npm - @protontech/openpgp - Versions diffs - 6.1.1-patch.5 → 6.2.2 - Mend

@protontech/openpgp 6.1.1-patch.5 → 6.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/README.md +13 -2
package/dist/lightweight/argon2id.min.mjs +2 -2
package/dist/lightweight/argon2id.min.mjs.map +1 -1
package/dist/lightweight/argon2id.mjs +4 -4
package/dist/lightweight/legacy_ciphers.min.mjs +1 -1
package/dist/lightweight/legacy_ciphers.min.mjs.map +1 -1
package/dist/lightweight/legacy_ciphers.mjs +10 -10
package/dist/lightweight/nacl-fast.min.mjs +3 -0
package/dist/lightweight/nacl-fast.min.mjs.map +1 -0
package/dist/lightweight/nacl-fast.mjs +1382 -0
package/dist/lightweight/noble_curves.min.mjs +11 -12
package/dist/lightweight/noble_curves.min.mjs.map +1 -1
package/dist/lightweight/noble_curves.mjs +2175 -1752
package/dist/lightweight/noble_hashes.min.mjs +2 -2
package/dist/lightweight/noble_hashes.min.mjs.map +1 -1
package/dist/lightweight/noble_hashes.mjs +80 -51
package/dist/lightweight/noble_post_quantum.min.mjs +3 -4
package/dist/lightweight/noble_post_quantum.min.mjs.map +1 -1
package/dist/lightweight/noble_post_quantum.mjs +352 -10
package/dist/lightweight/openpgp.min.mjs +3 -4
package/dist/lightweight/openpgp.min.mjs.map +1 -1
package/dist/lightweight/openpgp.mjs +1004 -2822
package/dist/lightweight/seek-bzip.min.mjs +2 -2
package/dist/lightweight/seek-bzip.min.mjs.map +1 -1
package/dist/lightweight/seek-bzip.mjs +780 -746
package/dist/lightweight/sha512.min.mjs +4 -2
package/dist/lightweight/sha512.min.mjs.map +1 -1
package/dist/lightweight/sha512.mjs +672 -130
package/dist/node/openpgp.cjs +10691 -10143
package/dist/node/openpgp.min.cjs +14 -17
package/dist/node/openpgp.min.cjs.map +1 -1
package/dist/node/openpgp.min.mjs +14 -17
package/dist/node/openpgp.min.mjs.map +1 -1
package/dist/node/openpgp.mjs +10691 -10142
package/dist/openpgp.js +11739 -11195
package/dist/openpgp.min.js +14 -17
package/dist/openpgp.min.js.map +1 -1
package/dist/openpgp.min.mjs +14 -17
package/dist/openpgp.min.mjs.map +1 -1
package/dist/openpgp.mjs +11739 -11195
package/{src → dist/types}/config/config.d.ts +1 -21
package/{openpgp.d.ts → dist/types/index.d.ts} +26 -8
package/dist/types/packet/grammar.d.ts +33 -0
package/package.json +38 -38
package/dist/lightweight/sha3.min.mjs +0 -4
package/dist/lightweight/sha3.min.mjs.map +0 -1
package/dist/lightweight/sha3.mjs +0 -401
/package/{src → dist/types}/config/index.d.ts +0 -0
/package/{src → dist/types}/enums.d.ts +0 -0

package/dist/lightweight/openpgp.min.mjs CHANGED Viewed

@@ -1,5 +1,4 @@
-/*! OpenPGP.js v6.1.1-patch.5 - 2025-08-13 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
-const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),n=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function a(e){return e&&e.getReader&&Array.isArray(e)}function s(e){if(!a(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function o(t){if(a(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function c(e){return Uint8Array.prototype.isPrototypeOf(e)}function u(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!c(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let i=0;return e.forEach((function(e){r.set(e,i),i+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[n]&&(this[n]=0),{read:async()=>(await this[t],this[n]===this.length?{value:void 0,done:!0}:{value:this[this[n]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[n]));return this.length=0,r},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[t]=this[t].then((()=>{e.push(...this)})),e},s.prototype.write=async function(e){this.stream.push(e)},s.prototype.close=async function(){this.stream[r]()},s.prototype.abort=async function(e){return this.stream[i](e),e},s.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const h=new WeakSet,l=Symbol("externalBuffer");function y(e){if(this.stream=e,e[l]&&(this[l]=e[l].slice()),a(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||h.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{h.add(e)}catch(e){}}}function p(e){return o(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(o(e))return e;const t=new ArrayStream;return(async()=>{const r=I(t);await r.write(e),await r.close()})(),t}function g(e){return e.some((e=>o(e)&&!a(e)))?function(e){e=e.map(p);const t=w((async function(e){await Promise.all(i.map((t=>U(t,e))))}));let r=Promise.resolve();const i=e.map(((i,n)=>k(i,((i,a)=>(r=r.then((()=>f(i,t.writable,{preventClose:n!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>a(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((i,n)=>(r=r.then((()=>f(i,t,{preventClose:n!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):u(e)}async function f(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:n=!1}={}){if(o(e)&&!a(e)){e=p(e);try{if(e[l]){const r=I(t);for(let t=0;t<e[l].length;t++)await r.ready,await r.write(e[l][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:i,preventCancel:n})}catch(e){}return}const s=x(e=d(e)),c=I(t);try{for(;;){await c.ready;const{done:e,value:t}=await s.read();if(e){r||await c.close();break}await c.write(t)}}catch(e){i||await c.abort(e)}finally{s.releaseLock(),c.releaseLock()}}function m(e,t){const r=new TransformStream(t);return f(e,r.writable),r.readable}function w(e){let t,r,i,n=!1,a=!1;return{readable:new ReadableStream({start(e){i=e},pull(){t?t():n=!0},async cancel(t){a=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(a)throw Error("Stream is cancelled");i.enqueue(e),n?n=!1:(await new Promise(((e,i)=>{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function b(e,t=()=>{},r=()=>{}){if(a(e)){const i=new ArrayStream;return(async()=>{const n=I(i);try{const i=await P(e),a=t(i),s=r();let o;o=void 0!==a&&void 0!==s?g([a,s]):void 0!==a?a:s,await n.write(o),await n.close()}catch(e){await n.abort(e)}})(),i}if(o(e))return m(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),n=r();return void 0!==i&&void 0!==n?g([i,n]):void 0!==i?i:n}function k(e,t){if(o(e)&&!a(e)){let r;const i=new TransformStream({start(e){r=e}}),n=f(e,i.writable),a=w((async function(e){r.error(e),await n,await new Promise(setTimeout)}));return t(i.readable,a.writable),a.readable}e=d(e);const r=new ArrayStream;return t(e,r),r}function v(e,t){let r;const i=k(e,((e,n)=>{const a=x(e);a.remainder=()=>(a.releaseLock(),f(e,n),i),r=t(a)}));return r}function K(e){if(a(e))return e.clone();if(o(e)){const t=function(e){if(a(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(o(e)){const t=p(e).tee();return t[0][l]=t[1][l]=e[l],t}return[S(e),S(e)]}(e);return E(e,t[0]),t[1]}return S(e)}function A(e){return a(e)?K(e):o(e)?new ReadableStream({start(t){const r=k(e,(async(e,r)=>{const i=x(e),n=I(r);try{for(;;){await n.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await n.close()}try{t.enqueue(r)}catch(e){}await n.write(r)}}catch(e){t.error(e),await n.abort(e)}}));E(e,r)}}):S(e)}function E(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function S(e,t=0,r=1/0){if(a(e))throw Error("Not implemented");if(o(e)){if(t>=0&&r>=0){let i=0;return m(e,{transform(e,n){i<r?(i+e.length>=t&&n.enqueue(S(e,Math.max(t-i,0),r-i)),i+=e.length):n.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return b(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>S(g(i),t,r)))}if(0===t&&r<0){let i;return b(e,(e=>{const n=i?g([i,e]):e;if(n.length>=-r)return i=S(n,r),S(n,t,r);i=n}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),D((async()=>S(await P(e),t,r)))}return e[l]&&(e=g(e[l].concat([e]))),c(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function P(e,t=g){return a(e)?e.readToEnd(t):o(e)?x(e).readToEnd(t):e}async function U(e,t){if(o(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function D(e){const t=new ArrayStream;return(async()=>{const r=I(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function x(e){return new y(e)}function I(e){return new s(e)}y.prototype.read=async function(){if(this[l]&&this[l].length){return{done:!1,value:this[l].shift()}}return this._read()},y.prototype.releaseLock=function(){this[l]&&(this.stream[l]=this[l]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?g(t):void 0;const n=i.indexOf("\n")+1;n&&(e=g(t.concat(i.substr(0,n))),t=[]),n!==i.length&&t.push(i.substr(n))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(S(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:n}=await this.read();if(i)return t.length?g(t):void 0;if(t.push(n),r+=n.length,r>=e){const r=g(t);return this.unshift(S(r,e)),S(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[l]||(this[l]=[]),1===e.length&&c(e[0])&&this[l].length&&e[0].length&&this[l][0].byteOffset>=e[0].length?this[l][0]=new Uint8Array(this[l][0].buffer,this[l][0].byteOffset-e[0].length,this[l][0].byteLength+e[0].length):this[l].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=g){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const C=Symbol("byValue");var B={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mldsa_ed25519:30,pqc_mlkem_x25519:35,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[C]||(e[C]=[],Object.entries(e).forEach((([t,r])=>{e[C][r]=t}))),void 0!==e[C][t])return e[C][t];throw Error("Invalid enum value.")}},T={preferredHashAlgorithm:B.hash.sha512,preferredSymmetricAlgorithm:B.symmetric.aes256,preferredCompressionAlgorithm:B.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:B.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:B.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([B.symmetric.aes128,B.symmetric.aes192,B.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,enforceGrammar:!0,pluggableGrammarErrorReporter:null,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.1.1-patch.5",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([B.hash.md5,B.hash.ripemd]),rejectMessageHashAlgorithms:new Set([B.hash.md5,B.hash.ripemd,B.hash.sha1]),rejectPublicKeyAlgorithms:new Set([B.publicKey.elgamal,B.publicKey.dsa]),rejectCurves:new Set([B.curve.secp256k1])};const M=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),F={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:c,isStream:o,getNobleCurve:async(e,t)=>{if(!T.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await import("./noble_curves.min.mjs");switch(e){case B.publicKey.ecdh:case B.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case B.publicKey.x448:return r.get("x448");case B.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let i=0;i<t;i++)r[i]=e>>8*(t-i-1)&255;return r},readDate:function(e){const t=F.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return F.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return F.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=F.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return F.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+F.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return b(e,(e=>{if(!F.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,i=(e=new Uint8Array(e)).length;for(let n=0;n<i;n+=r)t.push(String.fromCharCode.apply(String,e.subarray(n,n+r<i?n+r:i)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return b(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return b(e,r,(()=>r(new Uint8Array,!0)))},concat:g,concatUint8Array:u,equalsUint8Array:function(e,t){if(!F.isUint8Array(e)||!F.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},findLastIndex:function(e,t){for(let r=e.length;r>=0;r--)if(t(e[r],r,e))return r;return-1},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return F.writeNumber(t,2)},printDebug:function(e){M&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){M&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i<r;i++)t[i]=e[i]<<1^e[i+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!F.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return b(e,(e=>{let r;t&&(e=F.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const n=new Uint8Array(e.length+i.length);let a=0;for(let t=0;t<i.length;t++){const r=e.subarray(i[t-1]||0,i[t]);n.set(r,a),a+=r.length,n[a-1]=13,n[a]=10,a++}return n.set(e.subarray(i[i.length-1]||0),a),n}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return b(e,(e=>{let r;13===(e=t&&10!==e[0]?F.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const n=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,n),i+=n-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return Error(e);try{t.message=e+": "+t.message}catch(e){}return t},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),n=new Uint8Array(i);let a=0;for(let i=0;i<n.length;i++)n[i]=t[i]&256-e|r[i]&255+e,a+=e&i<t.length|1-e&i<r.length;return n.subarray(0,a)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===B.symmetric.aes128||e===B.symmetric.aes192||e===B.symmetric.aes256}},_=F.getNodeBuffer();let R,L;function N(e){let t=new Uint8Array;return b(e,(e=>{t=F.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),n=45*i,a=R(t.subarray(0,n));for(let e=0;e<i;e++)r.push(a.substr(60*e,60)),r.push("\n");return t=t.subarray(n),r.join("")}),(()=>t.length?R(t)+"\n":""))}function z(e){let t="";return b(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e<i.length;e++){const n=i[e];for(let e=t.indexOf(n);-1!==e;e=t.indexOf(n,e+1))r++}let n=t.length;for(;n>0&&(n-r)%4!=0;n--)i.includes(t[n])&&r--;const a=L(t.substr(0,n));return t=t.substr(n),a}),(()=>L(t)))}function O(e){return z(e.replace(/-/g,"+").replace(/_/g,"/"))}function j(e,t){let r=N(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function q(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?B.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?B.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?B.armor.signed:/MESSAGE/.test(t[1])?B.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?B.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?B.armor.privateKey:/SIGNATURE/.test(t[1])?B.armor.signature:void 0}function H(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function G(e){const t=function(e){let t=13501623;return b(e,(e=>{const r=W?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=i[e],t=V[0][t>>24&255]^V[1][t>>16&255]^V[2][t>>8&255]^V[3][255&t];for(let i=4*r;i<e.length;i++)t=t>>8^V[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return N(t)}_?(R=e=>_.from(e).toString("base64"),L=e=>{const t=_.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(R=e=>btoa(F.uint8ArrayToString(e)),L=e=>F.stringToUint8Array(atob(e)));const V=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);V[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)V[1][e]=V[0][e]>>8^V[0][255&V[0][e]];for(let e=0;e<=255;e++)V[2][e]=V[1][e]>>8^V[0][255&V[1][e]];for(let e=0;e<=255;e++)V[3][e]=V[2][e]>>8^V[0][255&V[2][e]];const W=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function $(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||F.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||F.printDebugError(Error("Unknown header: "+e[t]))}function Z(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function X(e){return new Promise((async(t,r)=>{try{const i=/^-----[^-]+-----$/m,n=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let a;const s=[];let o,c,u=s,h=[];const l=z(k(e,(async(e,y)=>{const p=x(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=F.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),a)if(o)c||a!==B.armor.signed||(i.test(e)?(h=h.join("\r\n"),c=!0,$(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(i.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),n.test(e)){if($(u),o=!0,c||a!