@protontech/openpgp 6.1.1-patch.3 → 6.1.1-patch.5

package/dist/openpgp.mjs

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v6.1.1-patch.3 - 2025-06-18 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v6.1.1-patch.5 - 2025-08-13 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
 function _mergeNamespaces(n, m) {
@@ -1716,7 +1716,7 @@ var config = {
    * @memberof module:config
    * @property {String} versionString A version string to be included in armored messages
    */
-  versionString: 'OpenPGP.js 6.1.1-patch.3',
+  versionString: 'OpenPGP.js 6.1.1-patch.5',
   /**
    * @memberof module:config
    * @property {String} commentString A comment string to be included in armored messages
@@ -6913,7 +6913,15 @@ async function generate$a(algo) {
     case enums.publicKey.ed25519:
       try {
         const webCrypto = util.getWebCrypto();
-        const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify']);
+        const webCryptoKey = await webCrypto.generateKey('Ed25519', true, ['sign', 'verify'])
+          .catch(err => {
+            if (err.name === 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux
+              const newErr = new Error('Unexpected key generation issue');
+              newErr.name = 'NotSupportedError';
+              throw newErr;
+            }
+            throw err;
+          });
 
         const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);
         const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);
@@ -6923,7 +6931,7 @@ async function generate$a(algo) {
           seed: b64ToUint8Array(privateKey.d, true)
         };
       } catch (err) {
-        if (err.name !== 'NotSupportedError' && err.name !== 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux
+        if (err.name !== 'NotSupportedError') {
           throw err;
         }
         const seed = getRandomBytes(getPayloadSize$1(algo));
@@ -8341,11 +8349,25 @@ async function generate$9(algo) {
     case enums.publicKey.x25519:
       try {
         const webCrypto = util.getWebCrypto();
-        const webCryptoKey = await webCrypto.generateKey('X25519', true, ['deriveKey', 'deriveBits']);
+        const webCryptoKey = await webCrypto.generateKey('X25519', true, ['deriveKey', 'deriveBits'])
+          .catch(err => {
+            if (err.name === 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux
+              const newErr = new Error('Unexpected key generation issue');
+              newErr.name = 'NotSupportedError';
+              throw newErr;
+            }
+            throw err;
+          });
 
         const privateKey = await webCrypto.exportKey('jwk', webCryptoKey.privateKey);
         const publicKey = await webCrypto.exportKey('jwk', webCryptoKey.publicKey);
 
+        if (privateKey.x !== publicKey.x) { // Weird issue with Webkit on Linux: https://bugs.webkit.org/show_bug.cgi?id=289693
+          const err = new Error('Unexpected mismatching public point');
+          err.name = 'NotSupportedError';
+          throw err;
+        }
+
         return {
           A: new Uint8Array(b64ToUint8Array(publicKey.x)),
           k: b64ToUint8Array(privateKey.d)
@@ -8503,15 +8525,29 @@ async function generateEphemeralEncryptionMaterial(algo, recipientA) {
     case enums.publicKey.x25519:
       try {
         const webCrypto = util.getWebCrypto();
+        const ephemeralKeyPair = await webCrypto.generateKey('X25519', true, ['deriveKey', 'deriveBits'])
+          .catch(err => {
+            if (err.name === 'OperationError') { // Temporary (hopefully) fix for WebKit on Linux
+              const newErr = new Error('Unexpected key generation issue');
+              newErr.name = 'NotSupportedError';
+              throw newErr;
+            }
+            throw err;
+          });
+        const ephemeralPublicKeyJwt = await webCrypto.exportKey('jwk', ephemeralKeyPair.publicKey);
+        const ephemeralPrivateKeyJwt = await webCrypto.exportKey('jwk', ephemeralKeyPair.privateKey);
+        if (ephemeralPrivateKeyJwt.x !== ephemeralPublicKeyJwt.x) { // Weird issue with Webkit on Linux: https://bugs.webkit.org/show_bug.cgi?id=289693
+          const err = new Error('Unexpected mismatching public point');
+          err.name = 'NotSupportedError';
+          throw err;
+        }
         const jwk = publicKeyToJWK(algo, recipientA);
-        const ephemeralKeyPair = await webCrypto.generateKey('X25519', true, ['deriveKey', 'deriveBits']);
         const recipientPublicKey = await webCrypto.importKey('jwk', jwk, 'X25519', false, []);
         const sharedSecretBuffer = await webCrypto.deriveBits(
           { name: 'X25519', public: recipientPublicKey },
           ephemeralKeyPair.privateKey,
           getPayloadSize(algo) * 8 // in bits
         );
-        const ephemeralPublicKeyJwt = await webCrypto.exportKey('jwk', ephemeralKeyPair.publicKey);
         return {
           sharedSecret: new Uint8Array(sharedSecretBuffer),
           ephemeralPublicKey: new Uint8Array(b64ToUint8Array(ephemeralPublicKeyJwt.x))

