable,a.writable),a.readable}e=g(e);const r=new ArrayStream;return t(e,r),r}function v(e,t){let r;const i=k(e,((e,n)=>{const a=x(e);a.remainder=()=>(a.releaseLock(),f(e,n),i),r=t(a)}));return r}function K(e){if(a(e))return e.clone();if(o(e)){const t=function(e){if(a(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(o(e)){const t=p(e).tee();return t[0][l]=t[1][l]=e[l],t}return[S(e),S(e)]}(e);return E(e,t[0]),t[1]}return S(e)}function A(e){return a(e)?K(e):o(e)?new ReadableStream({start(t){const r=k(e,(async(e,r)=>{const i=x(e),n=I(r);try{for(;;){await n.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await n.close()}try{t.enqueue(r)}catch(e){}await n.write(r)}}catch(e){t.error(e),await n.abort(e)}}));E(e,r)}}):S(e)}function E(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function S(e,t=0,r=1/0){if(a(e))throw Error("Not implemented");if(o(e)){if(t>=0&&r>=0){let i=0;return m(e,{transform(e,n){i<r?(i+e.length>=t&&n.enqueue(S(e,Math.max(t-i,0),r-i)),i+=e.length):n.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return b(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>S(d(i),t,r)))}if(0===t&&r<0){let i;return b(e,(e=>{const n=i?d([i,e]):e;if(n.length>=-r)return i=S(n,r),S(n,t,r);i=n}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),D((async()=>S(await P(e),t,r)))}return e[l]&&(e=d(e[l].concat([e]))),c(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function P(e,t=d){return a(e)?e.readToEnd(t):o(e)?x(e).readToEnd(t):e}async function U(e,t){if(o(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function D(e){const t=new ArrayStream;return(async()=>{const r=I(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function x(e){return new y(e)}function I(e){return new s(e)}y.prototype.read=async function(){if(this[l]&&this[l].length){return{done:!1,value:this[l].shift()}}return this._read()},y.prototype.releaseLock=function(){this[l]&&(this.stream[l]=this[l]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?d(t):void 0;const n=i.indexOf("\n")+1;n&&(e=d(t.concat(i.substr(0,n))),t=[]),n!==i.length&&t.push(i.substr(n))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(S(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:n}=await this.read();if(i)return t.length?d(t):void 0;if(t.push(n),r+=n.length,r>=e){const r=d(t);return this.unshift(S(r,e)),S(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[l]||(this[l]=[]),1===e.length&&c(e[0])&&this[l].length&&e[0].length&&this[l][0].byteOffset>=e[0].length?this[l][0]=new Uint8Array(this[l][0].buffer,this[l][0].byteOffset-e[0].length,this[l][0].byteLength+e[0].length):this[l].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=d){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const C=Symbol("byValue");var B={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mlkem_x25519:105,pqc_mldsa_ed25519:107,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[C]||(e[C]=[],Object.entries(e).forEach((([t,r])=>{e[C][r]=t}))),void 0!==e[C][t])return e[C][t];throw Error("Invalid enum value.")}},T={preferredHashAlgorithm:B.hash.sha512,preferredSymmetricAlgorithm:B.symmetric.aes256,preferredCompressionAlgorithm:B.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:B.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:B.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([B.symmetric.aes128,B.symmetric.aes192,B.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.1.1-patch.0",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([B.hash.md5,B.hash.ripemd]),rejectMessageHashAlgorithms:new Set([B.hash.md5,B.hash.ripemd,B.hash.sha1]),rejectPublicKeyAlgorithms:new Set([B.publicKey.elgamal,B.publicKey.dsa]),rejectCurves:new Set([B.curve.secp256k1])};const M=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),_={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:c,isStream:o,getNobleCurve:async(e,t)=>{if(!T.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await import("./noble_curves.min.mjs");switch(e){case B.publicKey.ecdh:case B.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case B.publicKey.x448:return r.get("x448");case B.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let i=0;i<t;i++)r[i]=e>>8*(t-i-1)&255;return r},readDate:function(e){const t=_.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return _.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return _.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=_.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return _.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+_.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return b(e,(e=>{if(!_.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,i=(e=new Uint8Array(e)).length;for(let n=0;n<i;n+=r)t.push(String.fromCharCode.apply(String,e.subarray(n,n+r<i?n+r:i)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return b(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return b(e,r,(()=>r(new Uint8Array,!0)))},concat:d,concatUint8Array:u,equalsUint8Array:function(e,t){if(!_.isUint8Array(e)||!_.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return _.writeNumber(t,2)},printDebug:function(e){M&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){M&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i<r;i++)t[i]=e[i]<<1^e[i+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!_.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return b(e,(e=>{let r;t&&(e=_.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const n=new Uint8Array(e.length+i.length);let a=0;for(let t=0;t<i.length;t++){const r=e.subarray(i[t-1]||0,i[t]);n.set(r,a),a+=r.length,n[a-1]=13,n[a]=10,a++}return n.set(e.subarray(i[i.length-1]||0),a),n}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return b(e,(e=>{let r;13===(e=t&&10!==e[0]?_.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const n=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,n),i+=n-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),n=new Uint8Array(i);let a=0;for(let i=0;i<n.length;i++)n[i]=t[i]&256-e|r[i]&255+e,a+=e&i<t.length|1-e&i<r.length;return n.subarray(0,a)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===B.symmetric.aes128||e===B.symmetric.aes192||e===B.symmetric.aes256}},F=_.getNodeBuffer();let R,L;function N(e){let t=new Uint8Array;return b(e,(e=>{t=_.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),n=45*i,a=R(t.subarray(0,n));for(let e=0;e<i;e++)r.push(a.substr(60*e,60)),r.push("\n");return t=t.subarray(n),r.join("")}),(()=>t.length?R(t)+"\n":""))}function z(e){let t="";return b(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e<i.length;e++){const n=i[e];for(let e=t.indexOf(n);-1!==e;e=t.indexOf(n,e+1))r++}let n=t.length;for(;n>0&&(n-r)%4!=0;n--)i.includes(t[n])&&r--;const a=L(t.substr(0,n));return t=t.substr(n),a}),(()=>L(t)))}function O(e){return z(e.replace(/-/g,"+").replace(/_/g,"/"))}function q(e,t){let r=N(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function j(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?B.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?B.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?B.armor.signed:/MESSAGE/.test(t[1])?B.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?B.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?B.armor.privateKey:/SIGNATURE/.test(t[1])?B.armor.signature:void 0}function H(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function G(e){const t=function(e){let t=13501623;return b(e,(e=>{const r=W?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=i[e],t=V[0][t>>24&255]^V[1][t>>16&255]^V[2][t>>8&255]^V[3][255&t];for(let i=4*r;i<e.length;i++)t=t>>8^V[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return N(t)}F?(R=e=>F.from(e).toString("base64"),L=e=>{const t=F.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(R=e=>btoa(_.uint8ArrayToString(e)),L=e=>_.stringToUint8Array(atob(e)));const V=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);V[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)V[1][e]=V[0][e]>>8^V[0][255&V[0][e]];for(let e=0;e<=255;e++)V[2][e]=V[1][e]>>8^V[0][255&V[1][e]];for(let e=0;e<=255;e++)V[3][e]=V[2][e]>>8^V[0][255&V[2][e]];const W=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function $(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||_.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||_.printDebugError(Error("Unknown header: "+e[t]))}function Z(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function Q(e){return new Promise((async(t,r)=>{try{const i=/^-----[^-]+-----$/m,n=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let a;const s=[];let o,c,u=s,h=[];const l=z(k(e,(async(e,y)=>{const p=x(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=_.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),a)if(o)c||a!==B.armor.signed||(i.test(e)?(h=h.join("\r\n"),c=!0,$(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(i.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),n.test(e)){if($(u),o=!0,c||a!==B.armor.signed){t({text:h,data:l,headers:s,type:a});break}}else u.push(e);else i.test(e)&&(a=j(e))}}catch(e){return void r(e)}const g=I(y);try{for(;;){await g.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=_.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const n=Z(t[0].slice(0,-1));await g.write(n);break}await g.write(r)}await g.ready,await g.close()}catch(e){await g.abort(e)}})))}catch(e){r(e)}})).then((async e=>(a(e.data)&&(e.data=await P(e.data)),e)))}function X(e,t,r,i,n,a=!1,s=T){let o,c;e===B.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=a&&A(t),h=[];switch(e){case B.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case B.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case B.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n");break;case B.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE-----\n");break;case B.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case B.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case B.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n")}return _.concat(h)}const Y=BigInt(0),J=BigInt(1);function ee(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function te(e,t){const r=e%t;return r<Y?r+t:r}function re(e,t,r){if(r===Y)throw Error("Modulo cannot be zero");if(r===J)return BigInt(0);if(t<Y)throw Error("Unsopported negative exponent");let i=t,n=e;n%=r;let a=BigInt(1);for(;i>Y;){const e=i&J;i>>=J;a=e?a*n%r:a,n=n*n%r}return a}function ie(e){return e>=Y?e:-e}function ne(e,t){const{gcd:r,x:i}=function(e,t){let r=BigInt(0),i=BigInt(1),n=BigInt(1),a=BigInt(0),s=ie(e),o=ie(t);const c=e<Y,u=t<Y;for(;o!==Y;){const e=s/o;let t=r;r=n-e*r,n=t,t=i,i=a-e*i,a=t,t=o,o=s%o,s=t}return{x:c?-n:n,y:u?-a:a,gcd:s}}(e,t);if(r!==J)throw Error("Inverse does not exist");return te(i+t,t)}function ae(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function se(e,t){return(e>>BigInt(t)&J)===Y?0:1}function oe(e){const t=e<Y?BigInt(-1):Y;let r=1,i=e;for(;(i>>=J)!==t;)r++;return r}function ce(e){const t=e<Y?BigInt(-1):Y,r=BigInt(8);let i=1,n=e;for(;(n>>=r)!==t;)i++;return i}function ue(e,t="be",r){let i=e.toString(16);i.length%2==1&&(i="0"+i);const n=i.length/2,a=new Uint8Array(r||n),s=r?r-n:0;let o=0;for(;o<n;)a[o+s]=parseInt(i.slice(2*o,2*o+2),16),o++;return"be"!==t&&a.reverse(),a}const he=_.getNodeCrypto();function le(e){const t="undefined"!=typeof crypto?crypto:he?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function ye(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return te(ee(le(ce(r)+8)),r)+e}const pe=BigInt(1);function ge(e,t,r){const i=BigInt(30),n=pe<<BigInt(e-1),a=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let s=ye(n,n<<pe),o=ae(te(s,i));do{s+=BigInt(a[o]),o=(o+a[o])%a.length,oe(s)>e&&(s=te(s,n<<pe),s+=n,o=ae(te(s,i)))}while(!de(s,t,r));return s}function de(e,t,r){return(!t||function(e,t){let r=e,i=t;for(;i!==Y;){const e=i;i=r%i,r=e}return r}(e-pe,t)===pe)&&(!!function(e){const t=BigInt(0);return fe.every((r=>te(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return re(t,e-pe,e)===pe}(e)&&!!function(e,t){const r=oe(e);t||(t=Math.max(1,r/48|0));const i=e-pe;let n=0;for(;!se(i,n);)n++;const a=e>>BigInt(n);for(;t>0;t--){let t,r=re(ye(BigInt(2),i),a,e);if(r!==pe&&r!==i){for(t=1;t<n;t++){if(r=te(r*r,e),r===pe)return!1;if(r===i)break}if(t===n)return!1}}return!0}(e,r)))}const fe=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const me=_.getWebCrypto(),we=_.getNodeCrypto(),be=we&&we.getHashes();function ke(e){if(we&&be.includes(e))return async function(t){const r=we.createHash(e);return b(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function ve(e,t){const r=async()=>{const{nobleHashes:t}=await import("./noble_hashes.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(a(e)&&(e=await P(e)),_.isStream(e)){const t=(await r()).create();return b(e,(e=>{t.update(e)}),(()=>t.digest()))}if(me&&t)return new Uint8Array(await me.digest(t,e));return(await r())(e)}}const Ke=ke("md5")||ve("md5"),Ae=ke("sha1")||ve("sha1","SHA-1"),Ee=ke("sha224")||ve("sha224"),Se=ke("sha256")||ve("sha256","SHA-256"),Pe=ke("sha384")||ve("sha384","SHA-384"),Ue=ke("sha512")||ve("sha512","SHA-512"),De=ke("ripemd160")||ve("ripemd160"),xe=ke("sha3-256")||ve("sha3_256"),Ie=ke("sha3-512")||ve("sha3_512");function Ce(e,t){switch(e){case B.hash.md5:return Ke(t);case B.hash.sha1:return Ae(t);case B.hash.ripemd:return De(t);case B.hash.sha256:return Se(t);case B.hash.sha384:return Pe(t);case B.hash.sha512:return Ue(t);case B.hash.sha224:return Ee(t);case B.hash.sha3_256:return xe(t);case B.hash.sha3_512:return Ie(t);default:throw Error("Unsupported hash function")}}function Be(e){switch(e){case B.hash.md5:return 16;case B.hash.sha1:case B.hash.ripemd:return 20;case B.hash.sha256:return 32;case B.hash.sha384:return 48;case B.hash.sha512:return 64;case B.hash.sha224:return 28;case B.hash.sha3_256:return 32;case B.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Te=[];function Me(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const i=le(e-r);for(let e=0;e<i.length;e++)0!==i[e]&&(t[r++]=i[e])}return t}(t-r-3),n=new Uint8Array(t);return n[1]=2,n.set(i,2),n.set(e,t-r),n}function _e(e,t){let r=2,i=1;for(let t=r;t<e.length;t++)i&=0!==e[t],r+=i;const n=r-2,a=e.subarray(r+1),s=0===e[0]&2===e[1]&n>=8&!i;if(t)return _.selectUint8Array(s,a,t);if(s)return a;throw Error("Decryption error")}function Fe(e,t,r){let i;if(t.length!==Be(e))throw Error("Invalid hash length");const n=new Uint8Array(Te[e].length);for(i=0;i<Te[e].length;i++)n[i]=Te[e][i];const a=n.length+t.length;if(r<a+11)throw Error("Intended encoded message length too short");const s=new Uint8Array(r-a-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(s,2),o.set(n,r-a),o.set(t,r-t.length),o}Te[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Te[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Te[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Te[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Te[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Te[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Te[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const Re=_.getWebCrypto(),Le=_.getNodeCrypto(),Ne=BigInt(1);async function ze(e,t,r,i,n,a,s,o,c){if(Be(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!_.isStream(t))if(_.getWebCrypto())try{return await async function(e,t,r,i,n,a,s,o){const c=await He(r,i,n,a,s,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await Re.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await Re.sign("RSASSA-PKCS1-v1_5",h,t))}(B.read(B.webHash,e),t,r,i,n,a,s,o)}catch(e){_.printDebugError(e)}else if(_.getNodeCrypto())return async function(e,t,r,i,n,a,s,o){const c=Le.createSign(B.read(B.hash,e));c.write(t),c.end();const u=await He(r,i,n,a,s,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,i,n,a,s,o);return async function(e,t,r,i){t=ee(t);const n=ee(Fe(e,i,ce(t)));return r=ee(r),ue(re(n,r,t),"be",ce(t))}(e,r,n,c)}async function Oe(e,t,r,i,n,a){if(t&&!_.isStream(t))if(_.getWebCrypto())try{return await async function(e,t,r,i,n){const a=Ge(i,n),s=await Re.importKey("jwk",a,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return Re.verify("RSASSA-PKCS1-v1_5",s,r,t)}(B.read(B.webHash,e),t,r,i,n)}catch(e){_.printDebugError(e)}else if(_.getNodeCrypto())return async function(e,t,r,i,n){const a=Ge(i,n),s={key:a,format:"jwk",type:"pkcs1"},o=Le.createVerify(B.read(B.hash,e));o.write(t),o.end();try{return o.verify(s,r)}catch(e){return!1}}(e,t,r,i,n);return async function(e,t,r,i,n){if(r=ee(r),t=ee(t),i=ee(i),t>=r)throw Error("Signature size cannot exceed modulus size");const a=ue(re(t,i,r),"be",ce(r)),s=Fe(e,n,ce(r));return _.equalsUint8Array(a,s)}(e,r,i,n,a)}async function qe(e,t,r){return _.getNodeCrypto()?async function(e,t,r){const i=Ge(t,r),n={key:i,format:"jwk",type:"pkcs1",padding:Le.constants.RSA_PKCS1_PADDING};return new Uint8Array(Le.publicEncrypt(n,e))}(e,t,r):async function(e,t,r){if(t=ee(t),e=ee(Me(e,ce(t))),r=ee(r),e>=t)throw Error("Message size cannot exceed modulus size");return ue(re(e,r,t),"be",ce(t))}(e,t,r)}async function je(e,t,r,i,n,a,s,o){if(_.getNodeCrypto()&&!o)try{return await async function(e,t,r,i,n,a,s){const o=await He(t,r,i,n,a,s),c={key:o,format:"jwk",type:"pkcs1",padding:Le.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Le.privateDecrypt(c,e))}catch(e){throw Error("Decryption error")}}(e,t,r,i,n,a,s)}catch(e){_.printDebugError(e)}return async function(e,t,r,i,n,a,s,o){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),n=ee(n),a=ee(a),s=ee(s),e>=t)throw Error("Data too large.");const c=te(i,a-Ne),u=te(i,n-Ne),h=ye(BigInt(2),t),l=re(ne(h,t),r,t);e=te(e*l,t);const y=re(e,u,n),p=re(e,c,a),g=te(s*(p-y),a);let d=g*n+y;return d=te(d*h,t),_e(ue(d,"be",ce(t)),o)}(e,t,r,i,n,a,s,o)}async function He(e,t,r,i,n,a){const s=ee(i),o=ee(n),c=ee(r);let u=te(c,o-Ne),h=te(c,s-Ne);return h=ue(h),u=ue(u),{kty:"RSA",n:q(e),e:q(t),d:q(r),p:q(n),q:q(i),dp:q(u),dq:q(h),qi:q(a),ext:!0}}function Ge(e,t){return{kty:"RSA",n:q(e),e:q(t),ext:!0}}function Ve(e,t){return{n:O(e.n),e:ue(t),d:O(e.d),p:O(e.q),q:O(e.p),u:O(e.qi)}}const We=BigInt(1);const $e="object"==typeof e&&"crypto"in e?e.crypto:void 0,Ze={};var Qe=function(e){var t,r=new Float64Array(16);if(e)for(t=0;t<e.length;t++)r[t]=e[t];return r},Xe=function(){throw Error("no PRNG")},Ye=new Uint8Array(32);Ye[0]=9;var Je=Qe(),et=Qe([1]),tt=Qe([56129,1]),rt=Qe([30883,4953,19914,30187,55467,16705,2637,112,59544,30585,16505,36039,65139,11119,27886,20995]),it=Qe([61785,9906,39828,60374,45398,33411,5274,224,53552,61171,33010,6542,64743,22239,55772,9222]),nt=Qe([54554,36645,11616,51542,42930,38181,51040,26924,56412,64982,57905,49316,21502,52590,14035,8553]),at=Qe([26200,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214]),st=Qe([41136,18958,6951,50414,58488,44335,6150,12099,55207,15867,153,11085,57099,20417,9344,11139]);function ot(e,t,r,i){e[t]=r>>24&255,e[t+1]=r>>16&255,e[t+2]=r>>8&255,e[t+3]=255&r,e[t+4]=i>>24&255,e[t+5]=i>>16&255,e[t+6]=i>>8&255,e[t+7]=255&i}function ct(e,t,r,i){return function(e,t,r,i,n){var a,s=0;for(a=0;a<n;a++)s|=e[t+a]^r[i+a];return(1&s-1>>>8)-1}(e,t,r,i,32)}function ut(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function ht(e){var t,r,i=1;for(t=0;t<16;t++)r=e[t]+i+65535,i=Math.floor(r/65536),e[t]=r-65536*i;e[0]+=i-1+37*(i-1)}function lt(e,t,r){for(var i,n=~(r-1),a=0;a<16;a++)i=n&(e[a]^t[a]),e[a]^=i,t[a]^=i}function yt(e,t){var r,i,n,a=Qe(),s=Qe();for(r=0;r<16;r++)s[r]=t[r];for(ht(s),ht(s),ht(s),i=0;i<2;i++){for(a[0]=s[0]-65517,r=1;r<15;r++)a[r]=s[r]-65535-(a[r-1]>>16&1),a[r-1]&=65535;a[15]=s[15]-32767-(a[14]>>16&1),n=a[15]>>16&1,a[14]&=65535,lt(s,a,1-n)}for(r=0;r<16;r++)e[2*r]=255&s[r],e[2*r+1]=s[r]>>8}function pt(e,t){var r=new Uint8Array(32),i=new Uint8Array(32);return yt(r,e),yt(i,t),ct(r,0,i,0)}function gt(e){var t=new Uint8Array(32);return yt(t,e),1&t[0]}function dt(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function ft(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]+r[i]}function mt(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]-r[i]}function wt(e,t,r){var i,n,a=0,s=0,o=0,c=0,u=0,h=0,l=0,y=0,p=0,g=0,d=0,f=0,m=0,w=0,b=0,k=0,v=0,K=0,A=0,E=0,S=0,P=0,U=0,D=0,x=0,I=0,C=0,B=0,T=0,M=0,_=0,F=r[0],R=r[1],L=r[2],N=r[3],z=r[4],O=r[5],q=r[6],j=r[7],H=r[8],G=r[9],V=r[10],W=r[11],$=r[12],Z=r[13],Q=r[14],X=r[15];a+=(i=t[0])*F,s+=i*R,o+=i*L,c+=i*N,u+=i*z,h+=i*O,l+=i*q,y+=i*j,p+=i*H,g+=i*G,d+=i*V,f+=i*W,m+=i*$,w+=i*Z,b+=i*Q,k+=i*X,s+=(i=t[1])*F,o+=i*R,c+=i*L,u+=i*N,h+=i*z,l+=i*O,y+=i*q,p+=i*j,g+=i*H,d+=i*G,f+=i*V,m+=i*W,w+=i*$,b+=i*Z,k+=i*Q,v+=i*X,o+=(i=t[2])*F,c+=i*R,u+=i*L,h+=i*N,l+=i*z,y+=i*O,p+=i*q,g+=i*j,d+=i*H,f+=i*G,m+=i*V,w+=i*W,b+=i*$,k+=i*Z,v+=i*Q,K+=i*X,c+=(i=t[3])*F,u+=i*R,h+=i*L,l+=i*N,y+=i*z,p+=i*O,g+=i*q,d+=i*j,f+=i*H,m+=i*G,w+=i*V,b+=i*W,k+=i*$,v+=i*Z,K+=i*Q,A+=i*X,u+=(i=t[4])*F,h+=i*R,l+=i*L,y+=i*N,p+=i*z,g+=i*O,d+=i*q,f+=i*j,m+=i*H,w+=i*G,b+=i*V,k+=i*W,v+=i*$,K+=i*Z,A+=i*Q,E+=i*X,h+=(i=t[5])*F,l+=i*R,y+=i*L,p+=i*N,g+=i*z,d+=i*O,f+=i*q,m+=i*j,w+=i*H,b+=i*G,k+=i*V,v+=i*W,K+=i*$,A+=i*Z,E+=i*Q,S+=i*X,l+=(i=t[6])*F,y+=i*R,p+=i*L,g+=i*N,d+=i*z,f+=i*O,m+=i*q,w+=i*j,b+=i*H,k+=i*G,v+=i*V,K+=i*W,A+=i*$,E+=i*Z,S+=i*Q,P+=i*X,y+=(i=t[7])*F,p+=i*R,g+=i*L,d+=i*N,f+=i*z,m+=i*O,w+=i*q,b+=i*j,k+=i*H,v+=i*G,K+=i*V,A+=i*W,E+=i*$,S+=i*Z,P+=i*Q,U+=i*X,p+=(i=t[8])*F,g+=i*R,d+=i*L,f+=i*N,m+=i*z,w+=i*O,b+=i*q,k+=i*j,v+=i*H,K+=i*G,A+=i*V,E+=i*W,S+=i*$,P+=i*Z,U+=i*Q,D+=i*X,g+=(i=t[9])*F,d+=i*R,f+=i*L,m+=i*N,w+=i*z,b+=i*O,k+=i*q,v+=i*j,K+=i*H,A+=i*G,E+=i*V,S+=i*W,P+=i*$,U+=i*Z,D+=i*Q,x+=i*X,d+=(i=t[10])*F,f+=i*R,m+=i*L,w+=i*N,b+=i*z,k+=i*O,v+=i*q,K+=i*j,A+=i*H,E+=i*G,S+=i*V,P+=i*W,U+=i*$,D+=i*Z,x+=i*Q,I+=i*X,f+=(i=t[11])*F,m+=i*R,w+=i*L,b+=i*N,k+=i*z,v+=i*O,K+=i*q,A+=i*j,E+=i*H,S+=i*G,P+=i*V,U+=i*W,D+=i*$,x+=i*Z,I+=i*Q,C+=i*X,m+=(i=t[12])*F,w+=i*R,b+=i*L,k+=i*N,v+=i*z,K+=i*O,A+=i*q,E+=i*j,S+=i*H,P+=i*G,U+=i*V,D+=i*W,x+=i*$,I+=i*Z,C+=i*Q,B+=i*X,w+=(i=t[13])*F,b+=i*R,k+=i*L,v+=i*N,K+=i*z,A+=i*O,E+=i*q,S+=i*j,P+=i*H,U+=i*G,D+=i*V,x+=i*W,I+=i*$,C+=i*Z,B+=i*Q,T+=i*X,b+=(i=t[14])*F,k+=i*R,v+=i*L,K+=i*N,A+=i*z,E+=i*O,S+=i*q,P+=i*j,U+=i*H,D+=i*G,x+=i*V,I+=i*W,C+=i*$,B+=i*Z,T+=i*Q,M+=i*X,k+=(i=t[15])*F,s+=38*(K+=i*L),o+=38*(A+=i*N),c+=38*(E+=i*z),u+=38*(S+=i*O),h+=38*(P+=i*q),l+=38*(U+=i*j),y+=38*(D+=i*H),p+=38*(x+=i*G),g+=38*(I+=i*V),d+=38*(C+=i*W),f+=38*(B+=i*$),m+=38*(T+=i*Z),w+=38*(M+=i*Q),b+=38*(_+=i*X),a=(i=(a+=38*(v+=i*R))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),k=(i=k+n+65535)-65536*(n=Math.floor(i/65536)),a=(i=(a+=n-1+37*(n-1))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),k=(i=k+n+65535)-65536*(n=Math.floor(i/65536)),a+=n-1+37*(n-1),e[0]=a,e[1]=s,e[2]=o,e[3]=c,e[4]=u,e[5]=h,e[6]=l,e[7]=y,e[8]=p,e[9]=g,e[10]=d,e[11]=f,e[12]=m,e[13]=w,e[14]=b,e[15]=k}function bt(e,t){wt(e,t,t)}function kt(e,t){var r,i=Qe();for(r=0;r<16;r++)i[r]=t[r];for(r=253;r>=0;r--)bt(i,i),2!==r&&4!==r&&wt(i,i,t);for(r=0;r<16;r++)e[r]=i[r]}function vt(e,t,r){var i,n,a=new Uint8Array(32),s=new Float64Array(80),o=Qe(),c=Qe(),u=Qe(),h=Qe(),l=Qe(),y=Qe();for(n=0;n<31;n++)a[n]=t[n];for(a[31]=127&t[31]|64,a[0]&=248,dt(s,r),n=0;n<16;n++)c[n]=s[n],h[n]=o[n]=u[n]=0;for(o[0]=h[0]=1,n=254;n>=0;--n)lt(o,c,i=a[n>>>3]>>>(7&n)&1),lt(u,h,i),ft(l,o,u),mt(o,o,u),ft(u,c,h),mt(c,c,h),bt(h,l),bt(y,o),wt(o,u,o),wt(u,c,l),ft(l,o,u),mt(o,o,u),bt(c,o),mt(u,h,y),wt(o,u,tt),ft(o,o,h),wt(u,u,o),wt(o,h,y),wt(h,c,s),bt(c,l),lt(o,c,i),lt(u,h,i);for(n=0;n<16;n++)s[n+16]=o[n],s[n+32]=u[n],s[n+48]=c[n],s[n+64]=h[n];var p=s.subarray(32),g=s.subarray(16);return kt(p,p),wt(g,g,p),yt(e,g),0}function Kt(e,t){return vt(e,t,Ye)}var At=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function Et(e,t,r,i){for(var n,a,s,o,c,u,h,l,y,p,g,d,f,m,w,b,k,v,K,A,E,S,P,U,D,x,I=new Int32Array(16),C=new Int32Array(16),B=e[0],T=e[1],M=e[2],_=e[3],F=e[4],R=e[5],L=e[6],N=e[7],z=t[0],O=t[1],q=t[2],j=t[3],H=t[4],G=t[5],V=t[6],W=t[7],$=0;i>=128;){for(K=0;K<16;K++)A=8*K+$,I[K]=r[A+0]<<24|r[A+1]<<16|r[A+2]<<8|r[A+3],C[K]=r[A+4]<<24|r[A+5]<<16|r[A+6]<<8|r[A+7];for(K=0;K<80;K++)if(n=B,a=T,s=M,o=_,c=F,u=R,h=L,N,y=z,p=O,g=q,d=j,f=H,m=G,w=V,W,P=65535&(S=W),U=S>>>16,D=65535&(E=N),x=E>>>16,P+=65535&(S=(H>>>14|F<<18)^(H>>>18|F<<14)^(F>>>9|H<<23)),U+=S>>>16,D+=65535&(E=(F>>>14|H<<18)^(F>>>18|H<<14)^(H>>>9|F<<23)),x+=E>>>16,P+=65535&(S=H&G^~H&V),U+=S>>>16,D+=65535&(E=F&R^~F&L),x+=E>>>16,E=At[2*K],P+=65535&(S=At[2*K+1]),U+=S>>>16,D+=65535&E,x+=E>>>16,E=I[K%16],U+=(S=C[K%16])>>>16,D+=65535&E,x+=E>>>16,D+=(U+=(P+=65535&S)>>>16)>>>16,P=65535&(S=v=65535&P|U<<16),U=S>>>16,D=65535&(E=k=65535&D|(x+=D>>>16)<<16),x=E>>>16,P+=65535&(S=(z>>>28|B<<4)^(B>>>2|z<<30)^(B>>>7|z<<25)),U+=S>>>16,D+=65535&(E=(B>>>28|z<<4)^(z>>>2|B<<30)^(z>>>7|B<<25)),x+=E>>>16,U+=(S=z&O^z&q^O&q)>>>16,D+=65535&(E=B&T^B&M^T&M),x+=E>>>16,l=65535&(D+=(U+=(P+=65535&S)>>>16)>>>16)|(x+=D>>>16)<<16,b=65535&P|U<<16,P=65535&(S=d),U=S>>>16,D=65535&(E=o),x=E>>>16,U+=(S=v)>>>16,D+=65535&(E=k),x+=E>>>16,T=n,M=a,_=s,F=o=65535&(D+=(U+=(P+=65535&S)>>>16)>>>16)|(x+=D>>>16)<<16,R=c,L=u,N=h,B=l,O=y,q=p,j=g,H=d=65535&P|U<<16,G=f,V=m,W=w,z=b,K%16==15)for(A=0;A<16;A++)E=I[A],P=65535&(S=C[A]),U=S>>>16,D=65535&E,x=E>>>16,E=I[(A+9)%16],P+=65535&(S=C[(A+9)%16]),U+=S>>>16,D+=65535&E,x+=E>>>16,k=I[(A+1)%16],P+=65535&(S=((v=C[(A+1)%16])>>>1|k<<31)^(v>>>8|k<<24)^(v>>>7|k<<25)),U+=S>>>16,D+=65535&(E=(k>>>1|v<<31)^(k>>>8|v<<24)^k>>>7),x+=E>>>16,k=I[(A+14)%16],U+=(S=((v=C[(A+14)%16])>>>19|k<<13)^(k>>>29|v<<3)^(v>>>6|k<<26))>>>16,D+=65535&(E=(k>>>19|v<<13)^(v>>>29|k<<3)^k>>>6),x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,I[A]=65535&D|x<<16,C[A]=65535&P|U<<16;P=65535&(S=z),U=S>>>16,D=65535&(E=B),x=E>>>16,E=e[0],U+=(S=t[0])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[0]=B=65535&D|x<<16,t[0]=z=65535&P|U<<16,P=65535&(S=O),U=S>>>16,D=65535&(E=T),x=E>>>16,E=e[1],U+=(S=t[1])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[1]=T=65535&D|x<<16,t[1]=O=65535&P|U<<16,P=65535&(S=q),U=S>>>16,D=65535&(E=M),x=E>>>16,E=e[2],U+=(S=t[2])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[2]=M=65535&D|x<<16,t[2]=q=65535&P|U<<16,P=65535&(S=j),U=S>>>16,D=65535&(E=_),x=E>>>16,E=e[3],U+=(S=t[3])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[3]=_=65535&D|x<<16,t[3]=j=65535&P|U<<16,P=65535&(S=H),U=S>>>16,D=65535&(E=F),x=E>>>16,E=e[4],U+=(S=t[4])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[4]=F=65535&D|x<<16,t[4]=H=65535&P|U<<16,P=65535&(S=G),U=S>>>16,D=65535&(E=R),x=E>>>16,E=e[5],U+=(S=t[5])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[5]=R=65535&D|x<<16,t[5]=G=65535&P|U<<16,P=65535&(S=V),U=S>>>16,D=65535&(E=L),x=E>>>16,E=e[6],U+=(S=t[6])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[6]=L=65535&D|x<<16,t[6]=V=65535&P|U<<16,P=65535&(S=W),U=S>>>16,D=65535&(E=N),x=E>>>16,E=e[7],U+=(S=t[7])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[7]=N=65535&D|x<<16,t[7]=W=65535&P|U<<16,$+=128,i-=128}return i}function St(e,t,r){var i,n=new Int32Array(8),a=new Int32Array(8),s=new Uint8Array(256),o=r;for(n[0]=1779033703,n[1]=3144134277,n[2]=1013904242,n[3]=2773480762,n[4]=1359893119,n[5]=2600822924,n[6]=528734635,n[7]=1541459225,a[0]=4089235720,a[1]=2227873595,a[2]=4271175723,a[3]=1595750129,a[4]=2917565137,a[5]=725511199,a[6]=4215389547,a[7]=327033209,Et(n,a,t,r),r%=128,i=0;i<r;i++)s[i]=t[o-r+i];for(s[r]=128,s[(r=256-128*(r<112?1:0))-9]=0,ot(s,r-8,o/536870912|0,o<<3),Et(n,a,s,r),i=0;i<8;i++)ot(e,8*i,n[i],a[i]);return 0}function Pt(e,t){var r=Qe(),i=Qe(),n=Qe(),a=Qe(),s=Qe(),o=Qe(),c=Qe(),u=Qe(),h=Qe();mt(r,e[1],e[0]),mt(h,t[1],t[0]),wt(r,r,h),ft(i,e[0],e[1]),ft(h,t[0],t[1]),wt(i,i,h),wt(n,e[3],t[3]),wt(n,n,it),wt(a,e[2],t[2]),ft(a,a,a),mt(s,i,r),mt(o,a,n),ft(c,a,n),ft(u,i,r),wt(e[0],s,o),wt(e[1],u,c),wt(e[2],c,o),wt(e[3],s,u)}function Ut(e,t,r){var i;for(i=0;i<4;i++)lt(e[i],t[i],r)}function Dt(e,t){var r=Qe(),i=Qe(),n=Qe();kt(n,t[2]),wt(r,t[0],n),wt(i,t[1],n),yt(e,i),e[31]^=gt(r)<<7}function xt(e,t,r){var i,n;for(ut(e[0],Je),ut(e[1],et),ut(e[2],et),ut(e[3],Je),n=255;n>=0;--n)Ut(e,t,i=r[n/8|0]>>(7&n)&1),Pt(t,e),Pt(e,e),Ut(e,t,i)}function It(e,t){var r=[Qe(),Qe(),Qe(),Qe()];ut(r[0],nt),ut(r[1],at),ut(r[2],et),wt(r[3],nt,at),xt(e,r,t)}function Ct(e,t,r){var i,n=new Uint8Array(64),a=[Qe(),Qe(),Qe(),Qe()];for(r||Xe(t,32),St(n,t,32),n[0]&=248,n[31]&=127,n[31]|=64,It(a,n),Dt(e,a),i=0;i<32;i++)t[i+32]=e[i];return 0}var Bt=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function Tt(e,t){var r,i,n,a;for(i=63;i>=32;--i){for(r=0,n=i-32,a=i-12;n<a;++n)t[n]+=r-16*t[i]*Bt[n-(i-32)],r=Math.floor((t[n]+128)/256),t[n]-=256*r;t[n]+=r,t[i]=0}for(r=0,n=0;n<32;n++)t[n]+=r-(t[31]>>4)*Bt[n],r=t[n]>>8,t[n]&=255;for(n=0;n<32;n++)t[n]-=r*Bt[n];for(i=0;i<32;i++)t[i+1]+=t[i]>>8,e[i]=255&t[i]}function Mt(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;Tt(e,r)}function _t(e,t){var r=Qe(),i=Qe(),n=Qe(),a=Qe(),s=Qe(),o=Qe(),c=Qe();return ut(e[2],et),dt(e[1],t),bt(n,e[1]),wt(a,n,rt),mt(n,n,e[2]),ft(a,e[2],a),bt(s,a),bt(o,s),wt(c,o,s),wt(r,c,n),wt(r,r,a),function(e,t){var r,i=Qe();for(r=0;r<16;r++)i[r]=t[r];for(r=250;r>=0;r--)bt(i,i),1!==r&&wt(i,i,t);for(r=0;r<16;r++)e[r]=i[r]}(r,r),wt(r,r,n),wt(r,r,a),wt(r,r,a),wt(e[0],r,a),bt(i,e[0]),wt(i,i,a),pt(i,n)&&wt(e[0],e[0],st),bt(i,e[0]),wt(i,i,a),pt(i,n)?-1:(gt(e[0])===t[31]>>7&&mt(e[0],Je,e[0]),wt(e[3],e[0],e[1]),0)}var Ft=64;function Rt(){for(var e=0;e<arguments.length;e++)if(!(arguments[e]instanceof Uint8Array))throw new TypeError("unexpected type, use Uint8Array")}Ze.scalarMult=function(e,t){if(Rt(e,t),32!==e.length)throw Error("bad n size");if(32!==t.length)throw Error("bad p size");var r=new Uint8Array(32);return vt(r,e,t),r},Ze.box={},Ze.box.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(32);return function(e,t){Xe(t,32),Kt(e,t)}(e,t),{publicKey:e,secretKey:t}},Ze.box.keyPair.fromSecretKey=function(e){if(Rt(e),32!==e.length)throw Error("bad secret key size");var t=new Uint8Array(32);return Kt(t,e),{publicKey:t,secretKey:new Uint8Array(e)}},Ze.sign=function(e,t){if(Rt(e,t),64!==t.length)throw Error("bad secret key size");var r=new Uint8Array(Ft+e.length);return function(e,t,r,i){var n,a,s=new Uint8Array(64),o=new Uint8Array(64),c=new Uint8Array(64),u=new Float64Array(64),h=[Qe(),Qe(),Qe(),Qe()];St(s,i,32),s[0]&=248,s[31]&=127,s[31]|=64;var l=r+64;for(n=0;n<r;n++)e[64+n]=t[n];for(n=0;n<32;n++)e[32+n]=s[32+n];for(St(c,e.subarray(32),r+32),Mt(c),It(h,c),Dt(e,h),n=32;n<64;n++)e[n]=i[n];for(St(o,e,r+64),Mt(o),n=0;n<64;n++)u[n]=0;for(n=0;n<32;n++)u[n]=c[n];for(n=0;n<32;n++)for(a=0;a<32;a++)u[n+a]+=o[n]*s[a];Tt(e.subarray(32),u)}(r,e,e.length,t),r},Ze.sign.detached=function(e,t){for(var r=Ze.sign(e,t),i=new Uint8Array(Ft),n=0;n<i.length;n++)i[n]=r[n];return i},Ze.sign.detached.verify=function(e,t,r){if(Rt(e,t,r),t.length!==Ft)throw Error("bad signature size");if(32!==r.length)throw Error("bad public key size");var i,n=new Uint8Array(Ft+e.length),a=new Uint8Array(Ft+e.length);for(i=0;i<Ft;i++)n[i]=t[i];for(i=0;i<e.length;i++)n[i+Ft]=e[i];return function(e,t,r,i){var n,a=new Uint8Array(32),s=new Uint8Array(64),o=[Qe(),Qe(),Qe(),Qe()],c=[Qe(),Qe(),Qe(),Qe()];if(r<64)return-1;if(_t(c,i))return-1;for(n=0;n<r;n++)e[n]=t[n];for(n=0;n<32;n++)e[n+32]=i[n];if(St(s,e,r),Mt(s),xt(o,c,s),It(c,t.subarray(32)),Pt(o,c),Dt(a,o),r-=64,ct(t,0,a,0)){for(n=0;n<r;n++)e[n]=0;return-1}for(n=0;n<r;n++)e[n]=t[n+64];return r}(a,n,n.length,r)>=0},Ze.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return Ct(e,t),{publicKey:e,secretKey:t}},Ze.sign.keyPair.fromSecretKey=function(e){if(Rt(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;r<t.length;r++)t[r]=e[32+r];return{publicKey:t,secretKey:new Uint8Array(e)}},Ze.sign.keyPair.fromSeed=function(e){if(Rt(e),32!==e.length)throw Error("bad seed size");for(var t=new Uint8Array(32),r=new Uint8Array(64),i=0;i<32;i++)r[i]=e[i];return Ct(t,r,!0),{publicKey:t,secretKey:r}},Ze.setPRNG=function(e){Xe=e},function(){if($e&&$e.getRandomValues){Ze.setPRNG((function(e,t){var r,i=new Uint8Array(t);for(r=0;r<t;r+=65536)$e.getRandomValues(i.subarray(r,r+Math.min(t-r,65536)));for(r=0;r<t;r++)e[r]=i[r];!function(e){for(var t=0;t<e.length;t++)e[t]=0}(i)}))}}();const Lt={"2a8648ce3d030107":B.curve.nistP256,"2b81040022":B.curve.nistP384,"2b81040023":B.curve.nistP521,"2b8104000a":B.curve.secp256k1,"2b06010401da470f01":B.curve.ed25519Legacy,"2b060104019755010501":B.curve.curve25519Legacy,"2b2403030208010107":B.curve.brainpoolP256r1,"2b240303020801010b":B.curve.brainpoolP384r1,"2b240303020801010d":B.curve.brainpoolP512r1};class Nt{constructor(e){if(e instanceof Nt)this.oid=e.oid;else if(_.isArray(e)||_.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return _.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return _.uint8ArrayToHex(this.oid)}getName(){const e=Lt[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function zt(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=_.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Ot(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):_.concatUint8Array([new Uint8Array([255]),_.writeNumber(e,4)])}function qt(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function jt(e){return new Uint8Array([192|e])}function Ht(e,t){return _.concatUint8Array([jt(e),Ot(t)])}function Gt(e){return[B.packet.literalData,B.packet.compressedData,B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData,B.packet.aeadEncryptedData].includes(e)}async function Vt(e,t){const r=x(e);let i,n;try{const a=await r.peekBytes(2);if(!a||a.length<2||!(128&a[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await r.readByte();let o,c,u=-1,h=-1;h=0,64&s&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const l=Gt(u);let y,p=null;if(l){if("array"===_.isStream(e)){const e=new ArrayStream;i=I(e),p=e}else{const e=new TransformStream;i=I(e.writable),p=e.readable}n=t({tag:u,packet:p})}else p=[];do{if(h){const e=await r.readByte();if(y=!1,e<192)o=e;else if(e>=192&&e<224)o=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(o=1<<(31&e),y=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(c){case 0:o=await r.readByte();break;case 1:o=await r.readByte()<<8|await r.readByte();break;case 2:o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:o=1/0}if(o>0){let e=0;for(;;){i&&await i.ready;const{done:t,value:n}=await r.read();if(t){if(o===1/0)break;throw Error("Unexpected end of packet")}const a=o===1/0?n:n.subarray(0,o-e);if(i?await i.write(a):p.push(a),e+=n.length,e>=o){r.unshift(n.subarray(o-e+n.length));break}}}}while(y);const g=await r.peekBytes(l?1/0:2);return i?(await i.ready,await i.close()):(p=_.concatUint8Array(p),await t({tag:u,packet:p})),!g||!g.length}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await n,r.releaseLock()}}class Wt extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wt),this.name="UnsupportedError"}}class $t extends Wt{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wt),this.name="UnknownPacketError"}}class Zt{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}
-/*! noble-ed25519 - MIT License (c) 2019 Paul Miller (paulmillr.com) */const Qt=BigInt(0),Xt=BigInt(1),Yt=BigInt(2),Jt=BigInt(8),er=BigInt("7237005577332262213973186563042994240857116359379907606001950938285454250989"),tr=Object.freeze({a:BigInt(-1),d:BigInt("37095705934669439343138083508754565189542113879843219016388785533085940283555"),P:BigInt("57896044618658097711785492504343953926634992332820282019728792003956564819949"),l:er,n:er,h:BigInt(8),Gx:BigInt("15112221349535400772501151409588531511454012693041857206046113283949847762202"),Gy:BigInt("46316835694926478169428394003475163141307993866256225615783033603165251855960")}),rr=BigInt("0x10000000000000000000000000000000000000000000000000000000000000000"),ir=BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");BigInt("6853475219497561581579357271197624642482790079785650197046958215289687604742");const nr=BigInt("25063068953384623474111414158702152701244531502492656460079210482610430750235"),ar=BigInt("54469307008909316920995813868745141605393597292927456921205312896311721017578"),sr=BigInt("1159843021668779879193775521855586647937357759715417654439879720876111806838"),or=BigInt("40440834346308536858101042469323190826248399146238708352240133220865137265952");class cr{constructor(e,t,r,i){this.x=e,this.y=t,this.z=r,this.t=i}static fromAffine(e){if(!(e instanceof dr))throw new TypeError("ExtendedPoint#fromAffine: expected Point");return e.equals(dr.ZERO)?cr.ZERO:new cr(e.x,e.y,Xt,Ur(e.x*e.y))}static toAffineBatch(e){const t=function(e,t=tr.P){const r=Array(e.length),i=e.reduce(((e,i,n)=>i===Qt?e:(r[n]=e,Ur(e*i,t))),Xt),n=Dr(i,t);return e.reduceRight(((e,i,n)=>i===Qt?e:(r[n]=Ur(e*r[n],t),Ur(e*i,t))),n),r}(e.map((e=>e.z)));return e.map(((e,r)=>e.toAffine(t[r])))}static normalizeZ(e){return this.toAffineBatch(e).map(this.fromAffine)}equals(e){hr(e);const{x:t,y:r,z:i}=this,{x:n,y:a,z:s}=e,o=Ur(t*s),c=Ur(n*i),u=Ur(r*s),h=Ur(a*i);return o===c&&u===h}negate(){return new cr(Ur(-this.x),this.y,this.z,Ur(-this.t))}double(){const{x:e,y:t,z:r}=this,{a:i}=tr,n=Ur(e*e),a=Ur(t*t),s=Ur(Yt*Ur(r*r)),o=Ur(i*n),c=e+t,u=Ur(Ur(c*c)-n-a),h=o+a,l=h-s,y=o-a,p=Ur(u*l),g=Ur(h*y),d=Ur(u*y),f=Ur(l*h);return new cr(p,g,f,d)}add(e){hr(e);const{x:t,y:r,z:i,t:n}=this,{x:a,y:s,z:o,t:c}=e,u=Ur((r-t)*(s+a)),h=Ur((r+t)*(s-a)),l=Ur(h-u);if(l===Qt)return this.double();const y=Ur(i*Yt*c),p=Ur(n*Yt*o),g=p+y,d=h+u,f=p-y,m=Ur(g*l),w=Ur(d*f),b=Ur(g*f),k=Ur(l*d);return new cr(m,w,k,b)}subtract(e){return this.add(e.negate())}precomputeWindow(e){const t=1+256/e,r=[];let i=this,n=i;for(let a=0;a<t;a++){n=i,r.push(n);for(let t=1;t<2**(e-1);t++)n=n.add(i),r.push(n);i=n.double()}return r}wNAF(e,t){!t&&this.equals(cr.BASE)&&(t=dr.BASE);const r=t&&t._WINDOW_SIZE||1;if(256%r)throw Error("Point#wNAF: Invalid precomputation window, must be power of 2");let i=t&&gr.get(t);i||(i=this.precomputeWindow(r),t&&1!==r&&(i=cr.normalizeZ(i),gr.set(t,i)));let n=cr.ZERO,a=cr.BASE;const s=1+256/r,o=2**(r-1),c=BigInt(2**r-1),u=2**r,h=BigInt(r);for(let t=0;t<s;t++){const r=t*o;let s=Number(e&c);e>>=h,s>o&&(s-=u,e+=Xt);const l=r,y=r+Math.abs(s)-1,p=t%2!=0,g=s<0;0===s?a=a.add(ur(p,i[l])):n=n.add(ur(g,i[y]))}return cr.normalizeZ([n,a])[0]}multiply(e,t){return this.wNAF(Mr(e,tr.l),t)}multiplyUnsafe(e){let t=Mr(e,tr.l,!1);const r=cr.BASE,i=cr.ZERO;if(t===Qt)return i;if(this.equals(i)||t===Xt)return this;if(this.equals(r))return this.wNAF(t);let n=i,a=this;for(;t>Qt;)t&Xt&&(n=n.add(a)),a=a.double(),t>>=Xt;return n}isSmallOrder(){return this.multiplyUnsafe(tr.h).equals(cr.ZERO)}isTorsionFree(){let e=this.multiplyUnsafe(tr.l/Yt).double();return tr.l%Yt&&(e=e.add(this)),e.equals(cr.ZERO)}toAffine(e){const{x:t,y:r,z:i}=this,n=this.equals(cr.ZERO);null==e&&(e=n?Jt:Dr(i));const a=Ur(t*e),s=Ur(r*e),o=Ur(i*e);if(n)return dr.ZERO;if(o!==Xt)throw Error("invZ was invalid");return new dr(a,s)}fromRistrettoBytes(){yr()}toRistrettoBytes(){yr()}fromRistrettoHash(){yr()}}function ur(e,t){const r=t.negate();return e?r:t}function hr(e){if(!(e instanceof cr))throw new TypeError("ExtendedPoint expected")}function lr(e){if(!(e instanceof pr))throw new TypeError("RistrettoPoint expected")}function yr(){throw Error("Legacy method: switch to RistrettoPoint")}cr.BASE=new cr(tr.Gx,tr.Gy,Xt,Ur(tr.Gx*tr.Gy)),cr.ZERO=new cr(Qt,Xt,Xt,Qt);class pr{constructor(e){this.ep=e}static calcElligatorRistrettoMap(e){const{d:t}=tr,r=Ur(ir*e*e),i=Ur((r+Xt)*sr);let n=BigInt(-1);const a=Ur((n-t*r)*Ur(r+t));let{isValid:s,value:o}=Ir(i,a),c=Ur(o*e);Ar(c)||(c=Ur(-c)),s||(o=c),s||(n=r);const u=Ur(n*(r-Xt)*or-a),h=o*o,l=Ur((o+o)*a),y=Ur(u*nr),p=Ur(Xt-h),g=Ur(Xt+h);return new cr(Ur(l*g),Ur(p*y),Ur(y*g),Ur(l*p))}static hashToCurve(e){const t=Pr((e=Tr(e,64)).slice(0,32)),r=this.calcElligatorRistrettoMap(t),i=Pr(e.slice(32,64)),n=this.calcElligatorRistrettoMap(i);return new pr(r.add(n))}static fromHex(e){e=Tr(e,32);const{a:t,d:r}=tr,i="RistrettoPoint.fromHex: the hex is not valid encoding of RistrettoPoint",n=Pr(e);if(!function(e,t){if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0}(Kr(n),e)||Ar(n))throw Error(i);const a=Ur(n*n),s=Ur(Xt+t*a),o=Ur(Xt-t*a),c=Ur(s*s),u=Ur(o*o),h=Ur(t*r*c-u),{isValid:l,value:y}=Cr(Ur(h*u)),p=Ur(y*o),g=Ur(y*p*h);let d=Ur((n+n)*p);Ar(d)&&(d=Ur(-d));const f=Ur(s*g),m=Ur(d*f);if(!l||Ar(m)||f===Qt)throw Error(i);return new pr(new cr(d,f,Xt,m))}toRawBytes(){let{x:e,y:t,z:r,t:i}=this.ep;const n=Ur(Ur(r+t)*Ur(r-t)),a=Ur(e*t),s=Ur(a*a),{value:o}=Cr(Ur(n*s)),c=Ur(o*n),u=Ur(o*a),h=Ur(c*u*i);let l;if(Ar(i*h)){let r=Ur(t*ir),i=Ur(e*ir);e=r,t=i,l=Ur(c*ar)}else l=u;Ar(e*h)&&(t=Ur(-t));let y=Ur((r-t)*l);return Ar(y)&&(y=Ur(-y)),Kr(y)}toHex(){return br(this.toRawBytes())}toString(){return this.toHex()}equals(e){lr(e);const t=this.ep,r=e.ep,i=Ur(t.x*r.y)===Ur(t.y*r.x),n=Ur(t.y*r.y)===Ur(t.x*r.x);return i||n}add(e){return lr(e),new pr(this.ep.add(e.ep))}subtract(e){return lr(e),new pr(this.ep.subtract(e.ep))}multiply(e){return new pr(this.ep.multiply(e))}multiplyUnsafe(e){return new pr(this.ep.multiplyUnsafe(e))}}pr.BASE=new pr(cr.BASE),pr.ZERO=new pr(cr.ZERO);const gr=new WeakMap;class dr{constructor(e,t){this.x=e,this.y=t}_setWindowSize(e){this._WINDOW_SIZE=e,gr.delete(this)}static fromHex(e,t=!0){const{d:r,P:i}=tr,n=(e=Tr(e,32)).slice();n[31]=-129&e[31];const a=Er(n);if(t&&a>=i)throw Error("Expected 0 < hex < P");if(!t&&a>=rr)throw Error("Expected 0 < hex < 2**256");const s=Ur(a*a),o=Ur(s-Xt),c=Ur(r*s+Xt);let{isValid:u,value:h}=Ir(o,c);if(!u)throw Error("Point.fromHex: invalid y coordinate");const l=(h&Xt)===Xt;return!!(128&e[31])!==l&&(h=Ur(-h)),new dr(h,a)}static async fromPrivateKey(e){return(await Fr(e)).point}toRawBytes(){const e=Kr(this.y);return e[31]|=this.x&Xt?128:0,e}toHex(){return br(this.toRawBytes())}toX25519(){const{y:e}=this;return Kr(Ur((Xt+e)*Dr(Xt-e)))}isTorsionFree(){return cr.fromAffine(this).isTorsionFree()}equals(e){return this.x===e.x&&this.y===e.y}negate(){return new dr(Ur(-this.x),this.y)}add(e){return cr.fromAffine(this).add(cr.fromAffine(e)).toAffine()}subtract(e){return this.add(e.negate())}multiply(e){return cr.fromAffine(this).multiply(e,this).toAffine()}}dr.BASE=new dr(tr.Gx,tr.Gy),dr.ZERO=new dr(Qt,Xt);let fr=class e{constructor(e,t){this.r=e,this.s=t,this.assertValidity()}static fromHex(t){const r=Tr(t,64),i=dr.fromHex(r.slice(0,32),!1),n=Er(r.slice(32,64));return new e(i,n)}assertValidity(){const{r:e,s:t}=this;if(!(e instanceof dr))throw Error("Expected Point instance");return Mr(t,tr.l,!1),this}toRawBytes(){const e=new Uint8Array(64);return e.set(this.r.toRawBytes()),e.set(Kr(this.s),32),e}toHex(){return br(this.toRawBytes())}};function mr(...e){if(!e.every((e=>e instanceof Uint8Array)))throw Error("Expected Uint8Array list");if(1===e.length)return e[0];const t=e.reduce(((e,t)=>e+t.length),0),r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const n=e[t];r.set(n,i),i+=n.length}return r}const wr=Array.from({length:256},((e,t)=>t.toString(16).padStart(2,"0")));function br(e){if(!(e instanceof Uint8Array))throw Error("Uint8Array expected");let t="";for(let r=0;r<e.length;r++)t+=wr[e[r]];return t}function kr(e){if("string"!=typeof e)throw new TypeError("hexToBytes: expected string, got "+typeof e);if(e.length%2)throw Error("hexToBytes: received invalid unpadded hex");const t=new Uint8Array(e.length/2);for(let r=0;r<t.length;r++){const i=2*r,n=e.slice(i,i+2),a=Number.parseInt(n,16);if(Number.isNaN(a)||a<0)throw Error("Invalid byte sequence");t[r]=a}return t}function vr(e){return kr(e.toString(16).padStart(64,"0"))}function Kr(e){return vr(e).reverse()}function Ar(e){return(Ur(e)&Xt)===Xt}function Er(e){if(!(e instanceof Uint8Array))throw Error("Expected Uint8Array");return BigInt("0x"+br(Uint8Array.from(e).reverse()))}const Sr=BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");function Pr(e){return Ur(Er(e)&Sr)}function Ur(e,t=tr.P){const r=e%t;return r>=Qt?r:t+r}function Dr(e,t=tr.P){if(e===Qt||t<=Qt)throw Error(`invert: expected positive integers, got n=${e} mod=${t}`);let r=Ur(e,t),i=t,n=Qt,a=Xt;for(;r!==Qt;){const e=i%r,t=n-a*(i/r);i=r,r=e,n=a,a=t}if(i!==Xt)throw Error("invert: does not exist");return Ur(n,t)}function xr(e,t){const{P:r}=tr;let i=e;for(;t-- >Qt;)i*=i,i%=r;return i}function Ir(e,t){const r=Ur(t*t*t),i=function(e){const{P:t}=tr,r=BigInt(5),i=BigInt(10),n=BigInt(20),a=BigInt(40),s=BigInt(80),o=e*e%t*e%t,c=xr(o,Yt)*o%t,u=xr(c,Xt)*e%t,h=xr(u,r)*u%t,l=xr(h,i)*h%t,y=xr(l,n)*l%t,p=xr(y,a)*y%t,g=xr(p,s)*p%t,d=xr(g,s)*p%t,f=xr(d,i)*h%t;return{pow_p_5_8:xr(f,Yt)*e%t,b2:o}}(e*Ur(r*r*t)).pow_p_5_8;let n=Ur(e*r*i);const a=Ur(t*n*n),s=n,o=Ur(n*ir),c=a===e,u=a===Ur(-e),h=a===Ur(-e*ir);return c&&(n=s),(u||h)&&(n=o),Ar(n)&&(n=Ur(-n)),{isValid:c||u,value:n}}function Cr(e){return Ir(Xt,e)}function Br(e){return Ur(Er(e),tr.l)}function Tr(e,t){const r=e instanceof Uint8Array?Uint8Array.from(e):kr(e);if("number"==typeof t&&r.length!==t)throw Error(`Expected ${t} bytes`);return r}function Mr(e,t,r=!0){if(!t)throw new TypeError("Specify max value");if("number"==typeof e&&Number.isSafeInteger(e)&&(e=BigInt(e)),"bigint"==typeof e&&e<t)if(r){if(Qt<e)return e}else if(Qt<=e)return e;throw new TypeError("Expected valid scalar: 0 < scalar < max")}let _r;async function Fr(e){return function(e){const t=function(e){return e[0]&=248,e[31]&=127,e[31]|=64,e}(e.slice(0,32)),r=e.slice(32,64),i=Br(t),n=dr.BASE.multiply(i),a=n.toRawBytes();return{head:t,prefix:r,scalar:i,point:n,pointBytes:a}}(await Nr.sha512(function(e){if(32!==(e="bigint"==typeof e||"number"==typeof e?vr(Mr(e,rr)):Tr(e)).length)throw Error("Expected 32 bytes");return e}(e)))}async function Rr(e,t,r){const{r:i,SB:n,msg:a,pub:s}=function(e,t,r){t=Tr(t),r instanceof dr||(r=dr.fromHex(r,!1));const{r:i,s:n}=e instanceof fr?e.assertValidity():fr.fromHex(e);return{r:i,s:n,SB:cr.BASE.multiplyUnsafe(n),pub:r,msg:t}}(e,t,r),o=await Nr.sha512(i.toRawBytes(),s.toRawBytes(),a);return function(e,t,r,i){const n=Br(i),a=cr.fromAffine(e).multiplyUnsafe(n);return cr.fromAffine(t).add(a).subtract(r).multiplyUnsafe(tr.h).equals(cr.ZERO)}(s,i,n,o)}dr.BASE._setWindowSize(8);const Lr={node:null,web:"object"==typeof self&&"crypto"in self?self.crypto:void 0},Nr={bytesToHex:br,hexToBytes:kr,concatBytes:mr,getExtendedPublicKey:Fr,mod:Ur,invert:Dr,TORSION_SUBGROUP:["0100000000000000000000000000000000000000000000000000000000000000","c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a","0000000000000000000000000000000000000000000000000000000000000080","26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05","ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f","26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc85","0000000000000000000000000000000000000000000000000000000000000000","c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa"],hashToPrivateScalar:e=>{if((e=Tr(e)).length<40||e.length>1024)throw Error("Expected 40-1024 bytes of private key as per FIPS 186");return Ur(Er(e),tr.l-Xt)+Xt},randomBytes:(e=32)=>{if(Lr.web)return Lr.web.getRandomValues(new Uint8Array(e));throw Error("The environment doesn't have randomBytes function")},randomPrivateKey:()=>Nr.randomBytes(32),sha512:async(...e)=>{const t=mr(...e);if(Lr.web){const e=await Lr.web.subtle.digest("SHA-512",t.buffer);return new Uint8Array(e)}throw Error("The environment doesn't have sha512 function")},precompute(e=8,t=dr.BASE){const r=t.equals(dr.BASE)?t:new dr(t.x,t.y);return r._setWindowSize(e),r.multiply(Yt),r},sha512Sync:void 0};async function zr(e){switch(e){case B.publicKey.ed25519:try{const e=_.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(O(i.x)),seed:O(r.d)}}catch(t){if("NotSupportedError"!==t.name&&"OperationError"!==t.name&&"SyntaxError"!==t.name)throw t;const r=le(Hr(e)),{publicKey:i}=Ze.sign.keyPair.fromSeed(r);return{A:i,seed:r}}case B.publicKey.ed448:{const e=await _.getNobleCurve(B.publicKey.ed448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function Or(e,t,r,i,n,a){if(Be(t)<Be(Gr(e)))throw Error("Hash algorithm too weak for EdDSA.");switch(e){case B.publicKey.ed25519:try{const t=_.getWebCrypto(),r=Wr(e,i,n),s=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",s,a))}}catch(e){if("NotSupportedError"!==e.name&&"SyntaxError"!==e.name)throw e;const t=_.concatUint8Array([n,i]);return{RS:Ze.sign.detached(a,t)}}case B.publicKey.ed448:return{RS:(await _.getNobleCurve(B.publicKey.ed448)).sign(a,n)};default:throw Error("Unsupported EdDSA algorithm")}}async function qr(e,t,{RS:r},i,n,a){if(Be(t)<Be(Gr(e)))throw Error("Hash algorithm too weak for EdDSA.");switch(e){case B.publicKey.ed25519:try{const t=_.getWebCrypto(),i=Vr(e,n),s=await t.importKey("jwk",i,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",s,r,a)}catch(e){if("NotSupportedError"!==e.name&&"SyntaxError"!==e.name)throw e;return Rr(r,a,n)}case B.publicKey.ed448:return(await _.getNobleCurve(B.publicKey.ed448)).verify(r,a,n);default:throw Error("Unsupported EdDSA algorithm")}}async function jr(e,t,r){switch(e){case B.publicKey.ed25519:{const{publicKey:e}=Ze.sign.keyPair.fromSeed(r);return _.equalsUint8Array(t,e)}case B.publicKey.ed448:{const e=(await _.getNobleCurve(B.publicKey.ed448)).getPublicKey(r);return _.equalsUint8Array(t,e)}default:return!1}}function Hr(e){switch(e){case B.publicKey.ed25519:return 32;case B.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function Gr(e){switch(e){case B.publicKey.ed25519:return B.hash.sha256;case B.publicKey.ed448:return B.hash.sha512;default:throw Error("Unknown EdDSA algo")}}Object.defineProperties(Nr,{sha512Sync:{configurable:!1,get:()=>_r,set(e){_r||(_r=e)}}});const Vr=(e,t)=>{if(e===B.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:q(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},Wr=(e,t,r)=>{if(e===B.publicKey.ed25519){const i=Vr(e,t);return i.d=q(r),i}throw Error("Unsupported EdDSA algorithm")};var $r=/*#__PURE__*/Object.freeze({__proto__:null,generate:zr,getPayloadSize:Hr,getPreferredHashAlgo:Gr,sign:Or,validateParams:jr,verify:qr});function Zr(e){return e instanceof Uint8Array||null!=e&&"object"==typeof e&&"Uint8Array"===e.constructor.name}function Qr(e,...t){if(!Zr(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function Xr(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function Yr(e,t){Qr(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}