==B.armor.signed){t({text:h,data:l,headers:s,type:a});break}}else u.push(e);else i.test(e)&&(a=q(e))}}catch(e){return void r(e)}const d=I(y);try{for(;;){await d.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=F.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const n=Z(t[0].slice(0,-1));await d.write(n);break}await d.write(r)}await d.ready,await d.close()}catch(e){await d.abort(e)}})))}catch(e){r(e)}})).then((async e=>(a(e.data)&&(e.data=await P(e.data)),e)))}function Q(e,t,r,i,n,a=!1,s=T){let o,c;e===B.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=a&&A(t),h=[];switch(e){case B.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case B.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case B.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n");break;case B.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE-----\n");break;case B.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case B.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case B.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(H(n,s)),h.push(N(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n")}return F.concat(h)}const Y=BigInt(0),J=BigInt(1);function ee(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function te(e,t){const r=e%t;return r<Y?r+t:r}function re(e,t,r){if(r===Y)throw Error("Modulo cannot be zero");if(r===J)return BigInt(0);if(t<Y)throw Error("Unsopported negative exponent");let i=t,n=e;n%=r;let a=BigInt(1);for(;i>Y;){const e=i&J;i>>=J;a=e?a*n%r:a,n=n*n%r}return a}function ie(e){return e>=Y?e:-e}function ne(e,t){const{gcd:r,x:i}=function(e,t){let r=BigInt(0),i=BigInt(1),n=BigInt(1),a=BigInt(0),s=ie(e),o=ie(t);const c=e<Y,u=t<Y;for(;o!==Y;){const e=s/o;let t=r;r=n-e*r,n=t,t=i,i=a-e*i,a=t,t=o,o=s%o,s=t}return{x:c?-n:n,y:u?-a:a,gcd:s}}(e,t);if(r!==J)throw Error("Inverse does not exist");return te(i+t,t)}function ae(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function se(e,t){return(e>>BigInt(t)&J)===Y?0:1}function oe(e){const t=e<Y?BigInt(-1):Y;let r=1,i=e;for(;(i>>=J)!==t;)r++;return r}function ce(e){const t=e<Y?BigInt(-1):Y,r=BigInt(8);let i=1,n=e;for(;(n>>=r)!==t;)i++;return i}function ue(e,t="be",r){let i=e.toString(16);i.length%2==1&&(i="0"+i);const n=i.length/2,a=new Uint8Array(r||n),s=r?r-n:0;let o=0;for(;o<n;)a[o+s]=parseInt(i.slice(2*o,2*o+2),16),o++;return"be"!==t&&a.reverse(),a}const he=F.getNodeCrypto();function le(e){const t="undefined"!=typeof crypto?crypto:he?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function ye(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return te(ee(le(ce(r)+8)),r)+e}const pe=BigInt(1);function de(e,t,r){const i=BigInt(30),n=pe<<BigInt(e-1),a=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let s=ye(n,n<<pe),o=ae(te(s,i));do{s+=BigInt(a[o]),o=(o+a[o])%a.length,oe(s)>e&&(s=te(s,n<<pe),s+=n,o=ae(te(s,i)))}while(!ge(s,t,r));return s}function ge(e,t,r){return(!t||function(e,t){let r=e,i=t;for(;i!==Y;){const e=i;i=r%i,r=e}return r}(e-pe,t)===pe)&&(!!function(e){const t=BigInt(0);return fe.every((r=>te(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return re(t,e-pe,e)===pe}(e)&&!!function(e,t){const r=oe(e);t||(t=Math.max(1,r/48|0));const i=e-pe;let n=0;for(;!se(i,n);)n++;const a=e>>BigInt(n);for(;t>0;t--){let t,r=re(ye(BigInt(2),i),a,e);if(r!==pe&&r!==i){for(t=1;t<n;t++){if(r=te(r*r,e),r===pe)return!1;if(r===i)break}if(t===n)return!1}}return!0}(e,r)))}const fe=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const me=F.getWebCrypto(),we=F.getNodeCrypto(),be=we&&we.getHashes();function ke(e){if(we&&be.includes(e))return async function(t){const r=we.createHash(e);return b(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function ve(e,t){const r=async()=>{const{nobleHashes:t}=await import("./noble_hashes.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(a(e)&&(e=await P(e)),F.isStream(e)){const t=(await r()).create();return b(e,(e=>{t.update(e)}),(()=>t.digest()))}if(me&&t)return new Uint8Array(await me.digest(t,e));return(await r())(e)}}const Ke=ke("md5")||ve("md5"),Ae=ke("sha1")||ve("sha1","SHA-1"),Ee=ke("sha224")||ve("sha224"),Se=ke("sha256")||ve("sha256","SHA-256"),Pe=ke("sha384")||ve("sha384","SHA-384"),Ue=ke("sha512")||ve("sha512","SHA-512"),De=ke("ripemd160")||ve("ripemd160"),xe=ke("sha3-256")||ve("sha3_256"),Ie=ke("sha3-512")||ve("sha3_512");function Ce(e,t){switch(e){case B.hash.md5:return Ke(t);case B.hash.sha1:return Ae(t);case B.hash.ripemd:return De(t);case B.hash.sha256:return Se(t);case B.hash.sha384:return Pe(t);case B.hash.sha512:return Ue(t);case B.hash.sha224:return Ee(t);case B.hash.sha3_256:return xe(t);case B.hash.sha3_512:return Ie(t);default:throw Error("Unsupported hash function")}}function Be(e){switch(e){case B.hash.md5:return 16;case B.hash.sha1:case B.hash.ripemd:return 20;case B.hash.sha256:return 32;case B.hash.sha384:return 48;case B.hash.sha512:return 64;case B.hash.sha224:return 28;case B.hash.sha3_256:return 32;case B.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Te=[];function Me(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const i=le(e-r);for(let e=0;e<i.length;e++)0!==i[e]&&(t[r++]=i[e])}return t}(t-r-3),n=new Uint8Array(t);return n[1]=2,n.set(i,2),n.set(e,t-r),n}function Fe(e,t){let r=2,i=1;for(let t=r;t<e.length;t++)i&=0!==e[t],r+=i;const n=r-2,a=e.subarray(r+1),s=0===e[0]&2===e[1]&n>=8&!i;if(t)return F.selectUint8Array(s,a,t);if(s)return a;throw Error("Decryption error")}function _e(e,t,r){let i;if(t.length!==Be(e))throw Error("Invalid hash length");const n=new Uint8Array(Te[e].length);for(i=0;i<Te[e].length;i++)n[i]=Te[e][i];const a=n.length+t.length;if(r<a+11)throw Error("Intended encoded message length too short");const s=new Uint8Array(r-a-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(s,2),o.set(n,r-a),o.set(t,r-t.length),o}Te[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Te[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Te[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Te[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Te[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Te[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Te[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const Re=F.getWebCrypto(),Le=F.getNodeCrypto(),Ne=BigInt(1);async function ze(e,t,r,i,n,a,s,o,c){if(Be(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,n,a,s,o){const c=await He(r,i,n,a,s,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await Re.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await Re.sign("RSASSA-PKCS1-v1_5",h,t))}(B.read(B.webHash,e),t,r,i,n,a,s,o)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,n,a,s,o){const c=Le.createSign(B.read(B.hash,e));c.write(t),c.end();const u=await He(r,i,n,a,s,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,i,n,a,s,o);return async function(e,t,r,i){t=ee(t);const n=ee(_e(e,i,ce(t)));return r=ee(r),ue(re(n,r,t),"be",ce(t))}(e,r,n,c)}async function Oe(e,t,r,i,n,a){if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,n){const a=Ge(i,n),s=await Re.importKey("jwk",a,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return Re.verify("RSASSA-PKCS1-v1_5",s,r,t)}(B.read(B.webHash,e),t,r,i,n)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,n){const a=Ge(i,n),s={key:a,format:"jwk",type:"pkcs1"},o=Le.createVerify(B.read(B.hash,e));o.write(t),o.end();try{return o.verify(s,r)}catch(e){return!1}}(e,t,r,i,n);return async function(e,t,r,i,n){if(r=ee(r),t=ee(t),i=ee(i),t>=r)throw Error("Signature size cannot exceed modulus size");const a=ue(re(t,i,r),"be",ce(r)),s=_e(e,n,ce(r));return F.equalsUint8Array(a,s)}(e,r,i,n,a)}async function je(e,t,r){return F.getNodeCrypto()?async function(e,t,r){const i=Ge(t,r),n={key:i,format:"jwk",type:"pkcs1",padding:Le.constants.RSA_PKCS1_PADDING};return new Uint8Array(Le.publicEncrypt(n,e))}(e,t,r):async function(e,t,r){if(t=ee(t),e=ee(Me(e,ce(t))),r=ee(r),e>=t)throw Error("Message size cannot exceed modulus size");return ue(re(e,r,t),"be",ce(t))}(e,t,r)}async function qe(e,t,r,i,n,a,s,o){if(F.getNodeCrypto()&&!o)try{return await async function(e,t,r,i,n,a,s){const o=await He(t,r,i,n,a,s),c={key:o,format:"jwk",type:"pkcs1",padding:Le.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Le.privateDecrypt(c,e))}catch(e){throw Error("Decryption error")}}(e,t,r,i,n,a,s)}catch(e){F.printDebugError(e)}return async function(e,t,r,i,n,a,s,o){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),n=ee(n),a=ee(a),s=ee(s),e>=t)throw Error("Data too large.");const c=te(i,a-Ne),u=te(i,n-Ne),h=ye(BigInt(2),t),l=re(ne(h,t),r,t);e=te(e*l,t);const y=re(e,u,n),p=re(e,c,a),d=te(s*(p-y),a);let g=d*n+y;return g=te(g*h,t),Fe(ue(g,"be",ce(t)),o)}(e,t,r,i,n,a,s,o)}async function He(e,t,r,i,n,a){const s=ee(i),o=ee(n),c=ee(r);let u=te(c,o-Ne),h=te(c,s-Ne);return h=ue(h),u=ue(u),{kty:"RSA",n:j(e),e:j(t),d:j(r),p:j(n),q:j(i),dp:j(u),dq:j(h),qi:j(a),ext:!0}}function Ge(e,t){return{kty:"RSA",n:j(e),e:j(t),ext:!0}}function Ve(e,t){return{n:O(e.n),e:ue(t),d:O(e.d),p:O(e.q),q:O(e.p),u:O(e.qi)}}const We=BigInt(1);const $e="object"==typeof e&&"crypto"in e?e.crypto:void 0,Ze={};var Xe=function(e){var t,r=new Float64Array(16);if(e)for(t=0;t<e.length;t++)r[t]=e[t];return r},Qe=function(){throw Error("no PRNG")},Ye=new Uint8Array(32);Ye[0]=9;var Je=Xe(),et=Xe([1]),tt=Xe([56129,1]),rt=Xe([30883,4953,19914,30187,55467,16705,2637,112,59544,30585,16505,36039,65139,11119,27886,20995]),it=Xe([61785,9906,39828,60374,45398,33411,5274,224,53552,61171,33010,6542,64743,22239,55772,9222]),nt=Xe([54554,36645,11616,51542,42930,38181,51040,26924,56412,64982,57905,49316,21502,52590,14035,8553]),at=Xe([26200,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214]),st=Xe([41136,18958,6951,50414,58488,44335,6150,12099,55207,15867,153,11085,57099,20417,9344,11139]);function ot(e,t,r,i){e[t]=r>>24&255,e[t+1]=r>>16&255,e[t+2]=r>>8&255,e[t+3]=255&r,e[t+4]=i>>24&255,e[t+5]=i>>16&255,e[t+6]=i>>8&255,e[t+7]=255&i}function ct(e,t,r,i){return function(e,t,r,i,n){var a,s=0;for(a=0;a<n;a++)s|=e[t+a]^r[i+a];return(1&s-1>>>8)-1}(e,t,r,i,32)}function ut(e,t){var r;for(r=0;r<16;r++)e[r]=0|t[r]}function ht(e){var t,r,i=1;for(t=0;t<16;t++)r=e[t]+i+65535,i=Math.floor(r/65536),e[t]=r-65536*i;e[0]+=i-1+37*(i-1)}function lt(e,t,r){for(var i,n=~(r-1),a=0;a<16;a++)i=n&(e[a]^t[a]),e[a]^=i,t[a]^=i}function yt(e,t){var r,i,n,a=Xe(),s=Xe();for(r=0;r<16;r++)s[r]=t[r];for(ht(s),ht(s),ht(s),i=0;i<2;i++){for(a[0]=s[0]-65517,r=1;r<15;r++)a[r]=s[r]-65535-(a[r-1]>>16&1),a[r-1]&=65535;a[15]=s[15]-32767-(a[14]>>16&1),n=a[15]>>16&1,a[14]&=65535,lt(s,a,1-n)}for(r=0;r<16;r++)e[2*r]=255&s[r],e[2*r+1]=s[r]>>8}function pt(e,t){var r=new Uint8Array(32),i=new Uint8Array(32);return yt(r,e),yt(i,t),ct(r,0,i,0)}function dt(e){var t=new Uint8Array(32);return yt(t,e),1&t[0]}function gt(e,t){var r;for(r=0;r<16;r++)e[r]=t[2*r]+(t[2*r+1]<<8);e[15]&=32767}function ft(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]+r[i]}function mt(e,t,r){for(var i=0;i<16;i++)e[i]=t[i]-r[i]}function wt(e,t,r){var i,n,a=0,s=0,o=0,c=0,u=0,h=0,l=0,y=0,p=0,d=0,g=0,f=0,m=0,w=0,b=0,k=0,v=0,K=0,A=0,E=0,S=0,P=0,U=0,D=0,x=0,I=0,C=0,B=0,T=0,M=0,F=0,_=r[0],R=r[1],L=r[2],N=r[3],z=r[4],O=r[5],j=r[6],q=r[7],H=r[8],G=r[9],V=r[10],W=r[11],$=r[12],Z=r[13],X=r[14],Q=r[15];a+=(i=t[0])*_,s+=i*R,o+=i*L,c+=i*N,u+=i*z,h+=i*O,l+=i*j,y+=i*q,p+=i*H,d+=i*G,g+=i*V,f+=i*W,m+=i*$,w+=i*Z,b+=i*X,k+=i*Q,s+=(i=t[1])*_,o+=i*R,c+=i*L,u+=i*N,h+=i*z,l+=i*O,y+=i*j,p+=i*q,d+=i*H,g+=i*G,f+=i*V,m+=i*W,w+=i*$,b+=i*Z,k+=i*X,v+=i*Q,o+=(i=t[2])*_,c+=i*R,u+=i*L,h+=i*N,l+=i*z,y+=i*O,p+=i*j,d+=i*q,g+=i*H,f+=i*G,m+=i*V,w+=i*W,b+=i*$,k+=i*Z,v+=i*X,K+=i*Q,c+=(i=t[3])*_,u+=i*R,h+=i*L,l+=i*N,y+=i*z,p+=i*O,d+=i*j,g+=i*q,f+=i*H,m+=i*G,w+=i*V,b+=i*W,k+=i*$,v+=i*Z,K+=i*X,A+=i*Q,u+=(i=t[4])*_,h+=i*R,l+=i*L,y+=i*N,p+=i*z,d+=i*O,g+=i*j,f+=i*q,m+=i*H,w+=i*G,b+=i*V,k+=i*W,v+=i*$,K+=i*Z,A+=i*X,E+=i*Q,h+=(i=t[5])*_,l+=i*R,y+=i*L,p+=i*N,d+=i*z,g+=i*O,f+=i*j,m+=i*q,w+=i*H,b+=i*G,k+=i*V,v+=i*W,K+=i*$,A+=i*Z,E+=i*X,S+=i*Q,l+=(i=t[6])*_,y+=i*R,p+=i*L,d+=i*N,g+=i*z,f+=i*O,m+=i*j,w+=i*q,b+=i*H,k+=i*G,v+=i*V,K+=i*W,A+=i*$,E+=i*Z,S+=i*X,P+=i*Q,y+=(i=t[7])*_,p+=i*R,d+=i*L,g+=i*N,f+=i*z,m+=i*O,w+=i*j,b+=i*q,k+=i*H,v+=i*G,K+=i*V,A+=i*W,E+=i*$,S+=i*Z,P+=i*X,U+=i*Q,p+=(i=t[8])*_,d+=i*R,g+=i*L,f+=i*N,m+=i*z,w+=i*O,b+=i*j,k+=i*q,v+=i*H,K+=i*G,A+=i*V,E+=i*W,S+=i*$,P+=i*Z,U+=i*X,D+=i*Q,d+=(i=t[9])*_,g+=i*R,f+=i*L,m+=i*N,w+=i*z,b+=i*O,k+=i*j,v+=i*q,K+=i*H,A+=i*G,E+=i*V,S+=i*W,P+=i*$,U+=i*Z,D+=i*X,x+=i*Q,g+=(i=t[10])*_,f+=i*R,m+=i*L,w+=i*N,b+=i*z,k+=i*O,v+=i*j,K+=i*q,A+=i*H,E+=i*G,S+=i*V,P+=i*W,U+=i*$,D+=i*Z,x+=i*X,I+=i*Q,f+=(i=t[11])*_,m+=i*R,w+=i*L,b+=i*N,k+=i*z,v+=i*O,K+=i*j,A+=i*q,E+=i*H,S+=i*G,P+=i*V,U+=i*W,D+=i*$,x+=i*Z,I+=i*X,C+=i*Q,m+=(i=t[12])*_,w+=i*R,b+=i*L,k+=i*N,v+=i*z,K+=i*O,A+=i*j,E+=i*q,S+=i*H,P+=i*G,U+=i*V,D+=i*W,x+=i*$,I+=i*Z,C+=i*X,B+=i*Q,w+=(i=t[13])*_,b+=i*R,k+=i*L,v+=i*N,K+=i*z,A+=i*O,E+=i*j,S+=i*q,P+=i*H,U+=i*G,D+=i*V,x+=i*W,I+=i*$,C+=i*Z,B+=i*X,T+=i*Q,b+=(i=t[14])*_,k+=i*R,v+=i*L,K+=i*N,A+=i*z,E+=i*O,S+=i*j,P+=i*q,U+=i*H,D+=i*G,x+=i*V,I+=i*W,C+=i*$,B+=i*Z,T+=i*X,M+=i*Q,k+=(i=t[15])*_,s+=38*(K+=i*L),o+=38*(A+=i*N),c+=38*(E+=i*z),u+=38*(S+=i*O),h+=38*(P+=i*j),l+=38*(U+=i*q),y+=38*(D+=i*H),p+=38*(x+=i*G),d+=38*(I+=i*V),g+=38*(C+=i*W),f+=38*(B+=i*$),m+=38*(T+=i*Z),w+=38*(M+=i*X),b+=38*(F+=i*Q),a=(i=(a+=38*(v+=i*R))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),k=(i=k+n+65535)-65536*(n=Math.floor(i/65536)),a=(i=(a+=n-1+37*(n-1))+(n=1)+65535)-65536*(n=Math.floor(i/65536)),s=(i=s+n+65535)-65536*(n=Math.floor(i/65536)),o=(i=o+n+65535)-65536*(n=Math.floor(i/65536)),c=(i=c+n+65535)-65536*(n=Math.floor(i/65536)),u=(i=u+n+65535)-65536*(n=Math.floor(i/65536)),h=(i=h+n+65535)-65536*(n=Math.floor(i/65536)),l=(i=l+n+65535)-65536*(n=Math.floor(i/65536)),y=(i=y+n+65535)-65536*(n=Math.floor(i/65536)),p=(i=p+n+65535)-65536*(n=Math.floor(i/65536)),d=(i=d+n+65535)-65536*(n=Math.floor(i/65536)),g=(i=g+n+65535)-65536*(n=Math.floor(i/65536)),f=(i=f+n+65535)-65536*(n=Math.floor(i/65536)),m=(i=m+n+65535)-65536*(n=Math.floor(i/65536)),w=(i=w+n+65535)-65536*(n=Math.floor(i/65536)),b=(i=b+n+65535)-65536*(n=Math.floor(i/65536)),k=(i=k+n+65535)-65536*(n=Math.floor(i/65536)),a+=n-1+37*(n-1),e[0]=a,e[1]=s,e[2]=o,e[3]=c,e[4]=u,e[5]=h,e[6]=l,e[7]=y,e[8]=p,e[9]=d,e[10]=g,e[11]=f,e[12]=m,e[13]=w,e[14]=b,e[15]=k}function bt(e,t){wt(e,t,t)}function kt(e,t){var r,i=Xe();for(r=0;r<16;r++)i[r]=t[r];for(r=253;r>=0;r--)bt(i,i),2!==r&&4!