package/openpgp.d.ts

@@ -16,7 +16,7 @@ import config, { type Config, type PartialConfig } from './src/config';
 export { enums, config, Config, PartialConfig };
 
 /* ############## STREAM #################### */
-type Data = Uint8Array | string;
+type Data = Uint8Array<ArrayBuffer> | string;
 // web-stream-tools might end up supporting additional data types, so we re-declare the types
 // to enforce the type contraint that we need.
 export type WebStream<T extends Data> = GenericWebStream<T>;
@@ -29,29 +29,29 @@ type MaybeArray<T> = T | Array<T>;
 // The Key and PublicKey types can be used interchangably since TS cannot detect the difference, as they have the same class properties.
 // The declared readKey(s) return type is Key instead of a PublicKey since it seems more obvious that a Key can be cast to a PrivateKey.
 export function readKey(options: { armoredKey: string, config?: PartialConfig }): Promise<Key>;
-export function readKey(options: { binaryKey: Uint8Array, config?: PartialConfig }): Promise<Key>;
+export function readKey(options: { binaryKey: Uint8Array<ArrayBuffer>, config?: PartialConfig }): Promise<Key>;
 export function readKeys(options: { armoredKeys: string, config?: PartialConfig }): Promise<Key[]>;
-export function readKeys(options: { binaryKeys: Uint8Array, config?: PartialConfig }): Promise<Key[]>;
+export function readKeys(options: { binaryKeys: Uint8Array<ArrayBuffer>, config?: PartialConfig }): Promise<Key[]>;
 export function readPrivateKey(options: { armoredKey: string, config?: PartialConfig }): Promise<PrivateKey>;
-export function readPrivateKey(options: { binaryKey: Uint8Array, config?: PartialConfig }): Promise<PrivateKey>;
+export function readPrivateKey(options: { binaryKey: Uint8Array<ArrayBuffer>, config?: PartialConfig }): Promise<PrivateKey>;
 export function readPrivateKeys(options: { armoredKeys: string, config?: PartialConfig }): Promise<PrivateKey[]>;
-export function readPrivateKeys(options: { binaryKeys: Uint8Array, config?: PartialConfig }): Promise<PrivateKey[]>;
+export function readPrivateKeys(options: { binaryKeys: Uint8Array<ArrayBuffer>, config?: PartialConfig }): Promise<PrivateKey[]>;
 export function generateKey(options: GenerateKeyOptions & { format?: 'armored' }): Promise<SerializedKeyPair<string> & { revocationCertificate: string }>;
-export function generateKey(options: GenerateKeyOptions & { format: 'binary' }): Promise<SerializedKeyPair<Uint8Array> & { revocationCertificate: string }>;
+export function generateKey(options: GenerateKeyOptions & { format: 'binary' }): Promise<SerializedKeyPair<Uint8Array<ArrayBuffer>> & { revocationCertificate: string }>;
 export function generateKey(options: GenerateKeyOptions & { format: 'object' }): Promise<KeyPair & { revocationCertificate: string }>;
 export function decryptKey(options: { privateKey: PrivateKey; passphrase?: MaybeArray<string>; config?: PartialConfig }): Promise<PrivateKey>;
 export function encryptKey(options: { privateKey: PrivateKey; passphrase?: MaybeArray<string>; config?: PartialConfig }): Promise<PrivateKey>;
 export function reformatKey(options: { privateKey: PrivateKey; userIDs?: MaybeArray<UserID>; passphrase?: string; keyExpirationTime?: number; date?: Date, format?: 'armored', config?: PartialConfig }): Promise<SerializedKeyPair<string> & { revocationCertificate: string }>;