-/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */const Jr=e=>new Uint8Array(e.buffer,e.byteOffset,e.byteLength),ei=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4)),ti=e=>new DataView(e.buffer,e.byteOffset,e.byteLength);if(!(68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]))throw Error("Non little-endian hardware is not supported");function ri(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!Zr(e))throw Error("Uint8Array expected, got "+typeof e);e=oi(e)}return e}function ii(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i<e.length;i++)r|=e[i]^t[i];return 0===r}const ni=(e,t)=>(Object.assign(t,e),t);function ai(e,t,r,i){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,i);const n=BigInt(32),a=BigInt(4294967295),s=Number(r>>n&a),o=Number(r&a);e.setUint32(t+0,s,i),e.setUint32(t+4,o,i)}function si(e){return e.byteOffset%4==0}function oi(e){return Uint8Array.from(e)}function ci(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}const ui=16,hi=/* @__PURE__ */new Uint8Array(16),li=ei(hi),yi=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class pi{constructor(e,t){this.blockLen=ui,this.outputLen=ui,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,Qr(e=ri(e),16);const r=ti(e);let i=r.getUint32(0,!1),n=r.getUint32(4,!1),a=r.getUint32(8,!1),s=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:yi(i),s1:yi(n),s2:yi(a),s3:yi(s)}),({s0:i,s1:n,s2:a,s3:s}={s3:(h=a)<<31|(l=s)>>>1,s2:(u=n)<<31|h>>>1,s1:(c=i)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const y=(e=>e>65536?8:e>1024?4:2)(t||1024);if(![1,2,4,8].includes(y))throw Error(`ghash: wrong window size=${y}, should be 2, 4 or 8`);this.W=y;const p=128/y,g=this.windowSize=2**y,d=[];for(let e=0;e<p;e++)for(let t=0;t<g;t++){let r=0,i=0,n=0,a=0;for(let s=0;s<y;s++){if(!(t>>>y-s-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[y*e+s];r^=c,i^=u,n^=h,a^=l}d.push({s0:r,s1:i,s2:n,s3:a})}this.t=d}_updateBlock(e,t,r,i){e^=this.s0,t^=this.s1,r^=this.s2,i^=this.s3;const{W:n,t:a,windowSize:s}=this;let o=0,c=0,u=0,h=0;const l=(1<<n)-1;let y=0;for(const p of[e,t,r,i])for(let e=0;e<4;e++){const t=p>>>8*e&255;for(let e=8/n-1;e>=0;e--){const r=t>>>n*e&l,{s0:i,s1:p,s2:g,s3:d}=a[y*s+r];o^=i,c^=p,u^=g,h^=d,y+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){e=ri(e),Xr(this);const t=ei(e),r=Math.floor(e.length/ui),i=e.length%ui;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return i&&(hi.set(e.subarray(r*ui)),this._updateBlock(li[0],li[1],li[2],li[3]),ci(li)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){Xr(this),Yr(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:n}=this,a=ei(e);return a[0]=t,a[1]=r,a[2]=i,a[3]=n,e}digest(){const e=new Uint8Array(ui);return this.digestInto(e),this.destroy(),e}}class gi extends pi{constructor(e,t){const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const i=e[t];e[t]=i>>>1|r,r=(1&i)<<7}return e[0]^=225&-t,e}(oi(e=ri(e)));super(r,t),ci(r)}update(e){e=ri(e),Xr(this);const t=ei(e),r=e.length%ui,i=Math.floor(e.length/ui);for(let e=0;e<i;e++)this._updateBlock(yi(t[4*e+3]),yi(t[4*e+2]),yi(t[4*e+1]),yi(t[4*e+0]));return r&&(hi.set(e.subarray(i*ui)),this._updateBlock(yi(li[3]),yi(li[2]),yi(li[1]),yi(li[0])),ci(li)),this}digestInto(e){Xr(this),Yr(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:n}=this,a=ei(e);return a[0]=t,a[1]=r,a[2]=i,a[3]=n,e.reverse()}}function di(e){const t=(t,r)=>e(r,t.length).update(ri(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const fi=di(((e,t)=>new pi(e,t)));di(((e,t)=>new gi(e,t)));const mi=16,wi=new Uint8Array(mi),bi=283;function ki(e){return e<<1^bi&-(e>>7)}function vi(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=ki(e);return r}const Ki=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=ki(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let i=e[255-r];i|=i<<8,t[e[r]]=255&(i^i>>4^i>>5^i>>6^i>>7^99)}return ci(e),t})(),Ai=/* @__PURE__ */Ki.map(((e,t)=>Ki.indexOf(t))),Ei=e=>e<<24|e>>>8,Si=e=>e<<8|e>>>24,Pi=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Ui(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,i)=>t(e[i]))),i=r.map(Si),n=i.map(Si),a=n.map(Si),s=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;s[h]=r[t]^i[u],o[h]=n[t]^a[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:i,T2:n,T3:a,T01:s,T23:o}}const Di=/* @__PURE__ */Ui(Ki,(e=>vi(e,3)<<24|e<<16|e<<8|vi(e,2))),xi=/* @__PURE__ */Ui(Ai,(e=>vi(e,11)<<24|vi(e,13)<<16|vi(e,9)<<8|vi(e,14))),Ii=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=ki(r))e[t]=r;return e})();function Ci(e){Qr(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: wrong key size: should be 16, 24 or 32, got: "+t);const{sbox2:r}=Di,i=[];si(e)||i.push(e=oi(e));const n=ei(e),a=n.length,s=e=>Mi(r,e,e,e,e),o=new Uint32Array(t+28);o.set(n);for(let e=a;e<o.length;e++){let t=o[e-1];e%a==0?t=s(Ei(t))^Ii[e/a-1]:a>6&&e%a==4&&(t=s(t)),o[e]=o[e-a]^t}return ci(...i),o}function Bi(e){const t=Ci(e),r=t.slice(),i=t.length,{sbox2:n}=Di,{T0:a,T1:s,T2:o,T3:c}=xi;for(let e=0;e<i;e+=4)for(let n=0;n<4;n++)r[e+n]=t[i-e-4+n];ci(t);for(let e=4;e<i-4;e++){const t=r[e],i=Mi(n,t,t,t,t);r[e]=a[255&i]^s[i>>>8&255]^o[i>>>16&255]^c[i>>>24]}return r}function Ti(e,t,r,i,n,a){return e[r<<8&65280|i>>>8&255]^t[n>>>8&65280|a>>>24&255]}function Mi(e,t,r,i,n){return e[255&t|65280&r]|e[i>>>16&255|n>>>16&65280]<<16}function _i(e,t,r,i,n){const{sbox2:a,T01:s,T23:o}=Di;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],n^=e[c++];const u=e.length/4-2;for(let a=0;a<u;a++){const a=e[c++]^Ti(s,o,t,r,i,n),u=e[c++]^Ti(s,o,r,i,n,t),h=e[c++]^Ti(s,o,i,n,t,r),l=e[c++]^Ti(s,o,n,t,r,i);t=a,r=u,i=h,n=l}return{s0:e[c++]^Mi(a,t,r,i,n),s1:e[c++]^Mi(a,r,i,n,t),s2:e[c++]^Mi(a,i,n,t,r),s3:e[c++]^Mi(a,n,t,r,i)}}function Fi(e,t,r,i,n){const{sbox2:a,T01:s,T23:o}=xi;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],n^=e[c++];const u=e.length/4-2;for(let a=0;a<u;a++){const a=e[c++]^Ti(s,o,t,n,i,r),u=e[c++]^Ti(s,o,r,t,n,i),h=e[c++]^Ti(s,o,i,r,t,n),l=e[c++]^Ti(s,o,n,i,r,t);t=a,r=u,i=h,n=l}return{s0:e[c++]^Mi(a,t,n,i,r),s1:e[c++]^Mi(a,r,t,n,i),s2:e[c++]^Mi(a,i,r,t,n),s3:e[c++]^Mi(a,n,i,r,t)}}function Ri(e,t){if(void 0===t)return new Uint8Array(e);if(Qr(t),t.length<e)throw Error(`aes: wrong destination length, expected at least ${e}, got: ${t.length}`);if(!si(t))throw Error("unaligned dst");return t}function Li(e,t,r,i){Qr(t,mi),Qr(r);const n=r.length;i=Ri(n,i);const a=t,s=ei(a);let{s0:o,s1:c,s2:u,s3:h}=_i(e,s[0],s[1],s[2],s[3]);const l=ei(r),y=ei(i);for(let t=0;t+4<=l.length;t+=4){y[t+0]=l[t+0]^o,y[t+1]=l[t+1]^c,y[t+2]=l[t+2]^u,y[t+3]=l[t+3]^h;let r=1;for(let e=a.length-1;e>=0;e--)r=r+(255&a[e])|0,a[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=_i(e,s[0],s[1],s[2],s[3]))}const p=mi*Math.floor(l.length/4);if(p<n){const e=new Uint32Array([o,c,u,h]),t=Jr(e);for(let e=p,a=0;e<n;e++,a++)i[e]=r[e]^t[a];ci(e)}return i}function Ni(e,t,r,i,n){Qr(r,mi),Qr(i),n=Ri(i.length,n);const a=r,s=ei(a),o=ti(a),c=ei(i),u=ei(n),h=t?0:12,l=i.length;let y=o.getUint32(h,t),{s0:p,s1:g,s2:d,s3:f}=_i(e,s[0],s[1],s[2],s[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^p,u[r+1]=c[r+1]^g,u[r+2]=c[r+2]^d,u[r+3]=c[r+3]^f,y=y+1>>>0,o.setUint32(h,y,t),({s0:p,s1:g,s2:d,s3:f}=_i(e,s[0],s[1],s[2],s[3]));const m=mi*Math.floor(c.length/4);if(m<l){const e=new Uint32Array([p,g,d,f]),t=Jr(e);for(let e=m,r=0;e<l;e++,r++)n[e]=i[e]^t[r];ci(e)}return n}const zi=ni({blockSize:16,nonceLength:16},(function(e,t){function r(r,i){if(Qr(r),void 0!==i&&(Qr(i),!si(i)))throw Error("unaligned destination");const n=Ci(e),a=oi(t),s=[n,a];si(r)||s.push(r=oi(r));const o=Li(n,a,r,i);return ci(...s),o}return Qr(e),Qr(t,mi),{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const Oi=ni({blockSize:16,nonceLength:16},(function(e,t,r={}){Qr(e),Qr(t,16);const i=!r.disablePadding;return{encrypt(r,n){const a=Ci(e),{b:s,o,out:c}=function(e,t,r){Qr(e);let i=e.length;const n=i%mi;if(!t&&0!==n)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");si(e)||(e=oi(e));const a=ei(e);if(t){let e=mi-n;e||(e=mi),i+=e}const s=Ri(i,r);return{b:a,o:ei(s),out:s}}(r,i,n);let u=t;const h=[a];si(u)||h.push(u=oi(u));const l=ei(u);let y=l[0],p=l[1],g=l[2],d=l[3],f=0;for(;f+4<=s.length;)y^=s[f+0],p^=s[f+1],g^=s[f+2],d^=s[f+3],({s0:y,s1:p,s2:g,s3:d}=_i(a,y,p,g,d)),o[f++]=y,o[f++]=p,o[f++]=g,o[f++]=d;if(i){const e=function(e){const t=new Uint8Array(16),r=ei(t);t.set(e);const i=mi-e.length;for(let e=mi-i;e<mi;e++)t[e]=i;return r}(r.subarray(4*f));y^=e[0],p^=e[1],g^=e[2],d^=e[3],({s0:y,s1:p,s2:g,s3:d}=_i(a,y,p,g,d)),o[f++]=y,o[f++]=p,o[f++]=g,o[f++]=d}return ci(...h),c},decrypt(r,n){!function(e){if(Qr(e),e.length%mi!=0)throw Error("aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const a=Bi(e);let s=t;const o=[a];si(s)||o.push(s=oi(s));const c=ei(s),u=Ri(r.length,n);si(r)||o.push(r=oi(r));const h=ei(r),l=ei(u);let y=c[0],p=c[1],g=c[2],d=c[3];for(let e=0;e+4<=h.length;){const t=y,r=p,i=g,n=d;y=h[e+0],p=h[e+1],g=h[e+2],d=h[e+3];const{s0:s,s1:o,s2:c,s3:u}=Fi(a,y,p,g,d);l[e++]=s^t,l[e++]=o^r,l[e++]=c^i,l[e++]=u^n}return ci(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const i=e[r-1];if(i<=0||i>16)throw Error("aes/pcks5: wrong padding");const n=e.subarray(0,-i);for(let t=0;t<i;t++)if(e[r-t-1]!==i)throw Error("aes/pcks5: wrong padding");return n}(u,i)}}})),qi=ni({blockSize:16,nonceLength:16},(function(e,t){function r(r,i,n){Qr(r);const a=r.length;n=Ri(a,n);const s=Ci(e);let o=t;const c=[s];si(o)||c.push(o=oi(o)),si(r)||c.push(r=oi(r));const u=ei(r),h=ei(n),l=i?h:u,y=ei(o);let p=y[0],g=y[1],d=y[2],f=y[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:i,s3:n}=_i(s,p,g,d,f);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^i,h[e+3]=u[e+3]^n,p=l[e++],g=l[e++],d=l[e++],f=l[e++]}const m=mi*Math.floor(u.length/4);if(m<a){({s0:p,s1:g,s2:d,s3:f}=_i(s,p,g,d,f));const e=Jr(new Uint32Array([p,g,d,f]));for(let t=m,i=0;t<a;t++,i++)n[t]=r[t]^e[i];ci(e)}return ci(...c),n}return Qr(e),Qr(t,16),{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));const ji=ni({blockSize:16,nonceLength:12,tagLength:16},(function(e,t,r){if(Qr(e),Qr(t),void 0!==r&&Qr(r),t.length<8)throw Error("aes/gcm: invalid nonce length");const i=16;function n(e,t,i){const n=function(e,t,r,i,n){const a=null==n?0:n.length,s=e.create(r,i.length+a);n&&s.update(n),s.update(i);const o=new Uint8Array(16),c=ti(o);n&&ai(c,0,BigInt(8*a),t),ai(c,8,BigInt(8*i.length),t),s.update(o);const u=s.digest();return ci(o),u}(fi,!1,e,i,r);for(let e=0;e<t.length;e++)n[e]^=t[e];return n}function a(){const r=Ci(e),i=wi.slice(),n=wi.slice();if(Ni(r,!1,n,n,i),12===t.length)n.set(t);else{const e=wi.slice();ai(ti(e),8,BigInt(8*t.length),!1);const r=fi.create(i).update(t).update(e);r.digestInto(n),r.destroy()}return{xk:r,authKey:i,counter:n,tagMask:Ni(r,!1,n,wi)}}return{encrypt(e){Qr(e);const{xk:t,authKey:r,counter:s,tagMask:o}=a(),c=new Uint8Array(e.length+i),u=[t,r,s,o];si(e)||u.push(e=oi(e)),Ni(t,!1,s,e,c);const h=n(r,o,c.subarray(0,c.length-i));return u.push(h),c.set(h,e.length),ci(...u),c},decrypt(e){if(Qr(e),e.length<i)throw Error("aes/gcm: ciphertext less than tagLen (16)");const{xk:t,authKey:r,counter:s,tagMask:o}=a(),c=[t,r,o,s];si(e)||c.push(e=oi(e));const u=e.subarray(0,-16),h=e.subarray(-16),l=n(r,o,u);if(c.push(l),!ii(l,h))throw Error("aes/gcm: invalid ghash tag");const y=Ni(t,!1,s,u);return ci(...c),y}}}));function Hi(e){return null!=e&&"object"==typeof e&&(e instanceof Uint32Array||"Uint32Array"===e.constructor.name)}function Gi(e,t){if(Qr(t,16),!Hi(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=ei(t);let{s0:i,s1:n,s2:a,s3:s}=_i(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=n,r[2]=a,r[3]=s,t}function Vi(e,t){if(Qr(t,16),!Hi(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=ei(t);let{s0:i,s1:n,s2:a,s3:s}=Fi(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=n,r[2]=a,r[3]=s,t}const Wi={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=Ci(e);if(16===t.length)Gi(r,t);else{const e=ei(t);let i=e[0],n=e[1];for(let t=0,a=1;t<6;t++)for(let t=2;t<e.length;t+=2,a++){const{s0:s,s1:o,s2:c,s3:u}=_i(r,i,n,e[t],e[t+1]);i=s,n=o^Pi(a),e[t]=c,e[t+1]=u}e[0]=i,e[1]=n}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=Bi(e),i=t.length/8-1;if(1===i)Vi(r,t);else{const e=ei(t);let n=e[0],a=e[1];for(let t=0,s=6*i;t<6;t++)for(let t=2*i;t>=1;t-=2,s--){a^=Pi(s);const{s0:i,s1:o,s2:c,s3:u}=Fi(r,n,a,e[t],e[t+1]);n=i,a=o,e[t]=c,e[t+1]=u}e[0]=n,e[1]=a}r.fill(0)}},$i=new Uint8Array(8).fill(166),Zi=ni({blockSize:8},(e=>({encrypt(t){if(Qr(t),!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const i=e[r];Qr(i),t+=i.length}const r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const n=e[t];r.set(n,i),i+=n.length}return r}($i,t);return Wi.encrypt(e,r),r},decrypt(t){if(Qr(t),t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=oi(t);if(Wi.decrypt(e,r),!ii(r.subarray(0,8),$i))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),Qi={expandKeyLE:Ci,expandKeyDecLE:Bi,encrypt:_i,decrypt:Fi,encryptBlock:Gi,decryptBlock:Vi,ctrCounter:Li,ctr32:Ni};async function Xi(e){switch(e){case B.symmetric.aes128:case B.symmetric.aes192:case B.symmetric.aes256:throw Error("Not a legacy cipher");case B.symmetric.cast5:case B.symmetric.blowfish:case B.symmetric.twofish:case B.symmetric.tripledes:{const{legacyCiphers:t}=await import("./legacy_ciphers.min.mjs"),r=B.read(B.symmetric,e),i=t.get(r);if(!i)throw Error("Unsupported cipher algorithm");return i}default:throw Error("Unsupported cipher algorithm")}}function Yi(e){switch(e){case B.symmetric.aes128:case B.symmetric.aes192:case B.symmetric.aes256:case B.symmetric.twofish:return 16;case B.symmetric.blowfish:case B.symmetric.cast5:case B.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function Ji(e){switch(e){case B.symmetric.aes128:case B.symmetric.blowfish:case B.symmetric.cast5:return 16;case B.symmetric.aes192:case B.symmetric.tripledes:return 24;case B.symmetric.aes256:case B.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function en(e){return{keySize:Ji(e),blockSize:Yi(e)}}const tn=_.getWebCrypto();async function rn(e,t,r){const{keySize:i}=en(e);if(!_.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");try{const e=await tn.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),i=await tn.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),n=await tn.wrapKey("raw",i,e,{name:"AES-KW"});return new Uint8Array(n)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;_.printDebugError("Browser did not support operation: "+e.message)}return Zi(t).encrypt(r)}async function nn(e,t,r){const{keySize:i}=en(e);if(!_.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");let n;try{n=await tn.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return _.printDebugError("Browser did not support operation: "+e.message),Zi(t).decrypt(r)}try{const e=await tn.unwrapKey("raw",r,n,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await tn.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}const an=_.getWebCrypto();async function sn(e,t,r,i,n){const a=B.read(B.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");const s=await an.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await an.deriveBits({name:"HKDF",hash:a,salt:r,info:i},s,8*n);return new Uint8Array(o)}const on={x25519:_.encodeUTF8("OpenPGP X25519"),x448:_.encodeUTF8("OpenPGP X448")};async function cn(e){switch(e){case B.publicKey.x25519:{const e=le(32),{publicKey:t}=Ze.box.keyPair.fromSecretKey(e);return{A:t,k:e}}case B.publicKey.x448:{const e=await _.getNobleCurve(B.publicKey.x448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function un(e,t,r){switch(e){case B.publicKey.x25519:{const{publicKey:e}=Ze.box.keyPair.fromSecretKey(r);return _.equalsUint8Array(t,e)}case B.publicKey.x448:{const e=(await _.getNobleCurve(B.publicKey.x448)).getPublicKey(r);return _.equalsUint8Array(t,e)}default:return!1}}async function hn(e,t,r){const{ephemeralPublicKey:i,sharedSecret:n}=await pn(e,r),a=_.concatUint8Array([i,r,n]);switch(e){case B.publicKey.x25519:{const e=B.symmetric.aes128,{keySize:r}=en(e),n=await sn(B.hash.sha256,a,new Uint8Array,on.x25519,r);return{ephemeralPublicKey:i,wrappedKey:await rn(e,n,t)}}case B.publicKey.x448:{const e=B.symmetric.aes256,{keySize:r}=en(B.symmetric.aes256),n=await sn(B.hash.sha512,a,new Uint8Array,on.x448,r);return{ephemeralPublicKey:i,wrappedKey:await rn(e,n,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function ln(e,t,r,i,n){const a=await gn(e,t,i,n),s=_.concatUint8Array([t,i,a]);switch(e){case B.publicKey.x25519:{const e=B.symmetric.aes128,{keySize:t}=en(e);return nn(e,await sn(B.hash.sha256,s,new Uint8Array,on.x25519,t),r)}case B.publicKey.x448:{const e=B.symmetric.aes256,{keySize:t}=en(B.symmetric.aes256);return nn(e,await sn(B.hash.sha512,s,new Uint8Array,on.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function yn(e){switch(e){case B.publicKey.x25519:return 32;case B.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function pn(e,t){switch(e){case B.publicKey.x25519:{const r=le(yn(e)),i=Ze.scalarMult(r,t);dn(i);const{publicKey:n}=Ze.box.keyPair.fromSecretKey(r);return{ephemeralPublicKey:n,sharedSecret:i}}case B.publicKey.x448:{const e=await _.getNobleCurve(B.publicKey.x448),r=e.utils.randomPrivateKey(),i=e.getSharedSecret(r,t);dn(i);return{ephemeralPublicKey:e.getPublicKey(r),sharedSecret:i}}default:throw Error("Unsupported ECDH algorithm")}}async function gn(e,t,r,i){switch(e){case B.publicKey.x25519:{const e=Ze.scalarMult(i,t);return dn(e),e}case B.publicKey.x448:{const e=(await _.getNobleCurve(B.publicKey.x448)).getSharedSecret(i,t);return dn(e),e}default:throw Error("Unsupported ECDH algorithm")}}function dn(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}var fn=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:ln,encrypt:hn,generate:cn,generateEphemeralEncryptionMaterial:pn,getPayloadSize:yn,recomputeSharedSecret:gn,validateParams:un});const mn=_.getWebCrypto(),wn=_.getNodeCrypto(),bn={[B.curve.nistP256]:"P-256",[B.curve.nistP384]:"P-384",[B.curve.nistP521]:"P-521"},kn=wn?wn.getCurves():[],vn=wn?{[B.curve.secp256k1]:kn.includes("secp256k1")?"secp256k1":void 0,[B.curve.nistP256]:kn.includes("prime256v1")?"prime256v1":void 0,[B.curve.nistP384]:kn.includes("secp384r1")?"secp384r1":void 0,[B.curve.nistP521]:kn.includes("secp521r1")?"secp521r1":void 0,[B.curve.ed25519Legacy]:kn.includes("ED25519")?"ED25519":void 0,[B.curve.curve25519Legacy]:kn.includes("X25519")?"X25519":void 0,[B.curve.brainpoolP256r1]:kn.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[B.curve.brainpoolP384r1]:kn.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[B.curve.brainpoolP512r1]:kn.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Kn={[B.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:vn[B.curve.nistP256],web:bn[B.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[B.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:B.publicKey.ecdsa,hash:B.hash.sha384,cipher:B.symmetric.aes192,node:vn[B.curve.nistP384],web:bn[B.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[B.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:B.publicKey.ecdsa,hash:B.hash.sha512,cipher:B.symmetric.aes256,node:vn[B.curve.nistP521],web:bn[B.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[B.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:vn[B.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[B.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:B.publicKey.eddsaLegacy,hash:B.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[B.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:B.publicKey.ecdh,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[B.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:vn[B.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[B.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:B.publicKey.ecdsa,hash:B.hash.sha384,cipher:B.symmetric.aes192,node:vn[B.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[B.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:B.publicKey.ecdsa,hash:B.hash.sha512,cipher:B.symmetric.aes256,node:vn[B.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class An{constructor(e){try{this.name=e instanceof Nt?e.getName():B.write(B.curve,e)}catch(e){throw new Wt("Unknown curve")}const t=Kn[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&_.getWebCrypto()?this.type="web":this.node&&_.getNodeCrypto()?this.type="node":this.name===B.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===B.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await mn.generateKey({name:"ECDSA",namedCurve:bn[e]},!0,["sign","verify"]),i=await mn.exportKey("jwk",r.privateKey);return{publicKey:xn(await mn.exportKey("jwk",r.publicKey),t),privateKey:O(i.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return _.printDebugError("Browser did not support generating ec key "+e.message),Dn(this.name)}case"node":return async function(e){const t=wn.createECDH(vn[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await cn(B.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:_.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await zr(B.publicKey.ed25519);return{publicKey:_.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return Dn(this.name)}}}async function En(e){const t=new An(e),{oid:r,hash:i,cipher:n}=t,a=await t.genKeyPair();return{oid:r,Q:a.publicKey,secret:_.leftPad(a.privateKey,t.payloadSize),hash:i,cipher:n}}function Sn(e){return Kn[e.getName()].hash}async function Pn(e,t,r,i){const n={[B.curve.nistP256]:!0,[B.curve.nistP384]:!0,[B.curve.nistP521]:!0,[B.curve.secp256k1]:!0,[B.curve.curve25519Legacy]:e===B.publicKey.ecdh,[B.curve.brainpoolP256r1]:!0,[B.curve.brainpoolP384r1]:!0,[B.curve.brainpoolP512r1]:!0},a=t.getName();if(!n[a])return!1;if(a===B.curve.curve25519Legacy){i=i.slice().reverse();const{publicKey:e}=Ze.box.keyPair.fromSecretKey(i);r=new Uint8Array(r);const t=new Uint8Array([64,...e]);return!!_.equalsUint8Array(t,r)}const s=(await _.getNobleCurve(B.publicKey.ecdsa,a)).getPublicKey(i,!1);return!!_.equalsUint8Array(s,r)}function Un(e,t){const{payloadSize:r,wireFormatLeadingByte:i,name:n}=e,a=n===B.curve.curve25519Legacy||n===B.curve.ed25519Legacy?r:2*r;if(t[0]!==i||t.length!==a+1)throw Error("Invalid point encoding")}async function Dn(e){const t=await _.getNobleCurve(B.publicKey.ecdsa,e),r=t.utils.randomPrivateKey();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function xn(e,t){const r=O(e.x),i=O(e.y),n=new Uint8Array(r.length+i.length+1);return n[0]=t,n.set(r,1),n.set(i,r.length+1),n}function In(e,t,r){const i=e,n=r.slice(1,i+1),a=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:q(n),y:q(a),ext:!0}}function Cn(e,t,r,i){const n=In(e,t,r);return n.d=q(i),n}const Bn=_.getWebCrypto(),Tn=_.getNodeCrypto();async function Mn(e,t,r,i,n,a){const s=new An(e);if(Un(s,i),r&&!_.isStream(r)){const e={publicKey:i,privateKey:n};switch(s.type){case"web":try{return await async function(e,t,r,i){const n=e.payloadSize,a=Cn(e.payloadSize,bn[e.name],i.publicKey,i.privateKey),s=await Bn.importKey("jwk",a,{name:"ECDSA",namedCurve:bn[e.name],hash:{name:B.read(B.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await Bn.sign({name:"ECDSA",namedCurve:bn[e.name],hash:{name:B.read(B.webHash,t)}},s,r));return{r:o.slice(0,n),s:o.slice(n,n<<1)}}(s,t,r,e)}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;_.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return async function(e,t,r,i){const n=_.nodeRequire("eckey-utils"),a=_.getNodeBuffer(),{privateKey:s}=n.generateDer({curveName:vn[e.name],privateKey:a.from(i)}),o=Tn.createSign(B.read(B.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:s,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(s,t,r,n)}}const o=(await _.getNobleCurve(B.publicKey.ecdsa,s.name)).sign(a,n,{lowS:!1});return{r:ue(o.r,"be",s.payloadSize),s:ue(o.s,"be",s.payloadSize)}}async function _n(e,t,r,i,n,a){const s=new An(e);Un(s,n);const o=async()=>0===a[0]&&Fn(s,r,a.subarray(1),n);if(i&&!_.isStream(i))switch(s.type){case"web":try{const e=await async function(e,t,{r,s:i},n,a){const s=In(e.payloadSize,bn[e.name],a),o=await Bn.importKey("jwk",s,{name:"ECDSA",namedCurve:bn[e.name],hash:{name:B.read(B.webHash,e.hash)}},!1,["verify"]),c=_.concatUint8Array([r,i]).buffer;return Bn.verify({name:"ECDSA",namedCurve:bn[e.name],hash:{name:B.read(B.webHash,t)}},o,c,n)}(s,t,r,i,n);return e||o()}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;_.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:i},n,a){const s=_.nodeRequire("eckey-utils"),o=_.getNodeBuffer(),{publicKey:c}=s.generateDer({curveName:vn[e.name],publicKey:o.from(a)}),u=Tn.createVerify(B.read(B.hash,t));u.write(n),u.end();const h=_.concatUint8Array([r,i]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(s,t,r,i,n);return e||o()}}return await Fn(s,r,a,n)||o()}async function Fn(e,t,r,i){return(await _.getNobleCurve(B.publicKey.ecdsa,e.name)).verify(_.concatUint8Array([t.r,t.s]),r,i,{lowS:!1})}var Rn=/*#__PURE__*/Object.freeze({__proto__:null,sign:Mn,validateParams:async function(e,t,r){const i=new An(e);if(i.keyType!==B.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=le(8),n=B.hash.sha256,a=await Ce(n,i);try{const s=await Mn(e,n,i,t,r,a);return await _n(e,n,s,i,t,a)}catch(e){return!1}}default:return Pn(B.publicKey.ecdsa,e,t,r)}},verify:_n});async function Ln(e,t,r,i,n,a){if(Un(new An(e),i),Be(t)<Be(B.hash.sha256))throw Error("Hash algorithm too weak for EdDSA.");const{RS:s}=await Or(B.publicKey.ed25519,t,0,i.subarray(1),n,a);return{r:s.subarray(0,32),s:s.subarray(32)}}async function Nn(e,t,{r,s:i},n,a,s){if(Un(new An(e),a),Be(t)<Be(B.hash.sha256))throw Error("Hash algorithm too weak for EdDSA.");const o=_.concatUint8Array([r,i]);return qr(B.publicKey.ed25519,t,{RS:o},0,a.subarray(1),s)}async function zn(e,t,r){if(e.getName()!==B.curve.ed25519Legacy)return!1;const{publicKey:i}=Ze.sign.keyPair.fromSeed(r),n=new Uint8Array([64,...i]);return _.equalsUint8Array(t,n)}var On=/*#__PURE__*/Object.freeze({__proto__:null,sign:Ln,validateParams:zn,verify:Nn});function qn(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),n=new Uint8Array(r).fill(r);if(_.equalsUint8Array(i,n))return e.subarray(0,t-r)}}throw Error("Invalid padding")}const jn=_.getWebCrypto(),Hn=_.getNodeCrypto();function Gn(e,t,r,i){return _.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),_.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||i])}async function Vn(e,t,r,i,n=!1,a=!1){let s;if(n){for(s=0;s<t.length&&0===t[s];s++);t=t.subarray(s)}if(a){for(s=t.length-1;s>=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Ce(e,_.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function Wn(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:i}=await pn(B.publicKey.x25519,t.subarray(1));return{publicKey:_.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),i]),sharedKey:r}}case"web":if(e.web&&_.getWebCrypto())try{return await async function(e,t){const r=In(e.payloadSize,e.web,t);let i=jn.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),n=jn.importKey("jwk",r,{name:"ECDH",namedCurve:e.web},!1,[]);[i,n]=await Promise.all([i,n]);let a=jn.deriveBits({name:"ECDH",namedCurve:e.web,public:n},i.privateKey,e.sharedSize),s=jn.exportKey("jwk",i.publicKey);[a,s]=await Promise.all([a,s]);const o=new Uint8Array(a),c=new Uint8Array(xn(s,e.wireFormatLeadingByte));return{publicKey:c,sharedKey:o}}(e,t)}catch(r){return _.printDebugError(r),Yn(e,t)}break;case"node":return async function(e,t){const r=Hn.createECDH(e.node);r.generateKeys();const i=new Uint8Array(r.computeSecret(t));return{publicKey:new Uint8Array(r.getPublicKey()),sharedKey:i}}(e,t);default:return Yn(e,t)}}async function $n(e,t,r,i,n){const a=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),s=new An(e);Un(s,i);const{publicKey:o,sharedKey:c}=await Wn(s,i),u=Gn(B.publicKey.ecdh,e,t,n),{keySize:h}=en(t.cipher),l=await Vn(t.hash,c,h,u);return{publicKey:o,wrappedKey:await rn(t.cipher,l,a)}}async function Zn(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519Legacy":{const e=i.slice().reverse();return{secretKey:e,sharedKey:await gn(B.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&_.getWebCrypto())try{return await async function(e,t,r,i){const n=Cn(e.payloadSize,e.web,r,i);let a=jn.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const s=In(e.payloadSize,e.web,t);let o=jn.importKey("jwk",s,{name:"ECDH",namedCurve:e.web},!0,[]);[a,o]=await Promise.all([a,o]);let c=jn.deriveBits({name:"ECDH",namedCurve:e.web,public:o},a,e.sharedSize),u=jn.exportKey("jwk",a);[c,u]=await Promise.all([c,u]);const h=new Uint8Array(c);return{secretKey:O(u.d),sharedKey:h}}(e,t,r,i)}catch(r){return _.printDebugError(r),Xn(e,t,i)}break;case"node":return async function(e,t,r){const i=Hn.createECDH(e.node);i.setPrivateKey(r);const n=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:n}}(e,t,i);default:return Xn(e,t,i)}}async function Qn(e,t,r,i,n,a,s){const o=new An(e);Un(o,n),Un(o,r);const{sharedKey:c}=await Zn(o,r,n,a),u=Gn(B.publicKey.ecdh,e,t,s),{keySize:h}=en(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await Vn(t.hash,c,h,u,1===e,2===e);return qn(await nn(t.cipher,r,i))}catch(e){l=e}throw l}async function Xn(e,t,r){return{secretKey:r,sharedKey:(await _.getNobleCurve(B.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function Yn(e,t){const r=await _.getNobleCurve(B.publicKey.ecdh,e.name),{publicKey:i,privateKey:n}=await e.genKeyPair();return{publicKey:i,sharedKey:r.getSharedSecret(n,t).subarray(1)}}var Jn=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:An,ecdh:/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Qn,encrypt:$n,validateParams:async function(e,t,r){return Pn(B.publicKey.ecdh,e,t,r)}}),ecdhX:fn,ecdsa:Rn,eddsa:$r,eddsaLegacy:On,generate:En,getPreferredHashAlgo:Sn});const ea=BigInt(0),ta=BigInt(1);const ra=new Set([B.hash.sha1,B.hash.sha256,B.hash.sha512]),ia=_.getWebCrypto(),na=_.getNodeCrypto();async function aa(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{publicKey:r,secretKey:i}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:i}}throw Error("Unsupported KEM algorithm")}async function sa(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===B.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await cn(B.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:i,mlkemSeed:n,mlkemSecretKey:a}=await async function(e){if(e===B.publicKey.pqc_mlkem_x25519){const t=le(64),{mlkemSecretKey:r,mlkemPublicKey:i}=await aa(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:i}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:i,mlkemSeed:n,mlkemSecretKey:a}}async function oa(e,t,r,i){const{eccKeyShare:n,eccCipherText:a}=await async function(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await pn(B.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:s,mlkemCipherText:o}=await async function(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{cipherText:r,sharedSecret:i}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:i}}throw Error("Unsupported KEM algorithm")}(e,r),c=await ua(e,n,a,t,s,o,r);return{eccCipherText:a,mlkemCipherText:o,wrappedKey:await rn(B.symmetric.aes256,c,i)}}async function ca(e,t,r,i,n,a,s,o){const c=await async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519)return await gn(B.publicKey.x25519,t,0,r);throw Error("Unsupported KEM algorithm")}(e,t,i),u=await async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs");return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,a),h=await ua(e,c,t,n,u,r,s);return await nn(B.symmetric.aes256,h,o)}async function ua(e,t,r,i,n,a,s){const o=_.concatUint8Array([n,t,r,i,a,s,new Uint8Array([e]),_.encodeUTF8("OpenPGPCompositeKDFv1")]);return await Ce(B.hash.sha3_256,o)}async function ha(e,t,r,i,n){const a=async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519)return un(B.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),s=async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:i}=await aa(e,r);return _.equalsUint8Array(t,i)}throw Error("Unsupported KEM algorithm")}(e,i,n);return await a&&await s}async function la(e,t){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs"),{secretKey:r,publicKey:i}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}async function ya(e){if(e===B.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===B.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await zr(B.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:i,mldsaSecretKey:n,mldsaPublicKey:a}=await async function(e){if(e===B.publicKey.pqc_mldsa_ed25519){const t=le(32),{mldsaSecretKey:r,mldsaPublicKey:i}=await la(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:i,mldsaSecretKey:n,mldsaPublicKey:a}}throw Error("Unsupported signature algorithm")}async function pa(e,t,r,i,n,a){if(t!==da(e))throw Error("Unexpected hash algorithm for PQC signature");if(e===B.publicKey.pqc_mldsa_ed25519){const{eccSignature:s}=await async function(e,t,r,i,n){if(e===B.publicKey.pqc_mldsa_ed25519){const{RS:e}=await Or(B.publicKey.ed25519,t,0,i,r,n);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,t,r,i,a),{mldsaSignature:o}=await async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,n,a);return{eccSignature:s,mldsaSignature:o}}throw Error("Unsupported signature algorithm")}async function ga(e,t,r,i,n,{eccSignature:a,mldsaSignature:s}){if(t!==da(e))throw Error("Unexpected hash algorithm for PQC signature");if(e===B.publicKey.pqc_mldsa_ed25519){const o=async function(e,t,r,i,n){if(e===B.publicKey.pqc_mldsa_ed25519)return qr(B.publicKey.ed25519,t,{RS:n},0,r,i);throw Error("Unsupported signature algorithm")}(e,t,r,n,a),c=async function(e,t,r,i){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return e.verify(t,r,i)}throw Error("Unsupported signature algorithm")}(e,i,n,s);return await o&&await c}throw Error("Unsupported signature algorithm")}function da(e){if(e===B.publicKey.pqc_mldsa_ed25519)return B.hash.sha3_256;throw Error("Unsupported signature algorithm")}async function fa(e,t,r,i,n){const a=async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519)return jr(B.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),s=async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:i}=await la(e,r);return _.equalsUint8Array(t,i)}throw Error("Unsupported signature algorithm")}(e,i,n);return await a&&await s}class ma{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return _.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class wa{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!_.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return _.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class ba{constructor(e){if(e){const{version:t,hash:r,cipher:i,replacementFingerprint:n}=e;this.version=t||1,this.hash=r,this.cipher=i,this.replacementFingerprint=n}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new Wt("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const i=t-r+1;this.replacementFingerprint=e.slice(r,r+i),r+=i}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return _.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const ka=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=B.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return B.read(e,this.data)}getValue(){return this.data}},va=ka(B.aead),Ka=ka(B.symmetric),Aa=ka(B.hash);class Ea{static fromObject({wrappedKey:e,algorithm:t}){const r=new Ea;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=_.readExactSubarray(e,t,t+r),t+=r}write(){return _.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Sa=_.getWebCrypto(),Pa=_.getNodeCrypto(),Ua=Pa?Pa.getCiphers():[],Da={idea:Ua.includes("idea-cfb")?"idea-cfb":void 0,tripledes:Ua.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:Ua.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:Ua.includes("bf-cfb")?"bf-cfb":void 0,aes128:Ua.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:Ua.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:Ua.includes("aes-256-cfb")?"aes-256-cfb":void 0};async function xa(e){const{blockSize:t}=en(e),r=await le(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return _.concat([r,i])}async function Ia(e,t,r,i,n){const a=B.read(B.symmetric,e);if(_.getNodeCrypto()&&Da[a])return function(e,t,r,i){const n=B.read(B.symmetric,e),a=new Pa.createCipheriv(Da[n],t,i);return b(r,(e=>new Uint8Array(a.update(e))))}(e,t,r,i);if(_.isAES(e))return async function(e,t,r,i){if(Sa&&await Ba.isSupported(e)){const n=new Ba(e,t,i);return _.isStream(r)?b(r,(e=>n.encryptChunk(e)),(()=>n.finish())):n.encrypt(r)}if(_.isStream(r)){const n=new Ta(!0,e,t,i);return b(r,(e=>n.processChunk(e)),(()=>n.finish()))}return qi(t,i).encrypt(r)}(e,t,r,i);const s=new(await Xi(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=_.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[i++]=c[r];u=u.subarray(o)}return t.subarray(0,i)};return b(r,h,h)}async function Ca(e,t,r,i){const n=B.read(B.symmetric,e);if(Pa&&Da[n])return function(e,t,r,i){const n=B.read(B.symmetric,e),a=new Pa.createDecipheriv(Da[n],t,i);return b(r,(e=>new Uint8Array(a.update(e))))}(e,t,r,i);if(_.isAES(e))return async function(e,t,r,i){if(_.isStream(r)){const n=new Ta(!1,e,t,i);return b(r,(e=>n.processChunk(e)),(()=>n.finish()))}return qi(t,i).decrypt(r)}(e,t,r,i);const a=new(await Xi(e))(t),s=a.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=_.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=a.encrypt(o);for(o=c.subarray(0,s),r=0;r<s;r++)t[i++]=o[r]^e[r];c=c.subarray(s)}return t.subarray(0,i)};return b(r,u,u)}class Ba{constructor(e,t,r){const{blockSize:i}=en(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i,this.zeroBlock=new Uint8Array(this.blockSize)}static async isSupported(e){const{keySize:t}=en(e);return Sa.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Sa.importKey("raw",this.key,r,!1,["encrypt"]);const i=await Sa.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(i).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=_.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),n=_.concatUint8Array([this.prevBlock,i.subarray(0,i.length-this.blockSize)]),a=await this._runCBC(n);return Ma(a,i),this.prevBlock=a.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,a}let i;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;i=await this._runCBC(this.prevBlock),Ma(i,t),this.prevBlock=i.slice(),this.i=0;const n=e.subarray(r.length);this.nextBlock.set(n,this.i),this.i+=n.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);Ma(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(_.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return Ma(t,e),this.clearSensitiveData(),t}}class Ta{constructor(e,t,r,i){this.forEncryption=e;const{blockSize:n}=en(t);this.key=Qi.expandKeyLE(r),i.byteOffset%4!=0&&(i=i.slice()),this.prevBlock=_a(i),this.nextBlock=new Uint8Array(n),this.i=0,this.blockSize=n}_runCFB(e){const t=_a(e),r=new Uint8Array(e.length),i=_a(r);for(let e=0;e+4<=i.length;e+=4){const{s0:r,s1:n,s2:a,s3:s}=Qi.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);i[e+0]=t[e+0]^r,i[e+1]=t[e+1]^n,i[e+2]=t[e+2]^a,i[e+3]=t[e+3]^s,this.prevBlock=(this.forEncryption?i:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=_.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),n=this._runCFB(i);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,n}let i;if(this.i+=r.length,this.i===this.nextBlock.length){i=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function Ma(e,t){const r=Math.min(e.length,t.length);for(let i=0;i<r;i++)e[i]=e[i]^t[i]}const _a=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const Fa=_.getWebCrypto(),Ra=_.getNodeCrypto(),La=16;function Na(e,t){const r=e.length-La;for(let i=0;i<La;i++)e[i+r]^=t[i];return e}const za=new Uint8Array(La);async function Oa(e){const t=await qa(e),r=_.double(await t(za)),i=_.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%La==0)return Na(e,t);const i=new Uint8Array(e.length+(La-e.length%La));return i.set(e),i[e.length]=128,Na(i,r)}(e,r,i))).subarray(-La)}}async function qa(e){if(_.getNodeCrypto())return async function(t){const r=new Ra.createCipheriv("aes-"+8*e.length+"-cbc",e,za).update(t);return new Uint8Array(r)};if(_.getWebCrypto())try{return e=await Fa.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await Fa.encrypt({name:"AES-CBC",iv:za,length:8*La},e,t);return new Uint8Array(r).subarray(0,r.byteLength-La)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;_.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return Oi(e,za,{disablePadding:!0}).encrypt(t)}}const ja=_.getWebCrypto(),Ha=_.getNodeCrypto(),Ga=_.getNodeBuffer(),Va=16,Wa=Va,$a=Va,Za=new Uint8Array(Va),Qa=new Uint8Array(Va);Qa[Va-1]=1;const Xa=new Uint8Array(Va);async function Ya(e){const t=await Oa(e);return function(e,r){return t(_.concatUint8Array([e,r]))}}async function Ja(e){if(_.getNodeCrypto())return async function(t,r){const i=new Ha.createCipheriv("aes-"+8*e.length+"-ctr",e,r),n=Ga.concat([i.update(t),i.final()]);return new Uint8Array(n)};if(_.getWebCrypto())try{const t=await ja.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const i=await ja.encrypt({name:"AES-CTR",counter:r,length:8*Va},t,e);return new Uint8Array(i)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;_.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return zi(e,r).encrypt(t)}}async function es(e,t){if(e!==B.symmetric.aes128&&e!==B.symmetric.aes192&&e!==B.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,i]=await Promise.all([Ya(t),Ja(t)]);return{encrypt:async function(e,t,n){const[a,s]=await Promise.all([r(Za,t),r(Qa,n)]),o=await i(e,a),c=await r(Xa,o);for(let e=0;e<$a;e++)c[e]^=s[e]^a[e];return _.concatUint8Array([o,c])},decrypt:async function(e,t,n){if(e.length<$a)throw Error("Invalid EAX ciphertext");const a=e.subarray(0,-$a),s=e.subarray(-$a),[o,c,u]=await Promise.all([r(Za,t),r(Qa,n),r(Xa,a)]),h=u;for(let e=0;e<$a;e++)h[e]^=c[e]^o[e];if(!_.equalsUint8Array(s,h))throw Error("Authentication tag mismatch");return await i(a,o)}}}Xa[Va-1]=2,es.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},es.blockLength=Va,es.ivLength=Wa,es.tagLength=$a;const ts=16,rs=15,is=16;function ns(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function as(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function ss(e,t){return as(e.slice(),t)}const os=new Uint8Array(ts),cs=new Uint8Array([1]);async function us(e,t){const{keySize:r}=en(e);if(!_.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let i=0;const n=Oi(t,os,{disablePadding:!0}),a=e=>n.encrypt(e),s=e=>n.decrypt(e);let o;function c(e,t,r,n){const s=t.length/ts|0;!function(e,t){const r=_.nbits(Math.max(e.length,t.length)/ts|0)-1;for(let e=i+1;e<=r;e++)o[e]=_.double(o[e-1]);i=r}(t,n);const c=_.concatUint8Array([os.subarray(0,rs-r.length),cs,r]),u=63&c[ts-1];c[ts-1]&=192;const h=a(c),l=_.concatUint8Array([h,ss(h.subarray(0,8),h.subarray(1,9))]),y=_.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),p=new Uint8Array(ts),g=new Uint8Array(t.length+is);let d,f=0;for(d=0;d<s;d++)as(y,o[ns(d+1)]),g.set(as(e(ss(y,t)),y),f),as(p,e===a?t:g.subarray(f)),t=t.subarray(ts),f+=ts;if(t.length){as(y,o.x);const r=a(y);g.set(ss(t,r),f);const i=new Uint8Array(ts);i.set(e===a?t:g.subarray(f,-is),0),i[t.length]=128,as(p,i),f+=t.length}const m=as(a(as(as(p,y),o.$)),function(e){if(!e.length)return os;const t=e.length/ts|0,r=new Uint8Array(ts),i=new Uint8Array(ts);for(let n=0;n<t;n++)as(r,o[ns(n+1)]),as(i,a(ss(r,e))),e=e.subarray(ts);if(e.length){as(r,o.x);const t=new Uint8Array(ts);t.set(e,0),t[e.length]=128,as(t,r),as(i,a(t))}return i}(n));return g.set(m,f),g}return function(){const e=a(os),t=_.double(e);o=[],o[0]=_.double(t),o.x=e,o.$=t}(),{encrypt:async function(e,t,r){return c(a,e,t,r)},decrypt:async function(e,t,r){if(e.length<is)throw Error("Invalid OCB ciphertext");const i=e.subarray(-is);e=e.subarray(0,-is);const n=c(s,e,t,r);if(_.equalsUint8Array(i,n.subarray(-is)))return n.subarray(0,-is);throw Error("Authentication tag mismatch")}}}us.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},us.blockLength=ts,us.ivLength=rs,us.tagLength=is;const hs=_.getWebCrypto(),ls=_.getNodeCrypto(),ys=_.getNodeBuffer(),ps=16,gs="AES-GCM";async function ds(e,t){if(e!==B.symmetric.aes128&&e!==B.symmetric.aes192&&e!==B.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(_.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const n=new ls.createCipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i);const a=ys.concat([n.update(e),n.final(),n.getAuthTag()]);return new Uint8Array(a)},decrypt:async function(e,r,i=new Uint8Array){const n=new ls.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i),n.setAuthTag(e.slice(e.length-ps,e.length));const a=ys.concat([n.update(e.slice(0,e.length-ps)),n.final()]);return new Uint8Array(a)}};if(_.getWebCrypto())try{const e=await hs.importKey("raw",t,{name:gs},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(i,n,a=new Uint8Array){if(r&&!i.length)return ji(t,n,a).encrypt(i);const s=await hs.encrypt({name:gs,iv:n,additionalData:a,tagLength:8*ps},e,i);return new Uint8Array(s)},decrypt:async function(i,n,a=new Uint8Array){if(r&&i.length===ps)return ji(t,n,a).decrypt(i);try{const t=await hs.decrypt({name:gs,iv:n,additionalData:a,tagLength:8*ps},e,i);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;_.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,i){return ji(t,r,i).encrypt(e)},decrypt:async function(e,r,i){return ji(t,r,i).decrypt(e)}}}function fs(e,t=!1){switch(e){case B.aead.eax:return es;case B.aead.ocb:return us;case B.aead.gcm:return ds;case B.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return ds;default:throw Error("Unsupported AEAD mode")}}async function ms(e,t,r,i,n,a){switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await qe(n,e,t)}}case B.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return async function(e,t,r,i){t=ee(t),r=ee(r),i=ee(i);const n=ee(Me(e,ce(t))),a=ye(We,t-We);return{c1:ue(re(r,a,t)),c2:ue(te(re(i,a,t)*n,t))}}(n,e,t,i)}case B.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:i}=r,{publicKey:s,wrappedKey:o}=await $n(e,i,n,t,a);return{V:s,C:new ma(o)}}case B.publicKey.x25519:case B.publicKey.x448:{if(t&&!_.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:a,wrappedKey:s}=await hn(e,n,i);return{ephemeralPublicKey:a,C:Ea.fromObject({algorithm:t,wrappedKey:s})}}case B.publicKey.aead:{if(!i)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:a}=i,s=T.preferredAEADAlgorithm,o=fs(T.preferredAEADAlgorithm),{ivLength:c}=o,u=le(c),h=await o(t,a),l=await h.encrypt(n,u,new Uint8Array);return{aeadMode:new va(s),iv:u,c:new wa(l)}}case B.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:i,mlkemPublicKey:a}=r,{eccCipherText:s,mlkemCipherText:o,wrappedKey:c}=await oa(e,i,a,n);return{eccCipherText:s,mlkemCipherText:o,C:Ea.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function ws(e,t,r,i,n,a){switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:{const{c:e}=i,{n,e:s}=t,{d:o,p:c,q:u,u:h}=r;return je(e,n,s,o,c,u,h,a)}case B.publicKey.elgamal:{const{c1:e,c2:n}=i;return async function(e,t,r,i,n){return e=ee(e),t=ee(t),r=ee(r),_e(ue(te(ne(re(e,i=ee(i),r),r)*t,r),"be",ce(r)),n)}(e,n,t.p,r.x,a)}case B.publicKey.ecdh:{const{oid:e,Q:a,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return Qn(e,s,c,u.data,a,o,n)}case B.publicKey.x25519:case B.publicKey.x448:{const{A:n}=t,{k:a}=r,{ephemeralPublicKey:s,C:o}=i;if(null!==o.algorithm&&!_.isAES(o.algorithm))throw Error("AES session key expected");return ln(e,s,o.wrappedKey,n,a)}case B.publicKey.aead:{const{cipher:e}=t,n=e.getValue(),{keyMaterial:a}=r,{aeadMode:s,iv:o,c}=i,u=fs(s.getValue());return(await u(n,a)).decrypt(c.data,o,new Uint8Array)}case B.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:n,mlkemSecretKey:a}=r,{eccPublicKey:s,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=i;return ca(e,c,u,n,s,a,o,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function bs(e,t,r){let i=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const e=_.readMPI(t.subarray(i));i+=e.length+2;const r=_.readMPI(t.subarray(i));i+=r.length+2;const n=_.readMPI(t.subarray(i));i+=n.length+2;const a=_.readMPI(t.subarray(i));return i+=a.length+2,{read:i,privateParams:{d:e,p:r,q:n,u:a}}}case B.publicKey.dsa:case B.publicKey.elgamal:{const e=_.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case B.publicKey.ecdsa:case B.publicKey.ecdh:{const n=Ps(e,r.oid);let a=_.readMPI(t.subarray(i));return i+=a.length+2,a=_.leftPad(a,n),{read:i,privateParams:{d:a}}}case B.publicKey.eddsaLegacy:{const n=Ps(e,r.oid);if(r.oid.getName()!==B.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let a=_.readMPI(t.subarray(i));return i+=a.length+2,a=_.leftPad(a,n),{read:i,privateParams:{seed:a}}}case B.publicKey.ed25519:case B.publicKey.ed448:{const r=Ps(e),n=_.readExactSubarray(t,i,i+r);return i+=n.length,{read:i,privateParams:{seed:n}}}case B.publicKey.x25519:case B.publicKey.x448:{const r=Ps(e),n=_.readExactSubarray(t,i,i+r);return i+=n.length,{read:i,privateParams:{k:n}}}case B.publicKey.hmac:{const{cipher:e}=r,n=Be(e.getValue()),a=t.subarray(i,i+32);i+=32;const s=t.subarray(i,i+n);return i+=n,{read:i,privateParams:{hashSeed:a,keyMaterial:s}}}case B.publicKey.aead:{const{cipher:e}=r,n=t.subarray(i,i+32);i+=32;const{keySize:a}=en(e.getValue()),s=t.subarray(i,i+a);return i+=a,{read:i,privateParams:{hashSeed:n,keyMaterial:s}}}case B.publicKey.pqc_mlkem_x25519:{const r=_.readExactSubarray(t,i,i+Ps(B.publicKey.x25519));i+=r.length;const n=_.readExactSubarray(t,i,i+64);i+=n.length;const{mlkemSecretKey:a}=await aa(e,n);return{read:i,privateParams:{eccSecretKey:r,mlkemSecretKey:a,mlkemSeed:n}}}case B.publicKey.pqc_mldsa_ed25519:{const r=_.readExactSubarray(t,i,i+Ps(B.publicKey.ed25519));i+=r.length;const n=_.readExactSubarray(t,i,i+32);i+=n.length;const{mldsaSecretKey:a}=await la(e,n);return{read:i,privateParams:{eccSecretKey:r,mldsaSecretKey:a,mldsaSeed:n}}}default:throw new Wt("Unknown public key encryption algorithm.")}}function ks(e,t){const r=new Set([B.publicKey.ed25519,B.publicKey.x25519,B.publicKey.ed448,B.publicKey.x448,B.publicKey.aead,B.publicKey.hmac,B.publicKey.pqc_mlkem_x25519,B.publicKey.pqc_mldsa_ed25519]),i={[B.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[B.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},n=Object.keys(t).map((n=>{if(i[e]?.has(n))return new Uint8Array;const a=t[n];return _.isUint8Array(a)?r.has(e)?a:_.uint8ArrayToMPI(a):a.write()}));return _.concatUint8Array(n)}async function vs(e,t,r,i){switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),_.