==r&&wt(i,i,t);for(r=0;r<16;r++)e[r]=i[r]}function vt(e,t,r){var i,n,a=new Uint8Array(32),s=new Float64Array(80),o=Xe(),c=Xe(),u=Xe(),h=Xe(),l=Xe(),y=Xe();for(n=0;n<31;n++)a[n]=t[n];for(a[31]=127&t[31]|64,a[0]&=248,gt(s,r),n=0;n<16;n++)c[n]=s[n],h[n]=o[n]=u[n]=0;for(o[0]=h[0]=1,n=254;n>=0;--n)lt(o,c,i=a[n>>>3]>>>(7&n)&1),lt(u,h,i),ft(l,o,u),mt(o,o,u),ft(u,c,h),mt(c,c,h),bt(h,l),bt(y,o),wt(o,u,o),wt(u,c,l),ft(l,o,u),mt(o,o,u),bt(c,o),mt(u,h,y),wt(o,u,tt),ft(o,o,h),wt(u,u,o),wt(o,h,y),wt(h,c,s),bt(c,l),lt(o,c,i),lt(u,h,i);for(n=0;n<16;n++)s[n+16]=o[n],s[n+32]=u[n],s[n+48]=c[n],s[n+64]=h[n];var p=s.subarray(32),d=s.subarray(16);return kt(p,p),wt(d,d,p),yt(e,d),0}function Kt(e,t){return vt(e,t,Ye)}var At=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function Et(e,t,r,i){for(var n,a,s,o,c,u,h,l,y,p,d,g,f,m,w,b,k,v,K,A,E,S,P,U,D,x,I=new Int32Array(16),C=new Int32Array(16),B=e[0],T=e[1],M=e[2],F=e[3],_=e[4],R=e[5],L=e[6],N=e[7],z=t[0],O=t[1],j=t[2],q=t[3],H=t[4],G=t[5],V=t[6],W=t[7],$=0;i>=128;){for(K=0;K<16;K++)A=8*K+$,I[K]=r[A+0]<<24|r[A+1]<<16|r[A+2]<<8|r[A+3],C[K]=r[A+4]<<24|r[A+5]<<16|r[A+6]<<8|r[A+7];for(K=0;K<80;K++)if(n=B,a=T,s=M,o=F,c=_,u=R,h=L,N,y=z,p=O,d=j,g=q,f=H,m=G,w=V,W,P=65535&(S=W),U=S>>>16,D=65535&(E=N),x=E>>>16,P+=65535&(S=(H>>>14|_<<18)^(H>>>18|_<<14)^(_>>>9|H<<23)),U+=S>>>16,D+=65535&(E=(_>>>14|H<<18)^(_>>>18|H<<14)^(H>>>9|_<<23)),x+=E>>>16,P+=65535&(S=H&G^~H&V),U+=S>>>16,D+=65535&(E=_&R^~_&L),x+=E>>>16,E=At[2*K],P+=65535&(S=At[2*K+1]),U+=S>>>16,D+=65535&E,x+=E>>>16,E=I[K%16],U+=(S=C[K%16])>>>16,D+=65535&E,x+=E>>>16,D+=(U+=(P+=65535&S)>>>16)>>>16,P=65535&(S=v=65535&P|U<<16),U=S>>>16,D=65535&(E=k=65535&D|(x+=D>>>16)<<16),x=E>>>16,P+=65535&(S=(z>>>28|B<<4)^(B>>>2|z<<30)^(B>>>7|z<<25)),U+=S>>>16,D+=65535&(E=(B>>>28|z<<4)^(z>>>2|B<<30)^(z>>>7|B<<25)),x+=E>>>16,U+=(S=z&O^z&j^O&j)>>>16,D+=65535&(E=B&T^B&M^T&M),x+=E>>>16,l=65535&(D+=(U+=(P+=65535&S)>>>16)>>>16)|(x+=D>>>16)<<16,b=65535&P|U<<16,P=65535&(S=g),U=S>>>16,D=65535&(E=o),x=E>>>16,U+=(S=v)>>>16,D+=65535&(E=k),x+=E>>>16,T=n,M=a,F=s,_=o=65535&(D+=(U+=(P+=65535&S)>>>16)>>>16)|(x+=D>>>16)<<16,R=c,L=u,N=h,B=l,O=y,j=p,q=d,H=g=65535&P|U<<16,G=f,V=m,W=w,z=b,K%16==15)for(A=0;A<16;A++)E=I[A],P=65535&(S=C[A]),U=S>>>16,D=65535&E,x=E>>>16,E=I[(A+9)%16],P+=65535&(S=C[(A+9)%16]),U+=S>>>16,D+=65535&E,x+=E>>>16,k=I[(A+1)%16],P+=65535&(S=((v=C[(A+1)%16])>>>1|k<<31)^(v>>>8|k<<24)^(v>>>7|k<<25)),U+=S>>>16,D+=65535&(E=(k>>>1|v<<31)^(k>>>8|v<<24)^k>>>7),x+=E>>>16,k=I[(A+14)%16],U+=(S=((v=C[(A+14)%16])>>>19|k<<13)^(k>>>29|v<<3)^(v>>>6|k<<26))>>>16,D+=65535&(E=(k>>>19|v<<13)^(v>>>29|k<<3)^k>>>6),x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,I[A]=65535&D|x<<16,C[A]=65535&P|U<<16;P=65535&(S=z),U=S>>>16,D=65535&(E=B),x=E>>>16,E=e[0],U+=(S=t[0])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[0]=B=65535&D|x<<16,t[0]=z=65535&P|U<<16,P=65535&(S=O),U=S>>>16,D=65535&(E=T),x=E>>>16,E=e[1],U+=(S=t[1])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[1]=T=65535&D|x<<16,t[1]=O=65535&P|U<<16,P=65535&(S=j),U=S>>>16,D=65535&(E=M),x=E>>>16,E=e[2],U+=(S=t[2])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[2]=M=65535&D|x<<16,t[2]=j=65535&P|U<<16,P=65535&(S=q),U=S>>>16,D=65535&(E=F),x=E>>>16,E=e[3],U+=(S=t[3])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[3]=F=65535&D|x<<16,t[3]=q=65535&P|U<<16,P=65535&(S=H),U=S>>>16,D=65535&(E=_),x=E>>>16,E=e[4],U+=(S=t[4])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[4]=_=65535&D|x<<16,t[4]=H=65535&P|U<<16,P=65535&(S=G),U=S>>>16,D=65535&(E=R),x=E>>>16,E=e[5],U+=(S=t[5])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[5]=R=65535&D|x<<16,t[5]=G=65535&P|U<<16,P=65535&(S=V),U=S>>>16,D=65535&(E=L),x=E>>>16,E=e[6],U+=(S=t[6])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[6]=L=65535&D|x<<16,t[6]=V=65535&P|U<<16,P=65535&(S=W),U=S>>>16,D=65535&(E=N),x=E>>>16,E=e[7],U+=(S=t[7])>>>16,D+=65535&E,x+=E>>>16,x+=(D+=(U+=(P+=65535&S)>>>16)>>>16)>>>16,e[7]=N=65535&D|x<<16,t[7]=W=65535&P|U<<16,$+=128,i-=128}return i}function St(e,t,r){var i,n=new Int32Array(8),a=new Int32Array(8),s=new Uint8Array(256),o=r;for(n[0]=1779033703,n[1]=3144134277,n[2]=1013904242,n[3]=2773480762,n[4]=1359893119,n[5]=2600822924,n[6]=528734635,n[7]=1541459225,a[0]=4089235720,a[1]=2227873595,a[2]=4271175723,a[3]=1595750129,a[4]=2917565137,a[5]=725511199,a[6]=4215389547,a[7]=327033209,Et(n,a,t,r),r%=128,i=0;i<r;i++)s[i]=t[o-r+i];for(s[r]=128,s[(r=256-128*(r<112?1:0))-9]=0,ot(s,r-8,o/536870912|0,o<<3),Et(n,a,s,r),i=0;i<8;i++)ot(e,8*i,n[i],a[i]);return 0}function Pt(e,t){var r=Xe(),i=Xe(),n=Xe(),a=Xe(),s=Xe(),o=Xe(),c=Xe(),u=Xe(),h=Xe();mt(r,e[1],e[0]),mt(h,t[1],t[0]),wt(r,r,h),ft(i,e[0],e[1]),ft(h,t[0],t[1]),wt(i,i,h),wt(n,e[3],t[3]),wt(n,n,it),wt(a,e[2],t[2]),ft(a,a,a),mt(s,i,r),mt(o,a,n),ft(c,a,n),ft(u,i,r),wt(e[0],s,o),wt(e[1],u,c),wt(e[2],c,o),wt(e[3],s,u)}function Ut(e,t,r){var i;for(i=0;i<4;i++)lt(e[i],t[i],r)}function Dt(e,t){var r=Xe(),i=Xe(),n=Xe();kt(n,t[2]),wt(r,t[0],n),wt(i,t[1],n),yt(e,i),e[31]^=dt(r)<<7}function xt(e,t,r){var i,n;for(ut(e[0],Je),ut(e[1],et),ut(e[2],et),ut(e[3],Je),n=255;n>=0;--n)Ut(e,t,i=r[n/8|0]>>(7&n)&1),Pt(t,e),Pt(e,e),Ut(e,t,i)}function It(e,t){var r=[Xe(),Xe(),Xe(),Xe()];ut(r[0],nt),ut(r[1],at),ut(r[2],et),wt(r[3],nt,at),xt(e,r,t)}function Ct(e,t,r){var i,n=new Uint8Array(64),a=[Xe(),Xe(),Xe(),Xe()];for(r||Qe(t,32),St(n,t,32),n[0]&=248,n[31]&=127,n[31]|=64,It(a,n),Dt(e,a),i=0;i<32;i++)t[i+32]=e[i];return 0}var Bt=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function Tt(e,t){var r,i,n,a;for(i=63;i>=32;--i){for(r=0,n=i-32,a=i-12;n<a;++n)t[n]+=r-16*t[i]*Bt[n-(i-32)],r=Math.floor((t[n]+128)/256),t[n]-=256*r;t[n]+=r,t[i]=0}for(r=0,n=0;n<32;n++)t[n]+=r-(t[31]>>4)*Bt[n],r=t[n]>>8,t[n]&=255;for(n=0;n<32;n++)t[n]-=r*Bt[n];for(i=0;i<32;i++)t[i+1]+=t[i]>>8,e[i]=255&t[i]}function Mt(e){var t,r=new Float64Array(64);for(t=0;t<64;t++)r[t]=e[t];for(t=0;t<64;t++)e[t]=0;Tt(e,r)}function Ft(e,t){var r=Xe(),i=Xe(),n=Xe(),a=Xe(),s=Xe(),o=Xe(),c=Xe();return ut(e[2],et),gt(e[1],t),bt(n,e[1]),wt(a,n,rt),mt(n,n,e[2]),ft(a,e[2],a),bt(s,a),bt(o,s),wt(c,o,s),wt(r,c,n),wt(r,r,a),function(e,t){var r,i=Xe();for(r=0;r<16;r++)i[r]=t[r];for(r=250;r>=0;r--)bt(i,i),1!==r&&wt(i,i,t);for(r=0;r<16;r++)e[r]=i[r]}(r,r),wt(r,r,n),wt(r,r,a),wt(r,r,a),wt(e[0],r,a),bt(i,e[0]),wt(i,i,a),pt(i,n)&&wt(e[0],e[0],st),bt(i,e[0]),wt(i,i,a),pt(i,n)?-1:(dt(e[0])===t[31]>>7&&mt(e[0],Je,e[0]),wt(e[3],e[0],e[1]),0)}var _t=64;function Rt(){for(var e=0;e<arguments.length;e++)if(!(arguments[e]instanceof Uint8Array))throw new TypeError("unexpected type, use Uint8Array")}Ze.scalarMult=function(e,t){if(Rt(e,t),32!==e.length)throw Error("bad n size");if(32!==t.length)throw Error("bad p size");var r=new Uint8Array(32);return vt(r,e,t),r},Ze.box={},Ze.box.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(32);return function(e,t){Qe(t,32),Kt(e,t)}(e,t),{publicKey:e,secretKey:t}},Ze.box.keyPair.fromSecretKey=function(e){if(Rt(e),32!==e.length)throw Error("bad secret key size");var t=new Uint8Array(32);return Kt(t,e),{publicKey:t,secretKey:new Uint8Array(e)}},Ze.sign=function(e,t){if(Rt(e,t),64!==t.length)throw Error("bad secret key size");var r=new Uint8Array(_t+e.length);return function(e,t,r,i){var n,a,s=new Uint8Array(64),o=new Uint8Array(64),c=new Uint8Array(64),u=new Float64Array(64),h=[Xe(),Xe(),Xe(),Xe()];St(s,i,32),s[0]&=248,s[31]&=127,s[31]|=64;var l=r+64;for(n=0;n<r;n++)e[64+n]=t[n];for(n=0;n<32;n++)e[32+n]=s[32+n];for(St(c,e.subarray(32),r+32),Mt(c),It(h,c),Dt(e,h),n=32;n<64;n++)e[n]=i[n];for(St(o,e,r+64),Mt(o),n=0;n<64;n++)u[n]=0;for(n=0;n<32;n++)u[n]=c[n];for(n=0;n<32;n++)for(a=0;a<32;a++)u[n+a]+=o[n]*s[a];Tt(e.subarray(32),u)}(r,e,e.length,t),r},Ze.sign.detached=function(e,t){for(var r=Ze.sign(e,t),i=new Uint8Array(_t),n=0;n<i.length;n++)i[n]=r[n];return i},Ze.sign.detached.verify=function(e,t,r){if(Rt(e,t,r),t.length!==_t)throw Error("bad signature size");if(32!==r.length)throw Error("bad public key size");var i,n=new Uint8Array(_t+e.length),a=new Uint8Array(_t+e.length);for(i=0;i<_t;i++)n[i]=t[i];for(i=0;i<e.length;i++)n[i+_t]=e[i];return function(e,t,r,i){var n,a=new Uint8Array(32),s=new Uint8Array(64),o=[Xe(),Xe(),Xe(),Xe()],c=[Xe(),Xe(),Xe(),Xe()];if(r<64)return-1;if(Ft(c,i))return-1;for(n=0;n<r;n++)e[n]=t[n];for(n=0;n<32;n++)e[n+32]=i[n];if(St(s,e,r),Mt(s),xt(o,c,s),It(c,t.subarray(32)),Pt(o,c),Dt(a,o),r-=64,ct(t,0,a,0)){for(n=0;n<r;n++)e[n]=0;return-1}for(n=0;n<r;n++)e[n]=t[n+64];return r}(a,n,n.length,r)>=0},Ze.sign.keyPair=function(){var e=new Uint8Array(32),t=new Uint8Array(64);return Ct(e,t),{publicKey:e,secretKey:t}},Ze.sign.keyPair.fromSecretKey=function(e){if(Rt(e),64!==e.length)throw Error("bad secret key size");for(var t=new Uint8Array(32),r=0;r<t.length;r++)t[r]=e[32+r];return{publicKey:t,secretKey:new Uint8Array(e)}},Ze.sign.keyPair.fromSeed=function(e){if(Rt(e),32!==e.length)throw Error("bad seed size");for(var t=new Uint8Array(32),r=new Uint8Array(64),i=0;i<32;i++)r[i]=e[i];return Ct(t,r,!0),{publicKey:t,secretKey:r}},Ze.setPRNG=function(e){Qe=e},function(){if($e&&$e.getRandomValues){Ze.setPRNG((function(e,t){var r,i=new Uint8Array(t);for(r=0;r<t;r+=65536)$e.getRandomValues(i.subarray(r,r+Math.min(t-r,65536)));for(r=0;r<t;r++)e[r]=i[r];!function(e){for(var t=0;t<e.length;t++)e[t]=0}(i)}))}}();const Lt={"2a8648ce3d030107":B.curve.nistP256,"2b81040022":B.curve.nistP384,"2b81040023":B.curve.nistP521,"2b8104000a":B.curve.secp256k1,"2b06010401da470f01":B.curve.ed25519Legacy,"2b060104019755010501":B.curve.curve25519Legacy,"2b2403030208010107":B.curve.brainpoolP256r1,"2b240303020801010b":B.curve.brainpoolP384r1,"2b240303020801010d":B.curve.brainpoolP512r1};class Nt{constructor(e){if(e instanceof Nt)this.oid=e.oid;else if(F.isArray(e)||F.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return F.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return F.uint8ArrayToHex(this.oid)}getName(){const e=Lt[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function zt(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=F.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Ot(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):F.concatUint8Array([new Uint8Array([255]),F.writeNumber(e,4)])}function jt(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function qt(e){return new Uint8Array([192|e])}function Ht(e,t){return F.concatUint8Array([qt(e),Ot(t)])}function Gt(e){return[B.packet.literalData,B.packet.compressedData,B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData,B.packet.aeadEncryptedData].includes(e)}async function Vt(e,t){const r=x(e);let i,n;try{const a=await r.peekBytes(2);if(!a||a.length<2||!(128&a[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await r.readByte();let o,c,u=-1,h=-1;h=0,64&s&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const l=Gt(u);let y,p=null;if(l){if("array"===F.isStream(e)){const e=new ArrayStream;i=I(e),p=e}else{const e=new TransformStream;i=I(e.writable),p=e.readable}n=t({tag:u,packet:p})}else p=[];do{if(h){const e=await r.readByte();if(y=!1,e<192)o=e;else if(e>=192&&e<224)o=(e-192<<8)+await r.readByte()+192;else if(e>223&&e<255){if(o=1<<(31&e),y=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte()}else switch(c){case 0:o=await r.readByte();break;case 1:o=await r.readByte()<<8|await r.readByte();break;case 2:o=await r.readByte()<<24|await r.readByte()<<16|await r.readByte()<<8|await r.readByte();break;default:o=1/0}if(o>0){let e=0;for(;;){i&&await i.ready;const{done:t,value:n}=await r.read();if(t){if(o===1/0)break;throw Error("Unexpected end of packet")}const a=o===1/0?n:n.subarray(0,o-e);if(i?await i.write(a):p.push(a),e+=n.length,e>=o){r.unshift(n.subarray(o-e+n.length));break}}}}while(y);const d=await r.peekBytes(l?1/0:2);return i?(await i.ready,await i.close()):(p=F.concatUint8Array(p),await t({tag:u,packet:p})),!d||!d.length}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await n,r.releaseLock()}}class Wt extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wt),this.name="UnsupportedError"}}class $t extends Wt{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wt),this.name="UnknownPacketError"}}class Zt{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}
-/*! noble-ed25519 - MIT License (c) 2019 Paul Miller (paulmillr.com) */const Xt=BigInt(0),Qt=BigInt(1),Yt=BigInt(2),Jt=BigInt(8),er=BigInt("7237005577332262213973186563042994240857116359379907606001950938285454250989"),tr=Object.freeze({a:BigInt(-1),d:BigInt("37095705934669439343138083508754565189542113879843219016388785533085940283555"),P:BigInt("57896044618658097711785492504343953926634992332820282019728792003956564819949"),l:er,n:er,h:BigInt(8),Gx:BigInt("15112221349535400772501151409588531511454012693041857206046113283949847762202"),Gy:BigInt("46316835694926478169428394003475163141307993866256225615783033603165251855960")}),rr=BigInt("0x10000000000000000000000000000000000000000000000000000000000000000"),ir=BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");BigInt("6853475219497561581579357271197624642482790079785650197046958215289687604742");const nr=BigInt("25063068953384623474111414158702152701244531502492656460079210482610430750235"),ar=BigInt("54469307008909316920995813868745141605393597292927456921205312896311721017578"),sr=BigInt("1159843021668779879193775521855586647937357759715417654439879720876111806838"),or=BigInt("40440834346308536858101042469323190826248399146238708352240133220865137265952");class cr{constructor(e,t,r,i){this.x=e,this.y=t,this.z=r,this.t=i}static fromAffine(e){if(!(e instanceof gr))throw new TypeError("ExtendedPoint#fromAffine: expected Point");return e.equals(gr.ZERO)?cr.ZERO:new cr(e.x,e.y,Qt,Ur(e.x*e.y))}static toAffineBatch(e){const t=function(e,t=tr.P){const r=Array(e.length),i=e.reduce(((e,i,n)=>i===Xt?e:(r[n]=e,Ur(e*i,t))),Qt),n=Dr(i,t);return e.reduceRight(((e,i,n)=>i===Xt?e:(r[n]=Ur(e*r[n],t),Ur(e*i,t))),n),r}(e.map((e=>e.z)));return e.map(((e,r)=>e.toAffine(t[r])))}static normalizeZ(e){return this.toAffineBatch(e).map(this.fromAffine)}equals(e){hr(e);const{x:t,y:r,z:i}=this,{x:n,y:a,z:s}=e,o=Ur(t*s),c=Ur(n*i),u=Ur(r*s),h=Ur(a*i);return o===c&&u===h}negate(){return new cr(Ur(-this.x),this.y,this.z,Ur(-this.t))}double(){const{x:e,y:t,z:r}=this,{a:i}=tr,n=Ur(e*e),a=Ur(t*t),s=Ur(Yt*Ur(r*r)),o=Ur(i*n),c=e+t,u=Ur(Ur(c*c)-n-a),h=o+a,l=h-s,y=o-a,p=Ur(u*l),d=Ur(h*y),g=Ur(u*y),f=Ur(l*h);return new cr(p,d,f,g)}add(e){hr(e);const{x:t,y:r,z:i,t:n}=this,{x:a,y:s,z:o,t:c}=e,u=Ur((r-t)*(s+a)),h=Ur((r+t)*(s-a)),l=Ur(h-u);if(l===Xt)return this.double();const y=Ur(i*Yt*c),p=Ur(n*Yt*o),d=p+y,g=h+u,f=p-y,m=Ur(d*l),w=Ur(g*f),b=Ur(d*f),k=Ur(l*g);return new cr(m,w,k,b)}subtract(e){return this.add(e.negate())}precomputeWindow(e){const t=1+256/e,r=[];let i=this,n=i;for(let a=0;a<t;a++){n=i,r.push(n);for(let t=1;t<2**(e-1);t++)n=n.add(i),r.push(n);i=n.double()}return r}wNAF(e,t){!t&&this.equals(cr.BASE)&&(t=gr.BASE);const r=t&&t._WINDOW_SIZE||1;if(256%r)throw Error("Point#wNAF: Invalid precomputation window, must be power of 2");let i=t&&dr.get(t);i||(i=this.precomputeWindow(r),t&&1!==r&&(i=cr.normalizeZ(i),dr.set(t,i)));let n=cr.ZERO,a=cr.BASE;const s=1+256/r,o=2**(r-1),c=BigInt(2**r-1),u=2**r,h=BigInt(r);for(let t=0;t<s;t++){const r=t*o;let s=Number(e&c);e>>=h,s>o&&(s-=u,e+=Qt);const l=r,y=r+Math.abs(s)-1,p=t%2!=0,d=s<0;0===s?a=a.add(ur(p,i[l])):n=n.add(ur(d,i[y]))}return cr.normalizeZ([n,a])[0]}multiply(e,t){return this.wNAF(Mr(e,tr.l),t)}multiplyUnsafe(e){let t=Mr(e,tr.l,!1);const r=cr.BASE,i=cr.ZERO;if(t===Xt)return i;if(this.equals(i)||t===Qt)return this;if(this.equals(r))return this.wNAF(t);let n=i,a=this;for(;t>Xt;)t&Qt&&(n=n.add(a)),a=a.double(),t>>=Qt;return n}isSmallOrder(){return this.multiplyUnsafe(tr.h).equals(cr.ZERO)}isTorsionFree(){let e=this.multiplyUnsafe(tr.l/Yt).double();return tr.l%Yt&&(e=e.add(this)),e.equals(cr.ZERO)}toAffine(e){const{x:t,y:r,z:i}=this,n=this.equals(cr.ZERO);null==e&&(e=n?Jt:Dr(i));const a=Ur(t*e),s=Ur(r*e),o=Ur(i*e);if(n)return gr.ZERO;if(o!==Qt)throw Error("invZ was invalid");return new gr(a,s)}fromRistrettoBytes(){yr()}toRistrettoBytes(){yr()}fromRistrettoHash(){yr()}}function ur(e,t){const r=t.negate();return e?r:t}function hr(e){if(!(e instanceof cr))throw new TypeError("ExtendedPoint expected")}function lr(e){if(!