-export function reformatKey(options: { privateKey: PrivateKey; userIDs?: MaybeArray<UserID>; passphrase?: string; keyExpirationTime?: number; date?: Date, format: 'binary', config?: PartialConfig }): Promise<SerializedKeyPair<Uint8Array> & { revocationCertificate: string }>;
+export function reformatKey(options: { privateKey: PrivateKey; userIDs?: MaybeArray<UserID>; passphrase?: string; keyExpirationTime?: number; date?: Date, format: 'binary', config?: PartialConfig }): Promise<SerializedKeyPair<Uint8Array<ArrayBuffer>> & { revocationCertificate: string }>;
 export function reformatKey(options: { privateKey: PrivateKey; userIDs?: MaybeArray<UserID>; passphrase?: string; keyExpirationTime?: number; date?: Date, format: 'object', config?: PartialConfig }): Promise<KeyPair & { revocationCertificate: string }>;
 export function revokeKey(options: { key: PrivateKey, reasonForRevocation?: ReasonForRevocation, date?: Date, format?: 'armored', config?: PartialConfig }): Promise<SerializedKeyPair<string>>;
-export function revokeKey(options: { key: PrivateKey, reasonForRevocation?: ReasonForRevocation, date?: Date, format: 'binary', config?: PartialConfig }): Promise<SerializedKeyPair<Uint8Array>>;
+export function revokeKey(options: { key: PrivateKey, reasonForRevocation?: ReasonForRevocation, date?: Date, format: 'binary', config?: PartialConfig }): Promise<SerializedKeyPair<Uint8Array<ArrayBuffer>>>;
 export function revokeKey(options: { key: PrivateKey, reasonForRevocation?: ReasonForRevocation, date?: Date, format: 'object', config?: PartialConfig }): Promise<KeyPair>;
 export function revokeKey(options: { key: PrivateKey, revocationCertificate: string, date?: Date, format?: 'armored', config?: PartialConfig }): Promise<SerializedKeyPair<string>>;
-export function revokeKey(options: { key: PrivateKey, revocationCertificate: string, date?: Date, format: 'binary', config?: PartialConfig }): Promise<SerializedKeyPair<Uint8Array>>;
+export function revokeKey(options: { key: PrivateKey, revocationCertificate: string, date?: Date, format: 'binary', config?: PartialConfig }): Promise<SerializedKeyPair<Uint8Array<ArrayBuffer>>>;
 export function revokeKey(options: { key: PrivateKey, revocationCertificate: string, date?: Date, format: 'object', config?: PartialConfig }): Promise<KeyPair>;
 export function revokeKey(options: { key: PublicKey, revocationCertificate: string, date?: Date, format?: 'armored', config?: PartialConfig }): Promise<{ publicKey: string, privateKey: null }>;
-export function revokeKey(options: { key: PublicKey, revocationCertificate: string, date?: Date, format: 'binary', config?: PartialConfig }): Promise<{ publicKey: Uint8Array, privateKey: null }>;
+export function revokeKey(options: { key: PublicKey, revocationCertificate: string, date?: Date, format: 'binary', config?: PartialConfig }): Promise<{ publicKey: Uint8Array<ArrayBuffer>, privateKey: null }>;
 export function revokeKey(options: { key: PublicKey, revocationCertificate: string, date?: Date, format: 'object', config?: PartialConfig }): Promise<{ publicKey: PublicKey, privateKey: null }>;
 