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:ue(t),hash:{name:"SHA-1"}},i=await Re.generateKey(r,!0,["sign","verify"]);return Ve(await Re.exportKey("jwk",i.privateKey),t)}if(_.getNodeCrypto()){const r={modulusLength:e,publicExponent:ae(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},i=await new Promise(((e,t)=>{Le.generateKeyPair("rsa",r,((r,i,n)=>{r?t(r):e(n)}))}));return Ve(i,t)}let r,i,n;do{i=ge(e-(e>>1),t,40),r=ge(e>>1,t,40),n=r*i}while(oe(n)!==e);const a=(r-Ne)*(i-Ne);return i<r&&([r,i]=[i,r]),{n:ue(n),e:ue(t),d:ue(ne(t,a)),p:ue(r),q:ue(i),u:ue(ne(r,i))}}(t,65537).then((({n:e,e:t,d:r,p:i,q:n,u:a})=>({privateParams:{d:r,p:i,q:n,u:a},publicParams:{n:e,e:t}})));case B.publicKey.ecdsa:return En(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Nt(e),Q:t}})));case B.publicKey.eddsaLegacy:return En(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Nt(e),Q:t}})));case B.publicKey.ecdh:return En(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:n})=>({privateParams:{d:r},publicParams:{oid:new Nt(e),Q:t,kdfParams:new ba({hash:i,cipher:n})}})));case B.publicKey.ed25519:case B.publicKey.ed448:return zr(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case B.publicKey.x25519:case B.publicKey.x448:return cn(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case B.publicKey.hmac:return Ks(await async function(e){if(!ra.has(e))throw Error("Unsupported hash algorithm.");const t=B.read(B.webHash,e),r=ia||na.webcrypto.subtle,i=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),n=await r.exportKey("raw",i);return new Uint8Array(n)}(i),new Aa(i));case B.publicKey.aead:return Ks(Es(i),new Ka(i));case B.publicKey.pqc_mlkem_x25519:return sa(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:i,mlkemPublicKey:n})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:i},publicParams:{eccPublicKey:t,mlkemPublicKey:n}})));case B.publicKey.pqc_mldsa_ed25519:return ya(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:i,mldsaPublicKey:n})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:i},publicParams:{eccPublicKey:t,mldsaPublicKey:n}})));case B.publicKey.dsa:case B.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function Ks(e,t){const r=le(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await Ce(B.hash.sha256,r)}}}async function As(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const{n:e,e:i}=t,{d:n,p:a,q:s,u:o}=r;return async function(e,t,r,i,n,a){if(e=ee(e),(i=ee(i))*(n=ee(n))!==e)return!1;const s=BigInt(2);if(te(i*(a=ee(a)),n)!==BigInt(1))return!1;t=ee(t),r=ee(r);const o=ye(s,s<<BigInt(Math.floor(oe(e)/3))),c=o*r*t;return!(te(c,i-Ne)!==o||te(c,n-Ne)!==o)}(e,i,n,a,s,o)}case B.publicKey.dsa:{const{p:e,q:i,g:n,y:a}=t,{x:s}=r;return async function(e,t,r,i,n){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),r<=ta||r>=e)return!1;if(te(e-ta,t)!==ea)return!1;if(re(r,t,e)!==ta)return!1;const a=BigInt(oe(t));if(a<BigInt(150)||!de(t,null,32))return!1;n=ee(n);const s=BigInt(2);return i===re(r,t*ye(s<<a-ta,s<<a)+n,e)}(e,i,n,a,s)}case B.publicKey.elgamal:{const{p:e,g:i,y:n}=t,{x:a}=r;return async function(e,t,r,i){if(e=ee(e),t=ee(t),r=ee(r),t<=We||t>=e)return!1;const n=BigInt(oe(e));if(n<BigInt(1023))return!1;if(re(t,e-We,e)!==We)return!1;let a=t,s=BigInt(1);const o=BigInt(2),c=o<<BigInt(17);for(;s<c;){if(a=te(a*t,e),a===We)return!1;s++}i=ee(i);const u=ye(o<<n-We,o<<n);return r===re(t,(e-We)*u+i,e)}(e,i,n,a)}case B.publicKey.ecdsa:case B.publicKey.ecdh:{const i=Jn[B.read(B.publicKey,e)],{oid:n,Q:a}=t,{d:s}=r;return i.validateParams(n,a,s)}case B.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:n}=r;return zn(i,e,n)}case B.publicKey.ed25519:case B.publicKey.ed448:{const{A:i}=t,{seed:n}=r;return jr(e,i,n)}case B.publicKey.x25519:case B.publicKey.x448:{const{A:i}=t,{k:n}=r;return un(e,i,n)}case B.publicKey.hmac:{const{cipher:e,digest:i}=t,{hashSeed:n,keyMaterial:a}=r;return Be(e.getValue())===a.length&&_.equalsUint8Array(i,await Ce(B.hash.sha256,n))}case B.publicKey.aead:{const{cipher:e,digest:i}=t,{hashSeed:n,keyMaterial:a}=r,{keySize:s}=en(e.getValue());return s===a.length&&_.equalsUint8Array(i,await Ce(B.hash.sha256,n))}case B.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSeed:n}=r,{eccPublicKey:a,mlkemPublicKey:s}=t;return ha(e,a,i,s,n)}case B.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:i,mldsaSeed:n}=r,{eccPublicKey:a,mldsaPublicKey:s}=t;return fa(e,a,i,s,n)}default:throw Error("Unknown public key algorithm.")}}function Es(e){const{keySize:t}=en(e);return le(t)}function Ss(e){try{e.getName()}catch(e){throw new Wt("Unknown curve OID")}}function Ps(e,t){switch(e){case B.publicKey.ecdsa:case B.publicKey.ecdh:case B.publicKey.eddsaLegacy:return new An(t).payloadSize;case B.publicKey.ed25519:case B.publicKey.ed448:return Hr(e);case B.publicKey.x25519:case B.publicKey.x448:return yn(e);default:throw Error("Unknown elliptic algo")}}async function Us(e,t,r,i,n,a,s){switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const{n:e,e:n}=i;return Oe(t,a,_.leftPad(r.s,e.length),e,n,s)}case B.publicKey.dsa:{const{g:e,p:t,q:n,y:a}=i,{r:o,s:c}=r;return async function(e,t,r,i,n,a,s,o){if(t=ee(t),r=ee(r),a=ee(a),s=ee(s),n=ee(n),o=ee(o),t<=ea||t>=s||r<=ea||r>=s)return _.printDebug("invalid DSA Signature"),!1;const c=te(ee(i.subarray(0,ce(s))),s),u=ne(r,s);if(u===ea)return _.printDebug("invalid DSA Signature"),!1;n=te(n,a),o=te(o,a);const h=te(c*u,s),l=te(t*u,s);return te(te(re(n,h,a)*re(o,l,a),a),s)===t}(0,o,c,s,e,t,n,a)}case B.publicKey.ecdsa:{const{oid:e,Q:n}=i,o=new An(e).payloadSize;return _n(e,t,{r:_.leftPad(r.r,o),s:_.leftPad(r.s,o)},a,n,s)}case B.publicKey.eddsaLegacy:{const{oid:e,Q:n}=i,a=new An(e).payloadSize;return Nn(e,t,{r:_.leftPad(r.r,a),s:_.leftPad(r.s,a)},0,n,s)}case B.publicKey.ed25519:case B.publicKey.ed448:{const{A:n}=i;return qr(e,t,r,0,n,s)}case B.publicKey.hmac:{if(!n)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=i,{keyMaterial:t}=n;return async function(e,t,r,i){if(!ra.has(e))throw Error("Unsupported hash algorithm.");const n=B.read(B.webHash,e),a=ia||na.webcrypto.subtle,s=await a.importKey("raw",t,{name:"HMAC",hash:{name:n}},!1,["verify"]);return a.verify("HMAC",s,r,i)}(e.getValue(),t,r.mac.data,s)}case B.publicKey.pqc_mldsa_ed25519:{const{eccPublicKey:n,mldsaPublicKey:a}=i;return ga(e,t,n,a,s,r)}default:throw Error("Unknown signature algorithm.")}}async function Ds(e,t,r,i,n,a){if(!r||!i)throw Error("Missing key parameters");switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await ze(t,n,e,s,o,c,u,h,a)}}case B.publicKey.dsa:{const{g:e,p:t,q:n}=r,{x:s}=i;return async function(e,t,r,i,n,a){const s=BigInt(0);let o,c,u,h;i=ee(i),n=ee(n),r=ee(r),a=ee(a),r=te(r,i),a=te(a,n);const l=te(ee(t.subarray(0,ce(n))),n);for(;;){if(o=ye(ta,n),c=te(re(r,o,i),n),c===s)continue;const e=te(a*c,n);if(h=te(l+e,n),u=te(ne(o,n)*h,n),u!==s)break}return{r:ue(c,"be",ce(i)),s:ue(u,"be",ce(i))}}(0,a,e,t,n,s)}case B.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case B.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return Mn(e,t,n,s,o,a)}case B.publicKey.eddsaLegacy:{const{oid:e,Q:n}=r,{seed:s}=i;return Ln(e,t,0,n,s,a)}case B.publicKey.ed25519:case B.publicKey.ed448:{const{A:n}=r,{seed:s}=i;return Or(e,t,0,n,s,a)}case B.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=i,n=await async function(e,t,r){if(!ra.has(e))throw Error("Unsupported hash algorithm.");const i=B.read(B.webHash,e),n=ia||na.webcrypto.subtle,a=await n.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["sign"]),s=await n.sign("HMAC",a,r);return new Uint8Array(s)}(e.getValue(),t,a);return{mac:new wa(n)}}case B.publicKey.pqc_mldsa_ed25519:{const{eccPublicKey:n}=r,{eccSecretKey:s,mldsaSecretKey:o}=i;return pa(e,t,s,n,o,a)}default:throw Error("Unknown signature algorithm.")}}ds.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},ds.blockLength=16,ds.ivLength=12,ds.tagLength=ps;class xs extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,xs),this.name="Argon2OutOfMemoryError"}}let Is,Cs,Bs=2<<19;class Ts{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return Bs}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){Bs=e}static reloadWasmModule(){Is&&(Cs=Is(),Cs.catch((()=>{})))}constructor(e=T){const{passes:t,parallelism:r,memoryExponent:i}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=i}generateSalt(){this.salt=le(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([B.write(B.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return _.concatUint8Array(e)}async produceKey(e,t){const r=2<<this.encodedM-1;try{Is=Is||(await import("./argon2id.min.mjs")).default,Cs=Cs||Is();const i=await Cs,n=i({version:19,type:2,password:_.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:r,parallelism:this.p,passes:this.t});return r>Ts.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&Ts.reloadWasmModule(),n}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new xs("Could not allocate required memory for Argon2"):e}}}class Ms{constructor(e,t=T){this.algorithm=B.hash.sha256,this.type=B.read(B.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=le(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==_.uint8ArrayToString(e.subarray(t,t+3)))throw new Wt("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new Wt("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new Wt("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,..._.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([B.write(B.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return _.concatUint8Array(e)}async produceKey(e,t){e=_.encodeUTF8(e);const r=[];let i=0,n=0;for(;i<t;){let t;switch(this.type){case"simple":t=_.concatUint8Array([new Uint8Array(n),e]);break;case"salted":t=_.concatUint8Array([new Uint8Array(n),this.salt,e]);break;case"iterated":{const r=_.concatUint8Array([this.salt,e]);let i=r.length;const a=Math.max(this.getCount(),i);t=new Uint8Array(n+a),t.set(r,n);for(let e=n+i;e<a;e+=i,i*=2)t.copyWithin(e,n,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const a=await Ce(this.algorithm,t);r.push(a),i+=a.length,n++}return _.concatUint8Array(r).subarray(0,t)}}const _s=new Set([B.s2k.argon2,B.s2k.iterated]);function Fs(e,t=T){switch(e){case B.s2k.argon2:return new Ts(t);case B.s2k.iterated:case B.s2k.gnu:case B.s2k.salted:case B.s2k.simple:return new Ms(e,t);default:throw new Wt("Unsupported S2K type")}}function Rs(e){const{s2kType:t}=e;if(!_s.has(t))throw Error("The provided `config.s2kType` value is not allowed");return Fs(t,e)}var Ls=Uint8Array,Ns=Uint16Array,zs=Uint32Array,Os=new Ls([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),qs=new Ls([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),js=new Ls([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),Hs=function(e,t){for(var r=new Ns(31),i=0;i<31;++i)r[i]=t+=1<<e[i-1];var n=new zs(r[30]);for(i=1;i<30;++i)for(var a=r[i];a<r[i+1];++a)n[a]=a-r[i]<<5|i;return[r,n]},Gs=Hs(Os,2),Vs=Gs[0],Ws=Gs[1];Vs[28]=258,Ws[258]=28;for(var $s=Hs(qs,0),Zs=$s[0],Qs=$s[1],Xs=new Ns(32768),Ys=0;Ys<32768;++Ys){var Js=(43690&Ys)>>>1|(21845&Ys)<<1;Js=(61680&(Js=(52428&Js)>>>2|(13107&Js)<<2))>>>4|(3855&Js)<<4,Xs[Ys]=((65280&Js)>>>8|(255&Js)<<8)>>>1}var eo=function(e,t,r){for(var i=e.length,n=0,a=new Ns(t);n<i;++n)e[n]&&++a[e[n]-1];var s,o=new Ns(t);for(n=0;n<t;++n)o[n]=o[n-1]+a[n-1]<<1;if(r){s=new Ns(1<<t);var c=15-t;for(n=0;n<i;++n)if(e[n])for(var u=n<<4|e[n],h=t-e[n],l=o[e[n]-1]++<<h,y=l|(1<<h)-1;l<=y;++l)s[Xs[l]>>>c]=u}else for(s=new Ns(i),n=0;n<i;++n)e[n]&&(s[n]=Xs[o[e[n]-1]++]>>>15-e[n]);return s},to=new Ls(288);for(Ys=0;Ys<144;++Ys)to[Ys]=8;for(Ys=144;Ys<256;++Ys)to[Ys]=9;for(Ys=256;Ys<280;++Ys)to[Ys]=7;for(Ys=280;Ys<288;++Ys)to[Ys]=8;var ro=new Ls(32);for(Ys=0;Ys<32;++Ys)ro[Ys]=5;var io=/*#__PURE__*/eo(to,9,0),no=/*#__PURE__*/eo(to,9,1),ao=/*#__PURE__*/eo(ro,5,0),so=/*#__PURE__*/eo(ro,5,1),oo=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},co=function(e,t,r){var i=t/8|0;return(e[i]|e[i+1]<<8)>>(7&t)&r},uo=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},ho=function(e){return(e+7)/8|0},lo=function(e,t,r){(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length);var i=new(2==e.BYTES_PER_ELEMENT?Ns:4==e.BYTES_PER_ELEMENT?zs:Ls)(r-t);return i.set(e.subarray(t,r)),i},yo=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],po=function(e,t,r){var i=Error(t||yo[e]);if(i.code=e,Error.captureStackTrace&&Error.captureStackTrace(i,po),!r)throw i;return i},go=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>>8},fo=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>>8,e[i+2]|=r>>>16},mo=function(e,t){for(var r=[],i=0;i<e.length;++i)e[i]&&r.push({s:i,f:e[i]});var n=r.length,a=r.slice();if(!n)return[Eo,0];if(1==n){var s=new Ls(r[0].s+1);return s[r[0].s]=1,[s,1]}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=n-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var y=a[0].s;for(i=1;i<n;++i)a[i].s>y&&(y=a[i].s);var p=new Ns(y+1),g=wo(r[h-1],p,0);if(g>t){i=0;var d=0,f=g-t,m=1<<f;for(a.sort((function(e,t){return p[t.s]-p[e.s]||e.f-t.f}));i<n;++i){var w=a[i].s;if(!(p[w]>t))break;d+=m-(1<<g-p[w]),p[w]=t}for(d>>>=f;d>0;){var b=a[i].s;p[b]<t?d-=1<<t-p[b]++-1:++i}for(;i>=0&&d;--i){var k=a[i].s;p[k]==t&&(--p[k],++d)}g=t}return[new Ls(p),g]},wo=function(e,t,r){return-1==e.s?Math.max(wo(e.l,t,r+1),wo(e.r,t,r+1)):t[e.s]=r},bo=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new Ns(++t),i=0,n=e[0],a=1,s=function(e){r[i++]=e},o=1;o<=t;++o)if(e[o]==n&&o!=t)++a;else{if(!n&&a>2){for(;a>138;a-=138)s(32754);a>2&&(s(a>10?a-11<<5|28690:a-3<<5|12305),a=0)}else if(a>3){for(s(n),--a;a>6;a-=6)s(8304);a>2&&(s(a-3<<5|8208),a=0)}for(;a--;)s(n);a=1,n=e[o]}return[r.subarray(0,i),t]},ko=function(e,t){for(var r=0,i=0;i<t.length;++i)r+=e[i]*t[i];return r},vo=function(e,t,r){var i=r.length,n=ho(t+2);e[n]=255&i,e[n+1]=i>>>8,e[n+2]=255^e[n],e[n+3]=255^e[n+1];for(var a=0;a<i;++a)e[n+a+4]=r[a];return 8*(n+4+i)},Ko=function(e,t,r,i,n,a,s,o,c,u,h){go(t,h++,r),++n[256];for(var l=mo(n,15),y=l[0],p=l[1],g=mo(a,15),d=g[0],f=g[1],m=bo(y),w=m[0],b=m[1],k=bo(d),v=k[0],K=k[1],A=new Ns(19),E=0;E<w.length;++E)A[31&w[E]]++;for(E=0;E<v.length;++E)A[31&v[E]]++;for(var S=mo(A,7),P=S[0],U=S[1],D=19;D>4&&!P[js[D-1]];--D);var x,I,C,B,T=u+5<<3,M=ko(n,to)+ko(a,ro)+s,_=ko(n,y)+ko(a,d)+s+14+3*D+ko(A,P)+(2*A[16]+3*A[17]+7*A[18]);if(T<=M&&T<=_)return vo(t,h,e.subarray(c,c+u));if(go(t,h,1+(_<M)),h+=2,_<M){x=eo(y,p,0),I=y,C=eo(d,f,0),B=d;var F=eo(P,U,0);go(t,h,b-257),go(t,h+5,K-1),go(t,h+10,D-4),h+=14;for(E=0;E<D;++E)go(t,h+3*E,P[js[E]]);h+=3*D;for(var R=[w,v],L=0;L<2;++L){var N=R[L];for(E=0;E<N.length;++E){var z=31&N[E];go(t,h,F[z]),h+=P[z],z>15&&(go(t,h,N[E]>>>5&127),h+=N[E]>>>12)}}}else x=io,I=to,C=ao,B=ro;for(E=0;E<o;++E)if(i[E]>255){z=i[E]>>>18&31;fo(t,h,x[z+257]),h+=I[z+257],z>7&&(go(t,h,i[E]>>>23&31),h+=Os[z]);var O=31&i[E];fo(t,h,C[O]),h+=B[O],O>3&&(fo(t,h,i[E]>>>5&8191),h+=qs[O])}else fo(t,h,x[i[E]]),h+=I[i[E]];return fo(t,h,x[256]),h+I[256]},Ao=/*#__PURE__*/new zs([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),Eo=/*#__PURE__*/new Ls(0),So=function(e,t,r,i,n){return function(e,t,r,i,n,a){var s=e.length,o=new Ls(i+s+5*(1+Math.ceil(s/7e3))+n),c=o.subarray(i,o.length-n),u=0;if(!t||s<8)for(var h=0;h<=s;h+=65535){var l=h+65535;l>=s&&(c[u>>3]=a),u=vo(c,u+1,e.subarray(h,l))}else{for(var y=Ao[t-1],p=y>>>13,g=8191&y,d=(1<<r)-1,f=new Ns(32768),m=new Ns(d+1),w=Math.ceil(r/3),b=2*w,k=function(t){return(e[t]^e[t+1]<<w^e[t+2]<<b)&d},v=new zs(25e3),K=new Ns(288),A=new Ns(32),E=0,S=0,P=(h=0,0),U=0,D=0;h<s;++h){var x=k(h),I=32767&h,C=m[x];if(f[I]=C,m[x]=I,U<=h){var B=s-h;if((E>7e3||P>24576)&&B>423){u=Ko(e,c,0,v,K,A,S,P,D,h-D,u),P=E=S=0,D=h;for(var T=0;T<286;++T)K[T]=0;for(T=0;T<30;++T)A[T]=0}var M=2,_=0,F=g,R=I-C&32767;if(B>2&&x==k(h-R))for(var L=Math.min(p,B)-1,N=Math.min(32767,h),z=Math.min(258,B);R<=N&&--F&&I!=C;){if(e[h+M]==e[h+M-R]){for(var O=0;O<z&&e[h+O]==e[h+O-R];++O);if(O>M){if(M=O,_=R,O>L)break;var q=Math.min(R,O-2),j=0;for(T=0;T<q;++T){var H=h-R+T+32768&32767,G=H-f[H]+32768&32767;G>j&&(j=G,C=H)}}}R+=(I=C)-(C=f[I])+32768&32767}if(_){v[P++]=268435456|Ws[M]<<18|Qs[_];var V=31&Ws[M],W=31&Qs[_];S+=Os[V]+qs[W],++K[257+V],++A[W],U=h+M,++E}else v[P++]=e[h],++K[e[h]]}}u=Ko(e,c,a,v,K,A,S,P,D,h-D,u),!a&&7&u&&(u=vo(c,u+1,Eo))}return lo(o,0,i+ho(u)+n)}(e,null==t.level?6:t.level,null==t.mem?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):12+t.mem,r,i,!n)},Po=/*#__PURE__*/function(){function e(e,t){t||"function"!=typeof e||(t=e,e={}),this.ondata=t,this.o=e||{}}return e.prototype.p=function(e,t){this.ondata(So(e,this.o,0,0,!t),t)},e.prototype.push=function(e,t){this.ondata||po(5),this.d&&po(4),this.d=t,this.p(e,t||!1)},e}(),Uo=/*#__PURE__*/function(){function e(e){this.s={},this.p=new Ls(0),this.ondata=e}return e.prototype.e=function(e){this.ondata||po(5),this.d&&po(4);var t=this.p.length,r=new Ls(t+e.length);r.set(this.p),r.set(e,t),this.p=r},e.prototype.c=function(e){this.d=this.s.i=e||!1;var t=this.s.b,r=function(e,t,r){var i=e.length;if(!i||r&&r.f&&!r.l)return t||new Ls(0);var n=!t||r,a=!r||r.i;r||(r={}),t||(t=new Ls(3*i));var s=function(e){var r=t.length;if(e>r){var i=new Ls(Math.max(2*r,e));i.set(t),t=i}},o=r.f||0,c=r.p||0,u=r.b||0,h=r.l,l=r.d,y=r.m,p=r.n,g=8*i;do{if(!h){o=co(e,c,1);var d=co(e,c+1,3);if(c+=3,!d){var f=e[(U=ho(c)+4)-4]|e[U-3]<<8,m=U+f;if(m>i){a&&po(0);break}n&&s(u+f),t.set(e.subarray(U,m),u),r.b=u+=f,r.p=c=8*m,r.f=o;continue}if(1==d)h=no,l=so,y=9,p=5;else if(2==d){var w=co(e,c,31)+257,b=co(e,c+10,15)+4,k=w+co(e,c+5,31)+1;c+=14;for(var v=new Ls(k),K=new Ls(19),A=0;A<b;++A)K[js[A]]=co(e,c+3*A,7);c+=3*b;var E=oo(K),S=(1<<E)-1,P=eo(K,E,1);for(A=0;A<k;){var U,D=P[co(e,c,S)];if(c+=15&D,(U=D>>>4)<16)v[A++]=U;else{var x=0,I=0;for(16==U?(I=3+co(e,c,3),c+=2,x=v[A-1]):17==U?(I=3+co(e,c,7),c+=3):18==U&&(I=11+co(e,c,127),c+=7);I--;)v[A++]=x}}var C=v.subarray(0,w),B=v.subarray(w);y=oo(C),p=oo(B),h=eo(C,y,1),l=eo(B,p,1)}else po(1);if(c>g){a&&po(0);break}}n&&s(u+131072);for(var T=(1<<y)-1,M=(1<<p)-1,_=c;;_=c){var F=(x=h[uo(e,c)&T])>>>4;if((c+=15&x)>g){a&&po(0);break}if(x||po(2),F<256)t[u++]=F;else{if(256==F){_=c,h=null;break}var R=F-254;if(F>264){var L=Os[A=F-257];R=co(e,c,(1<<L)-1)+Vs[A],c+=L}var N=l[uo(e,c)&M],z=N>>>4;if(N||po(3),c+=15&N,B=Zs[z],z>3&&(L=qs[z],B+=uo(e,c)&(1<<L)-1,c+=L),c>g){a&&po(0);break}n&&s(u+131072);for(var O=u+R;u<O;u+=4)t[u]=t[u-B],t[u+1]=t[u+1-B],t[u+2]=t[u+2-B],t[u+3]=t[u+3-B];u=O}}r.l=h,r.p=_,r.b=u,r.f=o,h&&(o=1,r.m=y,r.d=l,r.n=p)}while(!o);return u==t.length?t:lo(t,0,u)}(this.p,this.o,this.s);this.ondata(lo(r,t,this.s.b),this.d),this.o=lo(r,this.s.b-32768),this.s.b=this.o.length,this.p=lo(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),Do=/*#__PURE__*/function(){function e(e,t){var r,i;this.c=(r=1,i=0,{p:function(e){for(var t=r,n=i,a=0|e.length,s=0;s!=a;){for(var o=Math.min(s+2655,a);s<o;++s)n+=t+=e[s];t=(65535&t)+15*(t>>16),n=(65535&n)+15*(n>>16)}r=t,i=n},d:function(){return(255&(r%=65521))<<24|r>>>8<<16|(255&(i%=65521))<<8|i>>>8}}),this.v=1,Po.call(this,e,t)}return e.prototype.push=function(e,t){Po.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){this.c.p(e);var r=So(e,this.o,this.v&&2,t&&4,!t);this.v&&(function(e,t){var r=t.level,i=0==r?0:r<6?1:9==r?3:2;e[0]=120,e[1]=i<<6|(i?32-2*i:1)}(r,this.o),this.v=0),t&&function(e,t,r){for(;r;++t)e[t]=r,r>>>=8}(r,r.length-4,this.c.d()),this.ondata(r,t)},e}(),xo=/*#__PURE__*/function(){function e(e){this.v=1,Uo.call(this,e)}return e.prototype.push=function(e,t){if(Uo.prototype.e.call(this,e),this.v){if(this.p.length<2&&!t)return;this.p=this.p.subarray(2),this.v=0}t&&(this.p.length<4&&po(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),Uo.prototype.c.call(this,t)},e}(),Io="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Io.decode(Eo,{stream:!0}),1}catch(e){}class Co{static get tag(){return B.packet.literalData}constructor(e=new Date){this.format=B.literal.utf8,this.date=_.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=B.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||_.isStream(this.text))&&(this.text=_.decodeUTF8(_.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=_.canonicalizeEOL(_.encodeUTF8(this.text))),e?A(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await v(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=_.decodeUTF8(await e.readBytes(r)),this.date=_.readDate(await e.readBytes(4));let i=e.remainder();a(i)&&(i=await P(i)),this.setBytes(i,t)}))}writeHeader(){const e=_.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=_.writeDate(this.date);return _.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return _.concat([e,t])}}class Bo{constructor(){this.bytes=""}read(e){return this.bytes=_.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return _.stringToUint8Array(this.bytes)}toHex(){return _.uint8ArrayToHex(_.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new Bo;return t.read(_.hexToUint8Array(e)),t}static wildcard(){const e=new Bo;return e.read(new Uint8Array(8)),e}}const To=Symbol("verified"),Mo="salt@notations.openpgpjs.org",_o=new Set([B.signatureSubpacket.issuerKeyID,B.signatureSubpacket.issuerFingerprint,B.signatureSubpacket.embeddedSignature]);class Fo{static get tag(){return B.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new Bo,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[To]=null}read(e,t=T){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Wt("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const i=e.subarray(r,e.length),{read:n,signatureParams:a}=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const e=_.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case B.publicKey.dsa:case B.publicKey.ecdsa:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case B.publicKey.eddsaLegacy:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case B.publicKey.ed25519:case B.publicKey.ed448:{const i=2*Hr(e),n=_.readExactSubarray(t,r,r+i);return r+=n.length,{read:r,signatureParams:{RS:n}}}case B.publicKey.hmac:{const e=new wa;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case B.publicKey.pqc_mldsa_ed25519:{const e=2*Hr(B.publicKey.ed25519),i=_.readExactSubarray(t,r,r+e);r+=i.length;const n=_.readExactSubarray(t,r,r+3309);return r+=n.length,{read:r,signatureParams:{eccSignature:i,mldsaSignature:n}}}default:throw new Wt("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,i);if(n<i.length)throw Error("Error reading MPIs");this.params=a}writeParams(){return this.params instanceof Promise?D((async()=>ks(this.publicKeyAlgorithm,await this.params))):ks(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),_.concat(e)}async sign(e,t,r=new Date,i=!1,n){this.version=e.version,this.created=_.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const a=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=Lo(this.hashAlgorithm);if(null===this.salt)this.salt=le(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(n.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===Mo)).length)throw Error("Unexpected existing salt notation");{const e=le(Lo(this.hashAlgorithm));this.rawNotations.push({name:Mo,value:e,humanReadable:!1,critical:!1})}}a.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=_.concat(a);const s=this.toHash(this.signatureType,t,i),o=await this.hash(this.signatureType,t,s,i);this.signedHashValue=S(K(o),0,2);const c=async()=>Ds(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,s,await P(o));_.isStream(o)?this.params=c():(this.params=await c(),this[To]=!0)}writeHashedSubPackets(){const e=B.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(Ro(e.signatureCreationTime,!0,_.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(Ro(e.signatureExpirationTime,!0,_.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(Ro(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(Ro(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(Ro(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(Ro(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(Ro(e.keyExpirationTime,!0,_.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(Ro(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=_.concat([r,this.revocationKeyFingerprint]),t.push(Ro(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(Ro(e.issuerKeyID,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:n,humanReadable:a,critical:s})=>{r=[new Uint8Array([a?128:0,0,0,0])];const o=_.encodeUTF8(i);r.push(_.writeNumber(o.length,2)),r.push(_.writeNumber(n.length,2)),r.push(o),r.push(n),r=_.concat(r),t.push(Ro(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(Ro(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(Ro(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.keyServerPreferences)),t.push(Ro(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(Ro(e.preferredKeyServer,!1,_.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(Ro(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(Ro(e.policyURI,!1,_.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.keyFlags)),t.push(Ro(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(Ro(e.signersUserID,!1,_.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=_.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(Ro(e.reasonForRevocation,!0,r))),null!==this.features&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.features)),t.push(Ro(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(_.stringToUint8Array(this.signatureTargetHash)),r=_.concat(r),t.push(Ro(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(Ro(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=_.concat(r),t.push(Ro(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(Ro(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(Ro(e.preferredCipherSuites,!1,r)));const i=_.concat(t),n=_.writeNumber(i.length,6===this.version?4:2);return _.concat([n,i])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>Ro(e,t,r))),t=_.concat(e),r=_.writeNumber(t.length,6===this.version?4:2);return _.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),n=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:n,critical:i,body:e.subarray(r,e.length)}),_o.has(n)))switch(n){case B.signatureSubpacket.signatureCreationTime:this.created=_.readDate(e.subarray(r,e.length));break;case B.signatureSubpacket.signatureExpirationTime:{const t=_.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case B.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case B.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case B.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case B.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case B.signatureSubpacket.keyExpirationTime:{const t=_.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case B.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case B.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case B.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const n=_.readNumber(e.subarray(r,r+2));r+=2;const a=_.readNumber(e.subarray(r,r+2));r+=2;const s=_.decodeUTF8(e.subarray(r,r+n)),o=e.subarray(r+n,r+n+a);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=_.decodeUTF8(o));break}case B.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=_.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case B.signatureSubpacket.policyURI:this.policyURI=_.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.signersUserID:this.signersUserID=_.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=_.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Be(this.signatureTargetHashAlgorithm);this.signatureTargetHash=_.uint8ArrayToString(e.subarray(r,r+t));break}case B.signatureSubpacket.embeddedSignature:this.embeddedSignature=new Fo,this.embeddedSignature.read(e.subarray(r,e.length));break;case B.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case B.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:n,critical:i,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const i=6===this.version?4:2,n=_.readNumber(e.subarray(0,i));let a=i;for(;a<2+n;){const i=zt(e.subarray(a,e.length));a+=i.offset,this.readSubPacket(e.subarray(a,a+i.len),t,r),a+=i.len}return a}toSign(e,t){const r=B.signature;switch(e){case r.binary:return null!==t.text?_.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return _.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const n=e.write();return _.concat([this.toSign(r.key,t),new Uint8Array([i]),_.writeNumber(n.length,4),n])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return _.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return b(K(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==B.signature.binary&&this.signatureType!==B.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(_.writeNumber(r,4)),_.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return _.concat([this.salt||new Uint8Array,i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){if(6===this.version&&this.salt.length!==Lo(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,i)),Ce(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,n=!1,a=T){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===B.signature.binary||t===B.signature.text;if(!(this[To]&&!s)){let i,a;if(this.hashed?a=await this.hashed:(i=this.toHash(t,r,n),a=await this.hash(t,r,i)),a=await P(a),this.signedHashValue[0]!==a[0]||this.signedHashValue[1]!==a[1])throw Error("Signed digest did not match");this.params=await this.params;const s=this.publicKeyAlgorithm===B.publicKey.hmac?e.privateParams:null;if(this[To]=await Us(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,s,i,a),!this[To])throw Error("Signature verification failed")}const o=_.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(a.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+B.read(B.hash,this.hashAlgorithm).toUpperCase());if(a.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[B.signature.binary,B.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+B.read(B.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&a.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=_.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function Ro(e,t,r){const i=[];return i.push(Ot(r.length+1)),i.push(new Uint8Array([(t?128:0)|e])),i.push(r),_.concat(i)}function Lo(e){switch(e){case B.hash.sha256:return 16;case B.hash.sha384:return 24;case B.hash.sha512:return 32;case B.hash.sha224:case B.hash.sha3_256:return 16;case B.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class No{static get tag(){return B.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new No;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new Bo,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new Bo,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),_.concatUint8Array(e)}calculateTrailer(...e){return D((async()=>Fo.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==B.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!_.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!_.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function zo(e,t){if(!t[e]){let t;try{t=B.read(B.packet,e)}catch(t){throw new $t("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}No.prototype.hash=Fo.prototype.hash,No.prototype.toHash=Fo.prototype.toHash,No.prototype.toSign=Fo.prototype.toSign;class Oo extends Array{static async fromBinary(e,t,r=T){const i=new Oo;return await i.read(e,t,r),i}async read(e,t,r=T){r.additionalAllowedPackets.length&&(t={...t,..._.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=k(e,(async(e,i)=>{const n=I(i);try{for(;;){await n.ready;if(await Vt(e,(async e=>{try{if(e.tag===B.packet.marker||e.tag===B.packet.trust||e.tag===B.packet.padding)return;const i=zo(e.tag,t);i.packets=new Oo,i.fromStream=_.isStream(e.packet),await i.read(e.packet,r),await n.write(i)}catch(t){if(t instanceof $t){if(!(e.tag<=39))return;await n.abort(t)}const i=!r.ignoreUnsupportedPackets&&t instanceof Wt,a=!(r.ignoreMalformedPackets||t instanceof Wt);if(i||a||Gt(e.tag))await n.abort(t);else{const t=new Zt(e.tag,e.packet);await n.write(t)}_.printDebugError(t)}})))return await n.ready,void await n.close()}}catch(e){await n.abort(e)}}));const i=x(this.stream);for(;;){const{done:e,value:t}=await i.read();if(e?this.stream=null:this.push(t),e||Gt(t.constructor.tag))break}i.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof Zt?this[t].tag:this[t].constructor.tag,i=this[t].write();if(_.isStream(i)&&Gt(this[t].constructor.tag)){let t=[],n=0;const a=512;e.push(jt(r)),e.push(b(i,(e=>{if(t.push(e),n+=e.length,n>=a){const e=Math.min(Math.log(n)/Math.LN2|0,30),r=2**e,i=_.concat([qt(e)].concat(t));return t=[i.subarray(1+r)],n=t[0].length,i.subarray(0,1+r)}}),(()=>_.concat([Ot(n)].concat(t)))))}else{if(_.isStream(i)){let t=0;e.push(b(K(i),(e=>{t+=e.length}),(()=>Ht(r,t))))}else e.push(Ht(r,i.length));e.push(i)}}return _.concat(e)}filterByTag(...e){const t=new Oo,r=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(r(this[i].constructor.tag))&&t.push(this[i]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let n=0;n<this.length;n++)e.some(i(r[n].constructor.tag))&&t.push(n);return t}}const qo=/*#__PURE__*/_.constructAllowedPackets([Co,No,Fo]);class jo{static get tag(){return B.packet.compressedData}constructor(e=T){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=T){await v(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),_.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=T){const t=B.read(B.compression,this.algorithm),r=$o[t];if(!r)throw Error(t+" decompression not supported");this.packets=await Oo.fromBinary(await r(this.compressed),qo,e)}compress(){const e=B.read(B.compression,this.algorithm),t=Wo[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function Ho(e,t){return r=>{if(!_.isStream(r)||a(r))return D((()=>P(r).then((e=>new Promise(((r,i)=>{const n=new t;n.ondata=e=>{r(e)};try{n.push(e,!0)}catch(e){i(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const i=r.getReader(),n=new t;return new ReadableStream({async start(e){for(n.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await i.read();if(e)return void n.push(new Uint8Array,!0);t.length&&n.push(t)}}})}}function Go(){return async function(e){const{decode:t}=await import("./seek-bzip.min.mjs").then((function(e){return e.i}));return D((async()=>t(await P(e))))}}const Vo=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),Wo={zip:/*#__PURE__*/Ho(Vo("deflate-raw").compressor,Po),zlib:/*#__PURE__*/Ho(Vo("deflate").compressor,Do)},$o={uncompressed:e=>e,zip:/*#__PURE__*/Ho(Vo("deflate-raw").decompressor,Uo),zlib:/*#__PURE__*/Ho(Vo("deflate").decompressor,xo),bzip2:/*#__PURE__*/Go()},Zo=/*#__PURE__*/_.constructAllowedPackets([Co,jo,No,Fo]);class Qo{static get tag(){return B.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new Qo;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new Wt(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?_.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):_.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=T){const{blockSize:i,keySize:n}=en(e);if(t.length!==n)throw Error("Unexpected session key size");let s=this.packets.write();if(a(s)&&(s=await P(s)),2===this.version)this.cipherAlgorithm=e,this.salt=le(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await Xo(this,"encrypt",t,s);else{const r=await xa(e),n=new Uint8Array([211,20]),a=_.concat([r,s,n]),o=await Ce(B.hash.sha1,A(a)),c=_.concat([a,o]);this.encrypted=await Ia(e,t,c,new Uint8Array(i))}return!0}async decrypt(e,t,r=T){if(t.length!==en(e).keySize)throw Error("Unexpected session key size");let i,n=K(this.encrypted);if(a(n)&&(n=await P(n)),2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");i=await Xo(this,"decrypt",t,n)}else{const{blockSize:a}=en(e),s=await Ca(e,t,n,new Uint8Array(a)),o=S(A(s),-20),c=S(s,0,-20),u=Promise.all([P(await Ce(B.hash.sha1,A(c))),P(o)]).then((([e,t])=>{if(!_.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),h=S(c,a+2);i=S(h,0,-2),i=d([i,D((()=>u))]),_.isStream(n)&&r.allowUnauthenticatedStream||(i=await P(i))}return this.packets=await Oo.fromBinary(i,Zo,r),!0}}async function Xo(e,t,r,i){const n=e instanceof Qo&&2===e.version,a=!n&&e.constructor.tag===B.packet.aeadEncryptedData;if(!n&&!a)throw Error("Unexpected packet type");const s=fs(e.aeadAlgorithm,a),o="decrypt"===t?s.tagLength:0,c="encrypt"===t?s.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=a?8:0,l=new ArrayBuffer(13+h),y=new Uint8Array(l,0,5+h),p=new Uint8Array(l),g=new DataView(l),d=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let m,w,b=0,v=Promise.resolve(),K=0,A=0;if(n){const{keySize:t}=en(e.cipherAlgorithm),{ivLength:i}=s,n=new Uint8Array(l,0,5),a=await sn(B.hash.sha256,r,e.salt,n,t+i);r=a.subarray(0,t),m=a.subarray(t),m.fill(0,m.length-8),w=new DataView(m.buffer,m.byteOffset,m.byteLength)}else m=e.iv;const E=await s(e.cipherAlgorithm,r);return k(i,(async(r,i)=>{if("array"!==_.isStream(r)){const t=new TransformStream({},{highWaterMark:_.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});f(t.readable,i),i=t.writable}const a=x(r),s=I(i);try{for(;;){let e=await a.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let i,l,f;if(e=e.subarray(0,e.length-o),n)f=m;else{f=m.slice();for(let e=0;e<8;e++)f[m.length-8+e]^=d[e]}if(!b||e.length?(a.unshift(r),i=E[t](e,f,y),i.catch((()=>{})),A+=e.length-o+c):(g.setInt32(5+h+4,K),i=E[t](r,f,p),i.catch((()=>{})),A+=c,l=!0),K+=e.length-o,v=v.then((()=>i)).then((async e=>{await s.ready,await s.write(e),A-=e.length})).catch((e=>s.abort(e))),(l||A>s.desiredSize)&&await v,l){await s.close();break}n?w.setInt32(m.length-4,++b):g.setInt32(9,++b)}}catch(e){await s.ready.catch((()=>{})),await s.abort(e)}}))}const Yo=/*#__PURE__*/_.constructAllowedPackets([Co,jo,No,Fo]);class Jo{static get tag(){return B.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=B.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Wt(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=fs(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return _.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=T){this.packets=await Oo.fromBinary(await Xo(this,"decrypt",t,K(this.encrypted)),Yo,r)}async encrypt(e,t,r=T){this.cipherAlgorithm=e;const{ivLength:i}=fs(this.aeadAlgorithm,!0);this.iv=le(i),this.chunkSizeByte=r.aeadChunkSizeByte;const n=this.packets.write();this.encrypted=await Xo(this,"encrypt",t,n)}}const ec=new Set([B.publicKey.x25519,B.publicKey.x448,B.publicKey.pqc_mlkem_x25519]);class tc{static get tag(){return B.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new Bo,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:i,sessionKeyAlgorithm:n}){const a=new tc;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return a.version=e,6===e&&(a.publicKeyVersion=r?null:t.version,a.publicKeyFingerprint=r?null:t.getFingerprintBytes()),a.publicKeyID=r?Bo.wildcard():t.getKeyID(),a.publicKeyAlgorithm=t.algorithm,a.sessionKey=i,a.sessionKeyAlgorithm=n,a}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const i=r-1;this.publicKeyFingerprint=e.subarray(t,t+i),t+=i,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=Bo.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:return{c:_.readMPI(t.subarray(r))};case B.publicKey.elgamal:{const e=_.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:_.readMPI(t.subarray(r))}}case B.publicKey.ecdh:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=new ma;return i.read(t.subarray(r)),{V:e,C:i}}case B.publicKey.x25519:case B.publicKey.x448:{const i=Ps(e),n=_.readExactSubarray(t,r,r+i);r+=n.length;const a=new Ea;return a.read(t.subarray(r)),{ephemeralPublicKey:n,C:a}}case B.publicKey.aead:{const e=new va;r+=e.read(t.subarray(r));const{ivLength:i}=fs(e.getValue()),n=t.subarray(r,r+i);r+=i;const a=new wa;return r+=a.read(t.subarray(r)),{aeadMode:e,iv:n,c:a}}case B.publicKey.pqc_mlkem_x25519:{const e=_.readExactSubarray(t,r,r+Ps(B.publicKey.x25519));r+=e.length;const i=_.readExactSubarray(t,r,r+1088);r+=i.length;const n=new Ea;return n.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:i,C:n}}default:throw new Wt("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),ec.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=B.write(B.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),ks(this.publicKeyAlgorithm,this.encrypted)),_.concatUint8Array(e)}async encrypt(e){const t=B.write(B.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),n=rc(this.version,t,r,this.sessionKey),a=t===B.publicKey.aead?e.privateParams:null;this.encrypted=await ms(t,r,e.publicParams,a,n,i)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?rc(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),n=await ws(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,i,r),{sessionKey:a,sessionKeyAlgorithm:s}=function(e,t,r,i){switch(t){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.aead:{const t=r.subarray(0,r.length-2),n=r.subarray(r.length-2),a=_.writeChecksum(t.subarray(t.length%8)),s=a[0]===n[0]&a[1]===n[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(i){const t=s&o.sessionKeyAlgorithm===i.sessionKeyAlgorithm&o.sessionKey.length===i.sessionKey.length;return{sessionKey:_.selectUint8Array(t,o.sessionKey,i.sessionKey),sessionKeyAlgorithm:6===e?null:_.selectUint8(t,o.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(s&&(6===e||B.read(B.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,n,t);if(3===this.version){const e=!ec.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?s:this.sessionKeyAlgorithm,a.length!==en(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=a}}function rc(e,t,r,i){switch(t){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.aead:return _.concatUint8Array([new Uint8Array(6===e?[]:[r]),i,_.writeChecksum(i.subarray(i.length%8))]);case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return i;default:throw Error("Unsupported public key algorithm")}}class ic{static get tag(){return B.packet.symEncryptedSessionKey}constructor(e=T){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=B.write(B.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const i=e[t++];if(this.s2k=Fs(i),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=fs(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const i=r.length,n=3+i+this.iv.length;t=_.concatUint8Array([new Uint8Array([this.version,n,e,this.aeadAlgorithm,i]),r,this.iv,this.encrypted])}else 5===this.version?t=_.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=_.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=_.concatUint8Array([t,this.encrypted])));return t}async decrypt(e){const t=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:r,keySize:i}=en(t),n=await this.s2k.produceKey(e,i);if(this.version>=5){const e=fs(this.aeadAlgorithm,!0),r=new Uint8Array([192|ic.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),a=6===this.version?await sn(B.hash.sha256,n,new Uint8Array,r,i):n,s=await e(t,a);this.sessionKey=await s.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await Ca(t,n,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=B.write(B.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==en(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=n}async encrypt(e,t=T){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=Rs(t),this.s2k.generateSalt();const{blockSize:i,keySize:n}=en(r),a=await this.s2k.produceKey(e,n);if(null===this.sessionKey&&(this.sessionKey=Es(this.sessionKeyAlgorithm)),this.version>=5){const e=fs(this.aeadAlgorithm);this.iv=le(e.ivLength);const t=new Uint8Array([192|ic.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await sn(B.hash.sha256,a,new Uint8Array,t,n):a,s=await e(r,i);this.encrypted=await s.encrypt(this.sessionKey,this.iv,t)}else{const e=_.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await Ia(r,a,e,new Uint8Array(i))}}}class nc{static get tag(){return B.packet.publicKey}constructor(e=new Date,t=T){this.version=t.v6Keys?6:4,this.created=_.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new nc,{version:r,created:i,algorithm:n,publicParams:a,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=n,t.publicParams=a,t.keyID=s,t.fingerprint=o,t}async read(e,t=T){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Wt("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=_.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:i}=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case B.publicKey.dsa:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));r+=i.length+2;const n=_.readMPI(t.subarray(r));r+=n.length+2;const a=_.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,q:i,g:n,y:a}}}case B.publicKey.elgamal:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));r+=i.length+2;const n=_.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,g:i,y:n}}}case B.publicKey.ecdsa:{const e=new Nt;r+=e.read(t),Ss(e);const i=_.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case B.publicKey.eddsaLegacy:{const e=new Nt;if(r+=e.read(t),Ss(e),e.getName()!==B.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let i=_.readMPI(t.subarray(r));return r+=i.length+2,i=_.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case B.publicKey.ecdh:{const e=new Nt;r+=e.read(t),Ss(e);const i=_.readMPI(t.subarray(r));r+=i.length+2;const n=new ba;return r+=n.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:n}}}case B.publicKey.ed25519:case B.publicKey.ed448:case B.publicKey.x25519:case B.publicKey.x448:{const i=_.readExactSubarray(t,r,r+Ps(e));return r+=i.length,{read:r,publicParams:{A:i}}}case B.publicKey.hmac:case B.publicKey.aead:{const e=new Ka;r+=e.read(t);const i=Be(B.hash.sha256),n=t.subarray(r,r+i);return r+=i,{read:r,publicParams:{cipher:e,digest:n}}}case B.publicKey.pqc_mlkem_x25519:{const e=_.readExactSubarray(t,r,r+Ps(B.publicKey.x25519));r+=e.length;const i=_.readExactSubarray(t,r,r+1184);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:i}}}case B.publicKey.pqc_mldsa_ed25519:{const e=_.readExactSubarray(t,r,r+Ps(B.publicKey.ed25519));r+=e.length;const i=_.readExactSubarray(t,r,r+1952);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:i}}}default:throw new Wt("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&i.oid&&(i.oid.getName()===B.curve.curve25519Legacy||i.oid.getName()===B.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&(this.algorithm===B.publicKey.pqc_mldsa_ed25519||this.algorithm===B.publicKey.pqc_mlkem_x25519))throw Error("Unexpected key version: ML-DSA and ML-KEM algorithms can only be used with v6 keys");return this.publicParams=i,r+=t,await this.computeFingerprintAndKeyID(),r}throw new Wt(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(_.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=ks(this.algorithm,this.publicParams);return this.version>=5&&e.push(_.writeNumber(t.length,4)),e.push(t),_.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,i=e>=5?4:2;return _.concatUint8Array([new Uint8Array([r]),_.writeNumber(t.length,i),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new Bo,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await Ce(B.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await Ce(B.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return _.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&_.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=B.read(B.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=_.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}nc.prototype.readPublicKey=nc.prototype.read,nc.prototype.writePublicKey=nc.prototype.write;const ac=/*#__PURE__*/_.constructAllowedPackets([Co,jo,No,Fo]);class sc{static get tag(){return B.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=T){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:i}=en(e),n=await P(K(this.encrypted)),a=await Ca(e,t,n.subarray(i+2),n.subarray(2,i+2));this.packets=await Oo.fromBinary(a,ac,r)}async encrypt(e,t,r=T){const i=this.packets.write(),{blockSize:n}=en(e),a=await xa(e),s=await Ia(e,t,a,new Uint8Array(n)),o=await Ia(e,t,i,s.subarray(2));this.encrypted=_.concat([s,o])}}class oc{static get tag(){return B.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class cc extends nc{static get tag(){return B.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new cc,{version:r,created:i,algorithm:n,publicParams:a,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=n,t.publicParams=a,t.keyID=s,t.fingerprint=o,t}}class uc{static get tag(){return B.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=zt(e.subarray(t,e.length));t+=r.offset,this.attributes.push(_.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(Ot(this.attributes[t].length)),e.push(_.stringToUint8Array(this.attributes[t]));return _.concatUint8Array(e)}equals(e){return!!(e&&e instanceof uc)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class hc extends nc{static get tag(){return B.packet.secretKey}constructor(e=new Date,t=T){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=T){let r=await this.readPublicKey(e,t);const i=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=Fs(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+en(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+fs(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(i),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!_.equalsUint8Array(_.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await bs(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof Wt)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return _.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=ks(this.algorithm,this.privateParams)),5===this.version&&t.push(_.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(_.writeChecksum(this.keyMaterial))),_.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=T){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=Fs(B.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=B.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=T){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=Rs(t),this.s2k.generateSalt();const r=ks(this.algorithm,this.privateParams);this.symmetric=B.symmetric.aes256;const{blockSize:i}=en(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const n=fs(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const a=jt(this.constructor.tag),s=await lc(this.version,this.s2k,e,this.symmetric,this.aead,a,this.isLegacyAEAD),o=await n(this.symmetric,s);this.iv=this.isLegacyAEAD?le(i):le(n.ivLength);const c=this.isLegacyAEAD?new Uint8Array:_.concatUint8Array([a,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,n.