(e instanceof pr))throw new TypeError("RistrettoPoint expected")}function yr(){throw Error("Legacy method: switch to RistrettoPoint")}cr.BASE=new cr(tr.Gx,tr.Gy,Qt,Ur(tr.Gx*tr.Gy)),cr.ZERO=new cr(Xt,Qt,Qt,Xt);class pr{constructor(e){this.ep=e}static calcElligatorRistrettoMap(e){const{d:t}=tr,r=Ur(ir*e*e),i=Ur((r+Qt)*sr);let n=BigInt(-1);const a=Ur((n-t*r)*Ur(r+t));let{isValid:s,value:o}=Ir(i,a),c=Ur(o*e);Ar(c)||(c=Ur(-c)),s||(o=c),s||(n=r);const u=Ur(n*(r-Qt)*or-a),h=o*o,l=Ur((o+o)*a),y=Ur(u*nr),p=Ur(Qt-h),d=Ur(Qt+h);return new cr(Ur(l*d),Ur(p*y),Ur(y*d),Ur(l*p))}static hashToCurve(e){const t=Pr((e=Tr(e,64)).slice(0,32)),r=this.calcElligatorRistrettoMap(t),i=Pr(e.slice(32,64)),n=this.calcElligatorRistrettoMap(i);return new pr(r.add(n))}static fromHex(e){e=Tr(e,32);const{a:t,d:r}=tr,i="RistrettoPoint.fromHex: the hex is not valid encoding of RistrettoPoint",n=Pr(e);if(!function(e,t){if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0}(Kr(n),e)||Ar(n))throw Error(i);const a=Ur(n*n),s=Ur(Qt+t*a),o=Ur(Qt-t*a),c=Ur(s*s),u=Ur(o*o),h=Ur(t*r*c-u),{isValid:l,value:y}=Cr(Ur(h*u)),p=Ur(y*o),d=Ur(y*p*h);let g=Ur((n+n)*p);Ar(g)&&(g=Ur(-g));const f=Ur(s*d),m=Ur(g*f);if(!l||Ar(m)||f===Xt)throw Error(i);return new pr(new cr(g,f,Qt,m))}toRawBytes(){let{x:e,y:t,z:r,t:i}=this.ep;const n=Ur(Ur(r+t)*Ur(r-t)),a=Ur(e*t),s=Ur(a*a),{value:o}=Cr(Ur(n*s)),c=Ur(o*n),u=Ur(o*a),h=Ur(c*u*i);let l;if(Ar(i*h)){let r=Ur(t*ir),i=Ur(e*ir);e=r,t=i,l=Ur(c*ar)}else l=u;Ar(e*h)&&(t=Ur(-t));let y=Ur((r-t)*l);return Ar(y)&&(y=Ur(-y)),Kr(y)}toHex(){return br(this.toRawBytes())}toString(){return this.toHex()}equals(e){lr(e);const t=this.ep,r=e.ep,i=Ur(t.x*r.y)===Ur(t.y*r.x),n=Ur(t.y*r.y)===Ur(t.x*r.x);return i||n}add(e){return lr(e),new pr(this.ep.add(e.ep))}subtract(e){return lr(e),new pr(this.ep.subtract(e.ep))}multiply(e){return new pr(this.ep.multiply(e))}multiplyUnsafe(e){return new pr(this.ep.multiplyUnsafe(e))}}pr.BASE=new pr(cr.BASE),pr.ZERO=new pr(cr.ZERO);const dr=new WeakMap;class gr{constructor(e,t){this.x=e,this.y=t}_setWindowSize(e){this._WINDOW_SIZE=e,dr.delete(this)}static fromHex(e,t=!0){const{d:r,P:i}=tr,n=(e=Tr(e,32)).slice();n[31]=-129&e[31];const a=Er(n);if(t&&a>=i)throw Error("Expected 0 < hex < P");if(!t&&a>=rr)throw Error("Expected 0 < hex < 2**256");const s=Ur(a*a),o=Ur(s-Qt),c=Ur(r*s+Qt);let{isValid:u,value:h}=Ir(o,c);if(!u)throw Error("Point.fromHex: invalid y coordinate");const l=(h&Qt)===Qt;return!!(128&e[31])!==l&&(h=Ur(-h)),new gr(h,a)}static async fromPrivateKey(e){return(await _r(e)).point}toRawBytes(){const e=Kr(this.y);return e[31]|=this.x&Qt?128:0,e}toHex(){return br(this.toRawBytes())}toX25519(){const{y:e}=this;return Kr(Ur((Qt+e)*Dr(Qt-e)))}isTorsionFree(){return cr.fromAffine(this).isTorsionFree()}equals(e){return this.x===e.x&&this.y===e.y}negate(){return new gr(Ur(-this.x),this.y)}add(e){return cr.fromAffine(this).add(cr.fromAffine(e)).toAffine()}subtract(e){return this.add(e.negate())}multiply(e){return cr.fromAffine(this).multiply(e,this).toAffine()}}gr.BASE=new gr(tr.Gx,tr.Gy),gr.ZERO=new gr(Xt,Qt);let fr=class e{constructor(e,t){this.r=e,this.s=t,this.assertValidity()}static fromHex(t){const r=Tr(t,64),i=gr.fromHex(r.slice(0,32),!1),n=Er(r.slice(32,64));return new e(i,n)}assertValidity(){const{r:e,s:t}=this;if(!(e instanceof gr))throw Error("Expected Point instance");return Mr(t,tr.l,!1),this}toRawBytes(){const e=new Uint8Array(64);return e.set(this.r.toRawBytes()),e.set(Kr(this.s),32),e}toHex(){return br(this.toRawBytes())}};function mr(...e){if(!e.every((e=>e instanceof Uint8Array)))throw Error("Expected Uint8Array list");if(1===e.length)return e[0];const t=e.reduce(((e,t)=>e+t.length),0),r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const n=e[t];r.set(n,i),i+=n.length}return r}const wr=Array.from({length:256},((e,t)=>t.toString(16).padStart(2,"0")));function br(e){if(!(e instanceof Uint8Array))throw Error("Uint8Array expected");let t="";for(let r=0;r<e.length;r++)t+=wr[e[r]];return t}function kr(e){if("string"!=typeof e)throw new TypeError("hexToBytes: expected string, got "+typeof e);if(e.length%2)throw Error("hexToBytes: received invalid unpadded hex");const t=new Uint8Array(e.length/2);for(let r=0;r<t.length;r++){const i=2*r,n=e.slice(i,i+2),a=Number.parseInt(n,16);if(Number.isNaN(a)||a<0)throw Error("Invalid byte sequence");t[r]=a}return t}function vr(e){return kr(e.toString(16).padStart(64,"0"))}function Kr(e){return vr(e).reverse()}function Ar(e){return(Ur(e)&Qt)===Qt}function Er(e){if(!(e instanceof Uint8Array))throw Error("Expected Uint8Array");return BigInt("0x"+br(Uint8Array.from(e).reverse()))}const Sr=BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");function Pr(e){return Ur(Er(e)&Sr)}function Ur(e,t=tr.P){const r=e%t;return r>=Xt?r:t+r}function Dr(e,t=tr.P){if(e===Xt||t<=Xt)throw Error(`invert: expected positive integers, got n=${e} mod=${t}`);let r=Ur(e,t),i=t,n=Xt,a=Qt;for(;r!==Xt;){const e=i%r,t=n-a*(i/r);i=r,r=e,n=a,a=t}if(i!==Qt)throw Error("invert: does not exist");return Ur(n,t)}function xr(e,t){const{P:r}=tr;let i=e;for(;t-- >Xt;)i*=i,i%=r;return i}function Ir(e,t){const r=Ur(t*t*t),i=function(e){const{P:t}=tr,r=BigInt(5),i=BigInt(10),n=BigInt(20),a=BigInt(40),s=BigInt(80),o=e*e%t*e%t,c=xr(o,Yt)*o%t,u=xr(c,Qt)*e%t,h=xr(u,r)*u%t,l=xr(h,i)*h%t,y=xr(l,n)*l%t,p=xr(y,a)*y%t,d=xr(p,s)*p%t,g=xr(d,s)*p%t,f=xr(g,i)*h%t;return{pow_p_5_8:xr(f,Yt)*e%t,b2:o}}(e*Ur(r*r*t)).pow_p_5_8;let n=Ur(e*r*i);const a=Ur(t*n*n),s=n,o=Ur(n*ir),c=a===e,u=a===Ur(-e),h=a===Ur(-e*ir);return c&&(n=s),(u||h)&&(n=o),Ar(n)&&(n=Ur(-n)),{isValid:c||u,value:n}}function Cr(e){return Ir(Qt,e)}function Br(e){return Ur(Er(e),tr.l)}function Tr(e,t){const r=e instanceof Uint8Array?Uint8Array.from(e):kr(e);if("number"==typeof t&&r.length!==t)throw Error(`Expected ${t} bytes`);return r}function Mr(e,t,r=!0){if(!t)throw new TypeError("Specify max value");if("number"==typeof e&&Number.isSafeInteger(e)&&(e=BigInt(e)),"bigint"==typeof e&&e<t)if(r){if(Xt<e)return e}else if(Xt<=e)return e;throw new TypeError("Expected valid scalar: 0 < scalar < max")}let Fr;async function _r(e){return function(e){const t=function(e){return e[0]&=248,e[31]&=127,e[31]|=64,e}(e.slice(0,32)),r=e.slice(32,64),i=Br(t),n=gr.BASE.multiply(i),a=n.toRawBytes();return{head:t,prefix:r,scalar:i,point:n,pointBytes:a}}(await Nr.sha512(function(e){if(32!==(e="bigint"==typeof e||"number"==typeof e?vr(Mr(e,rr)):Tr(e)).length)throw Error("Expected 32 bytes");return e}(e)))}async function Rr(e,t,r){const{r:i,SB:n,msg:a,pub:s}=function(e,t,r){t=Tr(t),r instanceof gr||(r=gr.fromHex(r,!1));const{r:i,s:n}=e instanceof fr?e.assertValidity():fr.fromHex(e);return{r:i,s:n,SB:cr.BASE.multiplyUnsafe(n),pub:r,msg:t}}(e,t,r),o=await Nr.sha512(i.toRawBytes(),s.toRawBytes(),a);return function(e,t,r,i){const n=Br(i),a=cr.fromAffine(e).multiplyUnsafe(n);return cr.fromAffine(t).add(a).subtract(r).multiplyUnsafe(tr.h).equals(cr.ZERO)}(s,i,n,o)}gr.BASE._setWindowSize(8);const Lr={node:null,web:"object"==typeof self&&"crypto"in self?self.crypto:void 0},Nr={bytesToHex:br,hexToBytes:kr,concatBytes:mr,getExtendedPublicKey:_r,mod:Ur,invert:Dr,TORSION_SUBGROUP:["0100000000000000000000000000000000000000000000000000000000000000","c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a","0000000000000000000000000000000000000000000000000000000000000080","26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05","ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f","26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc85","0000000000000000000000000000000000000000000000000000000000000000","c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa"],hashToPrivateScalar:e=>{if((e=Tr(e)).length<40||e.length>1024)throw Error("Expected 40-1024 bytes of private key as per FIPS 186");return Ur(Er(e),tr.l-Qt)+Qt},randomBytes:(e=32)=>{if(Lr.web)return Lr.web.getRandomValues(new Uint8Array(e));throw Error("The environment doesn't have randomBytes function")},randomPrivateKey:()=>Nr.randomBytes(32),sha512:async(...e)=>{const t=mr(...e);if(Lr.web){const e=await Lr.web.subtle.digest("SHA-512",t.buffer);return new Uint8Array(e)}throw Error("The environment doesn't have sha512 function")},precompute(e=8,t=gr.BASE){const r=t.equals(gr.BASE)?t:new gr(t.x,t.y);return r._setWindowSize(e),r.multiply(Yt),r},sha512Sync:void 0};async function zr(e){switch(e){case B.publicKey.ed25519:try{const e=F.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(O(i.x)),seed:O(r.d)}}catch(t){if("NotSupportedError"!==t.name)throw t;const r=le(Hr(e)),{publicKey:i}=Ze.sign.keyPair.fromSeed(r);return{A:i,seed:r}}case B.publicKey.ed448:{const e=await F.getNobleCurve(B.publicKey.ed448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function Or(e,t,r,i,n,a){switch(e){case B.publicKey.ed25519:try{const t=F.getWebCrypto(),r=Wr(e,i,n),s=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",s,a))}}catch(e){if("NotSupportedError"!==e.name)throw e;const t=F.concatUint8Array([n,i]);return{RS:Ze.sign.detached(a,t)}}case B.publicKey.ed448:return{RS:(await F.getNobleCurve(B.publicKey.ed448)).sign(a,n)};default:throw Error("Unsupported EdDSA algorithm")}}async function jr(e,t,{RS:r},i,n,a){switch(e){case B.publicKey.ed25519:try{const t=F.getWebCrypto(),i=Vr(e,n),s=await t.importKey("jwk",i,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",s,r,a)}catch(e){if("NotSupportedError"!==e.name)throw e;return Rr(r,a,n)}case B.publicKey.ed448:return(await F.getNobleCurve(B.publicKey.ed448)).verify(r,a,n);default:throw Error("Unsupported EdDSA algorithm")}}async function qr(e,t,r){switch(e){case B.publicKey.ed25519:{const{publicKey:e}=Ze.sign.keyPair.fromSeed(r);return F.equalsUint8Array(t,e)}case B.publicKey.ed448:{const e=(await F.getNobleCurve(B.publicKey.ed448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}function Hr(e){switch(e){case B.publicKey.ed25519:return 32;case B.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function Gr(e){switch(e){case B.publicKey.ed25519:return B.hash.sha256;case B.publicKey.ed448:return B.hash.sha512;default:throw Error("Unknown EdDSA algo")}}Object.defineProperties(Nr,{sha512Sync:{configurable:!1,get:()=>Fr,set(e){Fr||(Fr=e)}}});const Vr=(e,t)=>{if(e===B.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:j(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},Wr=(e,t,r)=>{if(e===B.publicKey.ed25519){const i=Vr(e,t);return i.d=j(r),i}throw Error("Unsupported EdDSA algorithm")};var $r=/*#__PURE__*/Object.freeze({__proto__:null,generate:zr,getPayloadSize:Hr,getPreferredHashAlgo:Gr,sign:Or,validateParams:qr,verify:jr});function Zr(e){return e instanceof Uint8Array||null!=e&&"object"==typeof e&&"Uint8Array"===e.constructor.name}function Xr(e,...t){if(!Zr(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error(`Uint8Array expected of length ${t}, not of length=${e.length}`)}function Qr(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function Yr(e,t){Xr(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}
-/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */const Jr=e=>new Uint8Array(e.buffer,e.byteOffset,e.byteLength),ei=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4)),ti=e=>new DataView(e.buffer,e.byteOffset,e.byteLength);if(!(68===new Uint8Array(new Uint32Array([287454020]).buffer)[0]))throw Error("Non little-endian hardware is not supported");function ri(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected, got "+typeof e);return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!Zr(e))throw Error("Uint8Array expected, got "+typeof e);e=oi(e)}return e}function ii(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i<e.length;i++)r|=e[i]^t[i];return 0===r}const ni=(e,t)=>(Object.assign(t,e),t);function ai(e,t,r,i){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,i);const n=BigInt(32),a=BigInt(4294967295),s=Number(r>>n&a),o=Number(r&a);e.setUint32(t+0,s,i),e.setUint32(t+4,o,i)}function si(e){return e.byteOffset%4==0}function oi(e){return Uint8Array.from(e)}function ci(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}const ui=16,hi=/* @__PURE__ */new Uint8Array(16),li=ei(hi),yi=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class pi{constructor(e,t){this.blockLen=ui,this.outputLen=ui,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,Xr(e=ri(e),16);const r=ti(e);let i=r.getUint32(0,!1),n=r.getUint32(4,!1),a=r.getUint32(8,!1),s=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:yi(i),s1:yi(n),s2:yi(a),s3:yi(s)}),({s0:i,s1:n,s2:a,s3:s}={s3:(h=a)<<31|(l=s)>>>1,s2:(u=n)<<31|h>>>1,s1:(c=i)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const y=(e=>e>65536?8:e>1024?4:2)(t||1024);if(![1,2,4,8].includes(y))throw Error(`ghash: wrong window size=${y}, should be 2, 4 or 8`);this.W=y;const p=128/y,d=this.windowSize=2**y,g=[];for(let e=0;e<p;e++)for(let t=0;t<d;t++){let r=0,i=0,n=0,a=0;for(let s=0;s<y;s++){if(!(t>>>y-s-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[y*e+s];r^=c,i^=u,n^=h,a^=l}g.push({s0:r,s1:i,s2:n,s3:a})}this.t=g}_updateBlock(e,t,r,i){e^=this.s0,t^=this.s1,r^=this.s2,i^=this.s3;const{W:n,t:a,windowSize:s}=this;let o=0,c=0,u=0,h=0;const l=(1<<n)-1;let y=0;for(const p of[e,t,r,i])for(let e=0;e<4;e++){const t=p>>>8*e&255;for(let e=8/n-1;e>=0;e--){const r=t>>>n*e&l,{s0:i,s1:p,s2:d,s3:g}=a[y*s+r];o^=i,c^=p,u^=d,h^=g,y+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){e=ri(e),Qr(this);const t=ei(e),r=Math.floor(e.length/ui),i=e.length%ui;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return i&&(hi.set(e.subarray(r*ui)),this._updateBlock(li[0],li[1],li[2],li[3]),ci(li)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){Qr(this),Yr(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:n}=this,a=ei(e);return a[0]=t,a[1]=r,a[2]=i,a[3]=n,e}digest(){const e=new Uint8Array(ui);return this.digestInto(e),this.destroy(),e}}class di extends pi{constructor(e,t){const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const i=e[t];e[t]=i>>>1|r,r=(1&i)<<7}return e[0]^=225&-t,e}(oi(e=ri(e)));super(r,t),ci(r)}update(e){e=ri(e),Qr(this);const t=ei(e),r=e.length%ui,i=Math.floor(e.length/ui);for(let e=0;e<i;e++)this._updateBlock(yi(t[4*e+3]),yi(t[4*e+2]),yi(t[4*e+1]),yi(t[4*e+0]));return r&&(hi.set(e.subarray(i*ui)),this._updateBlock(yi(li[3]),yi(li[2]),yi(li[1]),yi(li[0])),ci(li)),this}digestInto(e){Qr(this),Yr(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:n}=this,a=ei(e);return a[0]=t,a[1]=r,a[2]=i,a[3]=n,e.reverse()}}function gi(e){const t=(t,r)=>e(r,t.length).update(ri(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const fi=gi(((e,t)=>new pi(e,t)));gi(((e,t)=>new di(e,t)));const mi=16,wi=new Uint8Array(mi),bi=283;function ki(e){return e<<1^bi&-(e>>7)}function vi(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=ki(e);return r}const Ki=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=ki(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let i=e[255-r];i|=i<<8,t[e[r]]=255&(i^i>>4^i>>5^i>>6^i>>7^99)}return ci(e),t})(),Ai=/* @__PURE__ */Ki.map(((e,t)=>Ki.indexOf(t))),Ei=e=>e<<24|e>>>8,Si=e=>e<<8|e>>>24,Pi=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Ui(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,i)=>t(e[i]))),i=r.map(Si),n=i.map(Si),a=n.map(Si),s=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;s[h]=r[t]^i[u],o[h]=n[t]^a[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:i,T2:n,T3:a,T01:s,T23:o}}const Di=/* @__PURE__ */Ui(Ki,(e=>vi(e,3)<<24|e<<16|e<<8|vi(e,2))),xi=/* @__PURE__ */Ui(Ai,(e=>vi(e,11)<<24|vi(e,13)<<16|vi(e,9)<<8|vi(e,14))),Ii=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=ki(r))e[t]=r;return e})();function Ci(e){Xr(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: wrong key size: should be 16, 24 