 export abstract class Key {
@@ -59,7 +59,7 @@ export abstract class Key {
   public subkeys: Subkey[]; // do not add/replace users directly
   public users: User[]; // do not add/replace subkeys directly
   public revocationSignatures: SignaturePacket[];
-  public write(): Uint8Array;
+  public write(): Uint8Array<ArrayBuffer>;
   public armor(config?: Config): string;
   public getExpirationTime(userID?: UserID, config?: Config): Promise<Date | typeof Infinity | null>;
   public getKeyIDs(): KeyID[];
@@ -143,12 +143,12 @@ export type AlgorithmInfo = {
 /* ############## SIG #################### */
 
 export function readSignature(options: { armoredSignature: string, config?: PartialConfig }): Promise<Signature>;
-export function readSignature(options: { binarySignature: Uint8Array, config?: PartialConfig }): Promise<Signature>;
+export function readSignature(options: { binarySignature: Uint8Array<ArrayBuffer>, config?: PartialConfig }): Promise<Signature>;
 
 export class Signature {
   public readonly packets: PacketList<SignaturePacket>;
   constructor(packetlist: PacketList<SignaturePacket>);
-  public write(): MaybeStream<Uint8Array>;
+  public write(): MaybeStream<Uint8Array<ArrayBuffer>>;
   public armor(config?: Config): string;
   public getSigningKeyIDs(): Array<KeyID>;
 }
@@ -195,15 +195,15 @@ export class CleartextMessage {
 /* ############## MSG #################### */
 export function generateSessionKey(options: { encryptionKeys: MaybeArray<PublicKey>, date?: Date, encryptionUserIDs?: MaybeArray<UserID>, config?: PartialConfig }): Promise<SessionKey>;
 export function encryptSessionKey(options: EncryptSessionKeyOptions & { format?: 'armored' }): Promise<string>;
-export function encryptSessionKey(options: EncryptSessionKeyOptions & { format: 'binary' }): Promise<Uint8Array>;
+export function encryptSessionKey(options: EncryptSessionKeyOptions & { format: 'binary' }): Promise<Uint8Array<ArrayBuffer>>;
 export function encryptSessionKey(options: EncryptSessionKeyOptions & { format: 'object' }): Promise<Message<Data>>;
 export function decryptSessionKeys<T extends MaybeStream<Data>>(options: { message: Message<T>, decryptionKeys?: MaybeArray<PrivateKey>, passwords?: MaybeArray<string>, date?: Date, config?: PartialConfig }): Promise<DecryptedSessionKey[]>;
 
 export function readMessage<T extends MaybeStream<string>>(options: { armoredMessage: T, config?: PartialConfig }): Promise<Message<T>>;
-export function readMessage<T extends MaybeStream<Uint8Array>>(options: { binaryMessage: T, config?: PartialConfig }): Promise<Message<T>>;
+export function readMessage<T extends MaybeStream<Uint8Array<ArrayBuffer>>>(options: { binaryMessage: T, config?: PartialConfig }): Promise<Message<T>>;
 
 export function createMessage<T extends MaybeStream<string>>(options: { text: T, filename?: string, date?: Date, format?: enums.literalFormatNames }): Promise<Message<T>>;
-export function createMessage<T extends MaybeStream<Uint8Array>>(options: { binary: T, filename?: string, date?: Date, format?: enums.literalFormatNames }): Promise<Message<T>>;
+export function createMessage<T extends MaybeStream<Uint8Array<ArrayBuffer>>>(options: { binary: T, filename?: string, date?: Date, format?: enums.literalFormatNames }): Promise<Message<T>>;
 
 export function encrypt<T extends MaybeStream<Data>>(options: EncryptOptions & { message: Message<T>, format?: 'armored' }): Promise<
   T extends WebStream<Data> ? WebStream<string> :
@@ -211,9 +211,9 @@ export function encrypt<T extends MaybeStream<Data>>(options: EncryptOptions & {
   string
 >;
 export function encrypt<T extends MaybeStream<Data>>(options: EncryptOptions & { message: Message<T>, format: 'binary' }): Promise<
-  T extends WebStream<Data> ? WebStream<Uint8Array> :
-  T extends NodeWebStream<Data> ? NodeWebStream<Uint8Array> :
-  Uint8Array
+  T extends WebStream<Data> ? WebStream<Uint8Array<ArrayBuffer>> :
+  T extends NodeWebStream<Data> ? NodeWebStream<Uint8Array<ArrayBuffer>> :
+  Uint8Array<ArrayBuffer>
 >;
 export function encrypt<T extends MaybeStream<Data>>(options: EncryptOptions & { message: Message<T>, format: 'object' }): Promise<Message<T>>;
 
@@ -223,9 +223,9 @@ export function sign<T extends MaybeStream<Data>>(options: SignOptions & { messa
   string
 >;
 export function sign<T extends MaybeStream<Data>>(options: SignOptions & { message: Message<T>, format: 'binary' }): Promise<
-  T extends WebStream<Data> ? WebStream<Uint8Array> :
-  T extends NodeWebStream<Data> ? NodeWebStream<Uint8Array> :
-  Uint8Array
+  T extends WebStream<Data> ? WebStream<Uint8Array<ArrayBuffer>> :
+  T extends NodeWebStream<Data> ? NodeWebStream<Uint8Array<ArrayBuffer>> :
+  Uint8Array<ArrayBuffer>
 >;
 export function sign<T extends MaybeStream<Data>>(options: SignOptions & { message: Message<T>, format: 'object' }): Promise<Message<T>>;
 export function sign(options: SignOptions & { message: CleartextMessage, format?: 'armored' }): Promise<string>;
@@ -233,9 +233,9 @@ export function sign(options: SignOptions & { message: CleartextMessage, format:
 