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const t=await lc(this.version,this.s2k,e,this.symmetric);this.iv=le(i),this.keyMaterial=await Ia(this.symmetric,t,_.concatUint8Array([r,await Ce(B.hash.sha1,r)]),this.iv)}}async decrypt(e){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let t;const r=jt(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let i;if(t=await lc(this.version,this.s2k,e,this.symmetric,this.aead,r,this.isLegacyAEAD),253===this.s2kUsage){const e=fs(this.aead,!0),n=await e(this.symmetric,t);try{const t=this.isLegacyAEAD?new Uint8Array:_.concatUint8Array([r,this.writePublicKey()]);i=await n.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),t)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await Ca(this.symmetric,t,this.keyMaterial,this.iv);i=e.subarray(0,-20);const r=await Ce(B.hash.sha1,i);if(!_.equalsUint8Array(r,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await bs(this.algorithm,i,this.publicParams);this.privateParams=e}catch(e){throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await As(this.algorithm,this.publicParams,this.privateParams)}catch(t){e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===B.publicKey.ecdh&&t===B.curve.curve25519Legacy||this.algorithm===B.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&(this.algorithm===B.publicKey.pqc_mldsa_ed25519||this.algorithm===B.publicKey.pqc_mlkem_x25519))throw Error(`Cannot generate v${this.version} keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:i,publicParams:n}=await vs(this.algorithm,e,t,r);this.privateParams=i,this.publicParams=n,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function lc(e,t,r,i,n,a,s){if("argon2"===t.type&&!n)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=en(i),c=await t.produceKey(r,o);if(!n||5===e||s)return c;const u=_.concatUint8Array([a,new Uint8Array([e,i,n])]);return sn(B.hash.sha256,c,new Uint8Array,u,o)}class yc{static get tag(){return B.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(_.isString(e)||e.name&&!_.isString(e.name)||e.email&&!_.isEmailAddress(e.email)||e.comment&&!_.isString(e.comment))throw Error("Invalid user ID format");const t=new yc;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=T){const r=_.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const i=/^(?<name>[^()]+\s+)?(?<comment>\([^()]+\)\s+)?(?<email><\S+@\S+>)$/.exec(r);if(null!==i){const{name:e,comment:t,email:r}=i.groups;this.comment=t?.replace(/^\(|\)|\s$/g,"").trim()||"",this.name=e?.trim()||"",this.email=r.substring(1,r.length-1)}else/^[^\s@]+@[^\s@]+$/.test(r)&&(this.email=r);this.userID=r}write(){return _.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class pc extends hc{static get tag(){return B.packet.secretSubkey}constructor(e=new Date,t=T){super(e,t)}}class gc{static get tag(){return B.packet.trust}read(){throw new Wt("Trust packets are not supported")}write(){throw new Wt("Trust packets are not supported")}}class dc{static get tag(){return B.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await le(e)}}const fc=/*#__PURE__*/_.constructAllowedPackets([Fo]);class mc{constructor(e){this.packets=e||new Oo}write(){return this.packets.write()}armor(e=T){const t=this.packets.some((e=>e.constructor.tag===Fo.tag&&6!==e.version));return X(B.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function wc({armoredSignature:e,binarySignature:t,config:r,...i}){r={...T,...r};let n=e||t;if(!n)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!_.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!_.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:e,data:t}=await Q(n);if(e!==B.armor.signature)throw Error("Armored text not of type signature");n=t}const s=await Oo.fromBinary(n,fc,r);return new mc(s)}async function bc(e,t){const r=new pc(e.date,t);return r.packets=null,r.algorithm=B.write(B.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function kc(e,t){const r=new hc(e.date,t);return r.packets=null,r.algorithm=B.write(B.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function vc(e,t,r,i,n=new Date,a){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,n,void 0,a),s=e[c])}catch(e){o=e}if(!s)throw _.wrapError(`Could not find valid ${B.read(B.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Kc(e,t,r=new Date){const i=_.normalizeDate(r);if(null!==i){const r=Dc(e,t);return!(e.created<=i&&i<r)}return!1}async function Ac(e,t,r,i){const n={};n.key=t,n.bind=e;const a={signatureType:B.signature.subkeyBinding};r.sign?(a.keyFlags=[B.keyFlags.signData],a.embeddedSignature=await Sc(n,[],e,{signatureType:B.signature.keyBinding},r.date,void 0,void 0,void 0,i)):a.keyFlags=r.forwarding?[B.keyFlags.forwardedCommunication]:[B.keyFlags.encryptCommunication|B.keyFlags.encryptStorage],r.keyExpirationTime>0&&(a.keyExpirationTime=r.keyExpirationTime,a.keyNeverExpires=!1);return await Sc(n,[],t,a,r.date,void 0,void 0,void 0,i)}async function Ec(e,t,r=new Date,i=[],n){if(t.algorithm===B.publicKey.pqc_mldsa_ed25519)return da(t.algorithm);const a=B.hash.sha256,s=n.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,i[t],n)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=B.write(B.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===a,h=()=>{if(0===c.size)return a;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Be(e)-Be(t)))[0];return Be(e)>=Be(a)?e:a};if(new Set([B.publicKey.ecdsa,B.publicKey.eddsaLegacy,B.publicKey.ed25519,B.publicKey.ed448]).has(t.algorithm)){const e=function(e,t){switch(e){case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:return Sn(t);case B.publicKey.ed25519:case B.publicKey.ed448:return Gr(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(s),i=Be(s)>=Be(e);if(r&&i)return s;{const t=h();return Be(t)>=Be(e)?t:e}}return u(s)?s:h()}async function Sc(e,t,r,i,n,a,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new Fo;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Ec(t,r,n,a,c),u.rawNotations=[...s],await u.sign(r,e,n,o,c),u}async function Pc(e,t,r,i=new Date,n){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||n&&!await n(e)||t[r].some((function(t){return _.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Uc(e,t,r,i,n,a,s=new Date,o){a=a||e;const c=[];return await Promise.all(i.map((async function(e){try{if(!n||e.issuerKeyID.equals(n.issuerKeyID)){const i=![B.reasonForRevocation.keyRetired,B.reasonForRevocation.keySuperseded,B.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(a,t,r,i?null:s,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),n?(n.revoked=!!c.some((e=>e.equals(n.issuerKeyID)))||(n.revoked||!1),n.revoked):c.length>0}function Dc(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function xc(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=_.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=B.publicKey.pqc_mldsa_ed25519:e.algorithm=B.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=B.write(B.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==B.curve.ed25519Legacy&&e.curve!==B.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?B.curve.ed25519Legacy:B.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===B.curve.ed25519Legacy?B.publicKey.eddsaLegacy:B.publicKey.ecdsa:e.algorithm=B.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?B.publicKey.ed25519:B.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?B.publicKey.ed448:B.publicKey.x448;break;case"rsa":e.algorithm=B.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=B.publicKey.hmac;try{e.symmetric=B.write(B.hash,e.symmetricHash)}catch(e){throw Error("Unknown hash algorithm")}}else{e.algorithm=B.publicKey.aead;try{e.symmetric=B.write(B.symmetric,e.symmetricCipher)}catch(e){throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function Ic(e,t,r){switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.dsa:case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:case B.publicKey.ed25519:case B.publicKey.ed448:case B.publicKey.hmac:case B.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.signData);default:return!1}}function Cc(e,t,r){switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.aead:case B.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&B.keyFlags.encryptStorage);default:return!1}}function Bc(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&B.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&B.keyFlags.forwardedCommunication));default:return!1}}function Tc(e,t){const r=B.write(B.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.rsaEncrypt:if(i.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:case B.publicKey.ecdh:if(t.rejectCurves.has(i.curve))throw Error(`Support for ${i.algorithm} keys using curve ${i.curve} is disabled.`)}}class Mc{constructor(e,t){this.userID=e.constructor.tag===B.packet.userID?e:null,this.userAttribute=e.constructor.tag===B.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new Oo;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new Mc(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i},a=new Mc(n.userID||n.userAttribute,this.mainKey);return a.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(i))throw Error("The user's own key can only be used for self-certifications");const a=await e.getSigningKey(void 0,t,void 0,r);return Sc(n,[e],a.keyPacket,{signatureType:B.signature.certGeneric,keyFlags:[B.keyFlags.certifyKeys|B.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await a.update(this,t,r),a}async isRevoked(e,t,r=new Date,i=T){const n=this.mainKey.keyPacket;return Uc(n,B.signature.certRevocation,{key:n,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,i)}async verifyCertificate(e,t,r=new Date,i){const n=this,a=this.mainKey.keyPacket,s={userID:this.userID,userAttribute:this.userAttribute,key:a},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const a=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await n.isRevoked(e,a.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(a.keyPacket,B.signature.certGeneric,s,r,void 0,i)}catch(e){throw _.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,n=this.selfCertifications.concat(this.otherCertifications);return Promise.all(n.map((async n=>({keyID:n.issuerKeyID,valid:await i.verifyCertificate(n,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};let a;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const a=this.selfCertifications[s];if(a.revoked||await r.isRevoked(a,void 0,e,t))throw Error("Self-certification is revoked");try{await a.verify(i,B.signature.certGeneric,n,e,void 0,t)}catch(e){throw _.wrapError("Self-certification is invalid",e)}return!0}catch(e){a=e}throw a}async update(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};await Pc(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,B.signature.certGeneric,n,t,!1,r),!0}catch(e){return!1}})),await Pc(e,this,"otherCertifications",t),await Pc(e,this,"revocationSignatures",t,(function(e){return Uc(i,B.signature.certRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=B.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=T){const a={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new Mc(a.userID||a.userAttribute,this.mainKey);return s.revocationSignatures.push(await Sc(a,[],e,{signatureType:B.signature.certRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}}class _c{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new Oo;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new _c(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=T){const n=this.mainKey.keyPacket;return Uc(n,B.signature.subkeyRevocation,{key:n,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=T){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},n=await vc(this.bindingSignatures,r,B.signature.subkeyBinding,i,e,t);if(n.revoked||await this.isRevoked(n,null,e,t))throw Error("Subkey is revoked");if(Kc(this.keyPacket,n,e))throw Error("Subkey is expired");return n}async getExpirationTime(e=new Date,t=T){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let n;try{n=await vc(this.bindingSignatures,r,B.signature.subkeyBinding,i,e,t)}catch(e){return null}const a=Dc(this.keyPacket,n),s=n.getExpirationTime();return a<s?a:s}async update(e,t=new Date,r=T){const i=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===B.packet.publicSubkey&&e.keyPacket.constructor.tag===B.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const n=this,a={key:i,bind:n.keyPacket};await Pc(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<n.bindingSignatures.length;t++)if(n.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>n.bindingSignatures[t].created&&(n.bindingSignatures[t]=e),!1;try{return await e.verify(i,B.signature.subkeyBinding,a,t,void 0,r),!0}catch(e){return!1}})),await Pc(e,this,"revocationSignatures",t,(function(e){return Uc(i,B.signature.subkeyRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=B.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=T){const a={key:e,bind:this.keyPacket},s=new _c(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await Sc(a,[],e,{signatureType:B.signature.subkeyRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{_c.prototype[e]=function(){return this.keyPacket[e]()}}));const Fc=/*#__PURE__*/_.constructAllowedPackets([Fo]),Rc=new Set([B.packet.publicKey,B.packet.privateKey]),Lc=new Set([B.packet.publicKey,B.packet.privateKey,B.packet.publicSubkey,B.packet.privateSubkey]);class Nc{packetListToStructure(e,t=new Set){let r,i,n,a;for(const s of e){if(s instanceof Zt){Lc.has(s.tag)&&!a&&(a=Rc.has(s.tag)?Rc:Lc);continue}const e=s.constructor.tag;if(a){if(!a.has(e))continue;a=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case B.packet.publicKey:case B.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case B.packet.userID:case B.packet.userAttribute:r=new Mc(s,this),this.users.push(r);break;case B.packet.publicSubkey:case B.packet.secretSubkey:r=null,n=new _c(s,this),this.subkeys.push(n);break;case B.packet.signature:switch(s.signatureType){case B.signature.certGeneric:case B.signature.certPersona:case B.signature.certCasual:case B.signature.certPositive:if(!r){_.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case B.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case B.signature.key:this.directSignatures.push(s);break;case B.signature.subkeyBinding:if(!n){_.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}n.bindingSignatures.push(s);break;case B.signature.keyRevocation:this.revocationSignatures.push(s);break;case B.signature.subkeyRevocation:if(!n){_.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}n.revocationSignatures.push(s)}}}}toPacketList(){const e=new Oo;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=T){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket;try{Tc(n,i)}catch(e){throw _.wrapError("Could not verify primary key",e)}const a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await vc(r.bindingSignatures,n,B.signature.subkeyBinding,e,t,i);if(!Ic(r.keyPacket,a,i))continue;if(!a.embeddedSignature)throw Error("Missing embedded signature");return await vc([a.embeddedSignature],r.keyPacket,B.signature.keyBinding,e,t,i),Tc(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimarySelfSignature(t,r,i);if((!e||n.getKeyID().equals(e))&&Ic(n,a,i))return Tc(n,i),this}catch(e){s=e}throw _.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=T){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket;try{Tc(n,i)}catch(e){throw _.wrapError("Could not verify primary key",e)}const a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await vc(r.bindingSignatures,n,B.signature.subkeyBinding,e,t,i);if(Cc(r.keyPacket,a,i))return Tc(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimarySelfSignature(t,r,i);if((!e||n.getKeyID().equals(e))&&Cc(n,a,i))return Tc(n,i),this}catch(e){s=e}throw _.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=T){return Uc(this.keyPacket,B.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=T){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Kc(i,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==i.version){const t=await vc(this.directSignatures,i,B.signature.key,{key:i},e,r).catch((()=>{}));if(t&&Kc(i,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=T){let r;try{const i=await this.getPrimarySelfSignature(null,e,t),n=Dc(this.keyPacket,i),a=i.getExpirationTime(),s=6!==this.keyPacket.version&&await vc(this.directSignatures,this.keyPacket,B.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=Dc(this.keyPacket,s);r=Math.min(n,a,e)}else r=n<a?n:a}catch(e){r=null}return _.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=T){const i=this.keyPacket;if(6===i.version)return vc(this.directSignatures,i,B.signature.key,{key:i},e,r);const{selfCertification:n}=await this.getPrimaryUser(e,t,r);return n}async getPrimaryUser(e=new Date,t={},r=T){const i=this.keyPacket,n=[];let a;for(let s=0;s<this.users.length;s++)try{const a=this.users[s];if(!a.userID)continue;if(void 0!==t.name&&a.userID.name!==t.name||void 0!==t.email&&a.userID.email!==t.email||void 0!==t.comment&&a.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:a.userID,key:i},c=await vc(a.selfCertifications,i,B.signature.certGeneric,o,e,r);n.push({index:s,user:a,selfCertification:c})}catch(e){a=e}if(!n.length)throw a||Error("Could not find primary user");await Promise.all(n.map((async function(t){return t.selfCertification.revoked||t.user.isRevoked(t.selfCertification,null,e,r)})));const s=n.sort((function(e,t){const r=e.selfCertification,i=t.selfCertification;return i.revoked-r.revoked||r.isPrimaryUserID-i.isPrimaryUserID||r.created-i.created})).pop(),{user:o,selfCertification:c}=s;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return s}async update(e,t=new Date,r=T){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await Pc(e,i,"revocationSignatures",t,(n=>Uc(i.keyPacket,B.signature.keyRevocation,i,[n],null,e.keyPacket,t,r))),await Pc(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const n=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const n=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=T){const r={key:this.keyPacket},i=await vc(this.revocationSignatures,this.keyPacket,B.signature.keyRevocation,r,e,t),n=new Oo;n.push(i);const a=6!==this.keyPacket.version;return X(B.armor.publicKey,n.write(),null,null,"This is a revocation certificate",a,t)}async applyRevocationCertificate(e,t=new Date,r=T){const i=await Q(e),n=(await Oo.fromBinary(i.data,Fc,r)).findPacket(B.packet.signature);if(!n||n.signatureType!==B.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!n.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await n.verify(this.keyPacket,B.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw _.wrapError("Could not verify revocation signature",e)}const a=this.clone();return a.revocationSignatures.push(n),a}async signPrimaryUser(e,t,r,i=T){const{index:n,user:a}=await this.getPrimaryUser(t,r,i),s=await a.certify(e,t,i),o=this.clone();return o.users[n]=s,o}async signAllUsers(e,t=new Date,r=T){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=T){const n=this.keyPacket,{user:a}=await this.getPrimaryUser(t,r,i);return e?await a.verifyAllCertifications(e,t,i):[{keyID:n.getKeyID(),valid:await a.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=T){const i=this.keyPacket,n=[];return await Promise.all(this.users.map((async a=>{const s=e?await a.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await a.verify(t,r).catch((()=>!1))}];n.push(...s.map((e=>({userID:a.userID?a.userID.userID:null,userAttribute:a.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),n}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{Nc.prototype[e]=_c.prototype[e]}));class zc extends Nc{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([B.packet.secretKey,B.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=T){const t=6!==this.keyPacket.version;return X(B.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class Oc extends zc{constructor(e){if(super(),this.packetListToStructure(e,new Set([B.packet.publicKey,B.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new Oo,t=this.toPacketList();let r=!1;for(const i of t)if(!r||i.constructor.tag!==B.packet.Signature)switch(r&&(r=!1),i.constructor.tag){case B.packet.secretKey:{if(i.algorithm===B.publicKey.aead||i.algorithm===B.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=nc.fromSecretKeyPacket(i);e.push(t);break}case B.packet.secretSubkey:{if(i.algorithm===B.publicKey.aead||i.algorithm===B.publicKey.hmac){r=!0;break}const t=cc.fromSecretSubkeyPacket(i);e.push(t);break}default:e.push(i)}return new zc(e)}armor(e=T){const t=6!==this.keyPacket.version;return X(B.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},i=T){const n=this.keyPacket,a=[];let s=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){s=s||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:n,bind:this.subkeys[r].keyPacket},s=await vc(this.subkeys[r].bindingSignatures,n,B.signature.subkeyBinding,e,t,i);Bc(this.subkeys[r].keyPacket,s,i)&&a.push(this.subkeys[r])}catch(e){s=e}}const o=await this.getPrimarySelfSignature(t,r,i);if(e&&!n.getKeyID().equals(e,!0)||!Bc(n,o,i)||(n.isDummy()?s=s||Error("Gnu-dummy key packets cannot be used for decryption"):a.push(this)),0===a.length)throw s||Error("No decryption key packets found");return a}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=T){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=B.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=T){if(!this.isPrivate())throw Error("Need private key for revoking");const n={key:this.keyPacket},a=this.clone();return a.revocationSignatures.push(await Sc(n,[],this.keyPacket,{signatureType:B.signature.keyRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),a}async addSubkey(e={}){const t={...T,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const i=r.getAlgorithmInfo();i.type=function(e){switch(B.write(B.publicKey,e)){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.dsa:return"rsa";case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:return"ecc";case B.publicKey.ed25519:return"curve25519";case B.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(i.algorithm),i.rsaBits=i.bits||4096,i.curve=i.curve||"curve25519Legacy",e=xc(e,i);const n=await bc(e,{...t,v6Keys:6===this.keyPacket.version});Tc(n,t);const a=await Ac(n,r,e,t),s=this.toPacketList();return s.push(n,a),new Oc(s)}}const qc=/*#__PURE__*/_.constructAllowedPackets([nc,cc,hc,pc,yc,uc,Fo]);function jc(e){for(const t of e)switch(t.constructor.tag){case B.packet.secretKey:return new Oc(e);case B.packet.publicKey:return new zc(e)}throw Error("No key packet found")}async function Hc(e,t,r,i){r.passphrase&&await e.encrypt(r.passphrase,i),await Promise.all(t.map((async function(e,t){const n=r.subkeys[t].passphrase;n&&await e.encrypt(n,i)})));const n=new Oo;function a(e,t){return[t,...e.filter((e=>e!==t))]}function s(){const t={};t.keyFlags=[B.keyFlags.certifyKeys|B.keyFlags.signData];const n=a([B.symmetric.aes256,B.symmetric.aes128],i.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=n,i.aeadProtect){const e=a([B.aead.gcm,B.aead.eax,B.aead.ocb],i.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>n.map((t=>[t,e]))))}return t.preferredHashAlgorithms=a([B.hash.sha512,B.hash.sha256,...6===e.version?[B.hash.sha3_512,B.hash.sha3_256]:[]],i.preferredHashAlgorithm),t.preferredCompressionAlgorithms=a([B.compression.uncompressed,B.compression.zlib,B.compression.zip],i.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=B.features.modificationDetection,i.aeadProtect&&(t.features[0]|=B.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(n.push(e),6===e.version){const t={key:e},a=s();a.signatureType=B.signature.key;const o=await Sc(t,[],e,a,r.date,void 0,void 0,void 0,i);n.push(o)}await Promise.all(r.userIDs.map((async function(t,n){const a=yc.fromObject(t),o={userID:a,key:e},c=6!==e.version?s():{};c.signatureType=B.signature.certPositive,0===n&&(c.isPrimaryUserID=!0);return{userIDPacket:a,signaturePacket:await Sc(o,[],e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{n.push(e),n.push(t)}))})),await Promise.all(t.map((async function(t,n){const a=r.subkeys[n];return{secretSubkeyPacket:t,subkeySignaturePacket:await Ac(t,e,a,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{n.push(e),n.push(t)}))}));const o={key:e};return n.push(await Sc(o,[],e,{signatureType:B.signature.keyRevocation,reasonForRevocationFlag:B.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new Oc(n)}async function Gc({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...T,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!_.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!_.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:r}=await Q(e);if(t!==B.armor.publicKey&&t!==B.armor.privateKey)throw Error("Armored text not of type key");a=r}else a=t;const s=await Oo.fromBinary(a,qc,r),o=s.indexOfTag(B.packet.publicKey,B.packet.secretKey);if(0===o.length)throw Error("No key packet found");return jc(s.slice(o[0],o[1]))}async function Vc({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...T,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!_.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!_.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:r}=await Q(e);if(t!==B.armor.privateKey)throw Error("Armored text not of type private key");a=r}else a=t;const s=await Oo.fromBinary(a,qc,r),o=s.indexOfTag(B.packet.publicKey,B.packet.secretKey);for(let e=0;e<o.length;e++){if(s[o[e]].constructor.tag===B.packet.publicKey)continue;const t=s.slice(o[e],o[e+1]);return new Oc(t)}throw Error("No secret key packet found")}async function Wc({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...T,...r};let n=e||t;if(!n)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!_.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!_.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:t,data:r}=await Q(e);if(t!==B.armor.publicKey&&t!==B.armor.privateKey)throw Error("Armored text not of type key");n=r}const s=[],o=await Oo.fromBinary(n,qc,r),c=o.indexOfTag(B.packet.publicKey,B.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=jc(o.slice(c[e],c[e+1]));s.push(t)}return s}async function $c({armoredKeys:e,binaryKeys:t,config:r}){r={...T,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!_.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!_.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await Q(e);if(t!==B.armor.privateKey)throw Error("Armored text not of type private key");i=r}const n=[],a=await Oo.fromBinary(i,qc,r),s=a.indexOfTag(B.packet.publicKey,B.packet.secretKey);for(let e=0;e<s.length;e++){if(a[s[e]].constructor.tag===B.packet.publicKey)continue;const t=a.slice(s[e],s[e+1]),r=new Oc(t);n.push(r)}if(0===n.length)throw Error("No secret key packet found");return n}const Zc=/*#__PURE__*/_.constructAllowedPackets([Co,jo,Jo,Qo,sc,tc,ic,No,Fo]),Qc=/*#__PURE__*/_.constructAllowedPackets([ic]),Xc=/*#__PURE__*/_.constructAllowedPackets([Fo]);class Yc{constructor(e){this.packets=e||new Oo}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(B.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(B.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(B.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,n=T){const a=this.packets.filterByTag(B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData,B.packet.aeadEncryptedData);if(0===a.length)throw Error("No encrypted data found");const s=a[0],o=s.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,i,n);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!_.isUint8Array(t)||!s.cipherAlgorithm&&!_.isString(e))throw Error("Invalid session key for decryption.");try{const r=s.cipherAlgorithm||B.write(B.symmetric,e);await s.decrypt(r,t,n)}catch(e){_.printDebugError(e),u=e}})));if(U(s.encrypted),s.encrypted=null,await h,!s.packets||!s.packets.length)throw u||Error("Decryption failed.");const l=new Yc(s.packets);return s.packets=new Oo,l}async decryptSessionKeys(e,t,r,i=new Date,n=T){let a,s=[];if(t){const e=this.packets.filterByTag(B.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await Oo.fromBinary(e.write(),Qc,n):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t),s.push(e)}catch(e){_.printDebugError(e),e instanceof xs&&(a=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(B.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,n)).map((e=>e.keyPacket))}catch(e){return void(a=e)}let c=[B.symmetric.aes256,B.symmetric.aes128,B.symmetric.tripledes,B.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(i,void 0,n);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(n.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===B.publicKey.rsaEncrypt||t.publicKeyAlgorithm===B.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===B.publicKey.rsaSign||t.publicKeyAlgorithm===B.publicKey.elgamal)){const i=t.write();await Promise.all((r?[r]:Array.from(n.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new tc;r.read(i);const n={sessionKeyAlgorithm:t,sessionKey:Es(t)};try{await r.decrypt(e,n),s.push(r)}catch(e){_.printDebugError(e),a=e}})))}else try{await t.decrypt(e);const i=r||t.sessionKeyAlgorithm;if(i&&!c.includes(B.write(B.symmetric,i)))throw Error("A non-preferred symmetric algorithm was used.");s.push(t)}catch(e){_.printDebugError(e),a=e}})))}))),U(t.encrypted),t.encrypted=null})))}}if(s.length>0){if(s.length>1){const e=new Set;s=s.filter((t=>{const r=t.sessionKeyAlgorithm+_.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return s.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&B.read(B.symmetric,e.sessionKeyAlgorithm)})))}throw a||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=T){const{symmetricAlgo:n,aeadAlgo:a}=await async function(e=[],t=new Date,r=[],i=T){const n=await Promise.all(e.map(((e,n)=>e.getPrimarySelfSignature(t,r[n],i))));if(e.length?!i.ignoreSEIPDv2FeatureFlag&&n.every((e=>e.features&&e.features[0]&B.features.seipdv2)):i.aeadProtect){const e={symmetricAlgo:B.symmetric.aes128,aeadAlgo:B.aead.ocb},t=[{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:i.preferredAEADAlgorithm},{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:B.aead.ocb},{symmetricAlgo:B.symmetric.aes128,aeadAlgo:i.preferredAEADAlgorithm}];for(const e of t)if(n.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const a=B.symmetric.aes128,s=i.preferredSymmetricAlgorithm;return{symmetricAlgo:n.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(s)))?s:a,aeadAlgo:void 0}}(e,t,r,i),s=B.read(B.symmetric,n),o=a?B.read(B.aead,a):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===B.publicKey.x25519||e.keyPacket.algorithm===B.publicKey.x448)&&!o&&!_.isAES(n))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:Es(n),algorithm:s,aeadAlgorithm:o}}async encrypt(e,t,r,i=!1,n=[],a=new Date,s=[],o=T){if(r){if(!_.isUint8Array(r.data)||!_.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Yc.generateSessionKey(e,a,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Yc.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await Yc.encryptSessionKey(c,u,h,e,t,i,n,a,s,o),y=Qo.fromObject({version:h?2:1,aeadAlgorithm:h?B.write(B.aead,h):null});y.packets=this.packets;const p=B.write(B.symmetric,u);return await y.encrypt(p,c,o),l.packets.push(y),y.packets=new Oo,l}static async encryptSessionKey(e,t,r,i,n,a=!1,s=[],o=new Date,c=[],u=T){const h=new Oo,l=B.write(B.symmetric,t),y=r&&B.write(B.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),n=tc.fromObject({version:y?6:3,encryptionKeyPacket:i.keyPacket,anonymousRecipient:a,sessionKey:e,sessionKeyAlgorithm:l});return await n.encrypt(i.keyPacket),delete n.sessionKey,n})));h.push(...t)}if(n){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,a,s,o){const c=new ic(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=a,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(n.map((e=>t(c,e))))).reduce(r))return i(e,a,o)}return delete c.sessionKey,c},a=await Promise.all(n.map((t=>i(e,l,y,t))));h.push(...a)}return new Yc(h)}async sign(e=[],t=[],r=null,i=[],n=new Date,a=[],s=[],o=[],c=T){const u=new Oo,h=this.packets.findPacket(B.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await Jc(h,e,t,r,i,n,a,s,o,!1,c),y=l.map(((e,t)=>No.fromSignaturePacket(e,0===t))).reverse();return u.push(...y),u.push(h),u.push(...l),new Yc(u)}compress(e,t=T){if(e===B.compression.uncompressed)return this;const r=new jo(t);r.algorithm=e,r.packets=this.packets;const i=new Oo;return i.push(r),new Yc(i)}async signDetached(e=[],t=[],r=null,i=[],n=[],a=new Date,s=[],o=[],c=T){const u=this.packets.findPacket(B.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new mc(await Jc(u,e,t,r,i,n,a,s,o,!0,c))}async verify(e,t=new Date,r=T){const i=this.unwrapCompressed(),n=i.packets.filterByTag(B.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");a(i.packets.stream)&&i.packets.push(...await P(i.packets.stream,(e=>e||[])));const s=i.packets.filterByTag(B.packet.onePassSignature).reverse(),o=i.packets.filterByTag(B.packet.signature);return s.length&&!o.length&&_.isStream(i.packets.stream)&&!a(i.packets.stream)?(await Promise.all(s.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=D((async()=>(await e.correspondingSig).signatureData)),e.hashed=P(await e.hash(e.signatureType,n[0],void 0,!1)),e.hashed.catch((()=>{}))}))),i.packets.stream=k(i.packets.stream,(async(e,t)=>{const r=x(e),i=I(t);try{for(let e=0;e<s.length;e++){const{value:t}=await r.read();s[e].correspondingSigResolve(t)}await r.readToEnd(),await i.ready,await i.close()}catch(e){s.forEach((t=>{t.correspondingSigReject(e)})),await i.abort(e)}})),eu(s,n,e,t,!1,r)):eu(o,n,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=T){const n=this.unwrapCompressed().packets.filterByTag(B.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");return eu(e.packets.filterByTag(B.packet.signature),n,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(B.packet.compressedData);return e.length?new Yc(e[0].packets):this}async appendSignature(e,t=T){await this.packets.read(_.isUint8Array(e)?e:(await Q(e)).data,Xc,t)}write(){return this.packets.write()}armor(e=T){const t=this.packets[this.packets.length-1],r=t.constructor.tag===Qo.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===Fo.tag&&6!==e.version));return X(B.armor.message,this.write(),null,null,null,r,e)}}async function Jc(e,t,r=[],i=null,n=[],a=new Date,s=[],o=[],c=[],u=!1,h=T){const l=new Oo,y=null===e.text?B.signature.binary:B.signature.text;if(await Promise.all(t.map((async(t,i)=>{const l=s[i];if(!t.isPrivate())throw Error("Need private key for signing");const p=await t.getSigningKey(n[i],a,l,h);return Sc(e,r.length?r:[t],p.keyPacket,{signatureType:y},a,o,c,u,h)}))).then((e=>{l.push(...e)})),i){const e=i.packets.filterByTag(B.packet.signature);l.push(...e)}return l}async function eu(e,t,r,i=new Date,n=!1,a=T){return Promise.all(e.filter((function(e){return["text","binary"].includes(B.read(B.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,n=!1,a=T){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof No?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,n,a);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,a)}catch(e){if(!a.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,a)}return!0})(),signature:(async()=>{const e=await c,t=new Oo;return e&&t.push(e),new mc(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,n,a)})))}async function tu({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...T,...r};let n=e||t;if(!n)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!_.isString(e)&&!_.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!_.isUint8Array(t)&&!_.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));const s=_.isStream(n);if(e){const{type:e,data:t}=await Q(n);if(e!==B.armor.message)throw Error("Armored text not of type message");n=t}const o=await Oo.fromBinary(n,Zc,r),c=new Yc(o);return c.fromStream=s,c}async function ru({text:e,binary:t,filename:r,date:i=new Date,format:n=(void 0!==e?"utf8":"binary"),...a}){const s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!_.isString(e)&&!_.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!_.isUint8Array(t)&&!_.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=_.isStream(s),u=new Co(i);void 0!==e?u.setText(s,B.write(B.literal,n)):u.setBytes(s,B.write(B.literal,n)),void 0!==r&&u.setFilename(r);const h=new Oo;h.push(u);const l=new Yc(h);return l.fromStream=c,l}const iu=/*#__PURE__*/_.constructAllowedPackets([Fo]);class nu{constructor(e,t){if(this.text=_.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof mc))throw Error("Invalid signature input");this.signature=t||new mc(new Oo)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,i=[],n=new Date,a=[],s=[],o=[],c=T){const u=new Co;u.setText(this.text);const h=new mc(await Jc(u,e,t,r,i,n,a,s,o,!0,c));return new nu(this.text,h)}verify(e,t=new Date,r=T){const i=this.signature.packets.filterByTag(B.packet.signature),n=new Co;return n.setText(this.text),eu(i,[n],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=T){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>B.read(B.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return X(B.armor.signed,r,void 0,void 0,void 0,t,e)}}async function au({cleartextMessage:e,config:t,...r}){if(t={...T,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!_.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const n=await Q(e);if(n.type!==B.armor.signed)throw Error("No cleartext signed message.");const a=await Oo.fromBinary(n.data,iu,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i<t.length;i++)if(t[i].constructor.tag===B.packet.signature&&!e.some(r(t[i])))return!1;return!0},i=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return B.write(B.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));i.push(...e)}})),i.length&&!r(i))throw Error("Hash algorithm mismatch in armor header and signature")}(n.headers,a);const s=new mc(a);return new nu(n.text,s)}async function su({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!_.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new nu(e)}async function ou({userIDs:e=[],passphrase:t,type:r,curve:i,rsaBits:n=4096,symmetricHash:a="sha256",symmetricCipher:s="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...y}){Au(l={...T,...l}),r||i?(r=r||"ecc",i=i||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",i="curve25519Legacy"),e=Eu(e);const p=Object.keys(y);if(p.length>0)throw Error("Unknown option: "+p.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&n<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${n}`);const g={userIDs:e,passphrase:t,type:r,rsaBits:n,curve:i,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:a,symmetricCipher:s};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=xc(e)).subkeys=e.subkeys.map(((t,r)=>xc(e.subkeys[r],e)));let r=[kc(e,t)];r=r.concat(e.subkeys.map((e=>bc(e,t))));const i=await Promise.all(r),n=await Hc(i[0],i.slice(1),e,t),a=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:a}}(g,l);return e.getKeys().forEach((({keyPacket:e})=>Tc(e,l))),{privateKey:Uu(e,h,l),publicKey:"symmetric"!==r?Uu(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw _.wrapError("Error generating keypair",e)}}async function cu({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:n,format:a="armored",config:s,...o}){Au(s={...T,...s}),t=Eu(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:n};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,n={key:i,bind:r},a=await vc(e.bindingSignatures,i,B.signature.subkeyBinding,n,null,t).catch((()=>({})));return{sign:a.keyFlags&&a.keyFlags[0]&B.keyFlags.signData,forwarding:a.keyFlags&&a.keyFlags[0]&B.keyFlags.forwardedCommunication}}))));const n=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==n.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const a=await Hc(i,n,e,t),s=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=_.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:Uu(e,a,s),publicKey:Uu(e.toPublic(),a,s),revocationCertificate:t}}catch(e){throw _.wrapError("Error reformatting keypair",e)}}async function uu({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:n="armored",config:a,...s}){Au(a={...T,...a});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,a):await e.revoke(r,i,a);return s.isPrivate()?{privateKey:Uu(s,n,a),publicKey:Uu(s.toPublic(),n,a)}:{privateKey:null,publicKey:Uu(s,n,a)}}catch(e){throw _.wrapError("Error revoking key",e)}}async function hu({privateKey:e,passphrase:t,config:r,...i}){Au(r={...T,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const a=e.clone(!0),s=_.isArray(t)?t:[t];try{return await Promise.all(a.getKeys().map((e=>_.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await a.validate(r),a}catch(e){throw a.clearPrivateParams(),_.wrapError("Error decrypting private key",e)}}async function lu({privateKey:e,passphrase:t,config:r,...i}){Au(r={...T,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const a=e.clone(!0),s=a.getKeys(),o=_.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),a}catch(e){throw a.clearPrivateParams(),_.wrapError("Error encrypting private key",e)}}async function yu({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:n,format:a="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:p=[],config:g,...d}){if(Au(g={...T,...g}),bu(e),vu(a),t=Eu(t),r=Eu(r),i=Eu(i),c=Eu(c),u=Eu(u),l=Eu(l),y=Eu(y),p=Eu(p),d.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(d.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(d.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==d.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const f=Object.keys(d);if(f.length>0)throw Error("Unknown option: "+f.join(", "));r||(r=[]);try{if((r.length||s)&&(e=await e.sign(r,t,s,c,h,l,u,p,g)),e=e.compress(await async function(e=[],t=new Date,r=[],i=T){const n=B.compression.uncompressed,a=i.preferredCompressionAlgorithm,s=await Promise.all(e.map((async function(e,n){const s=(await e.getPrimarySelfSignature(t,r[n],i)).preferredCompressionAlgorithms;return!!s&&s.indexOf(a)>=0})));return s.every(Boolean)?a:n}(t,h,y,g),g),e=await e.encrypt(t,i,n,o,u,h,y,g),"object"===a)return e;const d="armored"===a?e.armor(g):e.write();return await Su(d)}catch(e){throw _.wrapError("Error encrypting message",e)}}async function pu({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:n,expectSigned:a=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Au(u={...T,...u}),bu(e),n=Eu(n),t=Eu(t),r=Eu(r),i=Eu(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,i,c,u);n||(n=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,n,c,u):await h.verify(n,c,u),l.data="binary"===s?h.getLiteralData():h.getText(),l.filename=h.getFilename(),Pu(l,e),a){if(0===n.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=d([l.data,D((async()=>(await _.anyPromise(l.signatures.map((e=>e.verified))),"binary"===s?new Uint8Array:"")))])}return l.data=await Su(l.data),l}catch(e){throw _.wrapError("Error decrypting message",e)}}async function gu({message:e,signingKeys:t,recipientKeys:r=[],format:i="armored",detached:n=!1,signingKeyIDs:a=[],date:s=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if(Au(h={...T,...h}),ku(e),vu(i),t=Eu(t),a=Eu(a),o=Eu(o),r=Eu(r),c=Eu(c),u=Eu(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof nu&&"binary"===i)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof nu&&n)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=n?await e.signDetached(t,r,void 0,a,s,o,c,u,h):await e.sign(t,r,void 0,a,s,o,c,u,h),"object"===i)return l;return l="armored"===i?l.armor(h):l.write(),n&&(l=k(e.packets.write(),(async(e,t)=>{await Promise.all([f(l,t),P(e).catch((()=>{}))])}))),await Su(l)}catch(e){throw _.wrapError("Error signing message",e)}}async function du({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:n=null,date:a=new Date,config:s,...o}){if(Au(s={...T,...s}),ku(e),t=Eu(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof nu&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof nu&&n)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=n?await e.verifyDetached(n,t,a,s):await e.verify(t,a,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!n&&Pu(o,e),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=d([o.data,D((async()=>(await _.anyPromise(o.signatures.map((e=>e.verified))),"binary"===i?new Uint8Array:"")))])}return o.data=await Su(o.data),o}catch(e){throw _.wrapError("Error verifying signed message",e)}}async function fu({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...n}){if(Au(i={...T,...i}),e=Eu(e),r=Eu(r),n.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await Yc.generateSessionKey(e,t,r,i)}catch(e){throw _.wrapError("Error generating session key",e)}}async function mu({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:n,format:a="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if(Au(h={...T,...h}),function(e){if(!_.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!_.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),vu(a),i=Eu(i),n=Eu(n),o=Eu(o),u=Eu(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(i&&0!==i.length||n&&0!==n.length))throw Error("No encryption keys or passwords provided.");try{return Uu(await Yc.encryptSessionKey(e,t,r,i,n,s,o,c,u,h),a,h)}catch(e){throw _.wrapError("Error encrypting session key",e)}}async function wu({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:n,...a}){if(Au(n={...T,...n}),bu(e),t=Eu(t),r=Eu(r),a.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(a);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,i,n)}catch(e){throw _.wrapError("Error decrypting session keys",e)}}function bu(e){if(!(e instanceof Yc))throw Error("Parameter [message] needs to be of type Message")}function ku(e){if(!(e instanceof nu||e instanceof Yc))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function vu(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Ku=Object.keys(T).length;function Au(e){const t=Object.keys(e);if(t.length!==Ku)for(const e of t)if(void 0===T[e])throw Error("Unknown config property: "+e)}function Eu(e){return e&&!_.isArray(e)&&(e=[e]),e}async function Su(e){return"array"===_.isStream(e)?P(e):e}function Pu(e,t){e.data=k(t.packets.stream,(async(t,r)=>{await f(e.data,r,{preventClose:!0});const i=I(r);try{await P(t,(e=>e)),await i.close()}catch(e){await i.abort(e)}}))}function Uu(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{Jo as AEADEncryptedDataPacket,xs as Argon2OutOfMemoryError,Ts as Argon2S2K,nu as CleartextMessage,jo as CompressedDataPacket,ba as KDFParams,Co as LiteralDataPacket,oc as MarkerPacket,Yc as Message,No as OnePassSignaturePacket,Oo as PacketList,dc as PaddingPacket,Oc as PrivateKey,zc as PublicKey,tc as PublicKeyEncryptedSessionKeyPacket,nc as PublicKeyPacket,cc as PublicSubkeyPacket,hc as SecretKeyPacket,pc as SecretSubkeyPacket,mc as Signature,Fo as SignaturePacket,_c as Subkey,Qo as SymEncryptedIntegrityProtectedDataPacket,ic as SymEncryptedSessionKeyPacket,sc as SymmetricallyEncryptedDataPacket,gc as TrustPacket,Zt as UnparseablePacket,uc as UserAttributePacket,yc as UserIDPacket,X as armor,T as config,su as createCleartextMessage,ru as createMessage,pu as decrypt,hu as decryptKey,wu as decryptSessionKeys,yu as encrypt,lu as encryptKey,mu as encryptSessionKey,B as enums,ou as generateKey,fu as generateSessionKey,au as readCleartextMessage,Gc as readKey,Wc as readKeys,tu as readMessage,Vc as readPrivateKey,$c as readPrivateKeys,wc as readSignature,cu as reformatKey,uu as revokeKey,gu as sign,Q as unarmor,du as verify};