or 32, got: "+t);const{sbox2:r}=Di,i=[];si(e)||i.push(e=oi(e));const n=ei(e),a=n.length,s=e=>Mi(r,e,e,e,e),o=new Uint32Array(t+28);o.set(n);for(let e=a;e<o.length;e++){let t=o[e-1];e%a==0?t=s(Ei(t))^Ii[e/a-1]:a>6&&e%a==4&&(t=s(t)),o[e]=o[e-a]^t}return ci(...i),o}function Bi(e){const t=Ci(e),r=t.slice(),i=t.length,{sbox2:n}=Di,{T0:a,T1:s,T2:o,T3:c}=xi;for(let e=0;e<i;e+=4)for(let n=0;n<4;n++)r[e+n]=t[i-e-4+n];ci(t);for(let e=4;e<i-4;e++){const t=r[e],i=Mi(n,t,t,t,t);r[e]=a[255&i]^s[i>>>8&255]^o[i>>>16&255]^c[i>>>24]}return r}function Ti(e,t,r,i,n,a){return e[r<<8&65280|i>>>8&255]^t[n>>>8&65280|a>>>24&255]}function Mi(e,t,r,i,n){return e[255&t|65280&r]|e[i>>>16&255|n>>>16&65280]<<16}function Fi(e,t,r,i,n){const{sbox2:a,T01:s,T23:o}=Di;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],n^=e[c++];const u=e.length/4-2;for(let a=0;a<u;a++){const a=e[c++]^Ti(s,o,t,r,i,n),u=e[c++]^Ti(s,o,r,i,n,t),h=e[c++]^Ti(s,o,i,n,t,r),l=e[c++]^Ti(s,o,n,t,r,i);t=a,r=u,i=h,n=l}return{s0:e[c++]^Mi(a,t,r,i,n),s1:e[c++]^Mi(a,r,i,n,t),s2:e[c++]^Mi(a,i,n,t,r),s3:e[c++]^Mi(a,n,t,r,i)}}function _i(e,t,r,i,n){const{sbox2:a,T01:s,T23:o}=xi;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],n^=e[c++];const u=e.length/4-2;for(let a=0;a<u;a++){const a=e[c++]^Ti(s,o,t,n,i,r),u=e[c++]^Ti(s,o,r,t,n,i),h=e[c++]^Ti(s,o,i,r,t,n),l=e[c++]^Ti(s,o,n,i,r,t);t=a,r=u,i=h,n=l}return{s0:e[c++]^Mi(a,t,n,i,r),s1:e[c++]^Mi(a,r,t,n,i),s2:e[c++]^Mi(a,i,r,t,n),s3:e[c++]^Mi(a,n,i,r,t)}}function Ri(e,t){if(void 0===t)return new Uint8Array(e);if(Xr(t),t.length<e)throw Error(`aes: wrong destination length, expected at least ${e}, got: ${t.length}`);if(!si(t))throw Error("unaligned dst");return t}function Li(e,t,r,i){Xr(t,mi),Xr(r);const n=r.length;i=Ri(n,i);const a=t,s=ei(a);let{s0:o,s1:c,s2:u,s3:h}=Fi(e,s[0],s[1],s[2],s[3]);const l=ei(r),y=ei(i);for(let t=0;t+4<=l.length;t+=4){y[t+0]=l[t+0]^o,y[t+1]=l[t+1]^c,y[t+2]=l[t+2]^u,y[t+3]=l[t+3]^h;let r=1;for(let e=a.length-1;e>=0;e--)r=r+(255&a[e])|0,a[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=Fi(e,s[0],s[1],s[2],s[3]))}const p=mi*Math.floor(l.length/4);if(p<n){const e=new Uint32Array([o,c,u,h]),t=Jr(e);for(let e=p,a=0;e<n;e++,a++)i[e]=r[e]^t[a];ci(e)}return i}function Ni(e,t,r,i,n){Xr(r,mi),Xr(i),n=Ri(i.length,n);const a=r,s=ei(a),o=ti(a),c=ei(i),u=ei(n),h=t?0:12,l=i.length;let y=o.getUint32(h,t),{s0:p,s1:d,s2:g,s3:f}=Fi(e,s[0],s[1],s[2],s[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^p,u[r+1]=c[r+1]^d,u[r+2]=c[r+2]^g,u[r+3]=c[r+3]^f,y=y+1>>>0,o.setUint32(h,y,t),({s0:p,s1:d,s2:g,s3:f}=Fi(e,s[0],s[1],s[2],s[3]));const m=mi*Math.floor(c.length/4);if(m<l){const e=new Uint32Array([p,d,g,f]),t=Jr(e);for(let e=m,r=0;e<l;e++,r++)n[e]=i[e]^t[r];ci(e)}return n}const zi=ni({blockSize:16,nonceLength:16},(function(e,t){function r(r,i){if(Xr(r),void 0!==i&&(Xr(i),!si(i)))throw Error("unaligned destination");const n=Ci(e),a=oi(t),s=[n,a];si(r)||s.push(r=oi(r));const o=Li(n,a,r,i);return ci(...s),o}return Xr(e),Xr(t,mi),{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const Oi=ni({blockSize:16,nonceLength:16},(function(e,t,r={}){Xr(e),Xr(t,16);const i=!r.disablePadding;return{encrypt(r,n){const a=Ci(e),{b:s,o,out:c}=function(e,t,r){Xr(e);let i=e.length;const n=i%mi;if(!t&&0!==n)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");si(e)||(e=oi(e));const a=ei(e);if(t){let e=mi-n;e||(e=mi),i+=e}const s=Ri(i,r);return{b:a,o:ei(s),out:s}}(r,i,n);let u=t;const h=[a];si(u)||h.push(u=oi(u));const l=ei(u);let y=l[0],p=l[1],d=l[2],g=l[3],f=0;for(;f+4<=s.length;)y^=s[f+0],p^=s[f+1],d^=s[f+2],g^=s[f+3],({s0:y,s1:p,s2:d,s3:g}=Fi(a,y,p,d,g)),o[f++]=y,o[f++]=p,o[f++]=d,o[f++]=g;if(i){const e=function(e){const t=new Uint8Array(16),r=ei(t);t.set(e);const i=mi-e.length;for(let e=mi-i;e<mi;e++)t[e]=i;return r}(r.subarray(4*f));y^=e[0],p^=e[1],d^=e[2],g^=e[3],({s0:y,s1:p,s2:d,s3:g}=Fi(a,y,p,d,g)),o[f++]=y,o[f++]=p,o[f++]=d,o[f++]=g}return ci(...h),c},decrypt(r,n){!function(e){if(Xr(e),e.length%mi!=0)throw Error("aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const a=Bi(e);let s=t;const o=[a];si(s)||o.push(s=oi(s));const c=ei(s),u=Ri(r.length,n);si(r)||o.push(r=oi(r));const h=ei(r),l=ei(u);let y=c[0],p=c[1],d=c[2],g=c[3];for(let e=0;e+4<=h.length;){const t=y,r=p,i=d,n=g;y=h[e+0],p=h[e+1],d=h[e+2],g=h[e+3];const{s0:s,s1:o,s2:c,s3:u}=_i(a,y,p,d,g);l[e++]=s^t,l[e++]=o^r,l[e++]=c^i,l[e++]=u^n}return ci(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const i=e[r-1];if(i<=0||i>16)throw Error("aes/pcks5: wrong padding");const n=e.subarray(0,-i);for(let t=0;t<i;t++)if(e[r-t-1]!==i)throw Error("aes/pcks5: wrong padding");return n}(u,i)}}})),ji=ni({blockSize:16,nonceLength:16},(function(e,t){function r(r,i,n){Xr(r);const a=r.length;n=Ri(a,n);const s=Ci(e);let o=t;const c=[s];si(o)||c.push(o=oi(o)),si(r)||c.push(r=oi(r));const u=ei(r),h=ei(n),l=i?h:u,y=ei(o);let p=y[0],d=y[1],g=y[2],f=y[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:i,s3:n}=Fi(s,p,d,g,f);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^i,h[e+3]=u[e+3]^n,p=l[e++],d=l[e++],g=l[e++],f=l[e++]}const m=mi*Math.floor(u.length/4);if(m<a){({s0:p,s1:d,s2:g,s3:f}=Fi(s,p,d,g,f));const e=Jr(new Uint32Array([p,d,g,f]));for(let t=m,i=0;t<a;t++,i++)n[t]=r[t]^e[i];ci(e)}return ci(...c),n}return Xr(e),Xr(t,16),{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));const qi=ni({blockSize:16,nonceLength:12,tagLength:16},(function(e,t,r){if(Xr(e),Xr(t),void 0!==r&&Xr(r),t.length<8)throw Error("aes/gcm: invalid nonce length");const i=16;function n(e,t,i){const n=function(e,t,r,i,n){const a=null==n?0:n.length,s=e.create(r,i.length+a);n&&s.update(n),s.update(i);const o=new Uint8Array(16),c=ti(o);n&&ai(c,0,BigInt(8*a),t),ai(c,8,BigInt(8*i.length),t),s.update(o);const u=s.digest();return ci(o),u}(fi,!1,e,i,r);for(let e=0;e<t.length;e++)n[e]^=t[e];return n}function a(){const r=Ci(e),i=wi.slice(),n=wi.slice();if(Ni(r,!1,n,n,i),12===t.length)n.set(t);else{const e=wi.slice();ai(ti(e),8,BigInt(8*t.length),!1);const r=fi.create(i).update(t).update(e);r.digestInto(n),r.destroy()}return{xk:r,authKey:i,counter:n,tagMask:Ni(r,!1,n,wi)}}return{encrypt(e){Xr(e);const{xk:t,authKey:r,counter:s,tagMask:o}=a(),c=new Uint8Array(e.length+i),u=[t,r,s,o];si(e)||u.push(e=oi(e)),Ni(t,!1,s,e,c);const h=n(r,o,c.subarray(0,c.length-i));return u.push(h),c.set(h,e.length),ci(...u),c},decrypt(e){if(Xr(e),e.length<i)throw Error("aes/gcm: ciphertext less than tagLen (16)");const{xk:t,authKey:r,counter:s,tagMask:o}=a(),c=[t,r,o,s];si(e)||c.push(e=oi(e));const u=e.subarray(0,-16),h=e.subarray(-16),l=n(r,o,u);if(c.push(l),!ii(l,h))throw Error("aes/gcm: invalid ghash tag");const y=Ni(t,!1,s,u);return ci(...c),y}}}));function Hi(e){return null!=e&&"object"==typeof e&&(e instanceof Uint32Array||"Uint32Array"===e.constructor.name)}function Gi(e,t){if(Xr(t,16),!Hi(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=ei(t);let{s0:i,s1:n,s2:a,s3:s}=Fi(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=n,r[2]=a,r[3]=s,t}function Vi(e,t){if(Xr(t,16),!Hi(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=ei(t);let{s0:i,s1:n,s2:a,s3:s}=_i(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=n,r[2]=a,r[3]=s,t}const Wi={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=Ci(e);if(16===t.length)Gi(r,t);else{const e=ei(t);let i=e[0],n=e[1];for(let t=0,a=1;t<6;t++)for(let t=2;t<e.length;t+=2,a++){const{s0:s,s1:o,s2:c,s3:u}=Fi(r,i,n,e[t],e[t+1]);i=s,n=o^Pi(a),e[t]=c,e[t+1]=u}e[0]=i,e[1]=n}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=Bi(e),i=t.length/8-1;if(1===i)Vi(r,t);else{const e=ei(t);let n=e[0],a=e[1];for(let t=0,s=6*i;t<6;t++)for(let t=2*i;t>=1;t-=2,s--){a^=Pi(s);const{s0:i,s1:o,s2:c,s3:u}=_i(r,n,a,e[t],e[t+1]);n=i,a=o,e[t]=c,e[t+1]=u}e[0]=n,e[1]=a}r.fill(0)}},$i=new Uint8Array(8).fill(166),Zi=ni({blockSize:8},(e=>({encrypt(t){if(Xr(t),!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const i=e[r];Xr(i),t+=i.length}const r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const n=e[t];r.set(n,i),i+=n.length}return r}($i,t);return Wi.encrypt(e,r),r},decrypt(t){if(Xr(t),t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=oi(t);if(Wi.decrypt(e,r),!ii(r.subarray(0,8),$i))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),Xi={expandKeyLE:Ci,expandKeyDecLE:Bi,encrypt:Fi,decrypt:_i,encryptBlock:Gi,decryptBlock:Vi,ctrCounter:Li,ctr32:Ni};async function Qi(e){switch(e){case B.symmetric.aes128:case B.symmetric.aes192:case B.symmetric.aes256:throw Error("Not a legacy cipher");case B.symmetric.cast5:case B.symmetric.blowfish:case B.symmetric.twofish:case B.symmetric.tripledes:{const{legacyCiphers:t}=await import("./legacy_ciphers.min.mjs"),r=B.read(B.symmetric,e),i=t.get(r);if(!i)throw Error("Unsupported cipher algorithm");return i}default:throw Error("Unsupported cipher algorithm")}}function Yi(e){switch(e){case B.symmetric.aes128:case B.symmetric.aes192:case B.symmetric.aes256:case B.symmetric.twofish:return 16;case B.symmetric.blowfish:case B.symmetric.cast5:case B.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function Ji(e){switch(e){case B.symmetric.aes128:case B.symmetric.blowfish:case B.symmetric.cast5:return 16;case B.symmetric.aes192:case B.symmetric.tripledes:return 24;case B.symmetric.aes256:case B.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function en(e){return{keySize:Ji(e),blockSize:Yi(e)}}const tn=F.getWebCrypto();async function rn(e,t,r){const{keySize:i}=en(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");try{const e=await tn.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),i=await tn.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),n=await tn.wrapKey("raw",i,e,{name:"AES-KW"});return new Uint8Array(n)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return Zi(t).encrypt(r)}async function nn(e,t,r){const{keySize:i}=en(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");let n;try{n=await tn.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return F.printDebugError("Browser did not support operation: "+e.message),Zi(t).decrypt(r)}try{const e=await tn.unwrapKey("raw",r,n,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await tn.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}const an=F.getWebCrypto();async function sn(e,t,r,i,n){const a=B.read(B.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");const s=await an.importKey("raw",t,"HKDF",!1,["deriveBits"]),o=await an.deriveBits({name:"HKDF",hash:a,salt:r,info:i},s,8*n);return new Uint8Array(o)}const on={x25519:F.encodeUTF8("OpenPGP X25519"),x448:F.encodeUTF8("OpenPGP X448")};async function cn(e){switch(e){case B.publicKey.x25519:try{const e=F.getWebCrypto(),t=await e.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);if(r.x!==i.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}return{A:new Uint8Array(O(i.x)),k:O(r.d)}}catch(e){if("NotSupportedError"!==e.name)throw e;const t=le(32),{publicKey:r}=Ze.box.keyPair.fromSecretKey(t);return{A:r,k:t}}case B.publicKey.x448:{const e=await F.getNobleCurve(B.publicKey.x448),t=e.utils.randomPrivateKey();return{A:e.getPublicKey(t),k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function un(e,t,r){switch(e){case B.publicKey.x25519:{const{publicKey:e}=Ze.box.keyPair.fromSecretKey(r);return F.equalsUint8Array(t,e)}case B.publicKey.x448:{const e=(await F.getNobleCurve(B.publicKey.x448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}async function hn(e,t,r){const{ephemeralPublicKey:i,sharedSecret:n}=await pn(e,r),a=F.concatUint8Array([i,r,n]);switch(e){case B.publicKey.x25519:{const e=B.symmetric.aes128,{keySize:r}=en(e),n=await sn(B.hash.sha256,a,new Uint8Array,on.x25519,r);return{ephemeralPublicKey:i,wrappedKey:await rn(e,n,t)}}case B.publicKey.x448:{const e=B.symmetric.aes256,{keySize:r}=en(B.symmetric.aes256),n=await sn(B.hash.sha512,a,new Uint8Array,on.x448,r);return{ephemeralPublicKey:i,wrappedKey:await rn(e,n,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function ln(e,t,r,i,n){const a=await dn(e,t,i,n),s=F.concatUint8Array([t,i,a]);switch(e){case B.publicKey.x25519:{const e=B.symmetric.aes128,{keySize:t}=en(e);return nn(e,await sn(B.hash.sha256,s,new Uint8Array,on.x25519,t),r)}case B.publicKey.x448:{const e=B.symmetric.aes256,{keySize:t}=en(B.symmetric.aes256);return nn(e,await sn(B.hash.sha512,s,new Uint8Array,on.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function yn(e){switch(e){case B.publicKey.x25519:return 32;case B.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function pn(e,t){switch(e){case B.publicKey.x25519:try{const r=F.getWebCrypto(),i=await r.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),n=await r.exportKey("jwk",i.publicKey);if((await r.exportKey("jwk",i.privateKey)).x!==n.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}const a=fn(e,t),s=await r.importKey("jwk",a,"X25519",!1,[]),o=await r.deriveBits({name:"X25519",public:s},i.privateKey,8*yn(e));return{sharedSecret:new Uint8Array(o),ephemeralPublicKey:new Uint8Array(O(n.x))}}catch(r){if("NotSupportedError"!==r.name)throw r;const i=le(yn(e)),n=Ze.scalarMult(i,t);gn(n);const{publicKey:a}=Ze.box.keyPair.fromSecretKey(i);return{ephemeralPublicKey:a,sharedSecret:n}}case B.publicKey.x448:{const e=await F.getNobleCurve(B.publicKey.x448),r=e.utils.randomPrivateKey(),i=e.getSharedSecret(r,t);gn(i);return{ephemeralPublicKey:e.getPublicKey(r),sharedSecret:i}}default:throw Error("Unsupported ECDH algorithm")}}async function dn(e,t,r,i){switch(e){case B.publicKey.x25519:try{const n=F.getWebCrypto(),a=function(e,t,r){if(e===B.publicKey.x25519){const i=fn(e,t);return i.d=j(r),i}throw Error("Unsupported ECDH algorithm")}(e,r,i),s=fn(e,t),o=await n.importKey("jwk",a,"X25519",!1,["deriveKey","deriveBits"]),c=await n.importKey("jwk",s,"X25519",!1,[]),u=await n.deriveBits({name:"X25519",public:c},o,8*yn(e));return new Uint8Array(u)}catch(e){if("NotSupportedError"!==e.name)throw e;const r=Ze.scalarMult(i,t);return gn(r),r}case B.publicKey.x448:{const e=(await F.getNobleCurve(B.publicKey.x448)).getSharedSecret(i,t);return gn(e),e}default:throw Error("Unsupported ECDH algorithm")}}function gn(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}function fn(e,t){if(e===B.publicKey.x25519){return{kty:"OKP",crv:"X25519",x:j(t),ext:!0}}throw Error("Unsupported ECDH algorithm")}var mn=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:ln,encrypt:hn,generate:cn,generateEphemeralEncryptionMaterial:pn,getPayloadSize:yn,recomputeSharedSecret:dn,validateParams:un});const wn=F.getWebCrypto(),bn=F.getNodeCrypto(),kn={[B.curve.nistP256]:"P-256",[B.curve.nistP384]:"P-384",[B.curve.nistP521]:"P-521"},vn=bn?bn.getCurves():[],Kn=bn?{[B.curve.secp256k1]:vn.includes("secp256k1")?"secp256k1":void 0,[B.curve.nistP256]:vn.includes("prime256v1")?"prime256v1":void 0,[B.curve.nistP384]:vn.includes("secp384r1")?"secp384r1":void 0,[B.curve.nistP521]:vn.includes("secp521r1")?"secp521r1":void 0,[B.curve.ed25519Legacy]:vn.includes("ED25519")?"ED25519":void 0,[B.curve.curve25519Legacy]:vn.includes("X25519")?"X25519":void 0,[B.curve.brainpoolP256r1]:vn.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[B.curve.brainpoolP384r1]:vn.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[B.curve.brainpoolP512r1]:vn.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},An={[B.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:Kn[B.curve.nistP256],web:kn[B.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[B.