 export function decrypt<T extends MaybeStream<Data>>(options: DecryptOptions & { message: Message<T>, format: 'binary' }): Promise<DecryptMessageResult & {
   data:
-  T extends WebStream<Data> ? WebStream<Uint8Array> :
-  T extends NodeWebStream<Data> ? NodeWebStream<Uint8Array> :
-  Uint8Array
+  T extends WebStream<Data> ? WebStream<Uint8Array<ArrayBuffer>> :
+  T extends NodeWebStream<Data> ? NodeWebStream<Uint8Array<ArrayBuffer>> :
+  Uint8Array<ArrayBuffer>
 }>;
 export function decrypt<T extends MaybeStream<Data>>(options: DecryptOptions & { message: Message<T> }): Promise<DecryptMessageResult & {
   data:
@@ -246,9 +246,9 @@ export function decrypt<T extends MaybeStream<Data>>(options: DecryptOptions & {
 
 export function verify(options: VerifyOptions & { message: CleartextMessage, format?: 'utf8' }): Promise<VerifyMessageResult<string>>;
 export function verify<T extends MaybeStream<Data>>(options: VerifyOptions & { message: Message<T>, format: 'binary' }): Promise<VerifyMessageResult<
-  T extends WebStream<Data> ? WebStream<Uint8Array> :
-  T extends NodeWebStream<Data> ? NodeWebStream<Uint8Array> :
-  Uint8Array
+  T extends WebStream<Data> ? WebStream<Uint8Array<ArrayBuffer>> :
+  T extends NodeWebStream<Data> ? NodeWebStream<Uint8Array<ArrayBuffer>> :
+  Uint8Array<ArrayBuffer>
 >>;
 export function verify<T extends MaybeStream<Data>>(options: VerifyOptions & { message: Message<T> }): Promise<VerifyMessageResult<
   T extends WebStream<Data> ? WebStream<string> :
@@ -265,7 +265,7 @@ export class Message<T extends MaybeStream<Data>> {
 
   /** Returns binary representation of message
    */
-  public write(): MaybeStream<Uint8Array>;
+  public write(): MaybeStream<Uint8Array<ArrayBuffer>>;
 
   /** Returns ASCII armored text of message
    */
@@ -287,7 +287,7 @@ export class Message<T extends MaybeStream<Data>> {
 
   /** Get literal data that is the body of the message
    */
-  public getLiteralData(): (T extends Stream<Data> ? WebStream<Uint8Array> : Uint8Array) | null;
+  public getLiteralData(): (T extends Stream<Data> ? WebStream<Uint8Array<ArrayBuffer>> : Uint8Array<ArrayBuffer>) | null;
 
   /** Returns the key IDs of the keys that signed the message
    */
@@ -315,17 +315,17 @@ export class Message<T extends MaybeStream<Data>> {
 
   /**
    * Append signature to unencrypted message object
-   * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature
+   * @param {String|Uint8Array<ArrayBuffer>} detachedSignature - The detached ASCII-armored or Uint8Array<ArrayBuffer> PGP signature
    */
-  public appendSignature(detachedSignature: string | Uint8Array, config?: Config): Promise<void>;
+  public appendSignature(detachedSignature: string | Uint8Array<ArrayBuffer>, config?: Config): Promise<void>;
 }
 
 /* ############## PACKET #################### */
 
 export declare abstract class BasePacket {
   static readonly tag: enums.packet;
-  public read(bytes: Uint8Array): void;
-  public write(): Uint8Array;
+  public read(bytes: Uint8Array<ArrayBuffer>): void;
+  public write(): Uint8Array<ArrayBuffer>;
 }
 