+/*! OpenPGP.js v6.1.1-patch.2 - 2025-05-14 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),n=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function a(e){return e&&e.getReader&&Array.isArray(e)}function s(e){if(!a(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function o(t){if(a(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function c(e){return Uint8Array.prototype.isPrototypeOf(e)}function u(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!c(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let i=0;return e.forEach((function(e){r.set(e,i),i+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[n]&&(this[n]=0),{read:async()=>(await this[t],this[n]===this.length?{value:void 0,done:!0}:{value:this[this[n]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[n]));return this.length=0,r},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[t]=this[t].then((()=>{e.push(...this)})),e},s.prototype.write=async function(e){this.stream.push(e)},s.prototype.close=async function(){this.stream[r]()},s.prototype.abort=async function(e){return this.stream[i](e),e},s.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const h=new WeakSet,l=Symbol("externalBuffer");function y(e){if(this.stream=e,e[l]&&(this[l]=e[l].slice()),a(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||h.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{h.add(e)}catch(e){}}}function p(e){return o(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(o(e))return e;const t=new ArrayStream;return(async()=>{const r=I(t);await r.write(e),await r.close()})(),t}function g(e){return e.some((e=>o(e)&&!a(e)))?function(e){e=e.map(p);const t=w((async function(e){await Promise.all(i.map((t=>U(t,e))))}));let r=Promise.resolve();const i=e.map(((i,n)=>k(i,((i,a)=>(r=r.then((()=>f(i,t.writable,{preventClose:n!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>a(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((i,n)=>(r=r.then((()=>f(i,t,{preventClose:n!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):u(e)}async function f(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:n=!1}={}){if(o(e)&&!a(e)){e=p(e);try{if(e[l]){const r=I(t);for(let t=0;t<e[l].length;t++)await r.ready,await r.write(e[l][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:i,preventCancel:n})}catch(e){}return}const s=x(e=d(e)),c=I(t);try{for(;;){await c.ready;const{done:e,value:t}=await s.read();if(e){r||await c.close();break}await c.write(t)}}catch(e){i||await c.abort(e)}finally{s.releaseLock(),c.releaseLock()}}function m(e,t){const r=new TransformStream(t);return f(e,r.writable),r.readable}function w(e){let t,r,i,n=!1,a=!1;return{readable:new ReadableStream({start(e){i=e},pull(){t?t():n=!0},async cancel(t){a=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(a)throw Error("Stream is cancelled");i.enqueue(e),n?n=!1:(await new Promise(((e,i)=>{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function b(e,t=()=>{},r=()=>{}){if(a(e)){const i=new ArrayStream;return(async()=>{const n=I(i);try{const i=await P(e),a=t(i),s=r();let o;o=void 0!==a&&void 0!==s?g([a,s]):void 0!==a?a:s,await n.write(o),await n.close()}catch(e){await n.abort(e)}})(),i}if(o(e))return m(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),n=r();return void 0!==i&&void 0!==n?g([i,n]):void 0!==i?i:n}function k(e,t){if(o(e)&&!a(e)){let r;const i=new TransformStream({start(e){r=e}}),n=f(e,i.writable),a=w((async function(e){r.error(e),await n,await new Promise(setTimeout)}));return t(i.readable,a.writable),a.readable}e=d(e);const r=new ArrayStream;return t(e,r),r}function v(e,t){let r;const i=k(e,((e,n)=>{const a=x(e);a.remainder=()=>(a.releaseLock(),f(e,n),i),r=t(a)}));return r}function K(e){if(a(e))return e.clone();if(o(e)){const t=function(e){if(a(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(o(e)){const t=p(e).tee();return t[0][l]=t[1][l]=e[l],t}return[S(e),S(e)]}(e);return E(e,t[0]),t[1]}return S(e)}function A(e){return a(e)?K(e):o(e)?new ReadableStream({start(t){const r=k(e,(async(e,r)=>{const i=x(e),n=I(r);try{for(;;){await n.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await n.close()}try{t.enqueue(r)}catch(e){}await n.write(r)}}catch(e){t.error(e),await n.abort(e)}}));E(e,r)}}):S(e)}function E(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function S(e,t=0,r=1/0){if(a(e))throw Error("Not implemented");if(o(e)){if(t>=0&&r>=0){let i=0;return m(e,{transform(e,n){i<r?(i+e.length>=t&&n.enqueue(S(e,Math.max(t-i,0),r-i)),i+=e.length):n.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return b(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>S(g(i),t,r)))}if(0===t&&r<0){let i;return b(e,(e=>{const n=i?g([i,e]):e;if(n.length>=-r)return i=S(n,r),S(n,t,r);i=n}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),D((async()=>S(await P(e),t,r)))}return e[l]&&(e=g(e[l].concat([e]))),c(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function P(e,t=g){return a(e)?e.readToEnd(t):o(e)?x(e).readToEnd(t):e}async function U(e,t){if(o(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function D(e){const t=new ArrayStream;return(async()=>{const r=I(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function x(e){return new y(e)}function I(e){return new s(e)}y.prototype.read=async function(){if(this[l]&&this[l].length){return{done:!1,value:this[l].shift()}}return this._read()},y.prototype.releaseLock=function(){this[l]&&(this.stream[l]=this[l]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?g(t):void 0;const n=i.indexOf("\n")+1;n&&(e=g(t.concat(i.substr(0,n))),t=[]),n!==i.length&&t.push(i.substr(n))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(S(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:n}=await this.read();if(i)return t.length?g(t):void 0;if(t.push(n),r+=n.length,r>=e){const r=g(t);return this.unshift(S(r,e)),S(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[l]||(this[l]=[]),1===e.length&&c(e[0])&&this[l].length&&e[0].length&&this[l][0].byteOffset>=e[0].length?this[l][0]=new Uint8Array(this[l][0].buffer,this[l][0].byteOffset-e[0].length,this[l][0].byteLength+e[0].length):this[l].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=g){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const C=Symbol("byValue");var B={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mlkem_x25519:105,pqc_mldsa_ed25519:107,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[C]||(e[C]=[],Object.entries(e).forEach((([t,r])=>{e[C][r]=t}))),void 0!==e[C][t])return e[C][t];throw Error("Invalid enum value.")}},T={preferredHashAlgorithm:B.hash.sha512,preferredSymmetricAlgorithm:B.symmetric.aes256,preferredCompressionAlgorithm:B.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:B.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:B.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([B.symmetric.aes128,B.symmetric.aes192,B.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,enforceGrammar:!0,pluggableGrammarErrorReporter:null,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.1.1-patch.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([B.hash.md5,B.hash.ripemd]),rejectMessageHashAlgorithms:new Set([B.hash.md5,B.hash.ripemd,B.hash.sha1]),rejectPublicKeyAlgorithms:new Set([B.publicKey.elgamal,B.publicKey.dsa]),rejectCurves:new Set([B.curve.secp256k1])};const M=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),_={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:c,isStream:o,getNobleCurve:async(e,t)=>{if(!T.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await import("./noble_curves.min.mjs");switch(e){case B.publicKey.ecdh:case B.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case B.publicKey.x448:return r.get("x448");case B.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let i=0;i<t;i++)r[i]=e>>8*(t-i-1)&255;return r},readDate:function(e){const t=_.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return _.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return _.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=_.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return _.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+_.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return b(e,(e=>{if(!_.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,i=(e=new Uint8Array(e)).length;for(let n=0;n<i;n+=r)t.push(String.fromCharCode.apply(String,e.subarray(n,n+r<i?n+r:i)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return b(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return b(e,r,(()=>r(new Uint8Array,!0)))},concat:g,concatUint8Array:u,equalsUint8Array:function(e,t){if(!_.isUint8Array(e)||!_.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},findLastIndex:function(e,t){for(let r=e.length;r>=0;r--)if(t(e[r],r,e))return r;return-1},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return _.writeNumber(t,2)},printDebug:function(e){M&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){M&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i<r;i++)t[i]=e[i]<<1^e[i+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!_.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return b(e,(e=>{let r;t&&(e=_.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const n=new Uint8Array(e.length+i.length);let a=0;for(let t=0;t<i.length;t++){const r=e.subarray(i[t-1]||0,i[t]);n.set(r,a),a+=r.length,n[a-1]=13,n[a]=10,a++}return n.set(e.subarray(i[i.length-1]||0),a),n}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return b(e,(e=>{let r;13===(e=t&&10!==e[0]?_.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const n=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,n),i+=n-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),n=new Uint8Array(i);let a=0;for(let i=0;i<n.length;i++)n[i]=t[i]&256-e|r[i]&255+e,a+=e&i<t.length|1-e&i<r.length;return n.subarray(0,a)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===B.symmetric.aes128||e===B.symmetric.aes192||e===B.symmetric.aes256}},F=_.getNodeBuffer();let R,L;function N(e){let t=new Uint8Array;return b(e,(e=>{t=_.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),n=45*i,a=R(t.subarray(0,n));for(let e=0;e<i;e++)r.push(a.substr(60*e,60)),r.push("\n");return t=t.subarray(n),r.join("")}),(()=>t.length?R(t)+"\n":""))}function z(e){let t="";return b(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e<i.length;e++){const n=i[e];for(let e=t.indexOf(n);-1!==e;e=t.indexOf(n,e+1))r++}let n=t.length;for(;n>0&&(n-r)%4!=0;n--)i.includes(t[n])&&r--;const a=L(t.substr(0,n));return t=t.substr(n),a}),(()=>L(t)))}function O(e){return z(e.replace(/-/g,"+").replace(/_/g,"/"))}function q(e,t){let r=N(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function j(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?B.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?B.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?B.armor.signed:/MESSAGE/.test(t[1])?B.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?B.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?B.armor.privateKey:/SIGNATURE/.test(t[1])?B.armor.signature:void 0}function H(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function G(e){const t=function(e){let t=13501623;return b(e,(e=>{const r=W?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=i[e],t=V[0][t>>24&255]^V[1][t>>16&255]^V[2][t>>8&255]^V[3][255&t];for(let i=4*r;i<e.length;i++)t=t>>8^V[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return N(t)}F?(R=e=>F.from(e).toString("base64"),L=e=>{const t=F.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(R=e=>btoa(_.uint8ArrayToString(e)),L=e=>_.stringToUint8Array(atob(e)));const V=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);V[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)V[1][e]=V[0][e]>>8^V[0][255&V[0][e]];for(let e=0;e<=255;e++)V[2][e]=V[1][e]>>8^V[0][255&V[1][e]];for(let e=0;e<=255;e++)V[3][e]=V[2][e]>>8^V[0][255&V[2][e]];const W=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function $(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||_.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||_.printDebugError(Error("Unknown header: "+e[t]))}function Z(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function Q(e){return new Promise((async(t,r)=>{try{const i=/^-----[^-]+-----$/m,n=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let a;const s=[];let o,c,u=s,h=[];const l=z(k(e,(async(e,y)=>{const p=x(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=_.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),a)if(o)c||a!==B.armor.signed||(i.test(e)?(h=h.join("\r\n"),c=!0,$(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(i.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),n.test(e)){if($(u),o=!0,c||a!==B.armor.signed){t({text:h,data:l,headers:s,type:a});break}}else u.push(e);else i.test(e)&&(a=j(e))}}catch(e){return void r(e)}const d=I(y);try{for(;;){await d.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=_.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const n=Z(t[0].slice(0,-1));await d.write(n);break}await d.write(r)}await d.ready,await d.close()}catch(e){await d.abort(e)}})))}catch(e){r(e)}})).then((async e=>(a(e.data)&&(e.data=await P(e.data)),e)))}function X(e,t,r,i,n,a=!1,s=T){let o,c;e===B.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=a&&A(t),h=[];switch(e){case B.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case B.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case B.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n");break;case B.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE-----\n");break;case B.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case B.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case B.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n")}return _.concat(h)}const Y=BigInt(0),J=BigInt(1);function ee(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function te(e,t){const r=e%t;return r<Y?r+t:r}function re(e,t,r){if(r===Y)throw Error("Modulo cannot be zero");if(r===J)return BigInt(0);if(t<Y)throw Error("Unsopported negative exponent");let i=t,n=e;n%=r;let a=BigInt(1);for(;i>Y;){const e=i&J;i>>=J;a=e?a*n%r:a,n=n*n%r}return a}function ie(e){return e>=Y?e:-e}function ne(e,t){const{gcd:r,x:i}=function(e,t){let r=BigInt(0),i=BigInt(1),n=BigInt(1),a=BigInt(0),s=ie(e),o=ie(t);const c=e<Y,u=t<Y;for(;o!==Y;){const e=s/o;let t=r;r=n-e*r,n=t,t=i,i=a-e*i,a=t,t=o,o=s%o,s=t}return{x:c?-n:n,y:u?-a:a,gcd:s}}(e,t);if(r!==J)throw Error("Inverse does not exist");return te(i+t,t)}function ae(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function se(e,t){return(e>>BigInt(t)&J)===Y?0:1}function oe(e){const t=e<Y?BigInt(-1):Y;let r=1,i=e;for(;(i>>=J)!==t;)r++;return r}function ce(e){const t=e<Y?BigInt(-1):Y,r=BigInt(8);let i=1,n=e;for(;(n>>=r)!==t;)i++;return i}function ue(e,t="be",r){let i=e.toString(16);i.length%2==1&&(i="0"+i);const n=i.length/2,a=new Uint8Array(r||n),s=r?r-n:0;let o=0;for(;o<n;)a[o+s]=parseInt(i.slice(2*o,2*o+2),16),o++;return"be"!==t&&a.reverse(),a}const he=_.getNodeCrypto();function le(e){const t="undefined"!=typeof crypto?crypto:he?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function ye(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return te(ee(le(ce(r)+8)),r)+e}const pe=BigInt(1);function de(e,t,r){const i=BigInt(30),n=pe<<BigInt(e-1),a=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let s=ye(n,n<<pe),o=ae(te(s,i));do{s+=BigInt(a[o]),o=(o+a[o])%a.length,oe(s)>e&&(s=te(s,n<<pe),s+=n,o=ae(te(s,i)))}while(!ge(s,t,r));return s}function ge(e,t,r){return(!t||function(e,t){let r=e,i=t;for(;i!==Y;){const e=i;i=r%i,r=e}return r}(e-pe,t)===pe)&&(!!function(e){const t=BigInt(0);return fe.every((r=>te(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return re(t,e-pe,e)===pe}(e)&&!!function(e,t){const r=oe(e);t||(t=Math.max(1,r/48|0));const i=e-pe;let n=0;for(;!se(i,n);)n++;const a=e>>BigInt(n);for(;t>0;t--){let t,r=re(ye(BigInt(2),i),a,e);if(r!==pe&&r!==i){for(t=1;t<n;t++){if(r=te(r*r,e),r===pe)return!1;if(r===i)break}if(t===n)return!1}}return!0}(e,r)))}const fe=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const me=_.getWebCrypto(),we=_.getNodeCrypto(),be=we&&we.getHashes();function ke(e){if(we&&be.includes(e))return async function(t){const r=we.createHash(e);return b(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function ve(e,t){const r=async()=>{const{nobleHashes:t}=await import("./noble_hashes.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(a(e)&&(e=await P(e)),_.isStream(e)){const t=(await r()).create();return b(e,(e=>{t.update(e)}),(()=>t.digest()))}if(me&&t)return new Uint8Array(await me.digest(t,e));return(await r())(e)}}const Ke=ke("md5")||ve("md5"),Ae=ke("sha1")||ve("sha1","SHA-1"),Ee=ke("sha224")||ve("sha224"),Se=ke("sha256")||ve("sha256","SHA-256"),Pe=ke("sha384")||ve("sha384","SHA-384"),Ue=ke("sha512")||ve("sha512","SHA-512"),De=ke("ripemd160")||ve("ripemd160"),xe=ke("sha3-256")||ve("sha3_256"),Ie=ke("sha3-512")||ve("sha3_512");function Ce(e,t){switch(e){case B.hash.md5:return Ke(t);case B.hash.sha1:return Ae(t);case B.hash.ripemd:return De(t);case B.hash.sha256:return Se(t);case B.hash.sha384:return Pe(t);case B.hash.sha512:return Ue(t);case B.hash.sha224:return Ee(t);case B.hash.sha3_256:return xe(t);case B.hash.sha3_512:return Ie(t);default:throw Error("Unsupported hash function")}}function Be(e){switch(e){case B.hash.md5:return 16;case B.hash.sha1:case B.hash.ripemd:return 20;case B.hash.sha256:return 32;case B.hash.sha384:return 48;case B.hash.sha512:return 64;case B.hash.sha224:return 28;case B.hash.sha3_256:return 32;case B.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Te=[];function Me(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const i=le(e-r);for(let e=0;e<i.length;e++)0!==i[e]&&(t[r++]=i[e])}return t}(t-r-3),n=new Uint8Array(t);return n[1]=2,n.set(i,2),n.set(e,t-r),n}function _e(e,t){let r=2,i=1;for(let t=r;t<e.length;t++)i&=0!==e[t],r+=i;const n=r-2,a=e.subarray(r+1),s=0===e[0]&2===e[1]&n>=8&!i;if(t)return _.selectUint8Array(s,a,t);if(s)return a;throw Error("Decryption error")}function Fe(e,t,r){let i;if(t.length!==Be(e))throw Error("Invalid hash length");const n=new Uint8Array(Te[e].length);for(i=0;i<Te[e].length;i++)n[i]=Te[e][i];const a=n.length+t.length;if(r<a+11)throw Error("Intended encoded message length too short");const s=new Uint8Array(r-a-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(s,2),o.set(n,r-a),o.set(t,r-t.length),o}Te[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Te[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Te[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Te[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Te[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Te[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Te[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const Re=_.getWebCrypto(),Le=_.getNodeCrypto(),Ne=BigInt(1);async function ze(e,t,r,i,n,a,s,o,c){if(Be(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!_.isStream(t))if(_.getWebCrypto())try{return await async function(e,t,r,i,n,a,s,o){const c=await He(r,i,n,a,s,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await Re.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await Re.sign("RSASSA-PKCS1-v1_5",h,t))}(B.read(B.webHash,e),t,r,i,n,a,s,o)}catch(e){_.printDebugError(e)}else if(_.getNodeCrypto())return async function(e,t,r,i,n,a,s,o){const c=Le.createSign(B.read(B.hash,e));c.write(t),c.end();const u=await He(r,i,n,a,s,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,i,n,a,s,o);return async function(e,t,r,i){t=ee(t);const n=ee(Fe(e,i,ce(t)));return r=ee(r),ue(re(n,r,t),"be",ce(t))}(e,r,n,c)}async function Oe(e,t,r,i,n,a){if(t&&!_.isStream(t))if(_.getWebCrypto())try{return await async function(e,t,r,i,n){const a=Ge(i,n),s=await Re.importKey("jwk",a,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return Re.verify("RSASSA-PKCS1-v1_5",s,r,t)}(B.read(B.webHash,e),t,r,i,n)}catch(e){_.printDebugError(e)}else if(_.getNodeCrypto())return async function(e,t,r,i,n){const a=Ge(i,n),s={key:a,format:"jwk",type:"pkcs1"},o=Le.createVerify(B.read(B.hash,e));o.write(t),o.end();try{return o.verify(s,r)}catch(e){return!1}}(e,t,r,i,n);return async function(e,t,r,i,n){if(r=ee(r),t=ee(t),i=ee(i),t>=r)throw Error("Signature size cannot exceed modulus size");const a=ue(re(t,i,r),"be",ce(r)),s=Fe(e,n,ce(r));return _.equalsUint8Array(a,s)}(e,r,i,n,a)}async function qe(e,t,r){return _.getNodeCrypto()?async function(e,t,r){const i=Ge(t,r),n={key:i,format:"jwk",type:"pkcs1",padding:Le.constants.RSA_PKCS1_PADDING};return new Uint8Array(Le.publicEncrypt(n,e))}(e,t,r):async function(e,t,r){if(t=ee(t),e=ee(Me(e,ce(t))),r=ee(r),e>=t)throw Error("Message size cannot exceed modulus size");return ue(re(e,r,t),"be",ce(t))}(e,t,r)}async function je(e,t,r,i,n,a,s,o){if(_.getNodeCrypto()&&!o)try{return await async function(e,t,r,i,n,a,s){const o=await He(t,r,i,n,a,s),c={key:o,format:"jwk",type:"pkcs1",padding:Le.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Le.privateDecrypt(c,e))}catch(e){throw Error("Decryption error")}}(e,t,r,i,n,a,s)}catch(e){_.printDebugError(e)}return async function(e,t,r,i,n,a,s,o){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),n=ee(n),a=ee(a),s=ee(s),e>=t)throw Error("Data too large.");const c=te(i,a-Ne),u=te(i,n-Ne),h=ye(BigInt(2),t),l=re(ne(h,t),r,t);e=te(e*l,t);const y=re(e,u,n),p=re(e,c,a),d=te(s*(p-y),a);let g=d*n+y;return g=te(g*h,t),_e(ue(g,"be",ce(t)),o)}(e,t,r,i,n,a,s,o)}async function He(e,t,r,i,n,a){const s=ee(i),o=ee(n),c=ee(r);let u=te(c,o-Ne),h=te(c,s-Ne);return h=ue(h),u=ue(u),{kty:"RSA",n:q(e),e:q(t),d:q(r),p:q(n),q:q(i),dp:q(u),dq:q(h),qi:q(a),ext:!0}}function Ge(e,t){return{kty:"RSA",n:q(e),e:q(t),ext:!0}}function Ve(e,t){return{n:O(e.n),e:ue(t),d:O(e.d),p:O(e.q),q:O(e.p),u:O(e.qi)}}const We=BigInt(1);const $e="object"==typeof e&&"crypto"in e?e.crypto:void 0,Ze={};var Qe=function(e){var t,r=new Float64Array(16);if(e)for(t=0;t<e.length;t++)r[t]=e[t];return r},Xe=function(){throw Error("no PRNG")},Ye=new Uint8Array(32);Ye[0]=9;var Je=Qe(),et=Qe([1]),tt=Qe([56129,1]),rt=Qe([30883,4953,19914,30187,55467,16705,2637,112,59544,30585,16505,36039,65139,11119,27886,20995]),it=Qe([61785,9906,39828,60374,45398,33411,5274,224,53552,61171,33010,6542,64743,22239,55772,9222]),nt=Qe([54554,36645,11616,51542,42930,38181,51040,26924,56412,64982,57905,49316,21502,52590,14035,8553]),at=Qe([26200,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214]),st=Qe([41136,18958,6951,50414,58488,44335,6150,12099,55207,15867,153,11085,57099,20417,9344,11139]);function ot(e,t,r,i){e[t]=r>>24&255,e[t+1]=r>>16&255,e[t+2]=r>>8&255,e[t+3]=255&r,e[t+4]=i>>24&255,e[t+5]=i>>16&255,e[t+6]=i>>8&255,e[t+7]=255&i}function ct(e,t,r,i){return function(e,t,r,i,n){var a,s=0;for(a=0;a<n;a++)s|=e[t+a]^r[i+a];return(1&s-1>>>8)-1}(e,t,r,i,32)}function ut(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function ht(e){var t,r,i=1;for(t=0;t<16;t++)r=e[t]+i+65535,i=Math.floor(r/65536),e[t]=r-65536*i;e[0]+=i-1+37*(i-1)}function lt(e,t,r){for(var i,n=~(r-1),a=0;a<16;a++)i=n&(e[a]^t[a]),e[a]^=i,t[a]^=i}function yt(e,t){var r,i,n,a=Qe(),s=Qe();for(r=0;r<16;r++)s[r]=t[r];for(ht(s),ht(s),ht(s),i=0;i<2;i++){for(a[0]=s[0]-65517,r=1;r<15;r++)a[r]=s[r]-65535-(a[r-1]>>16&1),a[r-1]&=65535;a[15]=s[15]-32767-(a[14]>>16&1),n=a[15]>>16&1,a[14]&=65535,lt(s,a,1-n)}for(r=0;r<16;r++)e[2*r]=255&s[r],e[2*r+1]=s[r]>>8}function pt(e,t){var r=new Uint8Array(32),i=new Uint8Array(32);return yt(r,e),yt(i,t),ct(r,0,i,0)}function dt(e){var t=new Uint8Array(32);return yt(t,e),1&t[0]}function gt(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function ft(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]+r[i]}function mt(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]-r[i]}function wt(e,t,r){var i,n,a=0,s=0,o=0,c=0,u=0,h=0,l=0,y=0,p=0,d=0,g=0,f=0,m=0,w=0,b=0,k=0,v=0,K=0,A=0,E=0,S=0,P=0,U=0,D=0,x=0,I=0,C=0,B=0,T=0,M=0,_=0,F=r[0],R=r[1],L=r[2],N=r[3],z=r[4],O=r[5],q=r[6],j=r[7],H=r[8],G=r[9],V=r[10],W=r[11],$=r[12],Z=r[13],Q=r[14],X=r[15];a+=(i=t[0])*F,s+=i*R,o+=i*L,c+=i*N,u+=i*z,h+=i*O,l+=i*q,y+=i*j,p+=i*H,d+=i*G,g+=i*V,f+=i*W,m+=i*$,w+=i*Z,b+=i*Q,k+=i*X,s+=(i=t[1])*F,o+=i*R,c+=i*L,u+=i*N,h+=i*z,l+=i*O,y+=i*q,p+=i*j,d+=i*H,g+=i*G,f+=i*V,m+=i*W,w+=i*$,b+=i*Z,k+=i*Q,v+=i*X,o+=(i=t[2])*F,c+=i*R,u+=i*L,h+=i*N,l+=i*z,y+=i*O,p+=i*q,d+=i*j,g+=i*H,f+=i*G,m+=i*V,w+=i*W,b+=i*$,k+=i*Z,v+=i*Q,K+=i*X,c+=(i=t[3])*F,u+=i*R,h+=i*L,l+=i*N,y+=i*z,p+=i*O,d+=i*q,g+=i*j,f+=i*H,m+=i*G,w+=i*V,b+=i*W,k+=i*$,v+=i*Z,K+=i*Q,A+=i*X,u+=(i=t[4])*F,h+=i*R,l+=i*L,y+=i*N,p+=i*z,d+=i*O,g+=i*q,f+=i*j,m+=i*H,w+=i*G,b+=i*V,k+=i*W,v+=i*$,K+=i*Z,A+=i*Q,E+=i*X,h+=(i=t[5])*F,l+=i*R,y+=i*L,p+=i*N,d+=i*z,g+=i*O,f+=i*q,m+=i*j,w+=i*H,b+=i*G,k+=i*V,v+=i*W,K+=i*$,A+=i*Z,E+=i*Q,S+=i*X,l+=(i=t[6])*F,y+=i*R,p+=i*L,d+=i*N,g+=i*z,f+=i*O,m+=i*q,w+=i*j,b+=i*H,k+=i*G,v+=i*V,K+=i*W,A+=i*$,E+=i*Z,S+=i*Q,P+=i*X,y+=(i=t[7])*F,p+=i*R,d+=i*L,g+=i*N,f+=i*z,m+=i*O,w+=i*q,b+=i*j,k+=i*H,v+=i*G,K+=i*V,A+=i*W,E+=i*$,S+=i*Z,P+=i*Q,U+=i*X,p+=(i=t[8])*F,d+=i*R,g+=i*L,f+=i*N,m+=i*z,w+=i*O,b+=i*q,k+=i*j,v+=i*H,K+=i*G,A+=i*V,E+=i*W,S+=i*$,P+=i*Z,U+=i*Q,D+=i*X,d+=(i=t[9])*F,g+=i*R,f+=i*L,m+=i*N,w+=i*z,b+=i*O,k+=i*q,v+=i*j,K+=i*H,A+=i*G,E+=i*V,S+=i*W,P+=i*$,U+=i*Z,D+=i*Q,x+=i*X,g+=(i=t[10])*F,f+=i*R,m+=i*L,w+=i*N,b+=i*z,k+=i*O,v+=i*q,K+=i*j,A+=i*H,E+=i*G,S+=i*V,P+=i*W,U+=i*$,D+=i*Z,x+=i*Q,I+=i*X,f+=(i=t[11])*F,m+=i*R,w+=i*L,b+=i*N,k+=i*z,v+=i*O,K+=i*q,A+=i*j,E+=i*H,S+=i*G,P+=i*V,U+=i*W,D+=i*$,x+=i*Z,I+=i*Q,C+=i*X,m+=(i=t[12])*F,w+=i*R,b+=i*L,k+=i*N,v+=i*z,K+=i*O,A+=i*q,E+=i*j,S+=i*H,P+=i*G,U+=i*V,D+=i*W,x+=i*$,I+=i*Z,C+=i*Q,B+=i*X,w+=(i=t[13])*F,b+=i*R,k+=i*L,v+=i*N,K+=i*z,A+=i*O,E+=i*q,S+=i*j,P+=i*H,U+=i*G,D+=i*V,x+=i*W,I+=i*$,C+=i*Z,B+=i*Q,T+=i*X,b+=(i=t[14])*F,k+=i*R,v+=i*L,K+=i*N,A+=i*z,E+=i*O,S+=i*q,P+=i*j,U+=i*H,D+=i*G,x+=i*V,I+=i*W,C+=i*$,B+=i*Z,T+=i*Q,M+=i*X,k+=(i=t[15])*F,s+=38*(K+=i*L),o+=38*(A+=i*N),c+=38*(E+=i*z),u+=38*(S+=i*O),h+=38*(P+=i*q),l+=38*(U+=i*j),y+=38*(D+=i*H),p+=38*(x+=i*G),d+=38*(I+=i*V),g+=38*(C+=i*W),f+=38*(B+=i*$),m+=38*(T+=i*Z),w+=38*(M+=i*Q),b+=38*(_+=i*X),a=(i=(a+=38*(v+=i*R))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),k=(i=k+n+65535)-65536*(n=Math.floor(i/65536)),a=(i=(a+=n-1+37*(n-1))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),k=(i=k+n+65535)-65536*(n=Math.floor(i/65536)),a+=n-1+37*(n-1),e[0]=a,e[1]=s,e[2]=o,e[3]=c,e[4]=u,e[5]=h,e[6]=l,e[7]=y,e[8]=p,e[9]=d,e[10]=g,e[11]=f,e[12]=m,e[13]=w,e[14]=b,e[15]=k}function bt(e,t){wt(e,t,t)}function kt(e,t){var r,i=Qe();for(r=0;r<16;r++)i[r]=t[r];for(r=253;r>=0;r--)bt(i,i),2!==r&&4!==r&&wt(i,i,t);for(r=0;r<16;r++)e[r]=i[r]}function vt(e,t,r){var i,n,a=new Uint8Array(32),s=new Float64Array(80),o=Qe(),c=Qe(),u=Qe(),h=Qe(),l=Qe(),y=Qe();for(n=0;n<31;n++)a[n]=t[n];for(a[31]=127&t[31]|64,a[0]&=248,gt(s,r),n=0;n<16;n++)c[n]=s[n],h[n]=o[n]=u[n]=0;for(o[0]=h[0]=1,n=254;n>=0;--n)lt(o,c,i=a[n>>>3]>>>(7&n)&1),lt(u,h,i),ft(l,o,u),mt(o,o,u),ft(u,c,h),mt(c,c,h),bt(h,l),bt(y,o),wt(o,u,o),wt(u,c,l),ft(l,o,u),mt(o,o,u),bt(c,o),mt(u,h,y),wt(o,u,tt),ft(o,o,h),wt(u,u,o),wt(o,h,y),wt(h,c,s),bt(c,l),lt(o,c,i),lt(u,h,i);for(n=0;n<16;n++)s[n+16]=o[n],s[n+32]=u[n],s[n+48]=c[n],s[n+64]=h[n];var p=s.subarray(32),d=s.subarray(16);return kt(p,p),wt(d,d,p),yt(e,d),0}function Kt(e,t){return vt(e,t,Ye)}var At=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function Et(e,t,r,i){for(var n,a,s,o,c,u,h,l,y,p,d,g,f,m,w,b,k,v,K,A,E,S,P,U,D,x,I=new Int32Array(16),C=new Int32Array(16),B=e[0],T=e[1],M=e[2],_=e[3],F=e[4],R=e[5],L=e[6],N=e[7],z=t[0],O=t[1],q=t[2],j=t[3],H=t[4],G=t[5],V=t[6],W=t[7],$=0;i>=128;){for(K=0;K<16;K++)A=8*K+$,I[K]=r[A+0]<<24|r[A+1]<<16|r[A+2]<<8|r[A+3],C[K]=r[A+4]<<24|r[A+5]<<16|r[A+6]<<8|r[A+7];for(K=0;K<80;K++)if(n=B,a=T,s=M,o=_,c=F,u=R,h=L,N,y=z,p=O,d=q,g=j,f=H,m=G,w=V,W,P=65535&(S=W),U=S>>>16,D=65535&(E=N),x=E>>>16,P+=65535&(S=(H>>>14|F<<18)^(H>>>18|F<<14)^(F>>>9|H<<23)),U+=S>>>16,D+=65535&(E=(F>>>14|H<<18)^(F>>>18|H<<14)^(H>>>9|F<<23)),x+=E>>>16,P+=65535&(S=H&G^~H&V),U+=S>>>16,D+=65535&(E=F&R^~F&L),x+=E>>>16,E=At[2*K],P+=65535&(S=At[2*K+1]),U+=S>>>16,D+=65535&E,x+=E>>>16,E=I[K%16],U+=(S=C[K%16])>>>16,D+=65535&E,x+=E>>>16,D+=(U+=(P+=65535&S)>>>16)>>>16,P=65535&(S=v=65535&P|U<<16),U=S>>>16,D=65535&(E=k=65535&D|(x+=D>>>16)<<16),x=E>>>16,P+=65535&(S=(z>>>28|B<<4)^(B>>>2|z<<30)^(B>>>7|z<<25)),U+=S>>>16,D+=65535&(E=(B>>>28|z<<4)^(z>>>2|B<<30)^(z>>>7|B<<25)),x+=E>>>16,U+=(S=z&O^z&q^O&q)>>>16,D+=65535&(E=B&T^B&M^T&M),x+=E>>>16,l=65535&(D+=(U+=(P+=65535&S)>>>16)>>>16)|(x+=D>>>16)<<16,b=65535&P|U<<16,P=65535&(S=g),U=S>>>16,D=65535&(E=o),x=E>>>16,U+=(S=v)>>>16,D+=65535&(E=k),x+=E>>>16,T=n,M=a,_=s,F=o=65535&(D+=(U+=(P+=65535&S)>>>16)>>>16)|(x+=D>>>16)<<16,R=c,L=u,N=h,B=l,O=y,q=p,j=d,H=g=65535&P|U<<16,G=f,V=m,W=w,z=b,K%16==15)for(A=0;A<16;A++)E=I[A],P=65535&(S=C[A]),U=S>>>16,D=65535&E,x=E>>>16,E=I[(A+9)%16],P+=65535&(S=C[(A+9)%16]),U+=S>>>16,D+=65535&E,x+=E>>>16,k=I[(A+1)%16],P+=65535&(S=((v=C[(A+1)%16])>>>1|k<<31)^(v>>>8|k<<24)^(v>>>7|k<<25)),U+=S>>>16,D+=65535&(E=(k>>>1|v<<31)^(k>>>8|v<<24)^k>>>7),x+=E>>>16,k=I[(A+14)%16],U+=(S=((v=C[(A+14)%16])>>>19|k<<13)^(k>>>29|v<<3)^(v>>>6|k<<26))>>>16,D+=65535&(E=(k>>>19|v<<13)^(v>>>29|k<<3)^k>>>6),x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,I[A]=65535&D|x<<16,C[A]=65535&P|U<<16;P=65535&(S=z),U=S>>>16,D=65535&(E=B),x=E>>>16,E=e[0],U+=(S=t[0])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[0]=B=65535&D|x<<16,t[0]=z=65535&P|U<<16,P=65535&(S=O),U=S>>>16,D=65535&(E=T),x=E>>>16,E=e[1],U+=(S=t[1])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[1]=T=65535&D|x<<16,t[1]=O=65535&P|U<<16,P=65535&(S=q),U=S>>>16,D=65535&(E=M),x=E>>>16,E=e[2],U+=(S=t[2])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[2]=M=65535&D|x<<16,t[2]=q=65535&P|U<<16,P=65535&(S=j),U=S>>>16,D=65535&(E=_),x=E>>>16,E=e[3],U+=(S=t[3])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[3]=_=65535&D|x<<16,t[3]=j=65535&P|U<<16,P=65535&(S=H),U=S>>>16,D=65535&(E=F),x=E>>>16,E=e[4],U+=(S=t[4])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[4]=F=65535&D|x<<16,t[4]=H=65535&P|U<<16,P=65535&(S=G),U=S>>>16,D=65535&(E=R),x=E>>>16,E=e[5],U+=(S=t[5])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[5]=R=65535&D|x<<16,t[5]=G=65535&P|U<<16,P=65535&(S=V),U=S>>>16,D=65535&(E=L),x=E>>>16,E=e[6],U+=(S=t[6])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[6]=L=65535&D|x<<16,t[6]=V=65535&P|U<<16,P=65535&(S=W),U=S>>>16,D=65535&(E=N),x=E>>>16,E=e[7],U+=(S=t[7])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[7]=N=65535&D|x<<16,t[7]=W=65535&P|U<<16,$+=128,i-=128}return i}function St(e,t,r){var i,n=new Int32Array(8),a=new Int32Array(8),s=new Uint8Array(256),o=r;for(n[0]=1779033703,n[1]=3144134277,n[2]=1013904242,n[3]=2773480762,n[4]=1359893119,n[5]=2600822924,n[6]=528734635,n[7]=1541459225,a[0]=4089235720,a[1]=2227873595,a[2]=4271175723,a[3]=1595750129,a[4]=2917565137,a[5]=725511199,a[6]=4215389547,a[7]=327033209,Et(n,a,t,r),r%=128,i=0;i<r;i++)s[i]=t[o-r+i];for(s[r]=128,s[(r=256-128*(r<112?1:0))-9]=0,ot(s,r-8,o/536870912|0,o<<3),Et(n,a,s,r),i=0;i<8;i++)ot(e,8*i,n[i],a[i]);return 0}function Pt(e,t){var r=Qe(),i=Qe(),n=Qe(),a=Qe(),s=Qe(),o=Qe(),c=Qe(),u=Qe(),h=Qe();mt(r,e[1],e[0]),mt(h,t[1],t[0]),wt(r,r,h),ft(i,e[0],e[1]),ft(h,t[0],t[1]),wt(i,i,h),wt(n,e[3],t[3]),wt(n,n,it),wt(a,e[2],t[2]),ft(a,a,a),mt(s,i,r),mt(o,a,n),ft(c,a,n),ft(u,i,r),wt(e[0],s,o),wt(e[1],u,c),wt(e[2],c,o),wt(e[3],s,u)}function Ut(e,t,r){var i;for(i=0;i<4;i++)lt(e[i],t[i],r)}function Dt(e,t){var r=Qe(),i=Qe(),n=Qe();kt(n,t[2]),wt(r,t[0],n),wt(i,t[1],n),yt(e,i),e[31]^=dt(r)<<7}function xt(e,t,r){var i,n;for(ut(e[0],Je),ut(e[1],et),ut(e[2],et),ut(e[3],Je),n=255;n>=0;--n)Ut(e,t,i=r[n/8|0]>>(7&n)&1),Pt(t,e),Pt(e,e),Ut(e,t,i)}function It(e,t){var r=[Qe(),Qe(),Qe(),Qe()];ut(r[0],nt),ut(r[1],at),ut(r[2],et),wt(r[3],nt,at),xt(e,r,t)}function Ct(e,t,r){var i,n=new Uint8Array(64),a=[Qe(),Qe(),Qe(),Qe()];for(r||Xe(t,32),St(n,t,32),n[0]&=248,n[31]&=127,n[31]|=64,It(a,n),Dt(e,a),i=0;i<32;i++)t[i+32]=e[i];return 0}var Bt=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function Tt(e,t){var r,i,n,a;for(i=63;i>=32;--i){for(r=0,n=i-32,a=i-12;n<a;++n)t[n]+=r-16*t[i]*Bt[n-(i-32)],r=Math.floor((t[n]+128)/256),t[n]-=256*r;t[n]+=r,t[i]=0}for(r=0,n=0;n<32;n++)t[n]+=r-(t[31]>>4)*Bt[n],r=t[n]>>8,t[n]&=255;for(n=0;n<32;n++)t[n]-=r*Bt[n];for(i=0;i<32;i++)t[i+1]+=t[i]>>8,e[i]=255&t[i]}function Mt(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;Tt(e,r)}function _t(e,t){var r=Qe(),i=Qe(),n=Qe(),a=Qe(),s=Qe(),o=Qe(),c=Qe();return ut(e[2],et),gt(e[1],t),bt(n,e[1]),wt(a,n,rt),mt(n,n,e[2]),ft(a,e[2],a),bt(s,a),bt(o,s),wt(c,o,s),wt(r,c,n),wt(r,r,a),function(e,t){var r,i=Qe();for(r=0;r<16;r++)i[r]=t[r];for(r=250;r>=0;r--)bt(i,i),1!==r&&wt(i,i,t);for(r=0;r<16;r++)e[r]=i[r]}(r,r),wt(r,r,n),wt(r,r,a),wt(r,r,a),wt(e[0],r,a),bt(i,e[0]),wt(i,i,a),pt(i,n)&&wt(e[0],e[0],st),bt(i,e[0]),wt(i,i,a),pt(i,n)?-1:(dt(e[0])===t[31]>>7&&mt(e[0],Je,e[0]),wt(e[3],e[0],e[1]),0)}var Ft=64;function Rt(){for(var e=0;e<arguments.length;e++)if(!(arguments[e]instanceof Uint8Array))throw new TypeError("unexpected type, use Uint8Array")}Ze.scalarMult=function(e,t){if(Rt(e,t),32!==e.length)throw Error("bad n size");if(32!==t.length)throw Error("bad p size");var r=new Uint8Array(32);return vt(r,e,t),r},Ze.box={},Ze.box.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(32);return function(e,t){Xe(t,32),Kt(e,t)}(e,t),{publicKey:e,secretKey:t}},Ze.box.keyPair.fromSecretKey=function(e){if(Rt(e),32!==e.length)throw Error("bad secret key size");var t=new Uint8Array(32);return Kt(t,e),{publicKey:t,secretKey:new Uint8Array(e)}},Ze.sign=function(e,t){if(Rt(e,t),64!==t.length)throw Error("bad secret key size");var r=new Uint8Array(Ft+e.length);return function(e,t,r,i){var n,a,s=new Uint8Array(64),o=new Uint8Array(64),c=new Uint8Array(64),u=new Float64Array(64),h=[Qe(),Qe(),Qe(),Qe()];St(s,i,32),s[0]&=248,s[31]&=127,s[31]|=64;var l=r+64;for(n=0;n<r;n++)e[64+n]=t[n];for(n=0;n<32;n++)e[32+n]=s[32+n];for(St(c,e.subarray(32),r+32),Mt(c),It(h,c),Dt(e,h),n=32;n<64;n++)e[n]=i[n];for(St(o,e,r+64),Mt(o),n=0;n<64;n++)u[n]=0;for(n=0;n<32;n++)u[n]=c[n];for(n=0;n<32;n++)for(a=0;a<32;a++)u[n+a]+=o[n]*s[a];Tt(e.subarray(32),u)}(r,e,e.length,t),r},Ze.sign.detached=function(e,t){for(var r=Ze.sign(e,t),i=new Uint8Array(Ft),n=0;n<i.length;n++)i[n]=r[n];return i},Ze.sign.detached.verify=function(e,t,r){if(Rt(e,t,r),t.length!==Ft)throw Error("bad signature size");if(32!==r.length)throw Error("bad public key size");var i,n=new Uint8Array(Ft+e.length),a=new Uint8Array(Ft+e.length);for(i=0;i<Ft;i++)n[i]=t[i];for(i=0;i<e.length;i++)n[i+Ft]=e[i];return function(e,t,r,i){var n,a=new Uint8Array(32),s=new Uint8Array(64),o=[Qe(),Qe(),Qe(),Qe()],c=[Qe(),Qe(),Qe(),Qe()];if(r<64)return-1;if(_t(c,i))return-1;for(n=0;n<r;n++)e[n]=t[n];for(n=0;n<32;n++)e[n+32]=i[n];if(St(s,e,r),Mt(s),xt(o,c,s),It(c,t.subarray(32)),Pt(o,c),Dt(a,o),r-=64,ct(t,0,a,0)){for(n=0;n<r;n++)e[n]=0;return-1}for(n=0;n<r;n++)e[n]=t[n+64];return r}(a,n,n.length,r)>=0},Ze.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return Ct(e,t),{publicKey:e,secretKey:t}},Ze.sign.keyPair.fromSecretKey=function(e){if(Rt(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;r<t.length;r++)t[r]=e[32+r];return{publicKey:t,secretKey:new Uint8Array(e)}},Ze.sign.keyPair.fromSeed=function(e){if(Rt(e),32!==e.length)throw Error("bad seed size");for(var t=new Uint8Array(32),r=new Uint8Array(64),i=0;i<32;i++)r[i]=e[i];return Ct(t,r,!0),{publicKey:t,secretKey:r}},Ze.setPRNG=function(e){Xe=e},function(){if($e&&$e.getRandomValues){Ze.setPRNG((function(e,t){var r,i=new Uint8Array(t);for(r=0;r<t;r+=65536)$e.getRandomValues(i.subarray(r,r+Math.min(t-r,65536)));for(r=0;r<t;r++)e[r]=i[r];!function(e){for(var t=0;t<e.length;t++)e[t]=0}(i)}))}}();const Lt={"2a8648ce3d030107":B.curve.nistP256,"2b81040022":B.curve.nistP384,"2b81040023":B.curve.nistP521,"2b8104000a":B.curve.secp256k1,"2b06010401da470f01":B.curve.ed25519Legacy,"2b060104019755010501":B.curve.curve25519Legacy,"2b2403030208010107":B.curve.brainpoolP256r1,"2b240303020801010b":B.curve.brainpoolP384r1,"2b240303020801010d":B.curve.brainpoolP512r1};class Nt{constructor(e){if(e instanceof Nt)this.oid=e.oid;else if(_.isArray(e)||_.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return _.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return _.uint8ArrayToHex(this.oid)}getName(){const e=Lt[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function zt(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=_.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Ot(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):_.concatUint8Array([new Uint8Array([255]),_.writeNumber(e,4)])}function qt(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function jt(e){return new Uint8Array([192|e])}function Ht(e,t){return _.concatUint8Array([jt(e),Ot(t)])}function Gt(e){return[B.packet.literalData,B.packet.compressedData,B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData,B.packet.aeadEncryptedData].includes(e)}async function Vt(e,t){const r=x(e);let i,n;try{const a=await r.peekBytes(2);if(!a||a.length<2||!(128&a[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await r.readByte();let o,c,u=-1,h=-1;h=0,64&s&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const l=Gt(u);let y,p=null;if(l){if("array"===_.isStream(e)){const e=new ArrayStream;i=I(e),p=e}else{const e=new TransformStream;i=I(e.writable),p=e.readable}n=t({tag:u,packet:p})}else p=[];do{if(h){const e=await r.readByte();if(y=!1,e<192)o=e;else if(e>=192&&e<224)o=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(o=1<<(31&e),y=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(c){case 0:o=await r.readByte();break;case 1:o=await r.readByte()<<8|await r.readByte();break;case 2:o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:o=1/0}if(o>0){let e=0;for(;;){i&&await i.ready;const{done:t,value:n}=await r.read();if(t){if(o===1/0)break;throw Error("Unexpected end of packet")}const a=o===1/0?n:n.subarray(0,o-e);if(i?await i.write(a):p.push(a),e+=n.length,e>=o){r.unshift(n.subarray(o-e+n.length));break}}}}while(y);const d=await r.peekBytes(l?1/0:2);return i?(await i.ready,await i.close()):(p=_.concatUint8Array(p),await t({tag:u,packet:p})),!d||!d.length}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await n,r.releaseLock()}}class Wt extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wt),this.name="UnsupportedError"}}class $t extends Wt{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wt),this.name="UnknownPacketError"}}class Zt{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}
+/*! noble-ed25519 - MIT License (c) 2019 Paul Miller (paulmillr.com) */const Qt=BigInt(0),Xt=BigInt(1),Yt=BigInt(2),Jt=BigInt(8),er=BigInt("7237005577332262213973186563042994240857116359379907606001950938285454250989"),tr=Object.freeze({a:BigInt(-1),d:BigInt("37095705934669439343138083508754565189542113879843219016388785533085940283555"),P:BigInt("57896044618658097711785492504343953926634992332820282019728792003956564819949"),l:er,n:er,h:BigInt(8),Gx:BigInt("15112221349535400772501151409588531511454012693041857206046113283949847762202"),Gy:BigInt("46316835694926478169428394003475163141307993866256225615783033603165251855960")}),rr=BigInt("0x10000000000000000000000000000000000000000000000000000000000000000"),ir=BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");BigInt("6853475219497561581579357271197624642482790079785650197046958215289687604742");const nr=BigInt("25063068953384623474111414158702152701244531502492656460079210482610430750235"),ar=BigInt("54469307008909316920995813868745141605393597292927456921205312896311721017578"),sr=BigInt("1159843021668779879193775521855586647937357759715417654439879720876111806838"),or=BigInt("40440834346308536858101042469323190826248399146238708352240133220865137265952");class cr{constructor(e,t,r,i){this.x=e,this.y=t,this.z=r,this.t=i}static fromAffine(e){if(!(e instanceof gr))throw new TypeError("ExtendedPoint#fromAffine: expected Point");return e.equals(gr.ZERO)?cr.ZERO:new cr(e.x,e.y,Xt,Ur(e.x*e.y))}static toAffineBatch(e){const t=function(e,t=tr.P){const r=Array(e.length),i=e.reduce(((e,i,n)=>i===Qt?e:(r[n]=e,Ur(e*i,t))),Xt),n=Dr(i,t);return e.reduceRight(((e,i,n)=>i===Qt?e:(r[n]=Ur(e*r[n],t),Ur(e*i,t))),n),r}(e.map((e=>e.z)));return e.map(((e,r)=>e.toAffine(t[r])))}static normalizeZ(e){return this.toAffineBatch(e).map(this.fromAffine)}equals(e){hr(e);const{x:t,y:r,z:i}=this,{x:n,y:a,z:s}=e,o=Ur(t*s),c=Ur(n*i),u=Ur(r*s),h=Ur(a*i);return o===c&&u===h}negate(){return new cr(Ur(-this.x),this.y,this.z,Ur(-this.t))}double(){const{x:e,y:t,z:r}=this,{a:i}=tr,n=Ur(e*e),a=Ur(t*t),s=Ur(Yt*Ur(r*r)),o=Ur(i*n),c=e+t,u=Ur(Ur(c*c)-n-a),h=o+a,l=h-s,y=o-a,p=Ur(u*l),d=Ur(h*y),g=Ur(u*y),f=Ur(l*h);return new cr(p,d,f,g)}add(e){hr(e);const{x:t,y:r,z:i,t:n}=this,{x:a,y:s,z:o,t:c}=e,u=Ur((r-t)*(s+a)),h=Ur((r+t)*(s-a)),l=Ur(h-u);if(l===Qt)return this.double();const y=Ur(i*Yt*c),p=Ur(n*Yt*o),d=p+y,g=h+u,f=p-y,m=Ur(d*l),w=Ur(g*f),b=Ur(d*f),k=Ur(l*g);return new cr(m,w,k,b)}subtract(e){return this.add(e.negate())}precomputeWindow(e){const t=1+256/e,r=[];let i=this,n=i;for(let a=0;a<t;a++){n=i,r.push(n);for(let t=1;t<2**(e-1);t++)n=n.add(i),r.push(n);i=n.double()}return r}wNAF(e,t){!t&&this.equals(cr.BASE)&&(t=gr.BASE);const r=t&&t._WINDOW_SIZE||1;if(256%r)throw Error("Point#wNAF: Invalid precomputation window, must be power of 2");let i=t&&dr.get(t);i||(i=this.precomputeWindow(r),t&&1!==r&&(i=cr.normalizeZ(i),dr.set(t,i)));let n=cr.ZERO,a=cr.BASE;const s=1+256/r,o=2**(r-1),c=BigInt(2**r-1),u=2**r,h=BigInt(r);for(let t=0;t<s;t++){const r=t*o;let s=Number(e&c);e>>=h,s>o&&(s-=u,e+=Xt);const l=r,y=r+Math.abs(s)-1,p=t%2!=0,d=s<0;0===s?a=a.add(ur(p,i[l])):n=n.add(ur(d,i[y]))}return cr.normalizeZ([n,a])[0]}multiply(e,t){return this.wNAF(Mr(e,tr.l),t)}multiplyUnsafe(e){let t=Mr(e,tr.l,!1);const r=cr.BASE,i=cr.ZERO;if(t===Qt)return i;if(this.equals(i)||t===Xt)return this;if(this.equals(r))return this.wNAF(t);let n=i,a=this;for(;t>Qt;)t&Xt&&(n=n.add(a)),a=a.double(),t>>=Xt;return n}isSmallOrder(){return this.multiplyUnsafe(tr.h).equals(cr.ZERO)}isTorsionFree(){let e=this.multiplyUnsafe(tr.l/Yt).double();return tr.l%Yt&&(e=e.add(this)),e.equals(cr.ZERO)}toAffine(e){const{x:t,y:r,z:i}=this,n=this.equals(cr.ZERO);null==e&&(e=n?Jt:Dr(i));const a=Ur(t*e),s=Ur(r*e),o=Ur(i*e);if(n)return gr.ZERO;if(o!==Xt)throw Error("invZ was invalid");return new gr(a,s)}fromRistrettoBytes(){yr()}toRistrettoBytes(){yr()}fromRistrettoHash(){yr()}}function ur(e,t){const r=t.negate();return e?r:t}function hr(e){if(!(e instanceof cr))throw new TypeError("ExtendedPoint expected")}function lr(e){if(!(e instanceof pr))throw new TypeError("RistrettoPoint expected")}function yr(){throw Error("Legacy method: switch to RistrettoPoint")}cr.BASE=new cr(tr.Gx,tr.Gy,Xt,Ur(tr.Gx*tr.Gy)),cr.ZERO=new cr(Qt,Xt,Xt,Qt);class pr{constructor(e){this.ep=e}static calcElligatorRistrettoMap(e){const{d:t}=tr,r=Ur(ir*e*e),i=Ur((r+Xt)*sr);let n=BigInt(-1);const a=Ur((n-t*r)*Ur(r+t));let{isValid:s,value:o}=Ir(i,a),c=Ur(o*e);Ar(c)||(c=Ur(-c)),s||(o=c),s||(n=r);const u=Ur(n*(r-Xt)*or-a),h=o*o,l=Ur((o+o)*a),y=Ur(u*nr),p=Ur(Xt-h),d=Ur(Xt+h);return new cr(Ur(l*d),Ur(p*y),Ur(y*d),Ur(l*p))}static hashToCurve(e){const t=Pr((e=Tr(e,64)).slice(0,32)),r=this.calcElligatorRistrettoMap(t),i=Pr(e.slice(32,64)),n=this.calcElligatorRistrettoMap(i);return new pr(r.add(n))}static fromHex(e){e=Tr(e,32);const{a:t,d:r}=tr,i="RistrettoPoint.fromHex: the hex is not valid encoding of RistrettoPoint",n=Pr(e);if(!function(e,t){if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0}(Kr(n),e)||Ar(n))throw Error(i);const a=Ur(n*n),s=Ur(Xt+t*a),o=Ur(Xt-t*a),c=Ur(s*s),u=Ur(o*o),h=Ur(t*r*c-u),{isValid:l,value:y}=Cr(Ur(h*u)),p=Ur(y*o),d=Ur(y*p*h);let g=Ur((n+n)*p);Ar(g)&&(g=Ur(-g));const f=Ur(s*d),m=Ur(g*f);if(!l||Ar(m)||f===Qt)throw Error(i);return new pr(new cr(g,f,Xt,m))}toRawBytes(){let{x:e,y:t,z:r,t:i}=this.ep;const n=Ur(Ur(r+t)*Ur(r-t)),a=Ur(e*t),s=Ur(a*a),{value:o}=Cr(Ur(n*s)),c=Ur(o*n),u=Ur(o*a),h=Ur(c*u*i);let l;if(Ar(i*h)){let r=Ur(t*ir),i=Ur(e*ir);e=r,t=i,l=Ur(c*ar)}else l=u;Ar(e*h)&&(t=Ur(-t));let y=Ur((r-t)*l);return Ar(y)&&(y=Ur(-y)),Kr(y)}toHex(){return br(this.toRawBytes())}toString(){return this.toHex()}equals(e){lr(e);const t=this.ep,r=e.ep,i=Ur(t.x*r.y)===Ur(t.y*r.x),n=Ur(t.y*r.y)===Ur(t.x*r.x);return i||n}add(e){return lr(e),new pr(this.ep.add(e.ep))}subtract(e){return lr(e),new pr(this.ep.subtract(e.ep))}multiply(e){return new pr(this.ep.multiply(e))}multiplyUnsafe(e){return new pr(this.ep.multiplyUnsafe(e))}}pr.BASE=new pr(cr.BASE),pr.ZERO=new pr(cr.ZERO);const dr=new WeakMap;class gr{constructor(e,t){this.x=e,this.y=t}_setWindowSize(e){this._WINDOW_SIZE=e,dr.delete(this)}static fromHex(e,t=!0){const{d:r,P:i}=tr,n=(e=Tr(e,32)).slice();n[31]=-129&e[31];const a=Er(n);if(t&&a>=i)throw Error("Expected 0 < hex < P");if(!t&&a>=rr)throw Error("Expected 0 < hex < 2**256");const s=Ur(a*a),o=Ur(s-Xt),c=Ur(r*s+Xt);let{isValid:u,value:h}=Ir(o,c);if(!u)throw Error("Point.fromHex: invalid y coordinate");const l=(h&Xt)===Xt;return!!(128&e[31])!==l&&(h=Ur(-h)),new gr(h,a)}static async fromPrivateKey(e){return(await Fr(e)).point}toRawBytes(){const e=Kr(this.y);return e[31]|=this.x&Xt?128:0,e}toHex(){return br(this.toRawBytes())}toX25519(){const{y:e}=this;return Kr(Ur((Xt+e)*Dr(Xt-e)))}isTorsionFree(){return cr.fromAffine(this).isTorsionFree()}equals(e){return this.x===e.x&&this.y===e.y}negate(){return new gr(Ur(-this.x),this.y)}add(e){return cr.fromAffine(this).add(cr.fromAffine(e)).toAffine()}subtract(e){return this.add(e.negate())}multiply(e){return cr.fromAffine(this).multiply(e,this).toAffine()}}gr.BASE=new gr(tr.Gx,tr.Gy),gr.ZERO=new gr(Qt,Xt);let fr=class e{constructor(e,t){this.r=e,this.s=t,this.assertValidity()}static fromHex(t){const r=Tr(t,64),i=gr.fromHex(r.slice(0,32),!1),n=Er(r.slice(32,64));return new e(i,n)}assertValidity(){const{r:e,s:t}=this;if(!(e instanceof gr))throw Error("Expected Point instance");return Mr(t,tr.l,!1),this}toRawBytes(){const e=new Uint8Array(64);return e.set(this.r.toRawBytes()),e.set(Kr(this.s),32),e}toHex(){return br(this.toRawBytes())}};function mr(...e){if(!e.every((e=>e instanceof Uint8Array)))throw Error("Expected Uint8Array list");if(1===e.length)return e[0];const t=e.reduce(((e,t)=>e+t.length),0),r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const n=e[t];r.set(n,i),i+=n.length}return r}const wr=Array.from({length:256},((e,t)=>t.toString(16).padStart(2,"0")));function br(e){if(!(e instanceof Uint8Array))throw Error("Uint8Array expected");let t="";for(let r=0;r<e.length;r++)t+=wr[e[r]];return t}function kr(e){if("string"!=typeof e)throw new TypeError("hexToBytes: expected string, got "+typeof e);if(e.length%2)throw Error("hexToBytes: received invalid unpadded hex");const t=new Uint8Array(e.length/2);for(let r=0;r<t.length;r++){const i=2*r,n=e.slice(i,i+2),a=Number.parseInt(n,16);if(Number.isNaN(a)||a<0)throw Error("Invalid byte sequence");t[r]=a}return t}function vr(e){return kr(e.toString(16).padStart(64,"0"))}function Kr(e){return vr(e).reverse()}function Ar(e){return(Ur(e)&Xt)===Xt}function Er(e){if(!(e instanceof Uint8Array))throw Error("Expected Uint8Array");return BigInt("0x"+br(Uint8Array.from(e).reverse()))}const Sr=BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");function Pr(e){return Ur(Er(e)&Sr)}function Ur(e,t=tr.P){const r=e%t;return r>=Qt?r:t+r}function Dr(e,t=tr.P){if(e===Qt||t<=Qt)throw Error(`invert: expected positive integers, got n=${e} mod=${t}`);let r=Ur(e,t),i=t,n=Qt,a=Xt;for(;r!==Qt;){const e=i%r,t=n-a*(i/r);i=r,r=e,n=a,a=t}if(i!==Xt)throw Error("invert: does not exist");return Ur(n,t)}function xr(e,t){const{P:r}=tr;let i=e;for(;t-- >Qt;)i*=i,i%=r;return i}function Ir(e,t){const r=Ur(t*t*t),i=function(e){const{P:t}=tr,r=BigInt(5),i=BigInt(10),n=BigInt(20),a=BigInt(40),s=BigInt(80),o=e*e%t*e%t,c=xr(o,Yt)*o%t,u=xr(c,Xt)*e%t,h=xr(u,r)*u%t,l=xr(h,i)*h%t,y=xr(l,n)*l%t,p=xr(y,a)*y%t,d=xr(p,s)*p%t,g=xr(d,s)*p%t,f=xr(g,i)*h%t;return{pow_p_5_8:xr(f,Yt)*e%t,b2:o}}(e*Ur(r*r*t)).pow_p_5_8;let n=Ur(e*r*i);const a=Ur(t*n*n),s=n,o=Ur(n*ir),c=a===e,u=a===Ur(-e),h=a===Ur(-e*ir);return c&&(n=s),(u||h)&&(n=o),Ar(n)&&(n=Ur(-n)),{isValid:c||u,value:n}}function Cr(e){return Ir(Xt,e)}function Br(e){return Ur(Er(e),tr.l)}function Tr(e,t){const r=e instanceof Uint8Array?Uint8Array.from(e):kr(e);if("number"==typeof t&&r.length!==t)throw Error(`Expected ${t} bytes`);return r}function Mr(e,t,r=!0){if(!t)throw new TypeError("Specify max value");if("number"==typeof e&&Number.isSafeInteger(e)&&(e=BigInt(e)),"bigint"==typeof e&&e<t)if(r){if(Qt<e)return e}else if(Qt<=e)return e;throw new TypeError("Expected valid scalar: 0 < scalar < max")}let _r;async function Fr(e){return function(e){const t=function(e){return e[0]&=248,e[31]&=127,e[31]|=64,e}(e.slice(0,32)),r=e.slice(32,64),i=Br(t),n=gr.BASE.multiply(i),a=n.toRawBytes();return{head:t,prefix:r,scalar:i,point:n,pointBytes:a}}(await Nr.sha512(function(e){if(32!==(e="bigint"==typeof e||"number"==typeof e?vr(Mr(e,rr)):Tr(e)).length)throw Error("Expected 32 bytes");return e}(e)))}async function Rr(e,t,r){const{r:i,SB:n,msg:a,pub:s}=function(e,t,r){t=Tr(t),r instanceof gr||(r=gr.fromHex(r,!1));const{r:i,s:n}=e instanceof fr?e.assertValidity():fr.fromHex(e);return{r:i,s:n,SB:cr.BASE.multiplyUnsafe(n),pub:r,msg:t}}(e,t,r),o=await Nr.sha512(i.toRawBytes(),s.toRawBytes(),a);return function(e,t,r,i){const n=Br(i),a=cr.fromAffine(e).multiplyUnsafe(n);return cr.fromAffine(t).add(a).subtract(r).multiplyUnsafe(tr.h).equals(cr.ZERO)}(s,i,n,o)}gr.BASE._setWindowSize(8);const Lr={node:null,web:"object"==typeof self&&"crypto"in self?self.crypto:void 0},Nr={bytesToHex:br,hexToBytes:kr,concatBytes:mr,getExtendedPublicKey:Fr,mod:Ur,invert:Dr,TORSION_SUBGROUP:["0100000000000000000000000000000000000000000000000000000000000000","c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a","0000000000000000000000000000000000000000000000000000000000000080","26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05","ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f","26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc85","0000000000000000000000000000000000000000000000000000000000000000","c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa"],hashToPrivateScalar:e=>{if((e=Tr(e)).length<40||e.length>1024)throw Error("Expected 40-1024 bytes of private key as per FIPS 186");return Ur(Er(e),tr.l-Xt)+Xt},randomBytes:(e=32)=>{if(Lr.web)return Lr.web.getRandomValues(new Uint8Array(e));throw Error("The environment doesn't have randomBytes function")},randomPrivateKey:()=>Nr.randomBytes(32),sha512:async(...e)=>{const t=mr(...e);if(Lr.web){const e=await Lr.web.subtle.digest("SHA-512",t.buffer);return new Uint8Array(e)}throw Error("The environment doesn't have sha512 function")},precompute(e=8,t=gr.BASE){const r=t.equals(gr.BASE)?t:new gr(t.x,t.y);return r._setWindowSize(e),r.multiply(Yt),r},sha512Sync:void 0};async function zr(e){switch(e){case B.publicKey.ed25519:try{const e=_.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(O(i.x)),seed:O(r.d)}}catch(t){if("NotSupportedError"!==t.name&&"OperationError"!==t.name)throw t;const r=le(Hr(e)),{publicKey:i}=Ze.sign.keyPair.fromSeed(r);return{A:i,seed:r}}case B.publicKey.ed448:{const e=await _.getNobleCurve(B.publicKey.ed448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function Or(e,t,r,i,n,a){if(Be(t)<Be(Gr(e)))throw Error("Hash algorithm too weak for EdDSA.");switch(e){case B.publicKey.ed25519:try{const t=_.getWebCrypto(),r=Wr(e,i,n),s=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",s,a))}}catch(e){if("NotSupportedError"!==e.name)throw e;const t=_.concatUint8Array([n,i]);return{RS:Ze.sign.detached(a,t)}}case B.publicKey.ed448:return{RS:(await _.getNobleCurve(B.publicKey.ed448)).sign(a,n)};default:throw Error("Unsupported EdDSA algorithm")}}async function qr(e,t,{RS:r},i,n,a){if(Be(t)<Be(Gr(e)))throw Error("Hash algorithm too weak for EdDSA.");switch(e){case B.publicKey.ed25519:try{const t=_.getWebCrypto(),i=Vr(e,n),s=await t.importKey("jwk",i,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",s,r,a)}catch(e){if("NotSupportedError"!==e.name)throw e;return Rr(r,a,n)}case B.publicKey.ed448:return(await _.getNobleCurve(B.publicKey.ed448)).verify(r,a,n);default:throw Error("Unsupported EdDSA algorithm")}}async function jr(e,t,r){switch(e){case B.publicKey.ed25519:{const{publicKey:e}=Ze.sign.keyPair.fromSeed(r);return _.equalsUint8Array(t,e)}case B.publicKey.ed448:{const e=(await _.getNobleCurve(B.publicKey.ed448)).getPublicKey(r);return _.equalsUint8Array(t,e)}default:return!1}}function Hr(e){switch(e){case B.publicKey.ed25519:return 32;case B.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function Gr(e){switch(e){case B.publicKey.ed25519:return B.hash.sha256;case B.publicKey.ed448:return B.hash.sha512;default:throw Error("Unknown EdDSA algo")}}Object.defineProperties(Nr,{sha512Sync:{configurable:!1,get:()=>_r,set(e){_r||(_r=e)}}});const Vr=(e,t)=>{if(e===B.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:q(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},Wr=(e,t,r)=>{if(e===B.publicKey.ed25519){const i=Vr(e,t);return i.d=q(r),i}throw Error("Unsupported EdDSA algorithm")};var $r=/*#__PURE__*/Object.freeze({__proto__:null,generate:zr,getPayloadSize:Hr,getPreferredHashAlgo:Gr,sign:Or,validateParams:jr,verify:qr});function Zr(e){return e instanceof Uint8Array||null!=e&&"object"==typeof e&&"Uint8Array"===e.constructor.name}function Qr(e,...t){if(!Zr(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function Xr(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function Yr(e,t){Qr(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}