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:B.publicKey.ecdsa,hash:B.hash.sha384,cipher:B.symmetric.aes192,node:Kn[B.curve.nistP384],web:kn[B.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[B.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:B.publicKey.ecdsa,hash:B.hash.sha512,cipher:B.symmetric.aes256,node:Kn[B.curve.nistP521],web:kn[B.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[B.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:Kn[B.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[B.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:B.publicKey.eddsaLegacy,hash:B.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[B.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:B.publicKey.ecdh,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[B.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:Kn[B.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[B.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:B.publicKey.ecdsa,hash:B.hash.sha384,cipher:B.symmetric.aes192,node:Kn[B.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[B.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:B.publicKey.ecdsa,hash:B.hash.sha512,cipher:B.symmetric.aes256,node:Kn[B.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class En{constructor(e){try{this.name=e instanceof Nt?e.getName():B.write(B.curve,e)}catch(e){throw new Wt("Unknown curve")}const t=An[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&F.getWebCrypto()?this.type="web":this.node&&F.getNodeCrypto()?this.type="node":this.name===B.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===B.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await wn.generateKey({name:"ECDSA",namedCurve:kn[e]},!0,["sign","verify"]),i=await wn.exportKey("jwk",r.privateKey);return{publicKey:In(await wn.exportKey("jwk",r.publicKey),t),privateKey:O(i.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return F.printDebugError("Browser did not support generating ec key "+e.message),xn(this.name)}case"node":return async function(e){const t=bn.createECDH(Kn[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await cn(B.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await zr(B.publicKey.ed25519);return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return xn(this.name)}}}async function Sn(e){const t=new En(e),{oid:r,hash:i,cipher:n}=t,a=await t.genKeyPair();return{oid:r,Q:a.publicKey,secret:F.leftPad(a.privateKey,t.payloadSize),hash:i,cipher:n}}function Pn(e){return An[e.getName()].hash}async function Un(e,t,r,i){const n={[B.curve.nistP256]:!0,[B.curve.nistP384]:!0,[B.curve.nistP521]:!0,[B.curve.secp256k1]:!0,[B.curve.curve25519Legacy]:e===B.publicKey.ecdh,[B.curve.brainpoolP256r1]:!0,[B.curve.brainpoolP384r1]:!0,[B.curve.brainpoolP512r1]:!0},a=t.getName();if(!n[a])return!1;if(a===B.curve.curve25519Legacy){i=i.slice().reverse();const{publicKey:e}=Ze.box.keyPair.fromSecretKey(i);r=new Uint8Array(r);const t=new Uint8Array([64,...e]);return!!F.equalsUint8Array(t,r)}const s=(await F.getNobleCurve(B.publicKey.ecdsa,a)).getPublicKey(i,!1);return!!F.equalsUint8Array(s,r)}function Dn(e,t){const{payloadSize:r,wireFormatLeadingByte:i,name:n}=e,a=n===B.curve.curve25519Legacy||n===B.curve.ed25519Legacy?r:2*r;if(t[0]!==i||t.length!==a+1)throw Error("Invalid point encoding")}async function xn(e){const t=await F.getNobleCurve(B.publicKey.ecdsa,e),r=t.utils.randomPrivateKey();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function In(e,t){const r=O(e.x),i=O(e.y),n=new Uint8Array(r.length+i.length+1);return n[0]=t,n.set(r,1),n.set(i,r.length+1),n}function Cn(e,t,r){const i=e,n=r.slice(1,i+1),a=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:j(n),y:j(a),ext:!0}}function Bn(e,t,r,i){const n=Cn(e,t,r);return n.d=j(i),n}const Tn=F.getWebCrypto(),Mn=F.getNodeCrypto();async function Fn(e,t,r,i,n,a){const s=new En(e);if(Dn(s,i),r&&!F.isStream(r)){const e={publicKey:i,privateKey:n};switch(s.type){case"web":try{return await async function(e,t,r,i){const n=e.payloadSize,a=Bn(e.payloadSize,kn[e.name],i.publicKey,i.privateKey),s=await Tn.importKey("jwk",a,{name:"ECDSA",namedCurve:kn[e.name],hash:{name:B.read(B.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await Tn.sign({name:"ECDSA",namedCurve:kn[e.name],hash:{name:B.read(B.webHash,t)}},s,r));return{r:o.slice(0,n),s:o.slice(n,n<<1)}}(s,t,r,e)}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return async function(e,t,r,i){const n=F.nodeRequire("eckey-utils"),a=F.getNodeBuffer(),{privateKey:s}=n.generateDer({curveName:Kn[e.name],privateKey:a.from(i)}),o=Mn.createSign(B.read(B.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:s,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(s,t,r,n)}}const o=(await F.getNobleCurve(B.publicKey.ecdsa,s.name)).sign(a,n,{lowS:!1});return{r:ue(o.r,"be",s.payloadSize),s:ue(o.s,"be",s.payloadSize)}}async function _n(e,t,r,i,n,a){const s=new En(e);Dn(s,n);const o=async()=>0===a[0]&&Rn(s,r,a.subarray(1),n);if(i&&!F.isStream(i))switch(s.type){case"web":try{const e=await async function(e,t,{r,s:i},n,a){const s=Cn(e.payloadSize,kn[e.name],a),o=await Tn.importKey("jwk",s,{name:"ECDSA",namedCurve:kn[e.name],hash:{name:B.read(B.webHash,e.hash)}},!1,["verify"]),c=F.concatUint8Array([r,i]).buffer;return Tn.verify({name:"ECDSA",namedCurve:kn[e.name],hash:{name:B.read(B.webHash,t)}},o,c,n)}(s,t,r,i,n);return e||o()}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:i},n,a){const s=F.nodeRequire("eckey-utils"),o=F.getNodeBuffer(),{publicKey:c}=s.generateDer({curveName:Kn[e.name],publicKey:o.from(a)}),u=Mn.createVerify(B.read(B.hash,t));u.write(n),u.end();const h=F.concatUint8Array([r,i]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(s,t,r,i,n);return e||o()}}return await Rn(s,r,a,n)||o()}async function Rn(e,t,r,i){return(await F.getNobleCurve(B.publicKey.ecdsa,e.name)).verify(F.concatUint8Array([t.r,t.s]),r,i,{lowS:!1})}var Ln=/*#__PURE__*/Object.freeze({__proto__:null,sign:Fn,validateParams:async function(e,t,r){const i=new En(e);if(i.keyType!==B.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=le(8),n=B.hash.sha256,a=await Ce(n,i);try{const s=await Fn(e,n,i,t,r,a);return await _n(e,n,s,i,t,a)}catch(e){return!1}}default:return Un(B.publicKey.ecdsa,e,t,r)}},verify:_n});async function Nn(e,t,r,i,n,a){Dn(new En(e),i);const{RS:s}=await Or(B.publicKey.ed25519,0,0,i.subarray(1),n,a);return{r:s.subarray(0,32),s:s.subarray(32)}}async function zn(e,t,{r,s:i},n,a,s){Dn(new En(e),a);const o=F.concatUint8Array([r,i]);return jr(B.publicKey.ed25519,0,{RS:o},0,a.subarray(1),s)}async function On(e,t,r){if(e.getName()!==B.curve.ed25519Legacy)return!1;const{publicKey:i}=Ze.sign.keyPair.fromSeed(r),n=new Uint8Array([64,...i]);return F.equalsUint8Array(t,n)}var jn=/*#__PURE__*/Object.freeze({__proto__:null,sign:Nn,validateParams:On,verify:zn});function qn(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),n=new Uint8Array(r).fill(r);if(F.equalsUint8Array(i,n))return e.subarray(0,t-r)}}throw Error("Invalid padding")}const Hn=F.getWebCrypto(),Gn=F.getNodeCrypto();function Vn(e,t,r,i){return F.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),F.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||i])}async function Wn(e,t,r,i,n=!1,a=!1){let s;if(n){for(s=0;s<t.length&&0===t[s];s++);t=t.subarray(s)}if(a){for(s=t.length-1;s>=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Ce(e,F.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function $n(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:i}=await pn(B.publicKey.x25519,t.subarray(1));return{publicKey:F.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),i]),sharedKey:r}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t){const r=Cn(e.payloadSize,e.web,t);let i=Hn.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),n=Hn.importKey("jwk",r,{name:"ECDH",namedCurve:e.web},!1,[]);[i,n]=await Promise.all([i,n]);let a=Hn.deriveBits({name:"ECDH",namedCurve:e.web,public:n},i.privateKey,e.sharedSize),s=Hn.exportKey("jwk",i.publicKey);[a,s]=await Promise.all([a,s]);const o=new Uint8Array(a),c=new Uint8Array(In(s,e.wireFormatLeadingByte));return{publicKey:c,sharedKey:o}}(e,t)}catch(r){return F.printDebugError(r),Jn(e,t)}break;case"node":return async function(e,t){const r=Gn.createECDH(e.node);r.generateKeys();const i=new Uint8Array(r.computeSecret(t));return{publicKey:new Uint8Array(r.getPublicKey()),sharedKey:i}}(e,t);default:return Jn(e,t)}}async function Zn(e,t,r,i,n){const a=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),s=new En(e);Dn(s,i);const{publicKey:o,sharedKey:c}=await $n(s,i),u=Vn(B.publicKey.ecdh,e,t,n),{keySize:h}=en(t.cipher),l=await Wn(t.hash,c,h,u);return{publicKey:o,wrappedKey:await rn(t.cipher,l,a)}}async function Xn(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519Legacy":{const e=i.slice().reverse();return{secretKey:e,sharedKey:await dn(B.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t,r,i){const n=Bn(e.payloadSize,e.web,r,i);let a=Hn.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const s=Cn(e.payloadSize,e.web,t);let o=Hn.importKey("jwk",s,{name:"ECDH",namedCurve:e.web},!0,[]);[a,o]=await Promise.all([a,o]);let c=Hn.deriveBits({name:"ECDH",namedCurve:e.web,public:o},a,e.sharedSize),u=Hn.exportKey("jwk",a);[c,u]=await Promise.all([c,u]);const h=new Uint8Array(c);return{secretKey:O(u.d),sharedKey:h}}(e,t,r,i)}catch(r){return F.printDebugError(r),Yn(e,t,i)}break;case"node":return async function(e,t,r){const i=Gn.createECDH(e.node);i.setPrivateKey(r);const n=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:n}}(e,t,i);default:return Yn(e,t,i)}}async function Qn(e,t,r,i,n,a,s){const o=new En(e);Dn(o,n),Dn(o,r);const{sharedKey:c}=await Xn(o,r,n,a),u=Vn(B.publicKey.ecdh,e,t,s),{keySize:h}=en(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await Wn(t.hash,c,h,u,1===e,2===e);return qn(await nn(t.cipher,r,i))}catch(e){l=e}throw l}async function Yn(e,t,r){return{secretKey:r,sharedKey:(await F.getNobleCurve(B.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function Jn(e,t){const r=await F.getNobleCurve(B.publicKey.ecdh,e.name),{publicKey:i,privateKey:n}=await e.genKeyPair();return{publicKey:i,sharedKey:r.getSharedSecret(n,t).subarray(1)}}var ea=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:En,ecdh:/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Qn,encrypt:Zn,validateParams:async function(e,t,r){return Un(B.publicKey.ecdh,e,t,r)}}),ecdhX:mn,ecdsa:Ln,eddsa:$r,eddsaLegacy:jn,generate:Sn,getPreferredHashAlgo:Pn});const ta=BigInt(0),ra=BigInt(1);const ia=new Set([B.hash.sha1,B.hash.sha256,B.hash.sha512]),na=F.getWebCrypto(),aa=F.getNodeCrypto();async function sa(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{publicKey:r,secretKey:i}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:i}}throw Error("Unsupported KEM algorithm")}async function oa(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===B.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await cn(B.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:i,mlkemSeed:n,mlkemSecretKey:a}=await async function(e){if(e===B.publicKey.pqc_mlkem_x25519){const t=le(64),{mlkemSecretKey:r,mlkemPublicKey:i}=await sa(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:i}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:i,mlkemSeed:n,mlkemSecretKey:a}}async function ca(e,t,r,i){const{eccKeyShare:n,eccCipherText:a}=await async function(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await pn(B.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:s,mlkemCipherText:o}=await async function(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{cipherText:r,sharedSecret:i}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:i}}throw Error("Unsupported KEM algorithm")}(e,r),c=await ha(e,s,n,a,t);return{eccCipherText:a,mlkemCipherText:o,wrappedKey:await rn(B.symmetric.aes256,c,i)}}async function ua(e,t,r,i,n,a,s,o){const c=await async function(e,t,r,i){if(e===B.publicKey.pqc_mlkem_x25519)return await dn(B.publicKey.x25519,t,i,r);throw Error("Unsupported KEM algorithm")}(e,t,i,n),u=await async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs");return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,a),h=await ha(e,u,c,t,n);return await nn(B.symmetric.aes256,h,o)}async function ha(e,t,r,i,n){const a=F.encodeUTF8("OpenPGPCompositeKDFv1"),s=F.concatUint8Array([t,r,i,n,new Uint8Array([e]),a,new Uint8Array([a.length])]);return await Ce(B.hash.sha3_256,s)}async function la(e,t,r,i,n){const a=async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519)return un(B.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),s=async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:i}=await sa(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported KEM algorithm")}(e,i,n);return await a&&await s}async function ya(e,t){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs"),{secretKey:r,publicKey:i}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}async function pa(e){if(e===B.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===B.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await zr(B.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:i,mldsaSecretKey:n,mldsaPublicKey:a}=await async function(e){if(e===B.publicKey.pqc_mldsa_ed25519){const t=le(32),{mldsaSecretKey:r,mldsaPublicKey:i}=await ya(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:i,mldsaSecretKey:n,mldsaPublicKey:a}}throw Error("Unsupported signature algorithm")}async function da(e,t,r,i,n,a){if(e===B.publicKey.pqc_mldsa_ed25519){const{eccSignature:t}=await async function(e,t,r,i,n){if(e===B.publicKey.pqc_mldsa_ed25519){const{RS:e}=await Or(B.publicKey.ed25519,0,0,i,r,n);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,0,r,i,a),{mldsaSignature:s}=await async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,n,a);return{eccSignature:t,mldsaSignature:s}}throw Error("Unsupported signature algorithm")}async function ga(e,t,r,i,n,{eccSignature:a,mldsaSignature:s}){if(e===B.publicKey.pqc_mldsa_ed25519){const t=async function(e,t,r,i,n){if(e===B.publicKey.pqc_mldsa_ed25519)return jr(B.publicKey.ed25519,0,{RS:n},0,r,i);throw Error("Unsupported signature algorithm")}(e,0,r,n,a),o=async function(e,t,r,i){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return e.verify(t,r,i)}throw Error("Unsupported signature algorithm")}(e,i,n,s);return await t&&await o}throw Error("Unsupported signature algorithm")}function fa(e,t){if(e===B.publicKey.pqc_mldsa_ed25519)return Be(t)>=32;throw Error("Unsupported signature algorithm")}async function ma(e,t,r,i,n){const a=async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519)return qr(B.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),s=async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:i}=await ya(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported signature algorithm")}(e,i,n);return await a&&await s}class wa{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return F.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class ba{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!F.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return F.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class ka{constructor(e){if(e){const{version:t,hash:r,cipher:i,replacementFingerprint:n}=e;this.version=t||1,this.hash=r,this.cipher=i,this.replacementFingerprint=n}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new Wt("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const i=t-r+1;this.replacementFingerprint=e.slice(r,r+i),r+=i}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return F.