 /**
@@ -339,7 +339,7 @@ declare abstract class BasePublicKeyPacket extends BasePacket {
   public version: number;
   public getAlgorithmInfo(): AlgorithmInfo;
   public getFingerprint(): string;
-  public getFingerprintBytes(): Uint8Array | null;
+  public getFingerprintBytes(): Uint8Array<ArrayBuffer> | null;
   public hasSameFingerprintAs(other: BasePublicKeyPacket): boolean;
   public getCreationTime(): Date;
   public getKeyID(): KeyID;
@@ -393,9 +393,9 @@ export class SymEncryptedIntegrityProtectedDataPacket extends BasePacket {
 
 export class AEADEncryptedDataPacket extends BasePacket {
   static readonly tag: enums.packet.aeadEncryptedData;
-  private decrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void;
-  private encrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void;
-  private crypt(fn: Function, sessionKey: Uint8Array, data: MaybeStream<Uint8Array>): MaybeStream<Uint8Array>;
+  private decrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array<ArrayBuffer>, config?: Config): void;
+  private encrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array<ArrayBuffer>, config?: Config): void;
+  private crypt(fn: Function, sessionKey: Uint8Array<ArrayBuffer>, data: MaybeStream<Uint8Array<ArrayBuffer>>): MaybeStream<Uint8Array<ArrayBuffer>>;
 }
 
 export class PublicKeyEncryptedSessionKeyPacket extends BasePacket {
@@ -413,18 +413,18 @@ export class SymEncryptedSessionKeyPacket extends BasePacket {
 export class LiteralDataPacket extends BasePacket {
   static readonly tag: enums.packet.literalData;
   private getText(clone?: boolean): MaybeStream<string>;
-  private getBytes(clone?: boolean): MaybeStream<Uint8Array>;
+  private getBytes(clone?: boolean): MaybeStream<Uint8Array<ArrayBuffer>>;
   private setText(text: MaybeStream<string>, format?: enums.literal);
-  private setBytes(bytes: MaybeStream<Uint8Array>, format: enums.literal);
+  private setBytes(bytes: MaybeStream<Uint8Array<ArrayBuffer>>, format: enums.literal);
   private setFilename(filename: string);
   private getFilename(): string;
-  private writeHeader(): Uint8Array;
+  private writeHeader(): Uint8Array<ArrayBuffer>;
 }
 
 export class SymmetricallyEncryptedDataPacket extends BasePacket {
   static readonly tag: enums.packet.symmetricallyEncryptedData;
-  private decrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void;
-  private encrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void;
+  private decrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array<ArrayBuffer>, config?: Config): void;
+  private encrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array<ArrayBuffer>, config?: Config): void;
 }
 
 export class MarkerPacket extends BasePacket {
@@ -457,10 +457,10 @@ export class SignaturePacket extends BasePacket {
   public signatureType: enums.signature | null;
   public hashAlgorithm: enums.hash | null;
   public publicKeyAlgorithm: enums.publicKey | null;
-  public signatureData: null | Uint8Array;
+  public signatureData: null | Uint8Array<ArrayBuffer>;
   public unhashedSubpackets: RawSubpacket[];
   public unknownSubpackets: RawSubpacket[];
-  public signedHashValue: null | Uint8Array;
+  public signedHashValue: null | Uint8Array<ArrayBuffer>;
   public created: Date | null;
   public signatureExpirationTime: null | number;
   public signatureNeverExpires: boolean;
@@ -474,7 +474,7 @@ export class SignaturePacket extends BasePacket {
   public preferredSymmetricAlgorithms: enums.symmetric[] | null;
   public revocationKeyClass: null | number;
   public revocationKeyAlgorithm: null | enums.publicKey;
-  public revocationKeyFingerprint: null | Uint8Array;
+  public revocationKeyFingerprint: null | Uint8Array<ArrayBuffer>;
   public issuerKeyID: KeyID;
   public notation: null | { [name: string]: string };
   public preferredHashAlgorithms: enums.hash[] | null;
@@ -483,22 +483,22 @@ export class SignaturePacket extends BasePacket {
   public preferredKeyServer: null | string;
   public isPrimaryUserID: null | boolean;
   public policyURI: null | string;
-  public keyFlags: Uint8Array | null;
+  public keyFlags: Uint8Array<ArrayBuffer> | null;
   public signersUserID: null | string;
   public reasonForRevocationFlag: null | enums.reasonForRevocation;
   public reasonForRevocationString: null | string;
-  public features: Uint8Array | null;
+  public features: Uint8Array<ArrayBuffer> | null;
   public signatureTargetPublicKeyAlgorithm: enums.publicKey | null;
   public signatureTargetHashAlgorithm: enums.hash | null;
   public signatureTargetHash: null | string;
   public embeddedSignature: null | SignaturePacket;
   public issuerKeyVersion: null | number;
-  public issuerFingerprint: null | Uint8Array;
+  public issuerFingerprint: null | Uint8Array<ArrayBuffer>;
   public preferredAEADAlgorithms: enums.aead[] | null;
   public revoked: null | boolean;
   public rawNotations: RawNotation[];
-  public sign(key: AnySecretKeyPacket, data: Uint8Array, date?: Date, detached?: boolean): Promise<void>;
-  public verify(key: AnyKeyPacket, signatureType: enums.signature, data: Uint8Array | object, date?: Date, detached?: boolean, config?: Config): Promise<void>; // throws on error
+  public sign(key: AnySecretKeyPacket, data: Uint8Array<ArrayBuffer>, date?: Date, detached?: boolean): Promise<void>;
+  public verify(key: AnyKeyPacket, signatureType: enums.signature, data: Uint8Array<ArrayBuffer> | object, date?: Date, detached?: boolean, config?: Config): Promise<void>; // throws on error
   public isExpired(date?: Date): boolean;
   public getExpirationTime(): Date | typeof Infinity;
 }
@@ -506,12 +506,12 @@ export class SignaturePacket extends BasePacket {
 export interface RawSubpacket {
   type: number;
   critical: boolean;
-  body: Uint8Array;
+  body: Uint8Array<ArrayBuffer>;
 }
 