+/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */const Jr=e=>new Uint8Array(e.buffer,e.byteOffset,e.byteLength),ei=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4)),ti=e=>new DataView(e.buffer,e.byteOffset,e.byteLength);if(!(68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]))throw Error("Non little-endian hardware is not supported");function ri(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!Zr(e))throw Error("Uint8Array expected, got "+typeof e);e=oi(e)}return e}function ii(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i<e.length;i++)r|=e[i]^t[i];return 0===r}const ni=(e,t)=>(Object.assign(t,e),t);function ai(e,t,r,i){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,i);const n=BigInt(32),a=BigInt(4294967295),s=Number(r>>n&a),o=Number(r&a);e.setUint32(t+0,s,i),e.setUint32(t+4,o,i)}function si(e){return e.byteOffset%4==0}function oi(e){return Uint8Array.from(e)}function ci(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}const ui=16,hi=/* @__PURE__ */new Uint8Array(16),li=ei(hi),yi=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class pi{constructor(e,t){this.blockLen=ui,this.outputLen=ui,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,Qr(e=ri(e),16);const r=ti(e);let i=r.getUint32(0,!1),n=r.getUint32(4,!1),a=r.getUint32(8,!1),s=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:yi(i),s1:yi(n),s2:yi(a),s3:yi(s)}),({s0:i,s1:n,s2:a,s3:s}={s3:(h=a)<<31|(l=s)>>>1,s2:(u=n)<<31|h>>>1,s1:(c=i)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const y=(e=>e>65536?8:e>1024?4:2)(t||1024);if(![1,2,4,8].includes(y))throw Error(`ghash: wrong window size=${y}, should be 2, 4 or 8`);this.W=y;const p=128/y,d=this.windowSize=2**y,g=[];for(let e=0;e<p;e++)for(let t=0;t<d;t++){let r=0,i=0,n=0,a=0;for(let s=0;s<y;s++){if(!(t>>>y-s-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[y*e+s];r^=c,i^=u,n^=h,a^=l}g.push({s0:r,s1:i,s2:n,s3:a})}this.t=g}_updateBlock(e,t,r,i){e^=this.s0,t^=this.s1,r^=this.s2,i^=this.s3;const{W:n,t:a,windowSize:s}=this;let o=0,c=0,u=0,h=0;const l=(1<<n)-1;let y=0;for(const p of[e,t,r,i])for(let e=0;e<4;e++){const t=p>>>8*e&255;for(let e=8/n-1;e>=0;e--){const r=t>>>n*e&l,{s0:i,s1:p,s2:d,s3:g}=a[y*s+r];o^=i,c^=p,u^=d,h^=g,y+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){e=ri(e),Xr(this);const t=ei(e),r=Math.floor(e.length/ui),i=e.length%ui;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return i&&(hi.set(e.subarray(r*ui)),this._updateBlock(li[0],li[1],li[2],li[3]),ci(li)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){Xr(this),Yr(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:n}=this,a=ei(e);return a[0]=t,a[1]=r,a[2]=i,a[3]=n,e}digest(){const e=new Uint8Array(ui);return this.digestInto(e),this.destroy(),e}}class di extends pi{constructor(e,t){const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const i=e[t];e[t]=i>>>1|r,r=(1&i)<<7}return e[0]^=225&-t,e}(oi(e=ri(e)));super(r,t),ci(r)}update(e){e=ri(e),Xr(this);const t=ei(e),r=e.length%ui,i=Math.floor(e.length/ui);for(let e=0;e<i;e++)this._updateBlock(yi(t[4*e+3]),yi(t[4*e+2]),yi(t[4*e+1]),yi(t[4*e+0]));return r&&(hi.set(e.subarray(i*ui)),this._updateBlock(yi(li[3]),yi(li[2]),yi(li[1]),yi(li[0])),ci(li)),this}digestInto(e){Xr(this),Yr(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:n}=this,a=ei(e);return a[0]=t,a[1]=r,a[2]=i,a[3]=n,e.reverse()}}function gi(e){const t=(t,r)=>e(r,t.length).update(ri(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const fi=gi(((e,t)=>new pi(e,t)));gi(((e,t)=>new di(e,t)));const mi=16,wi=new Uint8Array(mi),bi=283;function ki(e){return e<<1^bi&-(e>>7)}function vi(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=ki(e);return r}const Ki=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=ki(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let i=e[255-r];i|=i<<8,t[e[r]]=255&(i^i>>4^i>>5^i>>6^i>>7^99)}return ci(e),t})(),Ai=/* @__PURE__ */Ki.map(((e,t)=>Ki.indexOf(t))),Ei=e=>e<<24|e>>>8,Si=e=>e<<8|e>>>24,Pi=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Ui(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,i)=>t(e[i]))),i=r.map(Si),n=i.map(Si),a=n.map(Si),s=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;s[h]=r[t]^i[u],o[h]=n[t]^a[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:i,T2:n,T3:a,T01:s,T23:o}}const Di=/* @__PURE__ */Ui(Ki,(e=>vi(e,3)<<24|e<<16|e<<8|vi(e,2))),xi=/* @__PURE__ */Ui(Ai,(e=>vi(e,11)<<24|vi(e,13)<<16|vi(e,9)<<8|vi(e,14))),Ii=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=ki(r))e[t]=r;return e})();function Ci(e){Qr(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: wrong key size: should be 16, 24 or 32, got: "+t);const{sbox2:r}=Di,i=[];si(e)||i.push(e=oi(e));const n=ei(e),a=n.length,s=e=>Mi(r,e,e,e,e),o=new Uint32Array(t+28);o.set(n);for(let e=a;e<o.length;e++){let t=o[e-1];e%a==0?t=s(Ei(t))^Ii[e/a-1]:a>6&&e%a==4&&(t=s(t)),o[e]=o[e-a]^t}return ci(...i),o}function Bi(e){const t=Ci(e),r=t.slice(),i=t.length,{sbox2:n}=Di,{T0:a,T1:s,T2:o,T3:c}=xi;for(let e=0;e<i;e+=4)for(let n=0;n<4;n++)r[e+n]=t[i-e-4+n];ci(t);for(let e=4;e<i-4;e++){const t=r[e],i=Mi(n,t,t,t,t);r[e]=a[255&i]^s[i>>>8&255]^o[i>>>16&255]^c[i>>>24]}return r}function Ti(e,t,r,i,n,a){return e[r<<8&65280|i>>>8&255]^t[n>>>8&65280|a>>>24&255]}function Mi(e,t,r,i,n){return e[255&t|65280&r]|e[i>>>16&255|n>>>16&65280]<<16}function _i(e,t,r,i,n){const{sbox2:a,T01:s,T23:o}=Di;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],n^=e[c++];const u=e.length/4-2;for(let a=0;a<u;a++){const a=e[c++]^Ti(s,o,t,r,i,n),u=e[c++]^Ti(s,o,r,i,n,t),h=e[c++]^Ti(s,o,i,n,t,r),l=e[c++]^Ti(s,o,n,t,r,i);t=a,r=u,i=h,n=l}return{s0:e[c++]^Mi(a,t,r,i,n),s1:e[c++]^Mi(a,r,i,n,t),s2:e[c++]^Mi(a,i,n,t,r),s3:e[c++]^Mi(a,n,t,r,i)}}function Fi(e,t,r,i,n){const{sbox2:a,T01:s,T23:o}=xi;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],n^=e[c++];const u=e.length/4-2;for(let a=0;a<u;a++){const a=e[c++]^Ti(s,o,t,n,i,r),u=e[c++]^Ti(s,o,r,t,n,i),h=e[c++]^Ti(s,o,i,r,t,n),l=e[c++]^Ti(s,o,n,i,r,t);t=a,r=u,i=h,n=l}return{s0:e[c++]^Mi(a,t,n,i,r),s1:e[c++]^Mi(a,r,t,n,i),s2:e[c++]^Mi(a,i,r,t,n),s3:e[c++]^Mi(a,n,i,r,t)}}function Ri(e,t){if(void 0===t)return new Uint8Array(e);if(Qr(t),t.length<e)throw Error(`aes: wrong destination length, expected at least ${e}, got: ${t.length}`);if(!si(t))throw Error("unaligned dst");return t}function Li(e,t,r,i){Qr(t,mi),Qr(r);const n=r.length;i=Ri(n,i);const a=t,s=ei(a);let{s0:o,s1:c,s2:u,s3:h}=_i(e,s[0],s[1],s[2],s[3]);const l=ei(r),y=ei(i);for(let t=0;t+4<=l.length;t+=4){y[t+0]=l[t+0]^o,y[t+1]=l[t+1]^c,y[t+2]=l[t+2]^u,y[t+3]=l[t+3]^h;let r=1;for(let e=a.length-1;e>=0;e--)r=r+(255&a[e])|0,a[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=_i(e,s[0],s[1],s[2],s[3]))}const p=mi*Math.floor(l.length/4);if(p<n){const e=new Uint32Array([o,c,u,h]),t=Jr(e);for(let e=p,a=0;e<n;e++,a++)i[e]=r[e]^t[a];ci(e)}return i}function Ni(e,t,r,i,n){Qr(r,mi),Qr(i),n=Ri(i.length,n);const a=r,s=ei(a),o=ti(a),c=ei(i),u=ei(n),h=t?0:12,l=i.length;let y=o.getUint32(h,t),{s0:p,s1:d,s2:g,s3:f}=_i(e,s[0],s[1],s[2],s[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^p,u[r+1]=c[r+1]^d,u[r+2]=c[r+2]^g,u[r+3]=c[r+3]^f,y=y+1>>>0,o.setUint32(h,y,t),({s0:p,s1:d,s2:g,s3:f}=_i(e,s[0],s[1],s[2],s[3]));const m=mi*Math.floor(c.length/4);if(m<l){const e=new Uint32Array([p,d,g,f]),t=Jr(e);for(let e=m,r=0;e<l;e++,r++)n[e]=i[e]^t[r];ci(e)}return n}const zi=ni({blockSize:16,nonceLength:16},(function(e,t){function r(r,i){if(Qr(r),void 0!==i&&(Qr(i),!si(i)))throw Error("unaligned destination");const n=Ci(e),a=oi(t),s=[n,a];si(r)||s.push(r=oi(r));const o=Li(n,a,r,i);return ci(...s),o}return Qr(e),Qr(t,mi),{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const Oi=ni({blockSize:16,nonceLength:16},(function(e,t,r={}){Qr(e),Qr(t,16);const i=!r.disablePadding;return{encrypt(r,n){const a=Ci(e),{b:s,o,out:c}=function(e,t,r){Qr(e);let i=e.length;const n=i%mi;if(!t&&0!==n)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");si(e)||(e=oi(e));const a=ei(e);if(t){let e=mi-n;e||(e=mi),i+=e}const s=Ri(i,r);return{b:a,o:ei(s),out:s}}(r,i,n);let u=t;const h=[a];si(u)||h.push(u=oi(u));const l=ei(u);let y=l[0],p=l[1],d=l[2],g=l[3],f=0;for(;f+4<=s.length;)y^=s[f+0],p^=s[f+1],d^=s[f+2],g^=s[f+3],({s0:y,s1:p,s2:d,s3:g}=_i(a,y,p,d,g)),o[f++]=y,o[f++]=p,o[f++]=d,o[f++]=g;if(i){const e=function(e){const t=new Uint8Array(16),r=ei(t);t.set(e);const i=mi-e.length;for(let e=mi-i;e<mi;e++)t[e]=i;return r}(r.subarray(4*f));y^=e[0],p^=e[1],d^=e[2],g^=e[3],({s0:y,s1:p,s2:d,s3:g}=_i(a,y,p,d,g)),o[f++]=y,o[f++]=p,o[f++]=d,o[f++]=g}return ci(...h),c},decrypt(r,n){!function(e){if(Qr(e),e.length%mi!=0)throw Error("aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const a=Bi(e);let s=t;const o=[a];si(s)||o.push(s=oi(s));const c=ei(s),u=Ri(r.length,n);si(r)||o.push(r=oi(r));const h=ei(r),l=ei(u);let y=c[0],p=c[1],d=c[2],g=c[3];for(let e=0;e+4<=h.length;){const t=y,r=p,i=d,n=g;y=h[e+0],p=h[e+1],d=h[e+2],g=h[e+3];const{s0:s,s1:o,s2:c,s3:u}=Fi(a,y,p,d,g);l[e++]=s^t,l[e++]=o^r,l[e++]=c^i,l[e++]=u^n}return ci(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const i=e[r-1];if(i<=0||i>16)throw Error("aes/pcks5: wrong padding");const n=e.subarray(0,-i);for(let t=0;t<i;t++)if(e[r-t-1]!==i)throw Error("aes/pcks5: wrong padding");return n}(u,i)}}})),qi=ni({blockSize:16,nonceLength:16},(function(e,t){function r(r,i,n){Qr(r);const a=r.length;n=Ri(a,n);const s=Ci(e);let o=t;const c=[s];si(o)||c.push(o=oi(o)),si(r)||c.push(r=oi(r));const u=ei(r),h=ei(n),l=i?h:u,y=ei(o);let p=y[0],d=y[1],g=y[2],f=y[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:i,s3:n}=_i(s,p,d,g,f);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^i,h[e+3]=u[e+3]^n,p=l[e++],d=l[e++],g=l[e++],f=l[e++]}const m=mi*Math.floor(u.length/4);if(m<a){({s0:p,s1:d,s2:g,s3:f}=_i(s,p,d,g,f));const e=Jr(new Uint32Array([p,d,g,f]));for(let t=m,i=0;t<a;t++,i++)n[t]=r[t]^e[i];ci(e)}return ci(...c),n}return Qr(e),Qr(t,16),{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));const ji=ni({blockSize:16,nonceLength:12,tagLength:16},(function(e,t,r){if(Qr(e),Qr(t),void 0!==r&&Qr(r),t.length<8)throw Error("aes/gcm: invalid nonce length");const i=16;function n(e,t,i){const n=function(e,t,r,i,n){const a=null==n?0:n.length,s=e.create(r,i.length+a);n&&s.update(n),s.update(i);const o=new Uint8Array(16),c=ti(o);n&&ai(c,0,BigInt(8*a),t),ai(c,8,BigInt(8*i.length),t),s.update(o);const u=s.digest();return ci(o),u}(fi,!1,e,i,r);for(let e=0;e<t.length;e++)n[e]^=t[e];return n}function a(){const r=Ci(e),i=wi.slice(),n=wi.slice();if(Ni(r,!1,n,n,i),12===t.length)n.set(t);else{const e=wi.slice();ai(ti(e),8,BigInt(8*t.length),!1);const r=fi.create(i).update(t).update(e);r.digestInto(n),r.destroy()}return{xk:r,authKey:i,counter:n,tagMask:Ni(r,!1,n,wi)}}return{encrypt(e){Qr(e);const{xk:t,authKey:r,counter:s,tagMask:o}=a(),c=new Uint8Array(e.length+i),u=[t,r,s,o];si(e)||u.push(e=oi(e)),Ni(t,!1,s,e,c);const h=n(r,o,c.subarray(0,c.length-i));return u.push(h),c.set(h,e.length),ci(...u),c},decrypt(e){if(Qr(e),e.length<i)throw Error("aes/gcm: ciphertext less than tagLen (16)");const{xk:t,authKey:r,counter:s,tagMask:o}=a(),c=[t,r,o,s];si(e)||c.push(e=oi(e));const u=e.subarray(0,-16),h=e.subarray(-16),l=n(r,o,u);if(c.push(l),!ii(l,h))throw Error("aes/gcm: invalid ghash tag");const y=Ni(t,!1,s,u);return ci(...c),y}}}));function Hi(e){return null!=e&&"object"==typeof e&&(e instanceof Uint32Array||"Uint32Array"===e.constructor.name)}function Gi(e,t){if(Qr(t,16),!Hi(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=ei(t);let{s0:i,s1:n,s2:a,s3:s}=_i(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=n,r[2]=a,r[3]=s,t}function Vi(e,t){if(Qr(t,16),!Hi(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=ei(t);let{s0:i,s1:n,s2:a,s3:s}=Fi(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=n,r[2]=a,r[3]=s,t}const Wi={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=Ci(e);if(16===t.length)Gi(r,t);else{const e=ei(t);let i=e[0],n=e[1];for(let t=0,a=1;t<6;t++)for(let t=2;t<e.length;t+=2,a++){const{s0:s,s1:o,s2:c,s3:u}=_i(r,i,n,e[t],e[t+1]);i=s,n=o^Pi(a),e[t]=c,e[t+1]=u}e[0]=i,e[1]=n}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=Bi(e),i=t.length/8-1;if(1===i)Vi(r,t);else{const e=ei(t);let n=e[0],a=e[1];for(let t=0,s=6*i;t<6;t++)for(let t=2*i;t>=1;t-=2,s--){a^=Pi(s);const{s0:i,s1:o,s2:c,s3:u}=Fi(r,n,a,e[t],e[t+1]);n=i,a=o,e[t]=c,e[t+1]=u}e[0]=n,e[1]=a}r.fill(0)}},$i=new Uint8Array(8).fill(166),Zi=ni({blockSize:8},(e=>({encrypt(t){if(Qr(t),!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const i=e[r];Qr(i),t+=i.length}const r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const n=e[t];r.set(n,i),i+=n.length}return r}($i,t);return Wi.encrypt(e,r),r},decrypt(t){if(Qr(t),t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=oi(t);if(Wi.decrypt(e,r),!ii(r.subarray(0,8),$i))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),Qi={expandKeyLE:Ci,expandKeyDecLE:Bi,encrypt:_i,decrypt:Fi,encryptBlock:Gi,decryptBlock:Vi,ctrCounter:Li,ctr32:Ni};async function Xi(e){switch(e){case B.symmetric.aes128:case B.symmetric.aes192:case B.symmetric.aes256:throw Error("Not a legacy cipher");case B.symmetric.cast5:case B.symmetric.blowfish:case B.symmetric.twofish:case B.symmetric.tripledes:{const{legacyCiphers:t}=await import("./legacy_ciphers.min.mjs"),r=B.read(B.symmetric,e),i=t.get(r);if(!i)throw Error("Unsupported cipher algorithm");return i}default:throw Error("Unsupported cipher algorithm")}}function Yi(e){switch(e){case B.symmetric.aes128:case B.symmetric.aes192:case B.symmetric.aes256:case B.symmetric.twofish:return 16;case B.symmetric.blowfish:case B.symmetric.cast5:case B.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function Ji(e){switch(e){case B.symmetric.aes128:case B.symmetric.blowfish:case B.symmetric.cast5:return 16;case B.symmetric.aes192:case B.symmetric.tripledes:return 24;case B.symmetric.aes256:case B.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function en(e){return{keySize:Ji(e),blockSize:Yi(e)}}const tn=_.getWebCrypto();async function rn(e,t,r){const{keySize:i}=en(e);if(!_.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");try{const e=await tn.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),i=await tn.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),n=await tn.wrapKey("raw",i,e,{name:"AES-KW"});return new Uint8Array(n)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;_.printDebugError("Browser did not support operation: "+e.message)}return Zi(t).encrypt(r)}async function nn(e,t,r){const{keySize:i}=en(e);if(!_.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");let n;try{n=await tn.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return _.printDebugError("Browser did not support operation: "+e.message),Zi(t).decrypt(r)}try{const e=await tn.unwrapKey("raw",r,n,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await tn.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}const an=_.getWebCrypto();async function sn(e,t,r,i,n){const a=B.read(B.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");const s=await an.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await an.deriveBits({name:"HKDF",hash:a,salt:r,info:i},s,8*n);return new Uint8Array(o)}const on={x25519:_.encodeUTF8("OpenPGP X25519"),x448:_.encodeUTF8("OpenPGP X448")};async function cn(e){switch(e){case B.publicKey.x25519:{const e=le(32),{publicKey:t}=Ze.box.keyPair.fromSecretKey(e);return{A:t,k:e}}case B.publicKey.x448:{const e=await _.getNobleCurve(B.publicKey.x448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function un(e,t,r){switch(e){case B.publicKey.x25519:{const{publicKey:e}=Ze.box.keyPair.fromSecretKey(r);return _.equalsUint8Array(t,e)}case B.publicKey.x448:{const e=(await _.getNobleCurve(B.publicKey.x448)).getPublicKey(r);return _.equalsUint8Array(t,e)}default:return!1}}async function hn(e,t,r){const{ephemeralPublicKey:i,sharedSecret:n}=await pn(e,r),a=_.concatUint8Array([i,r,n]);switch(e){case B.publicKey.x25519:{const e=B.symmetric.aes128,{keySize:r}=en(e),n=await sn(B.hash.sha256,a,new Uint8Array,on.x25519,r);return{ephemeralPublicKey:i,wrappedKey:await rn(e,n,t)}}case B.publicKey.x448:{const e=B.symmetric.aes256,{keySize:r}=en(B.symmetric.aes256),n=await sn(B.hash.sha512,a,new Uint8Array,on.x448,r);return{ephemeralPublicKey:i,wrappedKey:await rn(e,n,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function ln(e,t,r,i,n){const a=await dn(e,t,i,n),s=_.concatUint8Array([t,i,a]);switch(e){case B.publicKey.x25519:{const e=B.symmetric.aes128,{keySize:t}=en(e);return nn(e,await sn(B.hash.sha256,s,new Uint8Array,on.x25519,t),r)}case B.publicKey.x448:{const e=B.symmetric.aes256,{keySize:t}=en(B.symmetric.aes256);return nn(e,await sn(B.hash.sha512,s,new Uint8Array,on.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function yn(e){switch(e){case B.publicKey.x25519:return 32;case B.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function pn(e,t){switch(e){case B.publicKey.x25519:{const r=le(yn(e)),i=Ze.scalarMult(r,t);gn(i);const{publicKey:n}=Ze.box.keyPair.fromSecretKey(r);return{ephemeralPublicKey:n,sharedSecret:i}}case B.publicKey.x448:{const e=await _.getNobleCurve(B.publicKey.x448),r=e.utils.randomPrivateKey(),i=e.getSharedSecret(r,t);gn(i);return{ephemeralPublicKey:e.getPublicKey(r),sharedSecret:i}}default:throw Error("Unsupported ECDH algorithm")}}async function dn(e,t,r,i){switch(e){case B.publicKey.x25519:{const e=Ze.scalarMult(i,t);return gn(e),e}case B.publicKey.x448:{const e=(await _.getNobleCurve(B.publicKey.x448)).getSharedSecret(i,t);return gn(e),e}default:throw Error("Unsupported ECDH algorithm")}}function gn(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}var fn=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:ln,encrypt:hn,generate:cn,generateEphemeralEncryptionMaterial:pn,getPayloadSize:yn,recomputeSharedSecret:dn,validateParams:un});const mn=_.getWebCrypto(),wn=_.getNodeCrypto(),bn={[B.curve.nistP256]:"P-256",[B.curve.nistP384]:"P-384",[B.curve.nistP521]:"P-521"},kn=wn?wn.getCurves():[],vn=wn?{[B.curve.secp256k1]:kn.includes("secp256k1")?"secp256k1":void 0,[B.curve.nistP256]:kn.includes("prime256v1")?"prime256v1":void 0,[B.curve.nistP384]:kn.includes("secp384r1")?"secp384r1":void 0,[B.curve.nistP521]:kn.includes("secp521r1")?"secp521r1":void 0,[B.curve.ed25519Legacy]:kn.includes("ED25519")?"ED25519":void 0,[B.curve.curve25519Legacy]:kn.includes("X25519")?"X25519":void 0,[B.curve.brainpoolP256r1]:kn.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[B.curve.brainpoolP384r1]:kn.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[B.curve.brainpoolP512r1]:kn.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Kn={[B.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:vn[B.curve.nistP256],web:bn[B.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[B.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:B.publicKey.ecdsa,hash:B.hash.sha384,cipher:B.symmetric.aes192,node:vn[B.curve.nistP384],web:bn[B.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[B.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:B.publicKey.ecdsa,hash:B.hash.sha512,cipher:B.symmetric.aes256,node:vn[B.curve.nistP521],web:bn[B.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[B.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:vn[B.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[B.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:B.publicKey.eddsaLegacy,hash:B.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[B.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:B.publicKey.ecdh,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[B.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:vn[B.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[B.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:B.publicKey.ecdsa,hash:B.hash.sha384,cipher:B.symmetric.aes192,node:vn[B.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[B.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:B.publicKey.ecdsa,hash:B.hash.sha512,cipher:B.symmetric.aes256,node:vn[B.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class An{constructor(e){try{this.name=e instanceof Nt?e.getName():B.write(B.curve,e)}catch(e){throw new Wt("Unknown curve")}const t=Kn[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&_.getWebCrypto()?this.type="web":this.node&&_.getNodeCrypto()?this.type="node":this.name===B.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===B.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await mn.generateKey({name:"ECDSA",namedCurve:bn[e]},!0,["sign","verify"]),i=await mn.exportKey("jwk",r.privateKey);return{publicKey:xn(await mn.exportKey("jwk",r.publicKey),t),privateKey:O(i.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return _.printDebugError("Browser did not support generating ec key "+e.message),Dn(this.name)}case"node":return async function(e){const t=wn.createECDH(vn[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await cn(B.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:_.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await zr(B.publicKey.ed25519);return{publicKey:_.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return Dn(this.name)}}}async function En(e){const t=new An(e),{oid:r,hash:i,cipher:n}=t,a=await t.genKeyPair();return{oid:r,Q:a.publicKey,secret:_.leftPad(a.privateKey,t.payloadSize),hash:i,cipher:n}}function Sn(e){return Kn[e.getName()].hash}async function Pn(e,t,r,i){const n={[B.curve.nistP256]:!0,[B.curve.nistP384]:!0,[B.curve.nistP521]:!0,[B.curve.secp256k1]:!0,[B.curve.curve25519Legacy]:e===B.publicKey.ecdh,[B.curve.brainpoolP256r1]:!0,[B.curve.brainpoolP384r1]:!0,[B.curve.brainpoolP512r1]:!0},a=t.getName();if(!n[a])return!1;if(a===B.curve.curve25519Legacy){i=i.slice().reverse();const{publicKey:e}=Ze.box.keyPair.fromSecretKey(i);r=new Uint8Array(r);const t=new Uint8Array([64,...e]);return!!_.equalsUint8Array(t,r)}const s=(await _.getNobleCurve(B.publicKey.ecdsa,a)).getPublicKey(i,!1);return!!_.equalsUint8Array(s,r)}function Un(e,t){const{payloadSize:r,wireFormatLeadingByte:i,name:n}=e,a=n===B.curve.curve25519Legacy||n===B.curve.ed25519Legacy?r:2*r;if(t[0]!==i||t.length!==a+1)throw Error("Invalid point encoding")}async function Dn(e){const t=await _.getNobleCurve(B.publicKey.ecdsa,e),r=t.utils.randomPrivateKey();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function xn(e,t){const r=O(e.x),i=O(e.y),n=new Uint8Array(r.length+i.length+1);return n[0]=t,n.set(r,1),n.set(i,r.length+1),n}function In(e,t,r){const i=e,n=r.slice(1,i+1),a=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:q(n),y:q(a),ext:!0}}function Cn(e,t,r,i){const n=In(e,t,r);return n.d=q(i),n}const Bn=_.getWebCrypto(),Tn=_.getNodeCrypto();async function Mn(e,t,r,i,n,a){const s=new An(e);if(Un(s,i),r&&!_.isStream(r)){const e={publicKey:i,privateKey:n};switch(s.type){case"web":try{return await async function(e,t,r,i){const n=e.payloadSize,a=Cn(e.payloadSize,bn[e.name],i.publicKey,i.privateKey),s=await Bn.importKey("jwk",a,{name:"ECDSA",namedCurve:bn[e.name],hash:{name:B.read(B.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await Bn.sign({name:"ECDSA",namedCurve:bn[e.name],hash:{name:B.read(B.webHash,t)}},s,r));return{r:o.slice(0,n),s:o.slice(n,n<<1)}}(s,t,r,e)}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;_.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return async function(e,t,r,i){const n=_.nodeRequire("eckey-utils"),a=_.getNodeBuffer(),{privateKey:s}=n.generateDer({curveName:vn[e.name],privateKey:a.from(i)}),o=Tn.createSign(B.read(B.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:s,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(s,t,r,n)}}const o=(await _.getNobleCurve(B.publicKey.ecdsa,s.name)).sign(a,n,{lowS:!1});return{r:ue(o.r,"be",s.payloadSize),s:ue(o.s,"be",s.payloadSize)}}async function _n(e,t,r,i,n,a){const s=new An(e);Un(s,n);const o=async()=>0===a[0]&&Fn(s,r,a.subarray(1),n);if(i&&!_.isStream(i))switch(s.type){case"web":try{const e=await async function(e,t,{r,s:i},n,a){const s=In(e.payloadSize,bn[e.name],a),o=await Bn.importKey("jwk",s,{name:"ECDSA",namedCurve:bn[e.name],hash:{name:B.read(B.webHash,e.hash)}},!1,["verify"]),c=_.concatUint8Array([r,i]).buffer;return Bn.verify({name:"ECDSA",namedCurve:bn[e.name],hash:{name:B.read(B.webHash,t)}},o,c,n)}(s,t,r,i,n);return e||o()}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;_.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:i},n,a){const s=_.nodeRequire("eckey-utils"),o=_.getNodeBuffer(),{publicKey:c}=s.generateDer({curveName:vn[e.name],publicKey:o.from(a)}),u=Tn.createVerify(B.read(B.hash,t));u.write(n),u.end();const h=_.concatUint8Array([r,i]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(s,t,r,i,n);return e||o()}}return await Fn(s,r,a,n)||o()}async function Fn(e,t,r,i){return(await _.getNobleCurve(B.publicKey.ecdsa,e.name)).verify(_.concatUint8Array([t.r,t.s]),r,i,{lowS:!1})}var Rn=/*#__PURE__*/Object.freeze({__proto__:null,sign:Mn,validateParams:async function(e,t,r){const i=new An(e);if(i.keyType!==B.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=le(8),n=B.hash.sha256,a=await Ce(n,i);try{const s=await Mn(e,n,i,t,r,a);return await _n(e,n,s,i,t,a)}catch(e){return!1}}default:return Pn(B.publicKey.ecdsa,e,t,r)}},verify:_n});async function Ln(e,t,r,i,n,a){if(Un(new An(e),i),Be(t)<Be(B.hash.sha256))throw Error("Hash algorithm too weak for EdDSA.");const{RS:s}=await Or(B.publicKey.ed25519,t,0,i.subarray(1),n,a);return{r:s.subarray(0,32),s:s.subarray(32)}}async function Nn(e,t,{r,s:i},n,a,s){if(Un(new An(e),a),Be(t)<Be(B.hash.sha256))throw Error("Hash algorithm too weak for EdDSA.");const o=_.concatUint8Array([r,i]);return qr(B.publicKey.ed25519,t,{RS:o},0,a.subarray(1),s)}async function zn(e,t,r){if(e.getName()!==B.curve.ed25519Legacy)return!1;const{publicKey:i}=Ze.sign.keyPair.fromSeed(r),n=new Uint8Array([64,...i]);return _.equalsUint8Array(t,n)}var On=/*#__PURE__*/Object.freeze({__proto__:null,sign:Ln,validateParams:zn,verify:Nn});function qn(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),n=new Uint8Array(r).fill(r);if(_.equalsUint8Array(i,n))return e.subarray(0,t-r)}}throw Error("Invalid padding")}const jn=_.getWebCrypto(),Hn=_.getNodeCrypto();function Gn(e,t,r,i){return _.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),_.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||i])}async function Vn(e,t,r,i,n=!1,a=!1){let s;if(n){for(s=0;s<t.length&&0===t[s];s++);t=t.subarray(s)}if(a){for(s=t.length-1;s>=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Ce(e,_.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function Wn(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:i}=await pn(B.publicKey.x25519,t.subarray(1));return{publicKey:_.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),i]),sharedKey:r}}case"web":if(e.web&&_.getWebCrypto())try{return await async function(e,t){const r=In(e.payloadSize,e.web,t);let i=jn.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),n=jn.importKey("jwk",r,{name:"ECDH",namedCurve:e.web},!1,[]);[i,n]=await Promise.all([i,n]);let a=jn.deriveBits({name:"ECDH",namedCurve:e.web,public:n},i.privateKey,e.sharedSize),s=jn.exportKey("jwk",i.publicKey);[a,s]=await Promise.all([a,s]);const o=new Uint8Array(a),c=new Uint8Array(xn(s,e.wireFormatLeadingByte));return{publicKey:c,sharedKey:o}}(e,t)}catch(r){return _.printDebugError(r),Yn(e,t)}break;case"node":return async function(e,t){const r=Hn.createECDH(e.node);r.generateKeys();const i=new Uint8Array(r.computeSecret(t));return{publicKey:new Uint8Array(r.getPublicKey()),sharedKey:i}}(e,t);default:return Yn(e,t)}}async function $n(e,t,r,i,n){const a=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),s=new An(e);Un(s,i);const{publicKey:o,sharedKey:c}=await Wn(s,i),u=Gn(B.publicKey.ecdh,e,t,n),{keySize:h}=en(t.cipher),l=await Vn(t.hash,c,h,u);return{publicKey:o,wrappedKey:await rn(t.cipher,l,a)}}async function Zn(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519Legacy":{const e=i.slice().reverse();return{secretKey:e,sharedKey:await dn(B.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&_.getWebCrypto())try{return await async function(e,t,r,i){const n=Cn(e.payloadSize,e.web,r,i);let a=jn.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const s=In(e.payloadSize,e.web,t);let o=jn.importKey("jwk",s,{name:"ECDH",namedCurve:e.web},!0,[]);[a,o]=await Promise.all([a,o]);let c=jn.deriveBits({name:"ECDH",namedCurve:e.web,public:o},a,e.sharedSize),u=jn.exportKey("jwk",a);[c,u]=await Promise.all([c,u]);const h=new Uint8Array(c);return{secretKey:O(u.d),sharedKey:h}}(e,t,r,i)}catch(r){return _.printDebugError(r),Xn(e,t,i)}break;case"node":return async function(e,t,r){const i=Hn.createECDH(e.node);i.setPrivateKey(r);const n=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:n}}(e,t,i);default:return Xn(e,t,i)}}async function Qn(e,t,r,i,n,a,s){const o=new An(e);Un(o,n),Un(o,r);const{sharedKey:c}=await Zn(o,r,n,a),u=Gn(B.publicKey.ecdh,e,t,s),{keySize:h}=en(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await Vn(t.hash,c,h,u,1===e,2===e);return qn(await nn(t.cipher,r,i))}catch(e){l=e}throw l}async function Xn(e,t,r){return{secretKey:r,sharedKey:(await _.getNobleCurve(B.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function Yn(e,t){const r=await _.getNobleCurve(B.publicKey.ecdh,e.name),{publicKey:i,privateKey:n}=await e.genKeyPair();return{publicKey:i,sharedKey:r.getSharedSecret(n,t).subarray(1)}}var Jn=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:An,ecdh:/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Qn,encrypt:$n,validateParams:async function(e,t,r){return Pn(B.publicKey.ecdh,e,t,r)}}),ecdhX:fn,ecdsa:Rn,eddsa:$r,eddsaLegacy:On,generate:En,getPreferredHashAlgo:Sn});const ea=BigInt(0),ta=BigInt(1);const ra=new Set([B.hash.sha1,B.hash.sha256,B.hash.sha512]),ia=_.getWebCrypto(),na=_.getNodeCrypto();async function aa(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{publicKey:r,secretKey:i}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:i}}throw Error("Unsupported KEM algorithm")}async function sa(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===B.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await cn(B.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:i,mlkemSeed:n,mlkemSecretKey:a}=await async function(e){if(e===B.publicKey.pqc_mlkem_x25519){const t=le(64),{mlkemSecretKey:r,mlkemPublicKey:i}=await aa(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:i}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:i,mlkemSeed:n,mlkemSecretKey:a}}async function oa(e,t,r,i){const{eccKeyShare:n,eccCipherText:a}=await async function(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await pn(B.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:s,mlkemCipherText:o}=await async function(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{cipherText:r,sharedSecret:i}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:i}}throw Error("Unsupported KEM algorithm")}(e,r),c=await ua(e,n,a,t,s,o,r);return{eccCipherText:a,mlkemCipherText:o,wrappedKey:await rn(B.symmetric.aes256,c,i)}}async function ca(e,t,r,i,n,a,s,o){const c=await async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519)return await dn(B.publicKey.x25519,t,0,r);throw Error("Unsupported KEM algorithm")}(e,t,i),u=await async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs");return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,a),h=await ua(e,c,t,n,u,r,s);return await nn(B.symmetric.aes256,h,o)}async function ua(e,t,r,i,n,a,s){const o=_.concatUint8Array([n,t,r,i,a,s,new Uint8Array([e]),_.encodeUTF8("OpenPGPCompositeKDFv1")]);return await Ce(B.hash.sha3_256,o)}async function ha(e,t,r,i,n){const a=async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519)return un(B.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),s=async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:i}=await aa(e,r);return _.equalsUint8Array(t,i)}throw Error("Unsupported KEM algorithm")}(e,i,n);return await a&&await s}async function la(e,t){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs"),{secretKey:r,publicKey:i}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}async function ya(e){if(e===B.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===B.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await zr(B.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:i,mldsaSecretKey:n,mldsaPublicKey:a}=await async function(e){if(e===B.publicKey.pqc_mldsa_ed25519){const t=le(32),{mldsaSecretKey:r,mldsaPublicKey:i}=await la(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:i,mldsaSecretKey:n,mldsaPublicKey:a}}throw Error("Unsupported signature algorithm")}async function pa(e,t,r,i,n,a){if(t!==ga(e))throw Error("Unexpected hash algorithm for PQC signature");if(e===B.publicKey.pqc_mldsa_ed25519){const{eccSignature:s}=await async function(e,t,r,i,n){if(e===B.publicKey.pqc_mldsa_ed25519){const{RS:e}=await Or(B.publicKey.ed25519,t,0,i,r,n);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,t,r,i,a),{mldsaSignature:o}=await async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,n,a);return{eccSignature:s,mldsaSignature:o}}throw Error("Unsupported signature algorithm")}async function da(e,t,r,i,n,{eccSignature:a,mldsaSignature:s}){if(t!==ga(e))throw Error("Unexpected hash algorithm for PQC signature");if(e===B.publicKey.pqc_mldsa_ed25519){const o=async function(e,t,r,i,n){if(e===B.publicKey.pqc_mldsa_ed25519)return qr(B.publicKey.ed25519,t,{RS:n},0,r,i);throw Error("Unsupported signature algorithm")}(e,t,r,n,a),c=async function(e,t,r,i){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return e.verify(t,r,i)}throw Error("Unsupported signature algorithm")}(e,i,n,s);return await o&&await c}throw Error("Unsupported signature algorithm")}function ga(e){if(e===B.publicKey.pqc_mldsa_ed25519)return B.hash.sha3_256;throw Error("Unsupported signature algorithm")}async function fa(e,t,r,i,n){const a=async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519)return jr(B.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),s=async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:i}=await la(e,r);return _.equalsUint8Array(t,i)}throw Error("Unsupported signature algorithm")}(e,i,n);return await a&&await s}class ma{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return _.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class wa{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!_.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return _.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class ba{constructor(e){if(e){const{version:t,hash:r,cipher:i,replacementFingerprint:n}=e;this.version=t||1,this.hash=r,this.cipher=i,this.replacementFingerprint=n}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new Wt("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const i=t-r+1;this.replacementFingerprint=e.slice(r,r+i),r+=i}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return _.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const ka=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=B.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return B.read(e,this.data)}getValue(){return this.data}},va=ka(B.aead),Ka=ka(B.symmetric),Aa=ka(B.hash);class Ea{static fromObject({wrappedKey:e,algorithm:t}){const r=new Ea;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=_.readExactSubarray(e,t,t+r),t+=r}write(){return _.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Sa=_.getWebCrypto(),Pa=_.getNodeCrypto(),Ua=Pa?Pa.getCiphers():[],Da={idea:Ua.includes("idea-cfb")?"idea-cfb":void 0,tripledes:Ua.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:Ua.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:Ua.includes("bf-cfb")?"bf-cfb":void 0,aes128:Ua.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:Ua.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:Ua.includes("aes-256-cfb")?"aes-256-cfb":void 0};async function xa(e){const{blockSize:t}=en(e),r=await le(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return _.concat([r,i])}async function Ia(e,t,r,i,n){const a=B.read(B.symmetric,e);if(_.getNodeCrypto()&&Da[a])return function(e,t,r,i){const n=B.read(B.symmetric,e),a=new Pa.createCipheriv(Da[n],t,i);return b(r,(e=>new Uint8Array(a.update(e))))}(e,t,r,i);if(_.isAES(e))return async function(e,t,r,i){if(Sa&&await Ba.isSupported(e)){const n=new Ba(e,t,i);return _.isStream(r)?b(r,(e=>n.encryptChunk(e)),(()=>n.finish())):n.encrypt(r)}if(_.isStream(r)){const n=new Ta(!0,e,t,i);return b(r,(e=>n.processChunk(e)),(()=>n.finish()))}return qi(t,i).encrypt(r)}(e,t,r,i);const s=new(await Xi(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=_.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[i++]=c[r];u=u.subarray(o)}return t.subarray(0,i)};return b(r,h,h)}async function Ca(e,t,r,i){const n=B.read(B.symmetric,e);if(Pa&&Da[n])return function(e,t,r,i){const n=B.read(B.symmetric,e),a=new Pa.createDecipheriv(Da[n],t,i);return b(r,(e=>new Uint8Array(a.update(e))))}(e,t,r,i);if(_.isAES(e))return async function(e,t,r,i){if(_.isStream(r)){const n=new Ta(!1,e,t,i);return b(r,(e=>n.processChunk(e)),(()=>n.finish()))}return qi(t,i).decrypt(r)}(e,t,r,i);const a=new(await Xi(e))(t),s=a.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=_.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=a.encrypt(o);for(o=c.subarray(0,s),r=0;r<s;r++)t[i++]=o[r]^e[r];c=c.subarray(s)}return t.subarray(0,i)};return b(r,u,u)}class Ba{constructor(e,t,r){const{blockSize:i}=en(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i,this.zeroBlock=new Uint8Array(this.blockSize)}static async isSupported(e){const{keySize:t}=en(e);return Sa.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Sa.importKey("raw",this.key,r,!1,["encrypt"]);const i=await Sa.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(i).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=_.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),n=_.concatUint8Array([this.prevBlock,i.subarray(0,i.length-this.blockSize)]),a=await this._runCBC(n);return Ma(a,i),this.prevBlock=a.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,a}let i;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;i=await this._runCBC(this.prevBlock),Ma(i,t),this.prevBlock=i.slice(),this.i=0;const n=e.subarray(r.length);this.nextBlock.set(n,this.i),this.i+=n.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);Ma(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(_.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return Ma(t,e),this.clearSensitiveData(),t}}class Ta{constructor(e,t,r,i){this.forEncryption=e;const{blockSize:n}=en(t);this.key=Qi.expandKeyLE(r),i.byteOffset%4!=0&&(i=i.slice()),this.prevBlock=_a(i),this.nextBlock=new Uint8Array(n),this.i=0,this.blockSize=n}_runCFB(e){const t=_a(e),r=new Uint8Array(e.length),i=_a(r);for(let e=0;e+4<=i.length;e+=4){const{s0:r,s1:n,s2:a,s3:s}=Qi.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);i[e+0]=t[e+0]^r,i[e+1]=t[e+1]^n,i[e+2]=t[e+2]^a,i[e+3]=t[e+3]^s,this.prevBlock=(this.forEncryption?i:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=_.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),n=this._runCFB(i);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,n}let i;if(this.i+=r.length,this.i===this.nextBlock.length){i=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function Ma(e,t){const r=Math.min(e.length,t.length);for(let i=0;i<r;i++)e[i]=e[i]^t[i]}const _a=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const Fa=_.getWebCrypto(),Ra=_.getNodeCrypto(),La=16;function Na(e,t){const r=e.length-La;for(let i=0;i<La;i++)e[i+r]^=t[i];return e}const za=new Uint8Array(La);async function Oa(e){const t=await qa(e),r=_.double(await t(za)),i=_.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%La==0)return Na(e,t);const i=new Uint8Array(e.length+(La-e.length%La));return i.set(e),i[e.length]=128,Na(i,r)}(e,r,i))).subarray(-La)}}async function qa(e){if(_.getNodeCrypto())return async function(t){const r=new Ra.createCipheriv("aes-"+8*e.length+"-cbc",e,za).update(t);return new Uint8Array(r)};if(_.getWebCrypto())try{return e=await Fa.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await Fa.encrypt({name:"AES-CBC",iv:za,length:8*La},e,t);return new Uint8Array(r).subarray(0,r.byteLength-La)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;_.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return Oi(e,za,{disablePadding:!0}).encrypt(t)}}const ja=_.getWebCrypto(),Ha=_.getNodeCrypto(),Ga=_.getNodeBuffer(),Va=16,Wa=Va,$a=Va,Za=new Uint8Array(Va),Qa=new Uint8Array(Va);Qa[Va-1]=1;const Xa=new Uint8Array(Va);async function Ya(e){const t=await Oa(e);return function(e,r){return t(_.concatUint8Array([e,r]))}}async function Ja(e){if(_.getNodeCrypto())return async function(t,r){const i=new Ha.createCipheriv("aes-"+8*e.length+"-ctr",e,r),n=Ga.concat([i.update(t),i.final()]);return new Uint8Array(n)};if(_.getWebCrypto())try{const t=await ja.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const i=await ja.encrypt({name:"AES-CTR",counter:r,length:8*Va},t,e);return new Uint8Array(i)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;_.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return zi(e,r).encrypt(t)}}async function es(e,t){if(e!==B.symmetric.aes128&&e!==B.symmetric.aes192&&e!==B.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,i]=await Promise.all([Ya(t),Ja(t)]);return{encrypt:async function(e,t,n){const[a,s]=await Promise.all([r(Za,t),r(Qa,n)]),o=await i(e,a),c=await r(Xa,o);for(let e=0;e<$a;e++)c[e]^=s[e]^a[e];return _.concatUint8Array([o,c])},decrypt:async function(e,t,n){if(e.length<$a)throw Error("Invalid EAX ciphertext");const a=e.subarray(0,-$a),s=e.subarray(-$a),[o,c,u]=await Promise.all([r(Za,t),r(Qa,n),r(Xa,a)]),h=u;for(let e=0;e<$a;e++)h[e]^=c[e]^o[e];if(!_.equalsUint8Array(s,h))throw Error("Authentication tag mismatch");return await i(a,o)}}}Xa[Va-1]=2,es.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},es.blockLength=Va,es.ivLength=Wa,es.tagLength=$a;const ts=16,rs=15,is=16;function ns(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function as(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function ss(e,t){return as(e.slice(),t)}const os=new Uint8Array(ts),cs=new Uint8Array([1]);async function us(e,t){const{keySize:r}=en(e);if(!_.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let i=0;const n=Oi(t,os,{disablePadding:!0}),a=e=>n.encrypt(e),s=e=>n.decrypt(e);let o;function c(e,t,r,n){const s=t.length/ts|0;!function(e,t){const r=_.nbits(Math.max(e.length,t.length)/ts|0)-1;for(let e=i+1;e<=r;e++)o[e]=_.double(o[e-1]);i=r}(t,n);const c=_.concatUint8Array([os.subarray(0,rs-r.length),cs,r]),u=63&c[ts-1];c[ts-1]&=192;const h=a(c),l=_.concatUint8Array([h,ss(h.subarray(0,8),h.subarray(1,9))]),y=_.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),p=new Uint8Array(ts),d=new Uint8Array(t.length+is);let g,f=0;for(g=0;g<s;g++)as(y,o[ns(g+1)]),d.set(as(e(ss(y,t)),y),f),as(p,e===a?t:d.subarray(f)),t=t.subarray(ts),f+=ts;if(t.length){as(y,o.x);const r=a(y);d.set(ss(t,r),f);const i=new Uint8Array(ts);i.set(e===a?t:d.subarray(f,-is),0),i[t.length]=128,as(p,i),f+=t.length}const m=as(a(as(as(p,y),o.$)),function(e){if(!e.length)return os;const t=e.length/ts|0,r=new Uint8Array(ts),i=new Uint8Array(ts);for(let n=0;n<t;n++)as(r,o[ns(n+1)]),as(i,a(ss(r,e))),e=e.subarray(ts);if(e.length){as(r,o.x);const t=new Uint8Array(ts);t.set(e,0),t[e.length]=128,as(t,r),as(i,a(t))}return i}(n));return d.set(m,f),d}return function(){const e=a(os),t=_.double(e);o=[],o[0]=_.double(t),o.x=e,o.$=t}(),{encrypt:async function(e,t,r){return c(a,e,t,r)},decrypt:async function(e,t,r){if(e.length<is)throw Error("Invalid OCB ciphertext");const i=e.subarray(-is);e=e.subarray(0,-is);const n=c(s,e,t,r);if(_.equalsUint8Array(i,n.subarray(-is)))return n.subarray(0,-is);throw Error("Authentication tag mismatch")}}}us.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},us.blockLength=ts,us.ivLength=rs,us.tagLength=is;const hs=_.getWebCrypto(),ls=_.getNodeCrypto(),ys=_.getNodeBuffer(),ps=16,ds="AES-GCM";async function gs(e,t){if(e!==B.symmetric.aes128&&e!==B.symmetric.aes192&&e!==B.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(_.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const n=new ls.createCipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i);const a=ys.concat([n.update(e),n.final(),n.getAuthTag()]);return new Uint8Array(a)},decrypt:async function(e,r,i=new Uint8Array){const n=new ls.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i),n.setAuthTag(e.slice(e.length-ps,e.length));const a=ys.concat([n.update(e.slice(0,e.length-ps)),n.final()]);return new Uint8Array(a)}};if(_.getWebCrypto())try{const e=await hs.importKey("raw",t,{name:ds},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(i,n,a=new Uint8Array){if(r&&!i.length)return ji(t,n,a).encrypt(i);const s=await hs.encrypt({name:ds,iv:n,additionalData:a,tagLength:8*ps},e,i);return new Uint8Array(s)},decrypt:async function(i,n,a=new Uint8Array){if(r&&i.length===ps)return ji(t,n,a).decrypt(i);try{const t=await hs.decrypt({name:ds,iv:n,additionalData:a,tagLength:8*ps},e,i);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;_.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,i){return ji(t,r,i).encrypt(e)},decrypt:async function(e,r,i){return ji(t,r,i).decrypt(e)}}}function fs(e,t=!1){switch(e){case B.aead.eax:return es;case B.aead.ocb:return us;case B.aead.gcm:return gs;case B.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return gs;default:throw Error("Unsupported AEAD mode")}}async function ms(e,t,r,i,n,a){switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await qe(n,e,t)}}case B.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return async function(e,t,r,i){t=ee(t),r=ee(r),i=ee(i);const n=ee(Me(e,ce(t))),a=ye(We,t-We);return{c1:ue(re(r,a,t)),c2:ue(te(re(i,a,t)*n,t))}}(n,e,t,i)}case B.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:i}=r,{publicKey:s,wrappedKey:o}=await $n(e,i,n,t,a);return{V:s,C:new ma(o)}}case B.publicKey.x25519:case B.publicKey.x448:{if(t&&!_.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:a,wrappedKey:s}=await hn(e,n,i);return{ephemeralPublicKey:a,C:Ea.fromObject({algorithm:t,wrappedKey:s})}}case B.publicKey.aead:{if(!i)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:a}=i,s=T.preferredAEADAlgorithm,o=fs(T.preferredAEADAlgorithm),{ivLength:c}=o,u=le(c),h=await o(t,a),l=await h.encrypt(n,u,new Uint8Array);return{aeadMode:new va(s),iv:u,c:new wa(l)}}case B.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:i,mlkemPublicKey:a}=r,{eccCipherText:s,mlkemCipherText:o,wrappedKey:c}=await oa(e,i,a,n);return{eccCipherText:s,mlkemCipherText:o,C:Ea.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function ws(e,t,r,i,n,a){switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:{const{c:e}=i,{n,e:s}=t,{d:o,p:c,q:u,u:h}=r;return je(e,n,s,o,c,u,h,a)}case B.publicKey.elgamal:{const{c1:e,c2:n}=i;return async function(e,t,r,i,n){return e=ee(e),t=ee(t),r=ee(r),_e(ue(te(ne(re(e,i=ee(i),r),r)*t,r),"be",ce(r)),n)}(e,n,t.p,r.x,a)}case B.publicKey.ecdh:{const{oid:e,Q:a,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return Qn(e,s,c,u.data,a,o,n)}case B.publicKey.x25519:case B.publicKey.x448:{const{A:n}=t,{k:a}=r,{ephemeralPublicKey:s,C:o}=i;if(null!==o.algorithm&&!_.isAES(o.algorithm))throw Error("AES session key expected");return ln(e,s,o.wrappedKey,n,a)}case B.publicKey.aead:{const{cipher:e}=t,n=e.getValue(),{keyMaterial:a}=r,{aeadMode:s,iv:o,c}=i,u=fs(s.getValue());return(await u(n,a)).decrypt(c.data,o,new Uint8Array)}case B.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:n,mlkemSecretKey:a}=r,{eccPublicKey:s,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=i;return ca(e,c,u,n,s,a,o,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function bs(e,t,r){let i=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const e=_.readMPI(t.subarray(i));i+=e.length+2;const r=_.readMPI(t.subarray(i));i+=r.length+2;const n=_.readMPI(t.subarray(i));i+=n.length+2;const a=_.readMPI(t.subarray(i));return i+=a.length+2,{read:i,privateParams:{d:e,p:r,q:n,u:a}}}case B.publicKey.dsa:case B.publicKey.elgamal:{const e=_.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case B.publicKey.ecdsa:case B.publicKey.ecdh:{const n=Ps(e,r.oid);let a=_.readMPI(t.subarray(i));return i+=a.length+2,a=_.leftPad(a,n),{read:i,privateParams:{d:a}}}case B.publicKey.eddsaLegacy:{const n=Ps(e,r.oid);if(r.oid.getName()!==B.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let a=_.readMPI(t.subarray(i));return i+=a.length+2,a=_.leftPad(a,n),{read:i,privateParams:{seed:a}}}case B.publicKey.ed25519:case B.publicKey.ed448:{const r=Ps(e),n=_.readExactSubarray(t,i,i+r);return i+=n.length,{read:i,privateParams:{seed:n}}}case B.publicKey.x25519:case B.publicKey.x448:{const r=Ps(e),n=_.readExactSubarray(t,i,i+r);return i+=n.length,{read:i,privateParams:{k:n}}}case B.publicKey.hmac:{const{cipher:e}=r,n=Be(e.getValue()),a=t.subarray(i,i+32);i+=32;const s=t.subarray(i,i+n);return i+=n,{read:i,privateParams:{hashSeed:a,keyMaterial:s}}}case B.publicKey.aead:{const{cipher:e}=r,n=t.subarray(i,i+32);i+=32;const{keySize:a}=en(e.getValue()),s=t.subarray(i,i+a);return i+=a,{read:i,privateParams:{hashSeed:n,keyMaterial:s}}}case B.publicKey.pqc_mlkem_x25519:{const r=_.readExactSubarray(t,i,i+Ps(B.publicKey.x25519));i+=r.length;const n=_.readExactSubarray(t,i,i+64);i+=n.length;const{mlkemSecretKey:a}=await aa(e,n);return{read:i,privateParams:{eccSecretKey:r,mlkemSecretKey:a,mlkemSeed:n}}}case B.publicKey.pqc_mldsa_ed25519:{const r=_.readExactSubarray(t,i,i+Ps(B.publicKey.ed25519));i+=r.length;const n=_.readExactSubarray(t,i,i+32);i+=n.length;const{mldsaSecretKey:a}=await la(e,n);return{read:i,privateParams:{eccSecretKey:r,mldsaSecretKey:a,mldsaSeed:n}}}default:throw new Wt("Unknown public key encryption algorithm.")