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const va=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=B.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return B.read(e,this.data)}getValue(){return this.data}},Ka=va(B.aead),Aa=va(B.symmetric),Ea=va(B.hash);class Sa{static fromObject({wrappedKey:e,algorithm:t}){const r=new Sa;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=F.readExactSubarray(e,t,t+r),t+=r}write(){return F.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Pa=F.getWebCrypto(),Ua=F.getNodeCrypto(),Da=Ua?Ua.getCiphers():[],xa={idea:Da.includes("idea-cfb")?"idea-cfb":void 0,tripledes:Da.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:Da.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:Da.includes("bf-cfb")?"bf-cfb":void 0,aes128:Da.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:Da.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:Da.includes("aes-256-cfb")?"aes-256-cfb":void 0};async function Ia(e){const{blockSize:t}=en(e),r=await le(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return F.concat([r,i])}async function Ca(e,t,r,i,n){const a=B.read(B.symmetric,e);if(F.getNodeCrypto()&&xa[a])return function(e,t,r,i){const n=B.read(B.symmetric,e),a=new Ua.createCipheriv(xa[n],t,i);return b(r,(e=>new Uint8Array(a.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(Pa&&await Ta.isSupported(e)){const n=new Ta(e,t,i);return F.isStream(r)?b(r,(e=>n.encryptChunk(e)),(()=>n.finish())):n.encrypt(r)}if(F.isStream(r)){const n=new Ma(!0,e,t,i);return b(r,(e=>n.processChunk(e)),(()=>n.finish()))}return ji(t,i).encrypt(r)}(e,t,r,i);const s=new(await Qi(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=F.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[i++]=c[r];u=u.subarray(o)}return t.subarray(0,i)};return b(r,h,h)}async function Ba(e,t,r,i){const n=B.read(B.symmetric,e);if(Ua&&xa[n])return function(e,t,r,i){const n=B.read(B.symmetric,e),a=new Ua.createDecipheriv(xa[n],t,i);return b(r,(e=>new Uint8Array(a.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(F.isStream(r)){const n=new Ma(!1,e,t,i);return b(r,(e=>n.processChunk(e)),(()=>n.finish()))}return ji(t,i).decrypt(r)}(e,t,r,i);const a=new(await Qi(e))(t),s=a.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=F.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=a.encrypt(o);for(o=c.subarray(0,s),r=0;r<s;r++)t[i++]=o[r]^e[r];c=c.subarray(s)}return t.subarray(0,i)};return b(r,u,u)}class Ta{constructor(e,t,r){const{blockSize:i}=en(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i,this.zeroBlock=new Uint8Array(this.blockSize)}static async isSupported(e){const{keySize:t}=en(e);return Pa.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Pa.importKey("raw",this.key,r,!1,["encrypt"]);const i=await Pa.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(i).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),n=F.concatUint8Array([this.prevBlock,i.subarray(0,i.length-this.blockSize)]),a=await this._runCBC(n);return Fa(a,i),this.prevBlock=a.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,a}let i;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;i=await this._runCBC(this.prevBlock),Fa(i,t),this.prevBlock=i.slice(),this.i=0;const n=e.subarray(r.length);this.nextBlock.set(n,this.i),this.i+=n.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);Fa(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(F.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return Fa(t,e),this.clearSensitiveData(),t}}class Ma{constructor(e,t,r,i){this.forEncryption=e;const{blockSize:n}=en(t);this.key=Xi.expandKeyLE(r),i.byteOffset%4!=0&&(i=i.slice()),this.prevBlock=_a(i),this.nextBlock=new Uint8Array(n),this.i=0,this.blockSize=n}_runCFB(e){const t=_a(e),r=new Uint8Array(e.length),i=_a(r);for(let e=0;e+4<=i.length;e+=4){const{s0:r,s1:n,s2:a,s3:s}=Xi.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);i[e+0]=t[e+0]^r,i[e+1]=t[e+1]^n,i[e+2]=t[e+2]^a,i[e+3]=t[e+3]^s,this.prevBlock=(this.forEncryption?i:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),n=this._runCFB(i);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,n}let i;if(this.i+=r.length,this.i===this.nextBlock.length){i=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function Fa(e,t){const r=Math.min(e.length,t.length);for(let i=0;i<r;i++)e[i]=e[i]^t[i]}const _a=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const Ra=F.getWebCrypto(),La=F.getNodeCrypto(),Na=16;function za(e,t){const r=e.length-Na;for(let i=0;i<Na;i++)e[i+r]^=t[i];return e}const Oa=new Uint8Array(Na);async function ja(e){const t=await qa(e),r=F.double(await t(Oa)),i=F.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%Na==0)return za(e,t);const i=new Uint8Array(e.length+(Na-e.length%Na));return i.set(e),i[e.length]=128,za(i,r)}(e,r,i))).subarray(-Na)}}async function qa(e){if(F.getNodeCrypto())return async function(t){const r=new La.createCipheriv("aes-"+8*e.length+"-cbc",e,Oa).update(t);return new Uint8Array(r)};if(F.getWebCrypto())try{return e=await Ra.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await Ra.encrypt({name:"AES-CBC",iv:Oa,length:8*Na},e,t);return new Uint8Array(r).subarray(0,r.byteLength-Na)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return Oi(e,Oa,{disablePadding:!0}).encrypt(t)}}const Ha=F.getWebCrypto(),Ga=F.getNodeCrypto(),Va=F.getNodeBuffer(),Wa=16,$a=Wa,Za=Wa,Xa=new Uint8Array(Wa),Qa=new Uint8Array(Wa);Qa[Wa-1]=1;const Ya=new Uint8Array(Wa);async function Ja(e){const t=await ja(e);return function(e,r){return t(F.concatUint8Array([e,r]))}}async function es(e){if(F.getNodeCrypto())return async function(t,r){const i=new Ga.createCipheriv("aes-"+8*e.length+"-ctr",e,r),n=Va.concat([i.update(t),i.final()]);return new Uint8Array(n)};if(F.getWebCrypto())try{const t=await Ha.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const i=await Ha.encrypt({name:"AES-CTR",counter:r,length:8*Wa},t,e);return new Uint8Array(i)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return zi(e,r).encrypt(t)}}async function ts(e,t){if(e!==B.symmetric.aes128&&e!==B.symmetric.aes192&&e!==B.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,i]=await Promise.all([Ja(t),es(t)]);return{encrypt:async function(e,t,n){const[a,s]=await Promise.all([r(Xa,t),r(Qa,n)]),o=await i(e,a),c=await r(Ya,o);for(let e=0;e<Za;e++)c[e]^=s[e]^a[e];return F.concatUint8Array([o,c])},decrypt:async function(e,t,n){if(e.length<Za)throw Error("Invalid EAX ciphertext");const a=e.subarray(0,-Za),s=e.subarray(-Za),[o,c,u]=await Promise.all([r(Xa,t),r(Qa,n),r(Ya,a)]),h=u;for(let e=0;e<Za;e++)h[e]^=c[e]^o[e];if(!F.equalsUint8Array(s,h))throw Error("Authentication tag mismatch");return await i(a,o)}}}Ya[Wa-1]=2,ts.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},ts.blockLength=Wa,ts.ivLength=$a,ts.tagLength=Za;const rs=16,is=15,ns=16;function as(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function ss(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function os(e,t){return ss(e.slice(),t)}const cs=new Uint8Array(rs),us=new Uint8Array([1]);async function hs(e,t){const{keySize:r}=en(e);if(!F.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let i=0;const n=Oi(t,cs,{disablePadding:!0}),a=e=>n.encrypt(e),s=e=>n.decrypt(e);let o;function c(e,t,r,n){const s=t.length/rs|0;!function(e,t){const r=F.nbits(Math.max(e.length,t.length)/rs|0)-1;for(let e=i+1;e<=r;e++)o[e]=F.double(o[e-1]);i=r}(t,n);const c=F.concatUint8Array([cs.subarray(0,is-r.length),us,r]),u=63&c[rs-1];c[rs-1]&=192;const h=a(c),l=F.concatUint8Array([h,os(h.subarray(0,8),h.subarray(1,9))]),y=F.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),p=new Uint8Array(rs),d=new Uint8Array(t.length+ns);let g,f=0;for(g=0;g<s;g++)ss(y,o[as(g+1)]),d.set(ss(e(os(y,t)),y),f),ss(p,e===a?t:d.subarray(f)),t=t.subarray(rs),f+=rs;if(t.length){ss(y,o.x);const r=a(y);d.set(os(t,r),f);const i=new Uint8Array(rs);i.set(e===a?t:d.subarray(f,-ns),0),i[t.length]=128,ss(p,i),f+=t.length}const m=ss(a(ss(ss(p,y),o.$)),function(e){if(!e.length)return cs;const t=e.length/rs|0,r=new Uint8Array(rs),i=new Uint8Array(rs);for(let n=0;n<t;n++)ss(r,o[as(n+1)]),ss(i,a(os(r,e))),e=e.subarray(rs);if(e.length){ss(r,o.x);const t=new Uint8Array(rs);t.set(e,0),t[e.length]=128,ss(t,r),ss(i,a(t))}return i}(n));return d.set(m,f),d}return function(){const e=a(cs),t=F.double(e);o=[],o[0]=F.double(t),o.x=e,o.$=t}(),{encrypt:async function(e,t,r){return c(a,e,t,r)},decrypt:async function(e,t,r){if(e.length<ns)throw Error("Invalid OCB ciphertext");const i=e.subarray(-ns);e=e.subarray(0,-ns);const n=c(s,e,t,r);if(F.equalsUint8Array(i,n.subarray(-ns)))return n.subarray(0,-ns);throw Error("Authentication tag mismatch")}}}hs.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},hs.blockLength=rs,hs.ivLength=is,hs.tagLength=ns;const ls=F.getWebCrypto(),ys=F.getNodeCrypto(),ps=F.getNodeBuffer(),ds=16,gs="AES-GCM";async function fs(e,t){if(e!==B.symmetric.aes128&&e!==B.symmetric.aes192&&e!==B.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(F.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const n=new ys.createCipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i);const a=ps.concat([n.update(e),n.final(),n.getAuthTag()]);return new Uint8Array(a)},decrypt:async function(e,r,i=new Uint8Array){const n=new ys.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);n.setAAD(i),n.setAuthTag(e.slice(e.length-ds,e.length));const a=ps.concat([n.update(e.slice(0,e.length-ds)),n.final()]);return new Uint8Array(a)}};if(F.getWebCrypto())try{const e=await ls.importKey("raw",t,{name:gs},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(i,n,a=new Uint8Array){if(r&&!i.length)return qi(t,n,a).encrypt(i);const s=await ls.encrypt({name:gs,iv:n,additionalData:a,tagLength:8*ds},e,i);return new Uint8Array(s)},decrypt:async function(i,n,a=new Uint8Array){if(r&&i.length===ds)return qi(t,n,a).decrypt(i);try{const t=await ls.decrypt({name:gs,iv:n,additionalData:a,tagLength:8*ds},e,i);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,i){return qi(t,r,i).encrypt(e)},decrypt:async function(e,r,i){return qi(t,r,i).decrypt(e)}}}function ms(e,t=!1){switch(e){case B.aead.eax:return ts;case B.aead.ocb:return hs;case B.aead.gcm:return fs;case B.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return fs;default:throw Error("Unsupported AEAD mode")}}async function ws(e,t,r,i,n,a){switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await je(n,e,t)}}case B.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return async function(e,t,r,i){t=ee(t),r=ee(r),i=ee(i);const n=ee(Me(e,ce(t))),a=ye(We,t-We);return{c1:ue(re(r,a,t)),c2:ue(te(re(i,a,t)*n,t))}}(n,e,t,i)}case B.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:i}=r,{publicKey:s,wrappedKey:o}=await Zn(e,i,n,t,a);return{V:s,C:new wa(o)}}case B.publicKey.x25519:case B.publicKey.x448:{if(t&&!F.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:a,wrappedKey:s}=await hn(e,n,i);return{ephemeralPublicKey:a,C:Sa.fromObject({algorithm:t,wrappedKey:s})}}case B.publicKey.aead:{if(!i)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:a}=i,s=T.preferredAEADAlgorithm,o=ms(T.preferredAEADAlgorithm),{ivLength:c}=o,u=le(c),h=await o(t,a),l=await h.encrypt(n,u,new Uint8Array);return{aeadMode:new Ka(s),iv:u,c:new ba(l)}}case B.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:i,mlkemPublicKey:a}=r,{eccCipherText:s,mlkemCipherText:o,wrappedKey:c}=await ca(e,i,a,n);return{eccCipherText:s,mlkemCipherText:o,C:Sa.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function bs(e,t,r,i,n,a){switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:{const{c:e}=i,{n,e:s}=t,{d:o,p:c,q:u,u:h}=r;return qe(e,n,s,o,c,u,h,a)}case B.publicKey.elgamal:{const{c1:e,c2:n}=i;return async function(e,t,r,i,n){return e=ee(e),t=ee(t),r=ee(r),Fe(ue(te(ne(re(e,i=ee(i),r),r)*t,r),"be",ce(r)),n)}(e,n,t.p,r.x,a)}case B.publicKey.ecdh:{const{oid:e,Q:a,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return Qn(e,s,c,u.data,a,o,n)}case B.publicKey.x25519:case B.publicKey.x448:{const{A:n}=t,{k:a}=r,{ephemeralPublicKey:s,C:o}=i;if(null!==o.algorithm&&!F.isAES(o.algorithm))throw Error("AES session key expected");return ln(e,s,o.wrappedKey,n,a)}case B.publicKey.aead:{const{cipher:e}=t,n=e.getValue(),{keyMaterial:a}=r,{aeadMode:s,iv:o,c}=i,u=ms(s.getValue());return(await u(n,a)).decrypt(c.data,o,new Uint8Array)}case B.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:n,mlkemSecretKey:a}=r,{eccPublicKey:s,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=i;return ua(e,c,u,n,s,a,0,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function ks(e,t,r){let i=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const e=F.readMPI(t.subarray(i));i+=e.length+2;const r=F.readMPI(t.subarray(i));i+=r.length+2;const n=F.readMPI(t.subarray(i));i+=n.length+2;const a=F.readMPI(t.subarray(i));return i+=a.length+2,{read:i,privateParams:{d:e,p:r,q:n,u:a}}}case B.publicKey.dsa:case B.publicKey.elgamal:{const e=F.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case B.publicKey.ecdsa:case B.publicKey.ecdh:{const n=Us(e,r.oid);let a=F.readMPI(t.subarray(i));return i+=a.length+2,a=F.leftPad(a,n),{read:i,privateParams:{d:a}}}case B.publicKey.eddsaLegacy:{const n=Us(e,r.oid);if(r.oid.getName()!==B.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let a=F.readMPI(t.subarray(i));return i+=a.length+2,a=F.leftPad(a,n),{read:i,privateParams:{seed:a}}}case B.publicKey.ed25519:case B.publicKey.ed448:{const r=Us(e),n=F.readExactSubarray(t,i,i+r);return i+=n.length,{read:i,privateParams:{seed:n}}}case B.publicKey.x25519:case B.publicKey.x448:{const r=Us(e),n=F.readExactSubarray(t,i,i+r);return i+=n.length,{read:i,privateParams:{k:n}}}case B.publicKey.hmac:{const{cipher:e}=r,n=Be(e.getValue()),a=t.subarray(i,i+32);i+=32;const s=t.subarray(i,i+n);return i+=n,{read:i,privateParams:{hashSeed:a,keyMaterial:s}}}case B.publicKey.aead:{const{cipher:e}=r,n=t.subarray(i,i+32);i+=32;const{keySize:a}=en(e.getValue()),s=t.subarray(i,i+a);return i+=a,{read:i,privateParams:{hashSeed:n,keyMaterial:s}}}case B.publicKey.pqc_mlkem_x25519:{const r=F.readExactSubarray(t,i,i+Us(B.publicKey.x25519));i+=r.length;const n=F.readExactSubarray(t,i,i+64);i+=n.length;const{mlkemSecretKey:a}=await sa(e,n);return{read:i,privateParams:{eccSecretKey:r,mlkemSecretKey:a,mlkemSeed:n}}}case B.publicKey.pqc_mldsa_ed25519:{const r=F.readExactSubarray(t,i,i+Us(B.publicKey.ed25519));i+=r.length;const n=F.readExactSubarray(t,i,i+32);i+=n.length;const{mldsaSecretKey:a}=await ya(e,n);return{read:i,privateParams:{eccSecretKey:r,mldsaSecretKey:a,mldsaSeed:n}}}default:throw new Wt("Unknown public key encryption algorithm.")}}function vs(e,t){const r=new Set([B.publicKey.ed25519,B.publicKey.x25519,B.publicKey.ed448,B.publicKey.x448,B.publicKey.aead,B.publicKey.hmac,B.publicKey.pqc_mlkem_x25519,B.publicKey.pqc_mldsa_ed25519]),i={[B.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[B.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},n=Object.keys(t).map((n=>{if(i[e]?.has(n))return new Uint8Array;const a=t[n];return F.isUint8Array(a)?r.has(e)?a:F.uint8ArrayToMPI(a):a.write()}));return F.concatUint8Array(n)}async function Ks(e,t,r,i){switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),F.