 export interface RawNotation {
   name: string;
-  value: Uint8Array;
+  value: Uint8Array<ArrayBuffer>;
   humanReadable: boolean;
   critical: boolean;
 }
@@ -522,7 +522,7 @@ export class TrustPacket extends BasePacket {
 
 export class UnparseablePacket {
   tag: enums.packet;
-  write: () => Uint8Array;
+  write: () => Uint8Array<ArrayBuffer>;
 }
 
 export type AnyPacket = BasePacket | UnparseablePacket;
@@ -531,9 +531,9 @@ export type AnyKeyPacket = BasePublicKeyPacket;
 
 type AllowedPackets = Map<enums.packet, object>; // mapping to Packet classes (i.e. typeof LiteralDataPacket etc.)
 export class PacketList<T extends AnyPacket> extends Array<T> {
-  static fromBinary(bytes: MaybeStream<Uint8Array>, allowedPackets: AllowedPackets, config?: Config): PacketList<AnyPacket>; // the packet types depend on`allowedPackets`
-  public read(bytes: MaybeStream<Uint8Array>, allowedPackets: AllowedPackets, config?: Config): void;
-  public write(): Uint8Array;
+  static fromBinary(bytes: MaybeStream<Uint8Array<ArrayBuffer>>, allowedPackets: AllowedPackets, config?: Config): PacketList<AnyPacket>; // the packet types depend on`allowedPackets`
+  public read(bytes: MaybeStream<Uint8Array<ArrayBuffer>>, allowedPackets: AllowedPackets, config?: Config): void;
+  public write(): Uint8Array<ArrayBuffer>;
   public filterByTag(...args: enums.packet[]): PacketList<T>;
   public indexOfTag(...tags: enums.packet[]): number[];
   public findPacket(tag: enums.packet): T | undefined;
@@ -543,13 +543,13 @@ export class PacketList<T extends AnyPacket> extends Array<T> {
 
 export interface UserID { name?: string; email?: string; comment?: string; }
 export interface SessionKey {
-  data: Uint8Array;
+  data: Uint8Array<ArrayBuffer>;
   algorithm: enums.symmetricNames;
   aeadAlgorithm?: enums.aeadNames;
 }
 
 export interface DecryptedSessionKey {
-  data: Uint8Array;
+  data: Uint8Array<ArrayBuffer>;
   algorithm: enums.symmetricNames | null; // `null` if the session key is associated with a SEIPDv2 packet
 }
 