}}function ks(e,t){const r=new Set([B.publicKey.ed25519,B.publicKey.x25519,B.publicKey.ed448,B.publicKey.x448,B.publicKey.aead,B.publicKey.hmac,B.publicKey.pqc_mlkem_x25519,B.publicKey.pqc_mldsa_ed25519]),i={[B.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[B.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},n=Object.keys(t).map((n=>{if(i[e]?.has(n))return new Uint8Array;const a=t[n];return _.isUint8Array(a)?r.has(e)?a:_.uint8ArrayToMPI(a):a.write()}));return _.concatUint8Array(n)}async function vs(e,t,r,i){switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),_.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:ue(t),hash:{name:"SHA-1"}},i=await Re.generateKey(r,!0,["sign","verify"]);return Ve(await Re.exportKey("jwk",i.privateKey),t)}if(_.getNodeCrypto()){const r={modulusLength:e,publicExponent:ae(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},i=await new Promise(((e,t)=>{Le.generateKeyPair("rsa",r,((r,i,n)=>{r?t(r):e(n)}))}));return Ve(i,t)}let r,i,n;do{i=de(e-(e>>1),t,40),r=de(e>>1,t,40),n=r*i}while(oe(n)!==e);const a=(r-Ne)*(i-Ne);return i<r&&([r,i]=[i,r]),{n:ue(n),e:ue(t),d:ue(ne(t,a)),p:ue(r),q:ue(i),u:ue(ne(r,i))}}(t,65537).then((({n:e,e:t,d:r,p:i,q:n,u:a})=>({privateParams:{d:r,p:i,q:n,u:a},publicParams:{n:e,e:t}})));case B.publicKey.ecdsa:return En(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Nt(e),Q:t}})));case B.publicKey.eddsaLegacy:return En(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Nt(e),Q:t}})));case B.publicKey.ecdh:return En(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:n})=>({privateParams:{d:r},publicParams:{oid:new Nt(e),Q:t,kdfParams:new ba({hash:i,cipher:n})}})));case B.publicKey.ed25519:case B.publicKey.ed448:return zr(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case B.publicKey.x25519:case B.publicKey.x448:return cn(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case B.publicKey.hmac:return Ks(await async function(e){if(!ra.has(e))throw Error("Unsupported hash algorithm.");const t=B.read(B.webHash,e),r=ia||na.webcrypto.subtle,i=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),n=await r.exportKey("raw",i);return new Uint8Array(n)}(i),new Aa(i));case B.publicKey.aead:return Ks(Es(i),new Ka(i));case B.publicKey.pqc_mlkem_x25519:return sa(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:i,mlkemPublicKey:n})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:i},publicParams:{eccPublicKey:t,mlkemPublicKey:n}})));case B.publicKey.pqc_mldsa_ed25519:return ya(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:i,mldsaPublicKey:n})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:i},publicParams:{eccPublicKey:t,mldsaPublicKey:n}})));case B.publicKey.dsa:case B.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function Ks(e,t){const r=le(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await Ce(B.hash.sha256,r)}}}async function As(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const{n:e,e:i}=t,{d:n,p:a,q:s,u:o}=r;return async function(e,t,r,i,n,a){if(e=ee(e),(i=ee(i))*(n=ee(n))!==e)return!1;const s=BigInt(2);if(te(i*(a=ee(a)),n)!==BigInt(1))return!1;t=ee(t),r=ee(r);const o=ye(s,s<<BigInt(Math.floor(oe(e)/3))),c=o*r*t;return!(te(c,i-Ne)!==o||te(c,n-Ne)!==o)}(e,i,n,a,s,o)}case B.publicKey.dsa:{const{p:e,q:i,g:n,y:a}=t,{x:s}=r;return async function(e,t,r,i,n){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),r<=ta||r>=e)return!1;if(te(e-ta,t)!==ea)return!1;if(re(r,t,e)!==ta)return!1;const a=BigInt(oe(t));if(a<BigInt(150)||!ge(t,null,32))return!1;n=ee(n);const s=BigInt(2);return i===re(r,t*ye(s<<a-ta,s<<a)+n,e)}(e,i,n,a,s)}case B.publicKey.elgamal:{const{p:e,g:i,y:n}=t,{x:a}=r;return async function(e,t,r,i){if(e=ee(e),t=ee(t),r=ee(r),t<=We||t>=e)return!1;const n=BigInt(oe(e));if(n<BigInt(1023))return!1;if(re(t,e-We,e)!==We)return!1;let a=t,s=BigInt(1);const o=BigInt(2),c=o<<BigInt(17);for(;s<c;){if(a=te(a*t,e),a===We)return!1;s++}i=ee(i);const u=ye(o<<n-We,o<<n);return r===re(t,(e-We)*u+i,e)}(e,i,n,a)}case B.publicKey.ecdsa:case B.publicKey.ecdh:{const i=Jn[B.read(B.publicKey,e)],{oid:n,Q:a}=t,{d:s}=r;return i.validateParams(n,a,s)}case B.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:n}=r;return zn(i,e,n)}case B.publicKey.ed25519:case B.publicKey.ed448:{const{A:i}=t,{seed:n}=r;return jr(e,i,n)}case B.publicKey.x25519:case B.publicKey.x448:{const{A:i}=t,{k:n}=r;return un(e,i,n)}case B.publicKey.hmac:{const{cipher:e,digest:i}=t,{hashSeed:n,keyMaterial:a}=r;return Be(e.getValue())===a.length&&_.equalsUint8Array(i,await Ce(B.hash.sha256,n))}case B.publicKey.aead:{const{cipher:e,digest:i}=t,{hashSeed:n,keyMaterial:a}=r,{keySize:s}=en(e.getValue());return s===a.length&&_.equalsUint8Array(i,await Ce(B.hash.sha256,n))}case B.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSeed:n}=r,{eccPublicKey:a,mlkemPublicKey:s}=t;return ha(e,a,i,s,n)}case B.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:i,mldsaSeed:n}=r,{eccPublicKey:a,mldsaPublicKey:s}=t;return fa(e,a,i,s,n)}default:throw Error("Unknown public key algorithm.")}}function Es(e){const{keySize:t}=en(e);return le(t)}function Ss(e){try{e.getName()}catch(e){throw new Wt("Unknown curve OID")}}function Ps(e,t){switch(e){case B.publicKey.ecdsa:case B.publicKey.ecdh:case B.publicKey.eddsaLegacy:return new An(t).payloadSize;case B.publicKey.ed25519:case B.publicKey.ed448:return Hr(e);case B.publicKey.x25519:case B.publicKey.x448:return yn(e);default:throw Error("Unknown elliptic algo")}}async function Us(e,t,r,i,n,a,s){switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const{n:e,e:n}=i;return Oe(t,a,_.leftPad(r.s,e.length),e,n,s)}case B.publicKey.dsa:{const{g:e,p:t,q:n,y:a}=i,{r:o,s:c}=r;return async function(e,t,r,i,n,a,s,o){if(t=ee(t),r=ee(r),a=ee(a),s=ee(s),n=ee(n),o=ee(o),t<=ea||t>=s||r<=ea||r>=s)return _.printDebug("invalid DSA Signature"),!1;const c=te(ee(i.subarray(0,ce(s))),s),u=ne(r,s);if(u===ea)return _.printDebug("invalid DSA Signature"),!1;n=te(n,a),o=te(o,a);const h=te(c*u,s),l=te(t*u,s);return te(te(re(n,h,a)*re(o,l,a),a),s)===t}(0,o,c,s,e,t,n,a)}case B.publicKey.ecdsa:{const{oid:e,Q:n}=i,o=new An(e).payloadSize;return _n(e,t,{r:_.leftPad(r.r,o),s:_.leftPad(r.s,o)},a,n,s)}case B.publicKey.eddsaLegacy:{const{oid:e,Q:n}=i,a=new An(e).payloadSize;return Nn(e,t,{r:_.leftPad(r.r,a),s:_.leftPad(r.s,a)},0,n,s)}case B.publicKey.ed25519:case B.publicKey.ed448:{const{A:n}=i;return qr(e,t,r,0,n,s)}case B.publicKey.hmac:{if(!n)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=i,{keyMaterial:t}=n;return async function(e,t,r,i){if(!ra.has(e))throw Error("Unsupported hash algorithm.");const n=B.read(B.webHash,e),a=ia||na.webcrypto.subtle,s=await a.importKey("raw",t,{name:"HMAC",hash:{name:n}},!1,["verify"]);return a.verify("HMAC",s,r,i)}(e.getValue(),t,r.mac.data,s)}case B.publicKey.pqc_mldsa_ed25519:{const{eccPublicKey:n,mldsaPublicKey:a}=i;return da(e,t,n,a,s,r)}default:throw Error("Unknown signature algorithm.")}}async function Ds(e,t,r,i,n,a){if(!r||!i)throw Error("Missing key parameters");switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await ze(t,n,e,s,o,c,u,h,a)}}case B.publicKey.dsa:{const{g:e,p:t,q:n}=r,{x:s}=i;return async function(e,t,r,i,n,a){const s=BigInt(0);let o,c,u,h;i=ee(i),n=ee(n),r=ee(r),a=ee(a),r=te(r,i),a=te(a,n);const l=te(ee(t.subarray(0,ce(n))),n);for(;;){if(o=ye(ta,n),c=te(re(r,o,i),n),c===s)continue;const e=te(a*c,n);if(h=te(l+e,n),u=te(ne(o,n)*h,n),u!==s)break}return{r:ue(c,"be",ce(i)),s:ue(u,"be",ce(i))}}(0,a,e,t,n,s)}case B.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case B.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return Mn(e,t,n,s,o,a)}case B.publicKey.eddsaLegacy:{const{oid:e,Q:n}=r,{seed:s}=i;return Ln(e,t,0,n,s,a)}case B.publicKey.ed25519:case B.publicKey.ed448:{const{A:n}=r,{seed:s}=i;return Or(e,t,0,n,s,a)}case B.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=i,n=await async function(e,t,r){if(!ra.has(e))throw Error("Unsupported hash algorithm.");const i=B.read(B.webHash,e),n=ia||na.webcrypto.subtle,a=await n.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["sign"]),s=await n.sign("HMAC",a,r);return new Uint8Array(s)}(e.getValue(),t,a);return{mac:new wa(n)}}case B.publicKey.pqc_mldsa_ed25519:{const{eccPublicKey:n}=r,{eccSecretKey:s,mldsaSecretKey:o}=i;return pa(e,t,s,n,o,a)}default:throw Error("Unknown signature algorithm.")}}gs.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},gs.blockLength=16,gs.ivLength=12,gs.tagLength=ps;class xs extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,xs),this.name="Argon2OutOfMemoryError"}}let Is,Cs,Bs=2<<19;class Ts{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return Bs}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){Bs=e}static reloadWasmModule(){Is&&(Cs=Is(),Cs.catch((()=>{})))}constructor(e=T){const{passes:t,parallelism:r,memoryExponent:i}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=i}generateSalt(){this.salt=le(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([B.write(B.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return _.concatUint8Array(e)}async produceKey(e,t){const r=2<<this.encodedM-1;try{Is=Is||(await import("./argon2id.min.mjs")).default,Cs=Cs||Is();const i=await Cs,n=i({version:19,type:2,password:_.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:r,parallelism:this.p,passes:this.t});return r>Ts.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&Ts.reloadWasmModule(),n}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new xs("Could not allocate required memory for Argon2"):e}}}class Ms{constructor(e,t=T){this.algorithm=B.hash.sha256,this.type=B.read(B.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=le(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==_.uint8ArrayToString(e.subarray(t,t+3)))throw new Wt("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new Wt("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new Wt("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,..._.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([B.write(B.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return _.concatUint8Array(e)}async produceKey(e,t){e=_.encodeUTF8(e);const r=[];let i=0,n=0;for(;i<t;){let t;switch(this.type){case"simple":t=_.concatUint8Array([new Uint8Array(n),e]);break;case"salted":t=_.concatUint8Array([new Uint8Array(n),this.salt,e]);break;case"iterated":{const r=_.concatUint8Array([this.salt,e]);let i=r.length;const a=Math.max(this.getCount(),i);t=new Uint8Array(n+a),t.set(r,n);for(let e=n+i;e<a;e+=i,i*=2)t.copyWithin(e,n,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const a=await Ce(this.algorithm,t);r.push(a),i+=a.length,n++}return _.concatUint8Array(r).subarray(0,t)}}const _s=new Set([B.s2k.argon2,B.s2k.iterated]);function Fs(e,t=T){switch(e){case B.s2k.argon2:return new Ts(t);case B.s2k.iterated:case B.s2k.gnu:case B.s2k.salted:case B.s2k.simple:return new Ms(e,t);default:throw new Wt("Unsupported S2K type")}}function Rs(e){const{s2kType:t}=e;if(!_s.has(t))throw Error("The provided `config.s2kType` value is not allowed");return Fs(t,e)}var Ls=Uint8Array,Ns=Uint16Array,zs=Uint32Array,Os=new Ls([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),qs=new Ls([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),js=new Ls([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),Hs=function(e,t){for(var r=new Ns(31),i=0;i<31;++i)r[i]=t+=1<<e[i-1];var n=new zs(r[30]);for(i=1;i<30;++i)for(var a=r[i];a<r[i+1];++a)n[a]=a-r[i]<<5|i;return[r,n]},Gs=Hs(Os,2),Vs=Gs[0],Ws=Gs[1];Vs[28]=258,Ws[258]=28;for(var $s=Hs(qs,0),Zs=$s[0],Qs=$s[1],Xs=new Ns(32768),Ys=0;Ys<32768;++Ys){var Js=(43690&Ys)>>>1|(21845&Ys)<<1;Js=(61680&(Js=(52428&Js)>>>2|(13107&Js)<<2))>>>4|(3855&Js)<<4,Xs[Ys]=((65280&Js)>>>8|(255&Js)<<8)>>>1}var eo=function(e,t,r){for(var i=e.length,n=0,a=new Ns(t);n<i;++n)e[n]&&++a[e[n]-1];var s,o=new Ns(t);for(n=0;n<t;++n)o[n]=o[n-1]+a[n-1]<<1;if(r){s=new Ns(1<<t);var c=15-t;for(n=0;n<i;++n)if(e[n])for(var u=n<<4|e[n],h=t-e[n],l=o[e[n]-1]++<<h,y=l|(1<<h)-1;l<=y;++l)s[Xs[l]>>>c]=u}else for(s=new Ns(i),n=0;n<i;++n)e[n]&&(s[n]=Xs[o[e[n]-1]++]>>>15-e[n]);return s},to=new Ls(288);for(Ys=0;Ys<144;++Ys)to[Ys]=8;for(Ys=144;Ys<256;++Ys)to[Ys]=9;for(Ys=256;Ys<280;++Ys)to[Ys]=7;for(Ys=280;Ys<288;++Ys)to[Ys]=8;var ro=new Ls(32);for(Ys=0;Ys<32;++Ys)ro[Ys]=5;var io=/*#__PURE__*/eo(to,9,0),no=/*#__PURE__*/eo(to,9,1),ao=/*#__PURE__*/eo(ro,5,0),so=/*#__PURE__*/eo(ro,5,1),oo=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},co=function(e,t,r){var i=t/8|0;return(e[i]|e[i+1]<<8)>>(7&t)&r},uo=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},ho=function(e){return(e+7)/8|0},lo=function(e,t,r){(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length);var i=new(2==e.BYTES_PER_ELEMENT?Ns:4==e.BYTES_PER_ELEMENT?zs:Ls)(r-t);return i.set(e.subarray(t,r)),i},yo=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],po=function(e,t,r){var i=Error(t||yo[e]);if(i.code=e,Error.captureStackTrace&&Error.captureStackTrace(i,po),!r)throw i;return i},go=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>>8},fo=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>>8,e[i+2]|=r>>>16},mo=function(e,t){for(var r=[],i=0;i<e.length;++i)e[i]&&r.push({s:i,f:e[i]});var n=r.length,a=r.slice();if(!n)return[Eo,0];if(1==n){var s=new Ls(r[0].s+1);return s[r[0].s]=1,[s,1]}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=n-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var y=a[0].s;for(i=1;i<n;++i)a[i].s>y&&(y=a[i].s);var p=new Ns(y+1),d=wo(r[h-1],p,0);if(d>t){i=0;var g=0,f=d-t,m=1<<f;for(a.sort((function(e,t){return p[t.s]-p[e.s]||e.f-t.f}));i<n;++i){var w=a[i].s;if(!(p[w]>t))break;g+=m-(1<<d-p[w]),p[w]=t}for(g>>>=f;g>0;){var b=a[i].s;p[b]<t?g-=1<<t-p[b]++-1:++i}for(;i>=0&&g;--i){var k=a[i].s;p[k]==t&&(--p[k],++g)}d=t}return[new Ls(p),d]},wo=function(e,t,r){return-1==e.s?Math.max(wo(e.l,t,r+1),wo(e.r,t,r+1)):t[e.s]=r},bo=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new Ns(++t),i=0,n=e[0],a=1,s=function(e){r[i++]=e},o=1;o<=t;++o)if(e[o]==n&&o!=t)++a;else{if(!n&&a>2){for(;a>138;a-=138)s(32754);a>2&&(s(a>10?a-11<<5|28690:a-3<<5|12305),a=0)}else if(a>3){for(s(n),--a;a>6;a-=6)s(8304);a>2&&(s(a-3<<5|8208),a=0)}for(;a--;)s(n);a=1,n=e[o]}return[r.subarray(0,i),t]},ko=function(e,t){for(var r=0,i=0;i<t.length;++i)r+=e[i]*t[i];return r},vo=function(e,t,r){var i=r.length,n=ho(t+2);e[n]=255&i,e[n+1]=i>>>8,e[n+2]=255^e[n],e[n+3]=255^e[n+1];for(var a=0;a<i;++a)e[n+a+4]=r[a];return 8*(n+4+i)},Ko=function(e,t,r,i,n,a,s,o,c,u,h){go(t,h++,r),++n[256];for(var l=mo(n,15),y=l[0],p=l[1],d=mo(a,15),g=d[0],f=d[1],m=bo(y),w=m[0],b=m[1],k=bo(g),v=k[0],K=k[1],A=new Ns(19),E=0;E<w.length;++E)A[31&w[E]]++;for(E=0;E<v.length;++E)A[31&v[E]]++;for(var S=mo(A,7),P=S[0],U=S[1],D=19;D>4&&!P[js[D-1]];--D);var x,I,C,B,T=u+5<<3,M=ko(n,to)+ko(a,ro)+s,_=ko(n,y)+ko(a,g)+s+14+3*D+ko(A,P)+(2*A[16]+3*A[17]+7*A[18]);if(T<=M&&T<=_)return vo(t,h,e.subarray(c,c+u));if(go(t,h,1+(_<M)),h+=2,_<M){x=eo(y,p,0),I=y,C=eo(g,f,0),B=g;var F=eo(P,U,0);go(t,h,b-257),go(t,h+5,K-1),go(t,h+10,D-4),h+=14;for(E=0;E<D;++E)go(t,h+3*E,P[js[E]]);h+=3*D;for(var R=[w,v],L=0;L<2;++L){var N=R[L];for(E=0;E<N.length;++E){var z=31&N[E];go(t,h,F[z]),h+=P[z],z>15&&(go(t,h,N[E]>>>5&127),h+=N[E]>>>12)}}}else x=io,I=to,C=ao,B=ro;for(E=0;E<o;++E)if(i[E]>255){z=i[E]>>>18&31;fo(t,h,x[z+257]),h+=I[z+257],z>7&&(go(t,h,i[E]>>>23&31),h+=Os[z]);var O=31&i[E];fo(t,h,C[O]),h+=B[O],O>3&&(fo(t,h,i[E]>>>5&8191),h+=qs[O])}else fo(t,h,x[i[E]]),h+=I[i[E]];return fo(t,h,x[256]),h+I[256]},Ao=/*#__PURE__*/new zs([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),Eo=/*#__PURE__*/new Ls(0),So=function(e,t,r,i,n){return function(e,t,r,i,n,a){var s=e.length,o=new Ls(i+s+5*(1+Math.ceil(s/7e3))+n),c=o.subarray(i,o.length-n),u=0;if(!t||s<8)for(var h=0;h<=s;h+=65535){var l=h+65535;l>=s&&(c[u>>3]=a),u=vo(c,u+1,e.subarray(h,l))}else{for(var y=Ao[t-1],p=y>>>13,d=8191&y,g=(1<<r)-1,f=new Ns(32768),m=new Ns(g+1),w=Math.ceil(r/3),b=2*w,k=function(t){return(e[t]^e[t+1]<<w^e[t+2]<<b)&g},v=new zs(25e3),K=new Ns(288),A=new Ns(32),E=0,S=0,P=(h=0,0),U=0,D=0;h<s;++h){var x=k(h),I=32767&h,C=m[x];if(f[I]=C,m[x]=I,U<=h){var B=s-h;if((E>7e3||P>24576)&&B>423){u=Ko(e,c,0,v,K,A,S,P,D,h-D,u),P=E=S=0,D=h;for(var T=0;T<286;++T)K[T]=0;for(T=0;T<30;++T)A[T]=0}var M=2,_=0,F=d,R=I-C&32767;if(B>2&&x==k(h-R))for(var L=Math.min(p,B)-1,N=Math.min(32767,h),z=Math.min(258,B);R<=N&&--F&&I!=C;){if(e[h+M]==e[h+M-R]){for(var O=0;O<z&&e[h+O]==e[h+O-R];++O);if(O>M){if(M=O,_=R,O>L)break;var q=Math.min(R,O-2),j=0;for(T=0;T<q;++T){var H=h-R+T+32768&32767,G=H-f[H]+32768&32767;G>j&&(j=G,C=H)}}}R+=(I=C)-(C=f[I])+32768&32767}if(_){v[P++]=268435456|Ws[M]<<18|Qs[_];var V=31&Ws[M],W=31&Qs[_];S+=Os[V]+qs[W],++K[257+V],++A[W],U=h+M,++E}else v[P++]=e[h],++K[e[h]]}}u=Ko(e,c,a,v,K,A,S,P,D,h-D,u),!a&&7&u&&(u=vo(c,u+1,Eo))}return lo(o,0,i+ho(u)+n)}(e,null==t.level?6:t.level,null==t.mem?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):12+t.mem,r,i,!n)},Po=/*#__PURE__*/function(){function e(e,t){t||"function"!=typeof e||(t=e,e={}),this.ondata=t,this.o=e||{}}return e.prototype.p=function(e,t){this.ondata(So(e,this.o,0,0,!t),t)},e.prototype.push=function(e,t){this.ondata||po(5),this.d&&po(4),this.d=t,this.p(e,t||!1)},e}(),Uo=/*#__PURE__*/function(){function e(e){this.s={},this.p=new Ls(0),this.ondata=e}return e.prototype.e=function(e){this.ondata||po(5),this.d&&po(4);var t=this.p.length,r=new Ls(t+e.length);r.set(this.p),r.set(e,t),this.p=r},e.prototype.c=function(e){this.d=this.s.i=e||!1;var t=this.s.b,r=function(e,t,r){var i=e.length;if(!i||r&&r.f&&!r.l)return t||new Ls(0);var n=!t||r,a=!r||r.i;r||(r={}),t||(t=new Ls(3*i));var s=function(e){var r=t.length;if(e>r){var i=new Ls(Math.max(2*r,e));i.set(t),t=i}},o=r.f||0,c=r.p||0,u=r.b||0,h=r.l,l=r.d,y=r.m,p=r.n,d=8*i;do{if(!h){o=co(e,c,1);var g=co(e,c+1,3);if(c+=3,!g){var f=e[(U=ho(c)+4)-4]|e[U-3]<<8,m=U+f;if(m>i){a&&po(0);break}n&&s(u+f),t.set(e.subarray(U,m),u),r.b=u+=f,r.p=c=8*m,r.f=o;continue}if(1==g)h=no,l=so,y=9,p=5;else if(2==g){var w=co(e,c,31)+257,b=co(e,c+10,15)+4,k=w+co(e,c+5,31)+1;c+=14;for(var v=new Ls(k),K=new Ls(19),A=0;A<b;++A)K[js[A]]=co(e,c+3*A,7);c+=3*b;var E=oo(K),S=(1<<E)-1,P=eo(K,E,1);for(A=0;A<k;){var U,D=P[co(e,c,S)];if(c+=15&D,(U=D>>>4)<16)v[A++]=U;else{var x=0,I=0;for(16==U?(I=3+co(e,c,3),c+=2,x=v[A-1]):17==U?(I=3+co(e,c,7),c+=3):18==U&&(I=11+co(e,c,127),c+=7);I--;)v[A++]=x}}var C=v.subarray(0,w),B=v.subarray(w);y=oo(C),p=oo(B),h=eo(C,y,1),l=eo(B,p,1)}else po(1);if(c>d){a&&po(0);break}}n&&s(u+131072);for(var T=(1<<y)-1,M=(1<<p)-1,_=c;;_=c){var F=(x=h[uo(e,c)&T])>>>4;if((c+=15&x)>d){a&&po(0);break}if(x||po(2),F<256)t[u++]=F;else{if(256==F){_=c,h=null;break}var R=F-254;if(F>264){var L=Os[A=F-257];R=co(e,c,(1<<L)-1)+Vs[A],c+=L}var N=l[uo(e,c)&M],z=N>>>4;if(N||po(3),c+=15&N,B=Zs[z],z>3&&(L=qs[z],B+=uo(e,c)&(1<<L)-1,c+=L),c>d){a&&po(0);break}n&&s(u+131072);for(var O=u+R;u<O;u+=4)t[u]=t[u-B],t[u+1]=t[u+1-B],t[u+2]=t[u+2-B],t[u+3]=t[u+3-B];u=O}}r.l=h,r.p=_,r.b=u,r.f=o,h&&(o=1,r.m=y,r.d=l,r.n=p)}while(!o);return u==t.length?t:lo(t,0,u)}(this.p,this.o,this.s);this.ondata(lo(r,t,this.s.b),this.d),this.o=lo(r,this.s.b-32768),this.s.b=this.o.length,this.p=lo(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),Do=/*#__PURE__*/function(){function e(e,t){var r,i;this.c=(r=1,i=0,{p:function(e){for(var t=r,n=i,a=0|e.length,s=0;s!=a;){for(var o=Math.min(s+2655,a);s<o;++s)n+=t+=e[s];t=(65535&t)+15*(t>>16),n=(65535&n)+15*(n>>16)}r=t,i=n},d:function(){return(255&(r%=65521))<<24|r>>>8<<16|(255&(i%=65521))<<8|i>>>8}}),this.v=1,Po.call(this,e,t)}return e.prototype.push=function(e,t){Po.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){this.c.p(e);var r=So(e,this.o,this.v&&2,t&&4,!t);this.v&&(function(e,t){var r=t.level,i=0==r?0:r<6?1:9==r?3:2;e[0]=120,e[1]=i<<6|(i?32-2*i:1)}(r,this.o),this.v=0),t&&function(e,t,r){for(;r;++t)e[t]=r,r>>>=8}(r,r.length-4,this.c.d()),this.ondata(r,t)},e}(),xo=/*#__PURE__*/function(){function e(e){this.v=1,Uo.call(this,e)}return e.prototype.push=function(e,t){if(Uo.prototype.e.call(this,e),this.v){if(this.p.length<2&&!t)return;this.p=this.p.subarray(2),this.v=0}t&&(this.p.length<4&&po(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),Uo.prototype.c.call(this,t)},e}(),Io="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Io.decode(Eo,{stream:!0}),1}catch(e){}class Co{static get tag(){return B.packet.literalData}constructor(e=new Date){this.format=B.literal.utf8,this.date=_.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=B.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||_.isStream(this.text))&&(this.text=_.decodeUTF8(_.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=_.canonicalizeEOL(_.encodeUTF8(this.text))),e?A(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await v(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=_.decodeUTF8(await e.readBytes(r)),this.date=_.readDate(await e.readBytes(4));let i=e.remainder();a(i)&&(i=await P(i)),this.setBytes(i,t)}))}writeHeader(){const e=_.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=_.writeDate(this.date);return _.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return _.concat([e,t])}}class Bo{constructor(){this.bytes=""}read(e){return this.bytes=_.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return _.stringToUint8Array(this.bytes)}toHex(){return _.uint8ArrayToHex(_.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new Bo;return t.read(_.hexToUint8Array(e)),t}static wildcard(){const e=new Bo;return e.read(new Uint8Array(8)),e}}const To=Symbol("verified"),Mo="salt@notations.openpgpjs.org",_o=new Set([B.signatureSubpacket.issuerKeyID,B.signatureSubpacket.issuerFingerprint,B.signatureSubpacket.embeddedSignature]);class Fo{static get tag(){return B.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new Bo,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[To]=null}read(e,t=T){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Wt("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const i=e.subarray(r,e.length),{read:n,signatureParams:a}=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const e=_.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case B.publicKey.dsa:case B.publicKey.ecdsa:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case B.publicKey.eddsaLegacy:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case B.publicKey.ed25519:case B.publicKey.ed448:{const i=2*Hr(e),n=_.readExactSubarray(t,r,r+i);return r+=n.length,{read:r,signatureParams:{RS:n}}}case B.publicKey.hmac:{const e=new wa;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case B.publicKey.pqc_mldsa_ed25519:{const e=2*Hr(B.publicKey.ed25519),i=_.readExactSubarray(t,r,r+e);r+=i.length;const n=_.readExactSubarray(t,r,r+3309);return r+=n.length,{read:r,signatureParams:{eccSignature:i,mldsaSignature:n}}}default:throw new Wt("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,i);if(n<i.length)throw Error("Error reading MPIs");this.params=a}writeParams(){return this.params instanceof Promise?D((async()=>ks(this.publicKeyAlgorithm,await this.params))):ks(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),_.concat(e)}async sign(e,t,r=new Date,i=!1,n){this.version=e.version,this.created=_.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const a=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=Lo(this.hashAlgorithm);if(null===this.salt)this.salt=le(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(n.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===Mo)).length)throw Error("Unexpected existing salt notation");{const e=le(Lo(this.hashAlgorithm));this.rawNotations.push({name:Mo,value:e,humanReadable:!1,critical:!1})}}a.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=_.concat(a);const s=this.toHash(this.signatureType,t,i),o=await this.hash(this.signatureType,t,s,i);this.signedHashValue=S(K(o),0,2);const c=async()=>Ds(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,s,await P(o));_.isStream(o)?this.params=c():(this.params=await c(),this[To]=!0)}writeHashedSubPackets(){const e=B.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(Ro(e.signatureCreationTime,!0,_.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(Ro(e.signatureExpirationTime,!0,_.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(Ro(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(Ro(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(Ro(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(Ro(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(Ro(e.keyExpirationTime,!0,_.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(Ro(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=_.concat([r,this.revocationKeyFingerprint]),t.push(Ro(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(Ro(e.issuerKeyID,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:n,humanReadable:a,critical:s})=>{r=[new Uint8Array([a?128:0,0,0,0])];const o=_.encodeUTF8(i);r.push(_.writeNumber(o.length,2)),r.push(_.writeNumber(n.length,2)),r.push(o),r.push(n),r=_.concat(r),t.push(Ro(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(Ro(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(Ro(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.keyServerPreferences)),t.push(Ro(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(Ro(e.preferredKeyServer,!1,_.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(Ro(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(Ro(e.policyURI,!1,_.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.keyFlags)),t.push(Ro(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(Ro(e.signersUserID,!1,_.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=_.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(Ro(e.reasonForRevocation,!0,r))),null!==this.features&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.features)),t.push(Ro(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(_.stringToUint8Array(this.signatureTargetHash)),r=_.concat(r),t.push(Ro(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(Ro(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=_.concat(r),t.push(Ro(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=_.stringToUint8Array(_.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(Ro(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(Ro(e.preferredCipherSuites,!1,r)));const i=_.concat(t),n=_.writeNumber(i.length,6===this.version?4:2);return _.concat([n,i])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>Ro(e,t,r))),t=_.concat(e),r=_.writeNumber(t.length,6===this.version?4:2);return _.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),n=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:n,critical:i,body:e.subarray(r,e.length)}),_o.has(n)))switch(n){case B.signatureSubpacket.signatureCreationTime:this.created=_.readDate(e.subarray(r,e.length));break;case B.signatureSubpacket.signatureExpirationTime:{const t=_.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case B.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case B.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case B.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case B.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case B.signatureSubpacket.keyExpirationTime:{const t=_.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case B.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case B.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case B.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const n=_.readNumber(e.subarray(r,r+2));r+=2;const a=_.readNumber(e.subarray(r,r+2));r+=2;const s=_.decodeUTF8(e.subarray(r,r+n)),o=e.subarray(r+n,r+n+a);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=_.decodeUTF8(o));break}case B.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=_.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case B.signatureSubpacket.policyURI:this.policyURI=_.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.signersUserID:this.signersUserID=_.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=_.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Be(this.signatureTargetHashAlgorithm);this.signatureTargetHash=_.uint8ArrayToString(e.subarray(r,r+t));break}case B.signatureSubpacket.embeddedSignature:this.embeddedSignature=new Fo,this.embeddedSignature.read(e.subarray(r,e.length));break;case B.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case B.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:n,critical:i,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const i=6===this.version?4:2,n=_.readNumber(e.subarray(0,i));let a=i;for(;a<2+n;){const i=zt(e.subarray(a,e.length));a+=i.offset,this.readSubPacket(e.subarray(a,a+i.len),t,r),a+=i.len}return a}toSign(e,t){const r=B.signature;switch(e){case r.binary:return null!==t.text?_.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return _.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const n=e.write();return _.concat([this.toSign(r.key,t),new Uint8Array([i]),_.writeNumber(n.length,4),n])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return _.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return b(K(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==B.signature.binary&&this.signatureType!==B.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(_.writeNumber(r,4)),_.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return _.concat([this.salt||new Uint8Array,i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){if(6===this.version&&this.salt.length!==Lo(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,i)),Ce(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,n=!1,a=T){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===B.signature.binary||t===B.signature.text;if(!(this[To]&&!s)){let i,a;if(this.hashed?a=await this.hashed:(i=this.toHash(t,r,n),a=await this.hash(t,r,i)),a=await P(a),this.signedHashValue[0]!==a[0]||this.signedHashValue[1]!==a[1])throw Error("Signed digest did not match");this.params=await this.params;const s=this.publicKeyAlgorithm===B.publicKey.hmac?e.privateParams:null;if(this[To]=await Us(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,s,i,a),!this[To])throw Error("Signature verification failed")}const o=_.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(a.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+B.read(B.hash,this.hashAlgorithm).toUpperCase());if(a.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[B.signature.binary,B.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+B.read(B.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&a.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=_.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function Ro(e,t,r){const i=[];return i.push(Ot(r.length+1)),i.push(new Uint8Array([(t?128:0)|e])),i.push(r),_.concat(i)}function Lo(e){switch(e){case B.hash.sha256:return 16;case B.hash.sha384:return 24;case B.hash.sha512:return 32;case B.hash.sha224:case B.hash.sha3_256:return 16;case B.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class No{static get tag(){return B.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new No;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new Bo,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new Bo,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),_.concatUint8Array(e)}calculateTrailer(...e){return D((async()=>Fo.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==B.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!_.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!_.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}No.prototype.hash=Fo.prototype.hash,No.prototype.toHash=Fo.prototype.toHash,No.prototype.toSign=Fo.prototype.toSign;class zo extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,zo),this.name="GrammarError"}}const Oo=(e,t)=>{const r=e.filter((e=>e!==B.packet.marker&&e!==B.packet.padding&&!(e=>{try{return B.read(B.packet,e),!1}catch(e){return!0}})(e)));return 1===(i=r).length&&i[0]===B.packet.literalData||(e=>1===e.length&&e[0]===B.packet.compressedData)(r)||(e=>{const t=(e,t)=>e.every((e=>new Set([B.packet.publicKeyEncryptedSessionKey,B.packet.symEncryptedSessionKey]).has(e))),r=e.findIndex((e=>new Set([B.packet.aeadEncryptedData,B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData]).has(e)));return r<0?t(e):r===e.length-1&&t(e.slice(0,r))})(r)||((e,t)=>{if(0===e.findIndex((e=>e===B.packet.signature)))return Oo(e.slice(1),t);if(0===e.findIndex((e=>e===B.packet.onePassSignature))){const r=_.findLastIndex(e,(e=>e===B.packet.signature));return!(r!==e.length-1&&!t)&&Oo(e.slice(1,r<0?void 0:r),t)}return!1})(r,t);var i},qo=({delayReporting:e})=>{let t=!1;return(r,i,n)=>{if(e&&i)return null;if(!Oo(r,i)){const e=new zo(`Data does not respect OpenPGP grammar [${r}]`);if(t||(n.pluggableGrammarErrorReporter?.(e.message),_.printDebugError(e),t=!0),n.enforceGrammar)throw e;return!0}return!0}};function jo(e,t){if(!t[e]){let t;try{t=B.read(B.packet,e)}catch(t){throw new $t("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}class Ho extends Array{static async fromBinary(e,t,r=T,i=null){const n=new Ho;return await n.read(e,t,r,i),n}async read(e,t,r=T,i=null){r.additionalAllowedPackets.length&&(t={...t,..._.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=k(e,(async(e,n)=>{const a=I(n),s=[];try{for(;;){await a.ready;if(await Vt(e,(async e=>{try{if(e.tag===B.packet.marker||e.tag===B.packet.trust||e.tag===B.packet.padding)return;const n=jo(e.tag,t);n.packets=new Ho,n.fromStream=_.isStream(e.packet),await n.read(e.packet,r),await a.write(n),s.push(e.tag),i?.(s,!0,r)}catch(t){if(t instanceof $t){if(!(e.tag<=39))return;await a.abort(t)}const n=!r.ignoreUnsupportedPackets&&t instanceof Wt,o=!(r.ignoreMalformedPackets||t instanceof Wt);if(n||o||t instanceof zo||Gt(e.tag))await a.abort(t);else{const t=new Zt(e.tag,e.packet);await a.write(t),s.push(e.tag),i?.(s,!0,r)}_.printDebugError(t)}})))return i?.(s,!1,r),await a.ready,void await a.close()}}catch(e){await a.abort(e)}}));const n=x(this.stream);for(;;){const{done:e,value:t}=await n.read();if(e?this.stream=null:this.push(t),e||Gt(t.constructor.tag))break}n.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof Zt?this[t].tag:this[t].constructor.tag,i=this[t].write();if(_.isStream(i)&&Gt(this[t].constructor.tag)){let t=[],n=0;const a=512;e.push(jt(r)),e.push(b(i,(e=>{if(t.push(e),n+=e.length,n>=a){const e=Math.min(Math.log(n)/Math.LN2|0,30),r=2**e,i=_.concat([qt(e)].concat(t));return t=[i.subarray(1+r)],n=t[0].length,i.subarray(0,1+r)}}),(()=>_.concat([Ot(n)].concat(t)))))}else{if(_.isStream(i)){let t=0;e.push(b(K(i),(e=>{t+=e.length}),(()=>Ht(r,t))))}else e.push(Ht(r,i.length));e.push(i)}}return _.concat(e)}filterByTag(...e){const t=new Ho,r=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(r(this[i].constructor.tag))&&t.push(this[i]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let n=0;n<this.length;n++)e.some(i(r[n].constructor.tag))&&t.push(n);return t}}const Go=/*#__PURE__*/_.constructAllowedPackets([Co,No,Fo]);class Vo{static get tag(){return B.packet.compressedData}constructor(e=T){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=T){await v(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),_.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=T){const t=B.read(B.compression,this.algorithm),r=Xo[t];if(!r)throw Error(t+" decompression not supported");this.packets=await Ho.fromBinary(await r(this.compressed),Go,e,qo({enforceDelay:!1}))}compress(){const e=B.read(B.compression,this.algorithm),t=Qo[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function Wo(e,t){return r=>{if(!_.isStream(r)||a(r))return D((()=>P(r).then((e=>new Promise(((r,i)=>{const n=new t;n.ondata=e=>{r(e)};try{n.push(e,!0)}catch(e){i(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const i=r.getReader(),n=new t;return new ReadableStream({async start(e){for(n.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await i.read();if(e)return void n.push(new Uint8Array,!0);t.length&&n.push(t)}}})}}function $o(){return async function(e){const{decode:t}=await import("./seek-bzip.min.mjs").then((function(e){return e.i}));return D((async()=>t(await P(e))))}}const Zo=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),Qo={zip:/*#__PURE__*/Wo(Zo("deflate-raw").compressor,Po),zlib:/*#__PURE__*/Wo(Zo("deflate").compressor,Do)},Xo={uncompressed:e=>e,zip:/*#__PURE__*/Wo(Zo("deflate-raw").decompressor,Uo),zlib:/*#__PURE__*/Wo(Zo("deflate").decompressor,xo),bzip2:/*#__PURE__*/$o()},Yo=/*#__PURE__*/_.constructAllowedPackets([Co,Vo,No,Fo]);class Jo{static get tag(){return B.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new Jo;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new Wt(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?_.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):_.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=T){const{blockSize:i,keySize:n}=en(e);if(t.length!==n)throw Error("Unexpected session key size");let s=this.packets.write();if(a(s)&&(s=await P(s)),2===this.version)this.cipherAlgorithm=e,this.salt=le(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await ec(this,"encrypt",t,s);else{const r=await xa(e),n=new Uint8Array([211,20]),a=_.concat([r,s,n]),o=await Ce(B.hash.sha1,A(a)),c=_.concat([a,o]);this.encrypted=await Ia(e,t,c,new Uint8Array(i))}return!0}async decrypt(e,t,r=T){if(t.length!==en(e).keySize)throw Error("Unexpected session key size");let i,n,s=K(this.encrypted);if(a(s)&&(s=await P(s)),2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");i=await ec(this,"decrypt",t,s),n=qo({delayReporting:!1})}else{const{blockSize:a}=en(e),o=await Ca(e,t,s,new Uint8Array(a)),c=_.isStream(s)&&r.allowUnauthenticatedStream;n=qo({delayReporting:c});const u=S(A(o),-20),h=S(o,0,-20),l=Promise.all([P(await Ce(B.hash.sha1,A(h))),P(u)]).then((([e,t])=>{if(!_.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),y=S(h,a+2);i=S(y,0,-2),i=g([i,D((()=>l))]),c||(i=await P(i))}return this.packets=await Ho.fromBinary(i,Yo,r,n),!0}}async function ec(e,t,r,i){const n=e instanceof Jo&&2===e.version,a=!n&&e.constructor.tag===B.packet.aeadEncryptedData;if(!n&&!a)throw Error("Unexpected packet type");const s=fs(e.aeadAlgorithm,a),o="decrypt"===t?s.tagLength:0,c="encrypt"===t?s.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=a?8:0,l=new ArrayBuffer(13+h),y=new Uint8Array(l,0,5+h),p=new Uint8Array(l),d=new DataView(l),g=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let m,w,b=0,v=Promise.resolve(),K=0,A=0;if(n){const{keySize:t}=en(e.cipherAlgorithm),{ivLength:i}=s,n=new Uint8Array(l,0,5),a=await sn(B.hash.sha256,r,e.salt,n,t+i);r=a.subarray(0,t),m=a.subarray(t),m.fill(0,m.length-8),w=new DataView(m.buffer,m.byteOffset,m.byteLength)}else m=e.iv;const E=await s(e.cipherAlgorithm,r);return k(i,(async(r,i)=>{if("array"!==_.isStream(r)){const t=new TransformStream({},{highWaterMark:_.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});f(t.readable,i),i=t.writable}const a=x(r),s=I(i);try{for(;;){let e=await a.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let i,l,f;if(e=e.subarray(0,e.length-o),n)f=m;else{f=m.slice();for(let e=0;e<8;e++)f[m.length-8+e]^=g[e]}if(!b||e.length?(a.unshift(r),i=E[t](e,f,y),i.catch((()=>{})),A+=e.length-o+c):(d.setInt32(5+h+4,K),i=E[t](r,f,p),i.catch((()=>{})),A+=c,l=!0),K+=e.length-o,v=v.then((()=>i)).then((async e=>{await s.ready,await s.write(e),A-=e.length})).catch((e=>s.abort(e))),(l||A>s.desiredSize)&&await v,l){await s.close();break}n?w.setInt32(m.length-4,++b):d.setInt32(9,++b)}}catch(e){await s.ready.catch((()=>{})),await s.abort(e)}}))}const tc=/*#__PURE__*/_.constructAllowedPackets([Co,Vo,No,Fo]);class rc{static get tag(){return B.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=B.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Wt(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=fs(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return _.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=T){this.packets=await Ho.fromBinary(await ec(this,"decrypt",t,K(this.encrypted)),tc,r,qo({enforceDelay:!1}))}async encrypt(e,t,r=T){this.cipherAlgorithm=e;const{ivLength:i}=fs(this.aeadAlgorithm,!0);this.iv=le(i),this.chunkSizeByte=r.aeadChunkSizeByte;const n=this.packets.write();this.encrypted=await ec(this,"encrypt",t,n)}}const ic=new Set([B.publicKey.x25519,B.publicKey.x448,B.publicKey.pqc_mlkem_x25519]);class nc{static get tag(){return B.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new Bo,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:i,sessionKeyAlgorithm:n}){const a=new nc;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return a.version=e,6===e&&(a.publicKeyVersion=r?null:t.version,a.publicKeyFingerprint=r?null:t.getFingerprintBytes()),a.publicKeyID=r?Bo.wildcard():t.getKeyID(),a.publicKeyAlgorithm=t.algorithm,a.sessionKey=i,a.sessionKeyAlgorithm=n,a}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const i=r-1;this.publicKeyFingerprint=e.subarray(t,t+i),t+=i,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=Bo.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:return{c:_.readMPI(t.subarray(r))};case B.publicKey.elgamal:{const e=_.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:_.readMPI(t.subarray(r))}}case B.publicKey.ecdh:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=new ma;return i.read(t.subarray(r)),{V:e,C:i}}case B.publicKey.x25519:case B.publicKey.x448:{const i=Ps(e),n=_.readExactSubarray(t,r,r+i);r+=n.length;const a=new Ea;return a.read(t.subarray(r)),{ephemeralPublicKey:n,C:a}}case B.publicKey.aead:{const e=new va;r+=e.read(t.subarray(r));const{ivLength:i}=fs(e.getValue()),n=t.subarray(r,r+i);r+=i;const a=new wa;return r+=a.read(t.subarray(r)),{aeadMode:e,iv:n,c:a}}case B.publicKey.pqc_mlkem_x25519:{const e=_.readExactSubarray(t,r,r+Ps(B.publicKey.x25519));r+=e.length;const i=_.readExactSubarray(t,r,r+1088);r+=i.length;const n=new Ea;return n.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:i,C:n}}default:throw new Wt("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),ic.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=B.write(B.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),ks(this.publicKeyAlgorithm,this.encrypted)),_.concatUint8Array(e)}async encrypt(e){const t=B.write(B.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),n=ac(this.version,t,r,this.sessionKey),a=t===B.publicKey.aead?e.privateParams:null;this.encrypted=await ms(t,r,e.publicParams,a,n,i)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?ac(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),n=await ws(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,i,r),{sessionKey:a,sessionKeyAlgorithm:s}=function(e,t,r,i){switch(t){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.aead:{const t=r.subarray(0,r.length-2),n=r.subarray(r.length-2),a=_.writeChecksum(t.subarray(t.length%8)),s=a[0]===n[0]&a[1]===n[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(i){const t=s&o.sessionKeyAlgorithm===i.sessionKeyAlgorithm&o.sessionKey.length===i.sessionKey.length;return{sessionKey:_.selectUint8Array(t,o.sessionKey,i.sessionKey),sessionKeyAlgorithm:6===e?null:_.selectUint8(t,o.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(s&&(6===e||B.read(B.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,n,t);if(3===this.version){const e=!ic.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?s:this.sessionKeyAlgorithm,a.length!==en(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=a}}function ac(e,t,r,i){switch(t){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.aead:return _.concatUint8Array([new Uint8Array(6===e?[]:[r]),i,_.writeChecksum(i.subarray(i.length%8))]);case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return i;default:throw Error("Unsupported public key algorithm")}}class sc{static get tag(){return B.packet.symEncryptedSessionKey}constructor(e=T){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=B.write(B.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const i=e[t++];if(this.s2k=Fs(i),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=fs(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const i=r.length,n=3+i+this.iv.length;t=_.concatUint8Array([new Uint8Array([this.version,n,e,this.aeadAlgorithm,i]),r,this.iv,this.encrypted])}else 5===this.version?t=_.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=_.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=_.concatUint8Array([t,this.encrypted])));return t}async decrypt(e){const t=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:r,keySize:i}=en(t),n=await this.s2k.produceKey(e,i);if(this.version>=5){const e=fs(this.aeadAlgorithm,!0),r=new Uint8Array([192|sc.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),a=6===this.version?await sn(B.hash.sha256,n,new Uint8Array,r,i):n,s=await e(t,a);this.sessionKey=await s.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await Ca(t,n,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=B.write(B.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==en(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=n}async encrypt(e,t=T){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=Rs(t),this.s2k.generateSalt();const{blockSize:i,keySize:n}=en(r),a=await this.s2k.produceKey(e,n);if(null===this.sessionKey&&(this.sessionKey=Es(this.sessionKeyAlgorithm)),this.version>=5){const e=fs(this.aeadAlgorithm);this.iv=le(e.ivLength);const t=new Uint8Array([192|sc.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await sn(B.hash.sha256,a,new Uint8Array,t,n):a,s=await e(r,i);this.encrypted=await s.encrypt(this.sessionKey,this.iv,t)}else{const e=_.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await Ia(r,a,e,new Uint8Array(i))}}}class oc{static get tag(){return B.packet.publicKey}constructor(e=new Date,t=T){this.version=t.v6Keys?6:4,this.created=_.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new oc,{version:r,created:i,algorithm:n,publicParams:a,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=n,t.publicParams=a,t.keyID=s,t.fingerprint=o,t}async read(e,t=T){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Wt("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=_.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:i}=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case B.publicKey.dsa:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));r+=i.length+2;const n=_.readMPI(t.subarray(r));r+=n.length+2;const a=_.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,q:i,g:n,y:a}}}case B.publicKey.elgamal:{const e=_.readMPI(t.subarray(r));r+=e.length+2;const i=_.readMPI(t.subarray(r));r+=i.length+2;const n=_.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,g:i,y:n}}}case B.publicKey.ecdsa:{const e=new Nt;r+=e.read(t),Ss(e);const i=_.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case B.publicKey.eddsaLegacy:{const e=new Nt;if(r+=e.read(t),Ss(e),e.getName()!==B.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let i=_.readMPI(t.subarray(r));return r+=i.length+2,i=_.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case B.publicKey.ecdh:{const e=new Nt;r+=e.read(t),Ss(e);const i=_.readMPI(t.subarray(r));r+=i.length+2;const n=new ba;return r+=n.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:n}}}case B.publicKey.ed25519:case B.publicKey.ed448:case B.publicKey.x25519:case B.publicKey.x448:{const i=_.readExactSubarray(t,r,r+Ps(e));return r+=i.length,{read:r,publicParams:{A:i}}}case B.publicKey.hmac:case B.publicKey.aead:{const e=new Ka;r+=e.read(t);const i=Be(B.hash.sha256),n=t.subarray(r,r+i);return r+=i,{read:r,publicParams:{cipher:e,digest:n}}}case B.publicKey.pqc_mlkem_x25519:{const e=_.readExactSubarray(t,r,r+Ps(B.publicKey.x25519));r+=e.length;const i=_.readExactSubarray(t,r,r+1184);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:i}}}case B.publicKey.pqc_mldsa_ed25519:{const e=_.readExactSubarray(t,r,r+Ps(B.publicKey.ed25519));r+=e.length;const i=_.readExactSubarray(t,r,r+1952);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:i}}}default:throw new Wt("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&i.oid&&(i.oid.getName()===B.curve.curve25519Legacy||i.oid.getName()===B.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&(this.algorithm===B.publicKey.pqc_mldsa_ed25519||this.algorithm===B.publicKey.pqc_mlkem_x25519))throw Error("Unexpected key version: ML-DSA and ML-KEM algorithms can only be used with v6 keys");return this.publicParams=i,r+=t,await this.computeFingerprintAndKeyID(),r}throw new Wt(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(_.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=ks(this.algorithm,this.publicParams);return this.version>=5&&e.push(_.writeNumber(t.length,4)),e.push(t),_.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,i=e>=5?4:2;return _.concatUint8Array([new Uint8Array([r]),_.writeNumber(t.length,i),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new Bo,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await Ce(B.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await Ce(B.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return _.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&_.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=B.read(B.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=_.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}oc.prototype.readPublicKey=oc.prototype.read,oc.prototype.writePublicKey=oc.prototype.write;const cc=/*#__PURE__*/_.constructAllowedPackets([Co,Vo,No,Fo]);class uc{static get tag(){return B.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=T){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:i}=en(e),n=await P(K(this.encrypted)),a=await Ca(e,t,n.subarray(i+2),n.subarray(2,i+2));this.packets=await Ho.fromBinary(a,cc,r)}async encrypt(e,t,r=T){const i=this.packets.write(),{blockSize:n}=en(e),a=await xa(e),s=await Ia(e,t,a,new Uint8Array(n)),o=await Ia(e,t,i,s.subarray(2));this.encrypted=_.concat([s,o])}}class hc{static get tag(){return B.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class lc extends oc{static get tag(){return B.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new lc,{version:r,created:i,algorithm:n,publicParams:a,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=n,t.publicParams=a,t.keyID=s,t.fingerprint=o,t}}class yc{static get tag(){return B.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=zt(e.subarray(t,e.length));t+=r.offset,this.attributes.push(_.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(Ot(this.attributes[t].length)),e.push(_.stringToUint8Array(this.attributes[t]));return _.concatUint8Array(e)}equals(e){return!!(e&&e instanceof yc)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class pc extends oc{static get tag(){return B.packet.secretKey}constructor(e=new Date,t=T){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=T){let r=await this.readPublicKey(e,t);const i=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=Fs(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+en(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+fs(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(i),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!_.equalsUint8Array(_.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await bs(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof Wt)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return _.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=ks(this.algorithm,this.privateParams)),5===this.version&&t.push(_.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(_.writeChecksum(this.keyMaterial))),_.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=T){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=Fs(B.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=B.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=T){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=Rs(t),this.s2k.generateSalt();const r=ks(this.algorithm,this.privateParams);this.symmetric=B.symmetric.aes256;const{blockSize:i}=en(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const n=fs(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const a=jt(this.constructor.tag),s=await dc(this.version,this.s2k,e,this.symmetric,this.aead,a,this.isLegacyAEAD),o=await n(this.symmetric,s);this.iv=this.isLegacyAEAD?le(i):le(n.ivLength);const c=this.isLegacyAEAD?new Uint8Array:_.concatUint8Array([a,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,n.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const t=await dc(this.version,this.s2k,e,this.symmetric);this.iv=le(i),this.keyMaterial=await Ia(this.symmetric,t,_.concatUint8Array([r,await Ce(B.hash.sha1,r)]),this.iv)}}async decrypt(e){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let t;const r=jt(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let i;if(t=await dc(this.version,this.s2k,e,this.symmetric,this.aead,r,this.isLegacyAEAD),253===this.s2kUsage){const e=fs(this.aead,!0),n=await e(this.symmetric,t);try{const t=this.isLegacyAEAD?new Uint8Array:_.concatUint8Array([r,this.writePublicKey()]);i=await n.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),t)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await Ca(this.symmetric,t,this.keyMaterial,this.iv);i=e.subarray(0,-20);const r=await Ce(B.hash.sha1,i);if(!_.equalsUint8Array(r,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await bs(this.algorithm,i,this.publicParams);this.privateParams=e}catch(e){throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await As(this.algorithm,this.publicParams,this.privateParams)}catch(t){e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===B.publicKey.ecdh&&t===B.curve.curve25519Legacy||this.algorithm===B.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&(this.algorithm===B.publicKey.pqc_mldsa_ed25519||this.algorithm===B.publicKey.pqc_mlkem_x25519))throw Error(`Cannot generate v${this.version} keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:i,publicParams:n}=await vs(this.algorithm,e,t,r);this.privateParams=i,this.publicParams=n,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function dc(e,t,r,i,n,a,s){if("argon2"===t.type&&!n)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=en(i),c=await t.produceKey(r,o);if(!n||5===e||s)return c;const u=_.concatUint8Array([a,new Uint8Array([e,i,n])]);return sn(B.hash.sha256,c,new Uint8Array,u,o)}class gc{static get tag(){return B.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(_.isString(e)||e.name&&!_.isString(e.name)||e.email&&!_.isEmailAddress(e.email)||e.comment&&!_.isString(e.comment))throw Error("Invalid user ID format");const t=new gc;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=T){const r=_.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const i=/^(?<name>[^()]+\s+)?(?<comment>\([^()]+\)\s+)?(?<email><\S+@\S+>)$/.exec(r);if(null!==i){const{name:e,comment:t,email:r}=i.groups;this.comment=t?.replace(/^\(|\)|\s$/g,"").trim()||"",this.name=e?.trim()||"",this.email=r.substring(1,r.length-1)}else/^[^\s@]+@[^\s@]+$/.test(r)&&(this.email=r);this.userID=r}write(){return _.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class fc extends pc{static get tag(){return B.packet.secretSubkey}constructor(e=new Date,t=T){super(e,t)}}class mc{static get tag(){return B.packet.trust}read(){throw new Wt("Trust packets are not supported")}write(){throw new Wt("Trust packets are not supported")}}class wc{static get tag(){return B.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await le(e)}}const bc=/*#__PURE__*/_.constructAllowedPackets([Fo]);class kc{constructor(e){this.packets=e||new Ho}write(){return this.packets.write()}armor(e=T){const t=this.packets.some((e=>e.constructor.tag===Fo.tag&&6!==e.version));return X(B.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function vc({armoredSignature:e,binarySignature:t,config:r,...i}){r={...T,...r};let n=e||t;if(!n)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!_.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!_.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:e,data:t}=await Q(n);if(e!==B.armor.signature)throw Error("Armored text not of type signature");n=t}const s=await Ho.fromBinary(n,bc,r);return new kc(s)}async function Kc(e,t){const r=new fc(e.date,t);return r.packets=null,r.algorithm=B.write(B.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Ac(e,t){const r=new pc(e.date,t);return r.packets=null,r.algorithm=B.write(B.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Ec(e,t,r,i,n=new Date,a){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,n,void 0,a),s=e[c])}catch(e){o=e}if(!s)throw _.wrapError(`Could not find valid ${B.read(B.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Sc(e,t,r=new Date){const i=_.normalizeDate(r);if(null!==i){const r=Cc(e,t);return!(e.created<=i&&i<r)}return!1}async function Pc(e,t,r,i){const n={};n.key=t,n.bind=e;const a={signatureType:B.signature.subkeyBinding};r.sign?(a.keyFlags=[B.keyFlags.signData],a.embeddedSignature=await Dc(n,[],e,{signatureType:B.signature.keyBinding},r.date,void 0,void 0,void 0,i)):a.keyFlags=r.forwarding?[B.keyFlags.forwardedCommunication]:[B.keyFlags.encryptCommunication|B.keyFlags.encryptStorage],r.keyExpirationTime>0&&(a.keyExpirationTime=r.keyExpirationTime,a.keyNeverExpires=!1);return await Dc(n,[],t,a,r.date,void 0,void 0,void 0,i)}async function Uc(e,t,r=new Date,i=[],n){if(t.algorithm===B.publicKey.pqc_mldsa_ed25519)return ga(t.algorithm);const a=B.hash.sha256,s=n.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,i[t],n)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=B.write(B.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===a,h=()=>{if(0===c.size)return a;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Be(e)-Be(t)))[0];return Be(e)>=Be(a)?e:a};if(new Set([B.publicKey.ecdsa,B.publicKey.eddsaLegacy,B.publicKey.ed25519,B.publicKey.ed448]).has(t.algorithm)){const e=function(e,t){switch(e){case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:return Sn(t);case B.publicKey.ed25519:case B.publicKey.ed448:return Gr(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(s),i=Be(s)>=Be(e);if(r&&i)return s;{const t=h();return Be(t)>=Be(e)?t:e}}return u(s)?s:h()}async function Dc(e,t,r,i,n,a,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new Fo;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Uc(t,r,n,a,c),u.rawNotations=[...s],await u.sign(r,e,n,o,c),u}async function xc(e,t,r,i=new Date,n){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||n&&!await n(e)||t[r].some((function(t){return _.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Ic(e,t,r,i,n,a,s=new Date,o){a=a||e;const c=[];return await Promise.all(i.map((async function(e){try{if(!n||e.issuerKeyID.equals(n.issuerKeyID)){const i=![B.reasonForRevocation.keyRetired,B.reasonForRevocation.keySuperseded,B.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(a,t,r,i?null:s,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),n?(n.revoked=!!c.some((e=>e.equals(n.issuerKeyID)))||(n.revoked||!1),n.revoked):c.length>0}function Cc(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function Bc(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=_.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=B.publicKey.pqc_mldsa_ed25519:e.algorithm=B.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=B.write(B.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==B.curve.ed25519Legacy&&e.curve!==B.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?B.curve.ed25519Legacy:B.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===B.curve.ed25519Legacy?B.publicKey.eddsaLegacy:B.publicKey.ecdsa:e.algorithm=B.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?B.publicKey.ed25519:B.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?B.publicKey.ed448:B.publicKey.x448;break;case"rsa":e.algorithm=B.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=B.publicKey.hmac;try{e.symmetric=B.write(B.hash,e.symmetricHash)}catch(e){throw Error("Unknown hash algorithm")}}else{e.algorithm=B.publicKey.aead;try{e.symmetric=B.write(B.symmetric,e.symmetricCipher)}catch(e){throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function Tc(e,t,r){switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.dsa:case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:case B.publicKey.ed25519:case B.publicKey.ed448:case B.publicKey.hmac:case B.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.signData);default:return!1}}function Mc(e,t,r){switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.aead:case B.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&B.keyFlags.encryptStorage);default:return!1}}function _c(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&B.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&B.keyFlags.forwardedCommunication));default:return!1}}function Fc(e,t){const r=B.write(B.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.rsaEncrypt:if(i.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:case B.publicKey.ecdh:if(t.rejectCurves.has(i.curve))throw Error(`Support for ${i.algorithm} keys using curve ${i.curve} is disabled.`)}}class Rc{constructor(e,t){this.userID=e.constructor.tag===B.packet.userID?e:null,this.userAttribute=e.constructor.tag===B.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new Ho;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new Rc(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i},a=new Rc(n.userID||n.userAttribute,this.mainKey);return a.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(i))throw Error("The user's own key can only be used for self-certifications");const a=await e.getSigningKey(void 0,t,void 0,r);return Dc(n,[e],a.keyPacket,{signatureType:B.signature.certGeneric,keyFlags:[B.keyFlags.certifyKeys|B.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await a.update(this,t,r),a}async isRevoked(e,t,r=new Date,i=T){const n=this.mainKey.keyPacket;return Ic(n,B.signature.certRevocation,{key:n,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,i)}async verifyCertificate(e,t,r=new Date,i){const n=this,a=this.mainKey.keyPacket,s={userID:this.userID,userAttribute:this.userAttribute,key:a},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const a=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await n.isRevoked(e,a.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(a.keyPacket,B.signature.certGeneric,s,r,void 0,i)}catch(e){throw _.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,n=this.selfCertifications.concat(this.otherCertifications);return Promise.all(n.map((async n=>({keyID:n.issuerKeyID,valid:await i.verifyCertificate(n,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};let a;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const a=this.selfCertifications[s];if(a.revoked||await r.isRevoked(a,void 0,e,t))throw Error("Self-certification is revoked");try{await a.verify(i,B.signature.certGeneric,n,e,void 0,t)}catch(e){throw _.wrapError("Self-certification is invalid",e)}return!0}catch(e){a=e}throw a}async update(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};await xc(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,B.signature.certGeneric,n,t,!1,r),!0}catch(e){return!1}})),await xc(e,this,"otherCertifications",t),await xc(e,this,"revocationSignatures",t,(function(e){return Ic(i,B.signature.certRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=B.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=T){const a={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new Rc(a.userID||a.userAttribute,this.mainKey);return s.revocationSignatures.push(await Dc(a,[],e,{signatureType:B.signature.certRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}}class Lc{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new Ho;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new Lc(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=T){const n=this.mainKey.keyPacket;return Ic(n,B.signature.subkeyRevocation,{key:n,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=T){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},n=await Ec(this.bindingSignatures,r,B.signature.subkeyBinding,i,e,t);if(n.revoked||await this.isRevoked(n,null,e,t))throw Error("Subkey is revoked");if(Sc(this.keyPacket,n,e))throw Error("Subkey is expired");return n}async getExpirationTime(e=new Date,t=T){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let n;try{n=await Ec(this.bindingSignatures,r,B.signature.subkeyBinding,i,e,t)}catch(e){return null}const a=Cc(this.keyPacket,n),s=n.getExpirationTime();return a<s?a:s}async update(e,t=new Date,r=T){const i=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===B.packet.publicSubkey&&e.keyPacket.constructor.tag===B.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const n=this,a={key:i,bind:n.keyPacket};await xc(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<n.bindingSignatures.length;t++)if(n.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>n.bindingSignatures[t].created&&(n.bindingSignatures[t]=e),!1;try{return await e.verify(i,B.signature.subkeyBinding,a,t,void 0,r),!0}catch(e){return!1}})),await xc(e,this,"revocationSignatures",t,(function(e){return Ic(i,B.signature.subkeyRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=B.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=T){const a={key:e,bind:this.keyPacket},s=new Lc(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await Dc(a,[],e,{signatureType:B.signature.subkeyRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{Lc.prototype[e]=function(){return this.keyPacket[e]()}}));const Nc=/*#__PURE__*/_.constructAllowedPackets([Fo]),zc=new Set([B.packet.publicKey,B.packet.privateKey]),Oc=new Set([B.packet.publicKey,B.packet.privateKey,B.packet.publicSubkey,B.packet.privateSubkey]);class qc{packetListToStructure(e,t=new Set){let r,i,n,a;for(const s of e){if(s instanceof Zt){Oc.has(s.tag)&&!a&&(a=zc.has(s.tag)?zc:Oc);continue}const e=s.constructor.tag;if(a){if(!a.has(e))continue;a=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case B.packet.publicKey:case B.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case B.packet.userID:case B.packet.userAttribute:r=new Rc(s,this),this.users.push(r);break;case B.packet.publicSubkey:case B.packet.secretSubkey:r=null,n=new Lc(s,this),this.subkeys.push(n);break;case B.packet.signature:switch(s.signatureType){case B.signature.certGeneric:case B.signature.certPersona:case B.signature.certCasual:case B.signature.certPositive:if(!r){_.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case B.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case B.signature.key:this.directSignatures.push(s);break;case B.signature.subkeyBinding:if(!n){_.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}n.bindingSignatures.push(s);break;case B.signature.keyRevocation:this.revocationSignatures.push(s);break;case B.signature.subkeyRevocation:if(!n){_.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}n.revocationSignatures.push(s)}}}}toPacketList(){const e=new Ho;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=T){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket;try{Fc(n,i)}catch(e){throw _.wrapError("Could not verify primary key",e)}const a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await Ec(r.bindingSignatures,n,B.signature.subkeyBinding,e,t,i);if(!Tc(r.keyPacket,a,i))continue;if(!a.embeddedSignature)throw Error("Missing embedded signature");return await Ec([a.embeddedSignature],r.keyPacket,B.signature.keyBinding,e,t,i),Fc(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimarySelfSignature(t,r,i);if((!e||n.getKeyID().equals(e))&&Tc(n,a,i))return Fc(n,i),this}catch(e){s=e}throw _.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=T){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket;try{Fc(n,i)}catch(e){throw _.wrapError("Could not verify primary key",e)}const a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await Ec(r.bindingSignatures,n,B.signature.subkeyBinding,e,t,i);if(Mc(r.keyPacket,a,i))return Fc(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimarySelfSignature(t,r,i);if((!e||n.getKeyID().equals(e))&&Mc(n,a,i))return Fc(n,i),this}catch(e){s=e}throw _.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=T){return Ic(this.keyPacket,B.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=T){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Sc(i,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==i.version){const t=await Ec(this.directSignatures,i,B.signature.key,{key:i},e,r).catch((()=>{}));if(t&&Sc(i,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=T){let r;try{const i=await this.getPrimarySelfSignature(null,e,t),n=Cc(this.keyPacket,i),a=i.getExpirationTime(),s=6!==this.keyPacket.version&&await Ec(this.directSignatures,this.keyPacket,B.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=Cc(this.keyPacket,s);r=Math.min(n,a,e)}else r=n<a?n:a}catch(e){r=null}return _.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=T){const i=this.keyPacket;if(6===i.version)return Ec(this.directSignatures,i,B.signature.key,{key:i},e,r);const{selfCertification:n}=await this.getPrimaryUser(e,t,r);return n}async getPrimaryUser(e=new Date,t={},r=T){const i=this.keyPacket,n=[];let a;for(let s=0;s<this.users.length;s++)try{const a=this.users[s];if(!a.userID)continue;if(void 0!==t.name&&a.userID.name!==t.name||void 0!==t.email&&a.userID.email!==t.email||void 0!==t.comment&&a.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:a.userID,key:i},c=await Ec(a.selfCertifications,i,B.signature.certGeneric,o,e,r);n.push({index:s,user:a,selfCertification:c})}catch(e){a=e}if(!n.length)throw a||Error("Could not find primary user");await Promise.all(n.map((async function(t){return t.selfCertification.revoked||t.user.isRevoked(t.selfCertification,null,e,r)})));const s=n.sort((function(e,t){const r=e.selfCertification,i=t.selfCertification;return i.revoked-r.revoked||r.isPrimaryUserID-i.isPrimaryUserID||r.created-i.created})).pop(),{user:o,selfCertification:c}=s;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return s}async update(e,t=new Date,r=T){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await xc(e,i,"revocationSignatures",t,(n=>Ic(i.keyPacket,B.signature.keyRevocation,i,[n],null,e.keyPacket,t,r))),await xc(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const n=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const n=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=T){const r={key:this.keyPacket},i=await Ec(this.revocationSignatures,this.keyPacket,B.signature.keyRevocation,r,e,t),n=new Ho;n.push(i);const a=6!==this.keyPacket.version;return X(B.armor.publicKey,n.write(),null,null,"This is a revocation certificate",a,t)}async applyRevocationCertificate(e,t=new Date,r=T){const i=await Q(e),n=(await Ho.fromBinary(i.data,Nc,r)).findPacket(B.packet.signature);if(!n||n.signatureType!==B.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!n.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await n.verify(this.keyPacket,B.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw _.wrapError("Could not verify revocation signature",e)}const a=this.clone();return a.revocationSignatures.push(n),a}async signPrimaryUser(e,t,r,i=T){const{index:n,user:a}=await this.getPrimaryUser(t,r,i),s=await a.certify(e,t,i),o=this.clone();return o.users[n]=s,o}async signAllUsers(e,t=new Date,r=T){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=T){const n=this.keyPacket,{user:a}=await this.getPrimaryUser(t,r,i);return e?await a.verifyAllCertifications(e,t,i):[{keyID:n.getKeyID(),valid:await a.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=T){const i=this.keyPacket,n=[];return await Promise.all(this.users.map((async a=>{const s=e?await a.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await a.verify(t,r).catch((()=>!1))}];n.push(...s.map((e=>({userID:a.userID?a.userID.userID:null,userAttribute:a.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),n}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{qc.prototype[e]=Lc.prototype[e]}));class jc extends qc{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([B.packet.secretKey,B.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=T){const t=6!==this.keyPacket.version;return X(B.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class Hc extends jc{constructor(e){if(super(),this.packetListToStructure(e,new Set([B.packet.publicKey,B.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new Ho,t=this.toPacketList();let r=!1;for(const i of t)if(!r||i.constructor.tag!==B.packet.Signature)switch(r&&(r=!1),i.constructor.tag){case B.packet.secretKey:{if(i.algorithm===B.publicKey.aead||i.algorithm===B.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=oc.fromSecretKeyPacket(i);e.push(t);break}case B.packet.secretSubkey:{if(i.algorithm===B.publicKey.aead||i.algorithm===B.publicKey.hmac){r=!0;break}const t=lc.fromSecretSubkeyPacket(i);e.push(t);break}default:e.push(i)}return new jc(e)}armor(e=T){const t=6!==this.keyPacket.version;return X(B.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},i=T){const n=this.keyPacket,a=[];let s=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){s=s||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:n,bind:this.subkeys[r].keyPacket},s=await Ec(this.subkeys[r].bindingSignatures,n,B.signature.subkeyBinding,e,t,i);_c(this.subkeys[r].keyPacket,s,i)&&a.push(this.subkeys[r])}catch(e){s=e}}const o=await this.getPrimarySelfSignature(t,r,i);if(e&&!n.getKeyID().equals(e,!0)||!_c(n,o,i)||(n.isDummy()?s=s||Error("Gnu-dummy key packets cannot be used for decryption"):a.push(this)),0===a.length)throw s||Error("No decryption key packets found");return a}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=T){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=B.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=T){if(!this.isPrivate())throw Error("Need private key for revoking");const n={key:this.keyPacket},a=this.clone();return a.revocationSignatures.push(await Dc(n,[],this.keyPacket,{signatureType:B.signature.keyRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),a}async addSubkey(e={}){const t={...T,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const i=r.getAlgorithmInfo();i.type=function(e){switch(B.write(B.publicKey,e)){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.dsa:return"rsa";case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:return"ecc";case B.publicKey.ed25519:return"curve25519";case B.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(i.algorithm),i.rsaBits=i.bits||4096,i.curve=i.curve||"curve25519Legacy",e=Bc(e,i);const n=await Kc(e,{...t,v6Keys:6===this.keyPacket.version});Fc(n,t);const a=await Pc(n,r,e,t),s=this.toPacketList();return s.push(n,a),new Hc(s)}}const Gc=/*#__PURE__*/_.constructAllowedPackets([oc,lc,pc,fc,gc,yc,Fo]);function Vc(e){for(const t of e)switch(t.constructor.tag){case B.packet.secretKey:return new Hc(e);case B.packet.publicKey:return new jc(e)}throw Error("No key packet found")}async function Wc(e,t,r,i){r.passphrase&&await e.encrypt(r.passphrase,i),await Promise.all(t.map((async function(e,t){const n=r.subkeys[t].passphrase;n&&await e.encrypt(n,i)})));const n=new Ho;function a(e,t){return[t,...e.filter((e=>e!==t))]}function s(){const t={};t.keyFlags=[B.keyFlags.certifyKeys|B.keyFlags.signData];const n=a([B.symmetric.aes256,B.symmetric.aes128],i.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=n,i.aeadProtect){const e=a([B.aead.gcm,B.aead.eax,B.aead.ocb],i.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>n.map((t=>[t,e]))))}return t.preferredHashAlgorithms=a([B.hash.sha512,B.hash.sha256,...6===e.version?[B.hash.sha3_512,B.hash.sha3_256]:[]],i.preferredHashAlgorithm),t.preferredCompressionAlgorithms=a([B.compression.uncompressed,B.compression.zlib,B.compression.zip],i.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=B.features.modificationDetection,i.aeadProtect&&(t.features[0]|=B.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(n.push(e),6===e.version){const t={key:e},a=s();a.signatureType=B.signature.key;const o=await Dc(t,[],e,a,r.date,void 0,void 0,void 0,i);n.push(o)}await Promise.all(r.userIDs.map((async function(t,n){const a=gc.fromObject(t),o={userID:a,key:e},c=6!==e.version?s():{};c.signatureType=B.signature.certPositive,0===n&&(c.isPrimaryUserID=!0);return{userIDPacket:a,signaturePacket:await Dc(o,[],e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{n.push(e),n.push(t)}))})),await Promise.all(t.map((async function(t,n){const a=r.subkeys[n];return{secretSubkeyPacket:t,subkeySignaturePacket:await Pc(t,e,a,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{n.push(e),n.push(t)}))}));const o={key:e};return n.push(await Dc(o,[],e,{signatureType:B.signature.keyRevocation,reasonForRevocationFlag:B.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new Hc(n)}async function $c({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...T,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!_.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!_.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:r}=await Q(e);if(t!==B.armor.publicKey&&t!==B.armor.privateKey)throw Error("Armored text not of type key");a=r}else a=t;const s=await Ho.fromBinary(a,Gc,r),o=s.indexOfTag(B.packet.publicKey,B.packet.secretKey);if(0===o.length)throw Error("No key packet found");return Vc(s.slice(o[0],o[1]))}async function Zc({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...T,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!_.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!_.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:r}=await Q(e);if(t!==B.armor.privateKey)throw Error("Armored text not of type private key");a=r}else a=t;const s=await Ho.fromBinary(a,Gc,r),o=s.indexOfTag(B.packet.publicKey,B.packet.secretKey);for(let e=0;e<o.length;e++){if(s[o[e]].constructor.tag===B.packet.publicKey)continue;const t=s.slice(o[e],o[e+1]);return new Hc(t)}throw Error("No secret key packet found")}async function Qc({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...T,...r};let n=e||t;if(!n)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!_.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!_.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:t,data:r}=await Q(e);if(t!==B.armor.publicKey&&t!==B.armor.privateKey)throw Error("Armored text not of type key");n=r}const s=[],o=await Ho.fromBinary(n,Gc,r),c=o.indexOfTag(B.packet.publicKey,B.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=Vc(o.slice(c[e],c[e+1]));s.push(t)}return s}async function Xc({armoredKeys:e,binaryKeys:t,config:r}){r={...T,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!_.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!_.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await Q(e);if(t!==B.armor.privateKey)throw Error("Armored text not of type private key");i=r}const n=[],a=await Ho.fromBinary(i,Gc,r),s=a.indexOfTag(B.packet.publicKey,B.packet.secretKey);for(let e=0;e<s.length;e++){if(a[s[e]].constructor.tag===B.packet.publicKey)continue;const t=a.slice(s[e],s[e+1]),r=new Hc(t);n.push(r)}if(0===n.length)throw Error("No secret key packet found");return n}const Yc=/*#__PURE__*/_.constructAllowedPackets([Co,Vo,rc,Jo,uc,nc,sc,No,Fo]),Jc=/*#__PURE__*/_.constructAllowedPackets([sc]),eu=/*#__PURE__*/_.constructAllowedPackets([Fo]);class tu{constructor(e){this.packets=e||new Ho}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(B.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(B.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(B.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,n=T){const a=this.packets.filterByTag(B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData,B.packet.aeadEncryptedData);if(0===a.length)throw Error("No encrypted data found");const s=a[0],o=s.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,i,n);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!_.isUint8Array(t)||!s.cipherAlgorithm&&!_.isString(e))throw Error("Invalid session key for decryption.");try{const r=s.cipherAlgorithm||B.write(B.symmetric,e);await s.decrypt(r,t,n)}catch(e){_.printDebugError(e),u=e}})));if(U(s.encrypted),s.encrypted=null,await h,!s.packets||!s.packets.length)throw u||Error("Decryption failed.");const l=new tu(s.packets);return s.packets=new Ho,l}async decryptSessionKeys(e,t,r,i=new Date,n=T){let a,s=[];if(t){const e=this.packets.filterByTag(B.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await Ho.fromBinary(e.write(),Jc,n):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t),s.push(e)}catch(e){_.printDebugError(e),e instanceof xs&&(a=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(B.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,n)).map((e=>e.keyPacket))}catch(e){return void(a=e)}let c=[B.symmetric.aes256,B.symmetric.aes128,B.symmetric.tripledes,B.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(i,void 0,n);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(n.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===B.publicKey.rsaEncrypt||t.publicKeyAlgorithm===B.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===B.publicKey.rsaSign||t.publicKeyAlgorithm===B.publicKey.elgamal)){const i=t.write();await Promise.all((r?[r]:Array.from(n.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new nc;r.read(i);const n={sessionKeyAlgorithm:t,sessionKey:Es(t)};try{await r.decrypt(e,n),s.push(r)}catch(e){_.printDebugError(e),a=e}})))}else try{await t.decrypt(e);const i=r||t.sessionKeyAlgorithm;if(i&&!c.includes(B.write(B.symmetric,i)))throw Error("A non-preferred symmetric algorithm was used.");s.push(t)}catch(e){_.printDebugError(e),a=e}})))}))),U(t.encrypted),t.encrypted=null})))}}if(s.length>0){if(s.length>1){const e=new Set;s=s.filter((t=>{const r=t.sessionKeyAlgorithm+_.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return s.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&B.read(B.symmetric,e.sessionKeyAlgorithm)})))}throw a||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=T){const{symmetricAlgo:n,aeadAlgo:a}=await async function(e=[],t=new Date,r=[],i=T){const n=await Promise.all(e.map(((e,n)=>e.getPrimarySelfSignature(t,r[n],i))));if(e.length?!i.ignoreSEIPDv2FeatureFlag&&n.every((e=>e.features&&e.features[0]&B.features.seipdv2)):i.aeadProtect){const e={symmetricAlgo:B.symmetric.aes128,aeadAlgo:B.aead.ocb},t=[{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:i.preferredAEADAlgorithm},{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:B.aead.ocb},{symmetricAlgo:B.symmetric.aes128,aeadAlgo:i.preferredAEADAlgorithm}];for(const e of t)if(n.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const a=B.symmetric.aes128,s=i.preferredSymmetricAlgorithm;return{symmetricAlgo:n.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(s)))?s:a,aeadAlgo:void 0}}(e,t,r,i),s=B.read(B.symmetric,n),o=a?B.read(B.aead,a):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===B.publicKey.x25519||e.keyPacket.algorithm===B.publicKey.x448)&&!o&&!_.isAES(n))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:Es(n),algorithm:s,aeadAlgorithm:o}}async encrypt(e,t,r,i=!1,n=[],a=new Date,s=[],o=T){if(r){if(!_.isUint8Array(r.data)||!_.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await tu.generateSessionKey(e,a,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await tu.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await tu.encryptSessionKey(c,u,h,e,t,i,n,a,s,o),y=Jo.fromObject({version:h?2:1,aeadAlgorithm:h?B.write(B.aead,h):null});y.packets=this.packets;const p=B.write(B.symmetric,u);return await y.encrypt(p,c,o),l.packets.push(y),y.packets=new Ho,l}static async encryptSessionKey(e,t,r,i,n,a=!1,s=[],o=new Date,c=[],u=T){const h=new Ho,l=B.write(B.symmetric,t),y=r&&B.write(B.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),n=nc.fromObject({version:y?6:3,encryptionKeyPacket:i.keyPacket,anonymousRecipient:a,sessionKey:e,sessionKeyAlgorithm:l});return await n.encrypt(i.keyPacket),delete n.sessionKey,n})));h.push(...t)}if(n){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,a,s,o){const c=new sc(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=a,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(n.map((e=>t(c,e))))).reduce(r))return i(e,a,o)}return delete c.sessionKey,c},a=await Promise.all(n.map((t=>i(e,l,y,t))));h.push(...a)}return new tu(h)}async sign(e=[],t=[],r=null,i=[],n=new Date,a=[],s=[],o=[],c=T){const u=new Ho,h=this.packets.findPacket(B.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await ru(h,e,t,r,i,n,a,s,o,!1,c),y=l.map(((e,t)=>No.fromSignaturePacket(e,0===t))).reverse();return u.push(...y),u.push(h),u.push(...l),new tu(u)}compress(e,t=T){if(e===B.compression.uncompressed)return this;const r=new Vo(t);r.algorithm=e,r.packets=this.packets;const i=new Ho;return i.push(r),new tu(i)}async signDetached(e=[],t=[],r=null,i=[],n=[],a=new Date,s=[],o=[],c=T){const u=this.packets.findPacket(B.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new kc(await ru(u,e,t,r,i,n,a,s,o,!0,c))}async verify(e,t=new Date,r=T){const i=this.unwrapCompressed(),n=i.packets.filterByTag(B.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");a(i.packets.stream)&&i.packets.push(...await P(i.packets.stream,(e=>e||[])));const s=i.packets.filterByTag(B.packet.onePassSignature).reverse(),o=i.packets.filterByTag(B.packet.signature);return s.length&&!o.length&&_.isStream(i.packets.stream)&&!a(i.packets.stream)?(await Promise.all(s.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=D((async()=>(await e.correspondingSig).signatureData)),e.hashed=P(await e.hash(e.signatureType,n[0],void 0,!1)),e.hashed.catch((()=>{}))}))),i.packets.stream=k(i.packets.stream,(async(e,t)=>{const r=x(e),i=I(t);try{for(let e=0;e<s.length;e++){const{value:t}=await r.read();s[e].correspondingSigResolve(t)}await r.readToEnd(),await i.ready,await i.close()}catch(e){s.forEach((t=>{t.correspondingSigReject(e)})),await i.abort(e)}})),iu(s,n,e,t,!1,r)):iu(o,n,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=T){const n=this.unwrapCompressed().packets.filterByTag(B.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");return iu(e.packets.filterByTag(B.packet.signature),n,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(B.packet.compressedData);return e.length?new tu(e[0].packets):this}async appendSignature(e,t=T){await this.packets.read(_.isUint8Array(e)?e:(await Q(e)).data,eu,t)}write(){return this.packets.write()}armor(e=T){const t=this.packets[this.packets.length-1],r=t.constructor.tag===Jo.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===Fo.tag&&6!==e.version));return X(B.armor.message,this.write(),null,null,null,r,e)}}async function ru(e,t,r=[],i=null,n=[],a=new Date,s=[],o=[],c=[],u=!1,h=T){const l=new Ho,y=null===e.text?B.signature.binary:B.signature.text;if(await Promise.all(t.map((async(t,i)=>{const l=s[i];if(!t.isPrivate())throw Error("Need private key for signing");const p=await t.getSigningKey(n[i],a,l,h);return Dc(e,r.length?r:[t],p.keyPacket,{signatureType:y},a,o,c,u,h)}))).then((e=>{l.push(...e)})),i){const e=i.packets.filterByTag(B.packet.signature);l.push(...e)}return l}async function iu(e,t,r,i=new Date,n=!1,a=T){return Promise.all(e.filter((function(e){return["text","binary"].includes(B.read(B.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,n=!1,a=T){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof No?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,n,a);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,a)}catch(e){if(!a.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,a)}return!0})(),signature:(async()=>{const e=await c,t=new Ho;return e&&t.push(e),new kc(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,n,a)})))}async function nu({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...T,...r};let n=e||t;if(!n)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!_.isString(e)&&!_.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!_.isUint8Array(t)&&!_.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));const s=_.isStream(n);if(e){const{type:e,data:t}=await Q(n);if(e!==B.armor.message)throw Error("Armored text not of type message");n=t}const o=await Ho.fromBinary(n,Yc,r,qo({delayReporting:!1})),c=new tu(o);return c.fromStream=s,c}async function au({text:e,binary:t,filename:r,date:i=new Date,format:n=(void 0!==e?"utf8":"binary"),...a}){const s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!_.isString(e)&&!_.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!_.isUint8Array(t)&&!_.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=_.isStream(s),u=new Co(i);void 0!==e?u.setText(s,B.write(B.literal,n)):u.setBytes(s,B.write(B.literal,n)),void 0!==r&&u.setFilename(r);const h=new Ho;h.push(u);const l=new tu(h);return l.fromStream=c,l}const su=/*#__PURE__*/_.constructAllowedPackets([Fo]);class ou{constructor(e,t){if(this.text=_.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof kc))throw Error("Invalid signature input");this.signature=t||new kc(new Ho)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,i=[],n=new Date,a=[],s=[],o=[],c=T){const u=new Co;u.setText(this.text);const h=new kc(await ru(u,e,t,r,i,n,a,s,o,!0,c));return new ou(this.text,h)}verify(e,t=new Date,r=T){const i=this.signature.packets.filterByTag(B.packet.signature),n=new Co;return n.setText(this.text),iu(i,[n],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=T){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>B.read(B.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return X(B.armor.signed,r,void 0,void 0,void 0,t,e)}}async function cu({cleartextMessage:e,config:t,...r}){if(t={...T,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!_.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const n=await Q(e);if(n.type!==B.armor.signed)throw Error("No cleartext signed message.");const a=await Ho.fromBinary(n.data,su,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i<t.length;i++)if(t[i].constructor.tag===B.packet.signature&&!e.some(r(t[i])))return!1;return!0},i=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return B.write(B.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));i.push(...e)}})),i.length&&!r(i))throw Error("Hash algorithm mismatch in armor header and signature")}(n.headers,a);const s=new kc(a);return new ou(n.text,s)}async function uu({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!_.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new ou(e)}async function hu({userIDs:e=[],passphrase:t,type:r,curve:i,rsaBits:n=4096,symmetricHash:a="sha256",symmetricCipher:s="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...y}){Pu(l={...T,...l}),r||i?(r=r||"ecc",i=i||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",i="curve25519Legacy"),e=Uu(e);const p=Object.keys(y);if(p.length>0)throw Error("Unknown option: "+p.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&n<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${n}`);const d={userIDs:e,passphrase:t,type:r,rsaBits:n,curve:i,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:a,symmetricCipher:s};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=Bc(e)).subkeys=e.subkeys.map(((t,r)=>Bc(e.subkeys[r],e)));let r=[Ac(e,t)];r=r.concat(e.subkeys.map((e=>Kc(e,t))));const i=await Promise.all(r),n=await Wc(i[0],i.slice(1),e,t),a=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:a}}(d,l);return e.getKeys().forEach((({keyPacket:e})=>Fc(e,l))),{privateKey:Iu(e,h,l),publicKey:"symmetric"!==r?Iu(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw _.wrapError("Error generating keypair",e)}}async function lu({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:n,format:a="armored",config:s,...o}){Pu(s={...T,...s}),t=Uu(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:n};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,n={key:i,bind:r},a=await Ec(e.bindingSignatures,i,B.signature.subkeyBinding,n,null,t).catch((()=>({})));return{sign:a.keyFlags&&a.keyFlags[0]&B.keyFlags.signData,forwarding:a.keyFlags&&a.keyFlags[0]&B.keyFlags.forwardedCommunication}}))));const n=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==n.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const a=await Wc(i,n,e,t),s=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=_.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:Iu(e,a,s),publicKey:Iu(e.toPublic(),a,s),revocationCertificate:t}}catch(e){throw _.wrapError("Error reformatting keypair",e)}}async function yu({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:n="armored",config:a,...s}){Pu(a={...T,...a});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,a):await e.revoke(r,i,a);return s.isPrivate()?{privateKey:Iu(s,n,a),publicKey:Iu(s.toPublic(),n,a)}:{privateKey:null,publicKey:Iu(s,n,a)}}catch(e){throw _.wrapError("Error revoking key",e)}}async function pu({privateKey:e,passphrase:t,config:r,...i}){Pu(r={...T,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const a=e.clone(!0),s=_.isArray(t)?t:[t];try{return await Promise.all(a.getKeys().map((e=>_.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await a.validate(r),a}catch(e){throw a.clearPrivateParams(),_.wrapError("Error decrypting private key",e)}}async function du({privateKey:e,passphrase:t,config:r,...i}){Pu(r={...T,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const a=e.clone(!0),s=a.getKeys(),o=_.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),a}catch(e){throw a.clearPrivateParams(),_.wrapError("Error encrypting private key",e)}}async function gu({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:n,format:a="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:p=[],config:d,...g}){if(Pu(d={...T,...d}),Ku(e),Eu(a),t=Uu(t),r=Uu(r),i=Uu(i),c=Uu(c),u=Uu(u),l=Uu(l),y=Uu(y),p=Uu(p),g.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(g.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(g.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==g.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const f=Object.keys(g);if(f.length>0)throw Error("Unknown option: "+f.join(", "));r||(r=[]);try{if((r.length||s)&&(e=await e.sign(r,t,s,c,h,l,u,p,d)),e=e.compress(await async function(e=[],t=new Date,r=[],i=T){const n=B.compression.uncompressed,a=i.preferredCompressionAlgorithm,s=await Promise.all(e.map((async function(e,n){const s=(await e.getPrimarySelfSignature(t,r[n],i)).preferredCompressionAlgorithms;return!!s&&s.indexOf(a)>=0})));return s.every(Boolean)?a:n}(t,h,y,d),d),e=await e.encrypt(t,i,n,o,u,h,y,d),"object"===a)return e;const g="armored"===a?e.armor(d):e.write();return await Du(g)}catch(e){throw _.wrapError("Error encrypting message",e)}}async function fu({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:n,expectSigned:a=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Pu(u={...T,...u}),Ku(e),n=Uu(n),t=Uu(t),r=Uu(r),i=Uu(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,i,c,u);n||(n=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,n,c,u):await h.verify(n,c,u),l.data="binary"===s?h.getLiteralData():h.getText(),l.filename=h.getFilename(),xu(l,e,...new Set([h,h.unwrapCompressed()])),a){if(0===n.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=g([l.data,D((async()=>(await _.anyPromise(l.signatures.map((e=>e.verified))),"binary"===s?new Uint8Array:"")))])}return l.data=await Du(l.data),l}catch(e){throw _.wrapError("Error decrypting message",e)}}async function mu({message:e,signingKeys:t,recipientKeys:r=[],format:i="armored",detached:n=!1,signingKeyIDs:a=[],date:s=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if(Pu(h={...T,...h}),Au(e),Eu(i),t=Uu(t),a=Uu(a),o=Uu(o),r=Uu(r),c=Uu(c),u=Uu(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof ou&&"binary"===i)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof ou&&n)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=n?await e.signDetached(t,r,void 0,a,s,o,c,u,h):await e.sign(t,r,void 0,a,s,o,c,u,h),"object"===i)return l;return l="armored"===i?l.armor(h):l.write(),n&&(l=k(e.packets.write(),(async(e,t)=>{await Promise.all([f(l,t),P(e).catch((()=>{}))])}))),await Du(l)}catch(e){throw _.wrapError("Error signing message",e)}}async function wu({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:n=null,date:a=new Date,config:s,...o}){if(Pu(s={...T,...s}),Au(e),t=Uu(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof ou&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof ou&&n)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=n?await e.verifyDetached(n,t,a,s):await e.verify(t,a,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!n&&xu(o,...new Set([e,e.unwrapCompressed()])),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=g([o.data,D((async()=>(await _.anyPromise(o.signatures.map((e=>e.verified))),"binary"===i?new Uint8Array:"")))])}return o.data=await Du(o.data),o}catch(e){throw _.wrapError("Error verifying signed message",e)}}async function bu({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...n}){if(Pu(i={...T,...i}),e=Uu(e),r=Uu(r),n.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await tu.generateSessionKey(e,t,r,i)}catch(e){throw _.wrapError("Error generating session key",e)}}async function ku({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:n,format:a="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if(Pu(h={...T,...h}),function(e){if(!_.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!_.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Eu(a),i=Uu(i),n=Uu(n),o=Uu(o),u=Uu(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(i&&0!==i.length||n&&0!==n.length))throw Error("No encryption keys or passwords provided.");try{return Iu(await tu.encryptSessionKey(e,t,r,i,n,s,o,c,u,h),a,h)}catch(e){throw _.wrapError("Error encrypting session key",e)}}async function vu({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:n,...a}){if(Pu(n={...T,...n}),Ku(e),t=Uu(t),r=Uu(r),a.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(a);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,i,n)}catch(e){throw _.wrapError("Error decrypting session keys",e)}}function Ku(e){if(!(e instanceof tu))throw Error("Parameter [message] needs to be of type Message")}function Au(e){if(!(e instanceof ou||e instanceof tu))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Eu(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Su=Object.keys(T).length;function Pu(e){const t=Object.keys(e);if(t.length!==Su)for(const e of t)if(void 0===T[e])throw Error("Unknown config property: "+e)}function Uu(e){return e&&!_.isArray(e)&&(e=[e]),e}async function Du(e){return"array"===_.isStream(e)?P(e):e}function xu(e,t,...r){e.data=k(t.packets.stream,(async(t,i)=>{await f(e.data,i,{preventClose:!0});const n=I(i);try{await P(t,(e=>e)),await Promise.all(r.map((e=>P(e.packets.stream,(e=>e))))),await n.close()}catch(e){await n.abort(e)}}))}function Iu(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{rc as AEADEncryptedDataPacket,xs as Argon2OutOfMemoryError,Ts as Argon2S2K,ou as CleartextMessage,Vo as CompressedDataPacket,zo as GrammarError,ba as KDFParams,Co as LiteralDataPacket,hc as MarkerPacket,tu as Message,No as OnePassSignaturePacket,Ho as PacketList,wc as PaddingPacket,Hc as PrivateKey,jc as PublicKey,nc as PublicKeyEncryptedSessionKeyPacket,oc as PublicKeyPacket,lc as PublicSubkeyPacket,pc as SecretKeyPacket,fc as SecretSubkeyPacket,kc as Signature,Fo as SignaturePacket,Lc as Subkey,Jo as SymEncryptedIntegrityProtectedDataPacket,sc as SymEncryptedSessionKeyPacket,uc as SymmetricallyEncryptedDataPacket,mc as TrustPacket,Zt as UnparseablePacket,yc as UserAttributePacket,gc as UserIDPacket,X as armor,T as config,uu as createCleartextMessage,au as createMessage,fu as decrypt,pu as decryptKey,vu as decryptSessionKeys,gu as encrypt,du as encryptKey,ku as encryptSessionKey,B as enums,hu as generateKey,bu as generateSessionKey,cu as readCleartextMessage,$c as readKey,Qc as readKeys,nu as readMessage,Zc as readPrivateKey,Xc as readPrivateKeys,vc as readSignature,lu as reformatKey,yu as revokeKey,mu as sign,Q as unarmor,wu as verify};
 //# sourceMappingURL=openpgp.min.mjs.map