@@ -594,13 +594,13 @@ export interface DecryptOptions {
   decryptionKeys?: MaybeArray<PrivateKey>;
   /** (optional) passwords to decrypt the message */
   passwords?: MaybeArray<string>;
-  /** (optional) session keys in the form: { data:Uint8Array, algorithm:String } */
+  /** (optional) session keys in the form: { data:Uint8Array<ArrayBuffer>, algorithm:String } */
   sessionKeys?: MaybeArray<SessionKey>;
   /** (optional) array of public keys or single key, to verify signatures */
   verificationKeys?: MaybeArray<PublicKey>;
   /** (optional) whether data decryption should fail if the message is not signed with the provided publicKeys */
   expectSigned?: boolean;
-  /** (optional) whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. */
+  /** (optional) whether to return data as a string(Stream) or Uint8Array<ArrayBuffer>(Stream). If 'utf8' (the default), also normalize newlines. */
   format?: 'utf8' | 'binary';
   /** (optional) detached signature for verification */
   signature?: Signature;
@@ -628,7 +628,7 @@ export interface VerifyOptions {
   verificationKeys: MaybeArray<PublicKey>;
   /** (optional) whether verification should throw if the message is not signed with the provided publicKeys */
   expectSigned?: boolean;
-  /** (optional) whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. */
+  /** (optional) whether to return data as a string(Stream) or Uint8Array<ArrayBuffer>(Stream). If 'utf8' (the default), also normalize newlines. */
   format?: 'utf8' | 'binary';
   /** (optional) detached signature for verification */
   signature?: Signature;
@@ -648,7 +648,7 @@ export interface EncryptSessionKeyOptions extends SessionKey {
   config?: PartialConfig
 }
 
-interface SerializedKeyPair<T extends string | Uint8Array> {
+interface SerializedKeyPair<T extends string | Uint8Array<ArrayBuffer>> {
   privateKey: T;
   publicKey: T;
 }
@@ -705,25 +705,25 @@ export function armor(messagetype: enums.armor, body: object, partindex?: number
 /**
  * DeArmor an OpenPGP armored message; verify the checksum and return the encoded bytes
  */
-export function unarmor(input: string, config?: Config): Promise<{ text: string, data: Stream<Uint8Array>, type: enums.armor }>;
+export function unarmor(input: string, config?: Config): Promise<{ text: string, data: Stream<Uint8Array<ArrayBuffer>>, type: enums.armor }>;
 
 export declare class Argon2S2K {
   static reloadWasmModule(): void;
   static ARGON2_WASM_MEMORY_THRESHOLD_RELOAD: number;
   constructor(config: Config);
-  salt: Uint8Array;
+  salt: Uint8Array<ArrayBuffer>;
   /** @throws Argon2OutOfMemoryError */
-  produceKey(passphrase: string, keySize: number): Promise<Uint8Array>;
+  produceKey(passphrase: string, keySize: number): Promise<Uint8Array<ArrayBuffer>>;
 }
 
 interface KDFParamsData {
   version: number;
   hash: enums.hash;
   cipher: enums.symmetric;
-  replacementFingerprint?: Uint8Array;
+  replacementFingerprint?: Uint8Array<ArrayBuffer>;
 }
 
 export class KDFParams {
   constructor(data: KDFParamsData);
-  write(forReplacementParams?: boolean): Uint8Array;
+  write(forReplacementParams?: boolean): Uint8Array<ArrayBuffer>;
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@protontech/openpgp",
   "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
-  "version": "6.1.1-patch.3",
+  "version": "6.1.1-patch.5",
   "license": "LGPL-3.0+",
   "homepage": "https://openpgpjs.org/",
   "engines": {
@@ -72,6 +72,7 @@
     "@openpgp/seek-bzip": "^1.0.5-git",
     "@openpgp/tweetnacl": "^1.0.4-1",
     "@openpgp/web-stream-tools": "~0.1.3",
+    "@protontech/eslint-plugin-enforce-uint8array-arraybuffer": "^1.0.0",
     "@rollup/plugin-alias": "^5.1.1",
     "@rollup/plugin-commonjs": "^25.0.8",
     "@rollup/plugin-node-resolve": "^15.3.0",
@@ -103,13 +104,13 @@
     "eslint-plugin-unicorn": "^48.0.1",
     "fflate": "^0.7.4",
     "mocha": "^10.7.3",
-    "playwright": "^1.48.2",
+    "playwright": "^1.54.2",
     "rollup": "^4.24.2",
     "sinon": "^18.0.1",
     "ts-node": "^10.9.2",
     "tslib": "^2.8.0",
     "tsx": "^4.19.2",
-    "typescript": "^5.6.3",
+    "typescript": "^5.9.2",
     "web-streams-polyfill": "^4.0.0"
   },
   "overrides": {