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:ue(t),hash:{name:"SHA-1"}},i=await Re.generateKey(r,!0,["sign","verify"]);return Ve(await Re.exportKey("jwk",i.privateKey),t)}if(F.getNodeCrypto()){const r={modulusLength:e,publicExponent:ae(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},i=await new Promise(((e,t)=>{Le.generateKeyPair("rsa",r,((r,i,n)=>{r?t(r):e(n)}))}));return Ve(i,t)}let r,i,n;do{i=de(e-(e>>1),t,40),r=de(e>>1,t,40),n=r*i}while(oe(n)!==e);const a=(r-Ne)*(i-Ne);return i<r&&([r,i]=[i,r]),{n:ue(n),e:ue(t),d:ue(ne(t,a)),p:ue(r),q:ue(i),u:ue(ne(r,i))}}(t,65537).then((({n:e,e:t,d:r,p:i,q:n,u:a})=>({privateParams:{d:r,p:i,q:n,u:a},publicParams:{n:e,e:t}})));case B.publicKey.ecdsa:return Sn(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Nt(e),Q:t}})));case B.publicKey.eddsaLegacy:return Sn(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Nt(e),Q:t}})));case B.publicKey.ecdh:return Sn(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:n})=>({privateParams:{d:r},publicParams:{oid:new Nt(e),Q:t,kdfParams:new ka({hash:i,cipher:n})}})));case B.publicKey.ed25519:case B.publicKey.ed448:return zr(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case B.publicKey.x25519:case B.publicKey.x448:return cn(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case B.publicKey.hmac:return As(await async function(e){if(!ia.has(e))throw Error("Unsupported hash algorithm.");const t=B.read(B.webHash,e),r=na||aa.webcrypto.subtle,i=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),n=await r.exportKey("raw",i);return new Uint8Array(n)}(i),new Ea(i));case B.publicKey.aead:return As(Ss(i),new Aa(i));case B.publicKey.pqc_mlkem_x25519:return oa(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:i,mlkemPublicKey:n})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:i},publicParams:{eccPublicKey:t,mlkemPublicKey:n}})));case B.publicKey.pqc_mldsa_ed25519:return pa(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:i,mldsaPublicKey:n})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:i},publicParams:{eccPublicKey:t,mldsaPublicKey:n}})));case B.publicKey.dsa:case B.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function As(e,t){const r=le(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await Ce(B.hash.sha256,r)}}}async function Es(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const{n:e,e:i}=t,{d:n,p:a,q:s,u:o}=r;return async function(e,t,r,i,n,a){if(e=ee(e),(i=ee(i))*(n=ee(n))!==e)return!1;const s=BigInt(2);if(te(i*(a=ee(a)),n)!==BigInt(1))return!1;t=ee(t),r=ee(r);const o=ye(s,s<<BigInt(Math.floor(oe(e)/3))),c=o*r*t;return!(te(c,i-Ne)!==o||te(c,n-Ne)!==o)}(e,i,n,a,s,o)}case B.publicKey.dsa:{const{p:e,q:i,g:n,y:a}=t,{x:s}=r;return async function(e,t,r,i,n){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),r<=ra||r>=e)return!1;if(te(e-ra,t)!==ta)return!1;if(re(r,t,e)!==ra)return!1;const a=BigInt(oe(t));if(a<BigInt(150)||!ge(t,null,32))return!1;n=ee(n);const s=BigInt(2);return i===re(r,t*ye(s<<a-ra,s<<a)+n,e)}(e,i,n,a,s)}case B.publicKey.elgamal:{const{p:e,g:i,y:n}=t,{x:a}=r;return async function(e,t,r,i){if(e=ee(e),t=ee(t),r=ee(r),t<=We||t>=e)return!1;const n=BigInt(oe(e));if(n<BigInt(1023))return!1;if(re(t,e-We,e)!==We)return!1;let a=t,s=BigInt(1);const o=BigInt(2),c=o<<BigInt(17);for(;s<c;){if(a=te(a*t,e),a===We)return!1;s++}i=ee(i);const u=ye(o<<n-We,o<<n);return r===re(t,(e-We)*u+i,e)}(e,i,n,a)}case B.publicKey.ecdsa:case B.publicKey.ecdh:{const i=ea[B.read(B.publicKey,e)],{oid:n,Q:a}=t,{d:s}=r;return i.validateParams(n,a,s)}case B.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:n}=r;return On(i,e,n)}case B.publicKey.ed25519:case B.publicKey.ed448:{const{A:i}=t,{seed:n}=r;return qr(e,i,n)}case B.publicKey.x25519:case B.publicKey.x448:{const{A:i}=t,{k:n}=r;return un(e,i,n)}case B.publicKey.hmac:{const{cipher:e,digest:i}=t,{hashSeed:n,keyMaterial:a}=r;return Be(e.getValue())===a.length&&F.equalsUint8Array(i,await Ce(B.hash.sha256,n))}case B.publicKey.aead:{const{cipher:e,digest:i}=t,{hashSeed:n,keyMaterial:a}=r,{keySize:s}=en(e.getValue());return s===a.length&&F.equalsUint8Array(i,await Ce(B.hash.sha256,n))}case B.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSeed:n}=r,{eccPublicKey:a,mlkemPublicKey:s}=t;return la(e,a,i,s,n)}case B.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:i,mldsaSeed:n}=r,{eccPublicKey:a,mldsaPublicKey:s}=t;return ma(e,a,i,s,n)}default:throw Error("Unknown public key algorithm.")}}function Ss(e){const{keySize:t}=en(e);return le(t)}function Ps(e){try{e.getName()}catch(e){throw new Wt("Unknown curve OID")}}function Us(e,t){switch(e){case B.publicKey.ecdsa:case B.publicKey.ecdh:case B.publicKey.eddsaLegacy:return new En(t).payloadSize;case B.publicKey.ed25519:case B.publicKey.ed448:return Hr(e);case B.publicKey.x25519:case B.publicKey.x448:return yn(e);default:throw Error("Unknown elliptic algo")}}async function Ds(e,t,r,i,n,a,s){switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const{n:e,e:n}=i;return Oe(t,a,F.leftPad(r.s,e.length),e,n,s)}case B.publicKey.dsa:{const{g:e,p:t,q:n,y:a}=i,{r:o,s:c}=r;return async function(e,t,r,i,n,a,s,o){if(t=ee(t),r=ee(r),a=ee(a),s=ee(s),n=ee(n),o=ee(o),t<=ta||t>=s||r<=ta||r>=s)return F.printDebug("invalid DSA Signature"),!1;const c=te(ee(i.subarray(0,ce(s))),s),u=ne(r,s);if(u===ta)return F.printDebug("invalid DSA Signature"),!1;n=te(n,a),o=te(o,a);const h=te(c*u,s),l=te(t*u,s);return te(te(re(n,h,a)*re(o,l,a),a),s)===t}(0,o,c,s,e,t,n,a)}case B.publicKey.ecdsa:{const{oid:e,Q:n}=i,o=new En(e).payloadSize;return _n(e,t,{r:F.leftPad(r.r,o),s:F.leftPad(r.s,o)},a,n,s)}case B.publicKey.eddsaLegacy:{if(Be(t)<Be(B.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:n}=i,a=new En(e).payloadSize;return zn(e,0,{r:F.leftPad(r.r,a),s:F.leftPad(r.s,a)},0,n,s)}case B.publicKey.ed25519:case B.publicKey.ed448:{if(Be(t)<Be(Gr(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:n}=i;return jr(e,0,r,0,n,s)}case B.publicKey.hmac:{if(!n)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=i,{keyMaterial:t}=n;return async function(e,t,r,i){if(!ia.has(e))throw Error("Unsupported hash algorithm.");const n=B.read(B.webHash,e),a=na||aa.webcrypto.subtle,s=await a.importKey("raw",t,{name:"HMAC",hash:{name:n}},!1,["verify"]);return a.verify("HMAC",s,r,i)}(e.getValue(),t,r.mac.data,s)}case B.publicKey.pqc_mldsa_ed25519:{if(!fa(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:n,mldsaPublicKey:a}=i;return ga(e,0,n,a,s,r)}default:throw Error("Unknown signature algorithm.")}}async function xs(e,t,r,i,n,a){if(!r||!i)throw Error("Missing key parameters");switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await ze(t,n,e,s,o,c,u,h,a)}}case B.publicKey.dsa:{const{g:e,p:t,q:n}=r,{x:s}=i;return async function(e,t,r,i,n,a){const s=BigInt(0);let o,c,u,h;i=ee(i),n=ee(n),r=ee(r),a=ee(a),r=te(r,i),a=te(a,n);const l=te(ee(t.subarray(0,ce(n))),n);for(;;){if(o=ye(ra,n),c=te(re(r,o,i),n),c===s)continue;const e=te(a*c,n);if(h=te(l+e,n),u=te(ne(o,n)*h,n),u!==s)break}return{r:ue(c,"be",ce(i)),s:ue(u,"be",ce(i))}}(0,a,e,t,n,s)}case B.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case B.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return Fn(e,t,n,s,o,a)}case B.publicKey.eddsaLegacy:{if(Be(t)<Be(B.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:n}=r,{seed:s}=i;return Nn(e,0,0,n,s,a)}case B.publicKey.ed25519:case B.publicKey.ed448:{if(Be(t)<Be(Gr(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:n}=r,{seed:s}=i;return Or(e,0,0,n,s,a)}case B.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=i,n=await async function(e,t,r){if(!ia.has(e))throw Error("Unsupported hash algorithm.");const i=B.read(B.webHash,e),n=na||aa.webcrypto.subtle,a=await n.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["sign"]),s=await n.sign("HMAC",a,r);return new Uint8Array(s)}(e.getValue(),t,a);return{mac:new ba(n)}}case B.publicKey.pqc_mldsa_ed25519:{if(!fa(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:n}=r,{eccSecretKey:s,mldsaSecretKey:o}=i;return da(e,0,s,n,o,a)}default:throw Error("Unknown signature algorithm.")}}fs.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},fs.blockLength=16,fs.ivLength=12,fs.tagLength=ds;class Is extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Is),this.name="Argon2OutOfMemoryError"}}let Cs,Bs,Ts=2<<19;class Ms{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return Ts}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){Ts=e}static reloadWasmModule(){Cs&&(Bs=Cs(),Bs.catch((()=>{})))}constructor(e=T){const{passes:t,parallelism:r,memoryExponent:i}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=i}generateSalt(){this.salt=le(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([B.write(B.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return F.concatUint8Array(e)}async produceKey(e,t){const r=2<<this.encodedM-1;try{Cs=Cs||(await import("./argon2id.min.mjs")).default,Bs=Bs||Cs();const i=await Bs,n=i({version:19,type:2,password:F.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:r,parallelism:this.p,passes:this.t});return r>Ms.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&Ms.reloadWasmModule(),n}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new Is("Could not allocate required memory for Argon2"):e}}}class Fs{constructor(e,t=T){this.algorithm=B.hash.sha256,this.type=B.read(B.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=le(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==F.uint8ArrayToString(e.subarray(t,t+3)))throw new Wt("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new Wt("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new Wt("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...F.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([B.write(B.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return F.concatUint8Array(e)}async produceKey(e,t){e=F.encodeUTF8(e);const r=[];let i=0,n=0;for(;i<t;){let t;switch(this.type){case"simple":t=F.concatUint8Array([new Uint8Array(n),e]);break;case"salted":t=F.concatUint8Array([new Uint8Array(n),this.salt,e]);break;case"iterated":{const r=F.concatUint8Array([this.salt,e]);let i=r.length;const a=Math.max(this.getCount(),i);t=new Uint8Array(n+a),t.set(r,n);for(let e=n+i;e<a;e+=i,i*=2)t.copyWithin(e,n,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const a=await Ce(this.algorithm,t);r.push(a),i+=a.length,n++}return F.concatUint8Array(r).subarray(0,t)}}const _s=new Set([B.s2k.argon2,B.s2k.iterated]);function Rs(e,t=T){switch(e){case B.s2k.argon2:return new Ms(t);case B.s2k.iterated:case B.s2k.gnu:case B.s2k.salted:case B.s2k.simple:return new Fs(e,t);default:throw new Wt("Unsupported S2K type")}}function Ls(e){const{s2kType:t}=e;if(!_s.has(t))throw Error("The provided `config.s2kType` value is not allowed");return Rs(t,e)}var Ns=Uint8Array,zs=Uint16Array,Os=Uint32Array,js=new Ns([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),qs=new Ns([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),Hs=new Ns([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),Gs=function(e,t){for(var r=new zs(31),i=0;i<31;++i)r[i]=t+=1<<e[i-1];var n=new Os(r[30]);for(i=1;i<30;++i)for(var a=r[i];a<r[i+1];++a)n[a]=a-r[i]<<5|i;return[r,n]},Vs=Gs(js,2),Ws=Vs[0],$s=Vs[1];Ws[28]=258,$s[258]=28;for(var Zs=Gs(qs,0),Xs=Zs[0],Qs=Zs[1],Ys=new zs(32768),Js=0;Js<32768;++Js){var eo=(43690&Js)>>>1|(21845&Js)<<1;eo=(61680&(eo=(52428&eo)>>>2|(13107&eo)<<2))>>>4|(3855&eo)<<4,Ys[Js]=((65280&eo)>>>8|(255&eo)<<8)>>>1}var to=function(e,t,r){for(var i=e.length,n=0,a=new zs(t);n<i;++n)e[n]&&++a[e[n]-1];var s,o=new zs(t);for(n=0;n<t;++n)o[n]=o[n-1]+a[n-1]<<1;if(r){s=new zs(1<<t);var c=15-t;for(n=0;n<i;++n)if(e[n])for(var u=n<<4|e[n],h=t-e[n],l=o[e[n]-1]++<<h,y=l|(1<<h)-1;l<=y;++l)s[Ys[l]>>>c]=u}else for(s=new zs(i),n=0;n<i;++n)e[n]&&(s[n]=Ys[o[e[n]-1]++]>>>15-e[n]);return s},ro=new Ns(288);for(Js=0;Js<144;++Js)ro[Js]=8;for(Js=144;Js<256;++Js)ro[Js]=9;for(Js=256;Js<280;++Js)ro[Js]=7;for(Js=280;Js<288;++Js)ro[Js]=8;var io=new Ns(32);for(Js=0;Js<32;++Js)io[Js]=5;var no=/*#__PURE__*/to(ro,9,0),ao=/*#__PURE__*/to(ro,9,1),so=/*#__PURE__*/to(io,5,0),oo=/*#__PURE__*/to(io,5,1),co=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},uo=function(e,t,r){var i=t/8|0;return(e[i]|e[i+1]<<8)>>(7&t)&r},ho=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},lo=function(e){return(e+7)/8|0},yo=function(e,t,r){(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length);var i=new(2==e.BYTES_PER_ELEMENT?zs:4==e.BYTES_PER_ELEMENT?Os:Ns)(r-t);return i.set(e.subarray(t,r)),i},po=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],go=function(e,t,r){var i=Error(t||po[e]);if(i.code=e,Error.captureStackTrace&&Error.captureStackTrace(i,go),!r)throw i;return i},fo=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>>8},mo=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>>8,e[i+2]|=r>>>16},wo=function(e,t){for(var r=[],i=0;i<e.length;++i)e[i]&&r.push({s:i,f:e[i]});var n=r.length,a=r.slice();if(!n)return[So,0];if(1==n){var s=new Ns(r[0].s+1);return s[r[0].s]=1,[s,1]}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=n-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var y=a[0].s;for(i=1;i<n;++i)a[i].s>y&&(y=a[i].s);var p=new zs(y+1),d=bo(r[h-1],p,0);if(d>t){i=0;var g=0,f=d-t,m=1<<f;for(a.sort((function(e,t){return p[t.s]-p[e.s]||e.f-t.f}));i<n;++i){var w=a[i].s;if(!(p[w]>t))break;g+=m-(1<<d-p[w]),p[w]=t}for(g>>>=f;g>0;){var b=a[i].s;p[b]<t?g-=1<<t-p[b]++-1:++i}for(;i>=0&&g;--i){var k=a[i].s;p[k]==t&&(--p[k],++g)}d=t}return[new Ns(p),d]},bo=function(e,t,r){return-1==e.s?Math.max(bo(e.l,t,r+1),bo(e.r,t,r+1)):t[e.s]=r},ko=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new zs(++t),i=0,n=e[0],a=1,s=function(e){r[i++]=e},o=1;o<=t;++o)if(e[o]==n&&o!=t)++a;else{if(!n&&a>2){for(;a>138;a-=138)s(32754);a>2&&(s(a>10?a-11<<5|28690:a-3<<5|12305),a=0)}else if(a>3){for(s(n),--a;a>6;a-=6)s(8304);a>2&&(s(a-3<<5|8208),a=0)}for(;a--;)s(n);a=1,n=e[o]}return[r.subarray(0,i),t]},vo=function(e,t){for(var r=0,i=0;i<t.length;++i)r+=e[i]*t[i];return r},Ko=function(e,t,r){var i=r.length,n=lo(t+2);e[n]=255&i,e[n+1]=i>>>8,e[n+2]=255^e[n],e[n+3]=255^e[n+1];for(var a=0;a<i;++a)e[n+a+4]=r[a];return 8*(n+4+i)},Ao=function(e,t,r,i,n,a,s,o,c,u,h){fo(t,h++,r),++n[256];for(var l=wo(n,15),y=l[0],p=l[1],d=wo(a,15),g=d[0],f=d[1],m=ko(y),w=m[0],b=m[1],k=ko(g),v=k[0],K=k[1],A=new zs(19),E=0;E<w.length;++E)A[31&w[E]]++;for(E=0;E<v.length;++E)A[31&v[E]]++;for(var S=wo(A,7),P=S[0],U=S[1],D=19;D>4&&!P[Hs[D-1]];--D);var x,I,C,B,T=u+5<<3,M=vo(n,ro)+vo(a,io)+s,F=vo(n,y)+vo(a,g)+s+14+3*D+vo(A,P)+(2*A[16]+3*A[17]+7*A[18]);if(T<=M&&T<=F)return Ko(t,h,e.subarray(c,c+u));if(fo(t,h,1+(F<M)),h+=2,F<M){x=to(y,p,0),I=y,C=to(g,f,0),B=g;var _=to(P,U,0);fo(t,h,b-257),fo(t,h+5,K-1),fo(t,h+10,D-4),h+=14;for(E=0;E<D;++E)fo(t,h+3*E,P[Hs[E]]);h+=3*D;for(var R=[w,v],L=0;L<2;++L){var N=R[L];for(E=0;E<N.length;++E){var z=31&N[E];fo(t,h,_[z]),h+=P[z],z>15&&(fo(t,h,N[E]>>>5&127),h+=N[E]>>>12)}}}else x=no,I=ro,C=so,B=io;for(E=0;E<o;++E)if(i[E]>255){z=i[E]>>>18&31;mo(t,h,x[z+257]),h+=I[z+257],z>7&&(fo(t,h,i[E]>>>23&31),h+=js[z]);var O=31&i[E];mo(t,h,C[O]),h+=B[O],O>3&&(mo(t,h,i[E]>>>5&8191),h+=qs[O])}else mo(t,h,x[i[E]]),h+=I[i[E]];return mo(t,h,x[256]),h+I[256]},Eo=/*#__PURE__*/new Os([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),So=/*#__PURE__*/new Ns(0),Po=function(e,t,r,i,n){return function(e,t,r,i,n,a){var s=e.length,o=new Ns(i+s+5*(1+Math.ceil(s/7e3))+n),c=o.subarray(i,o.length-n),u=0;if(!t||s<8)for(var h=0;h<=s;h+=65535){var l=h+65535;l>=s&&(c[u>>3]=a),u=Ko(c,u+1,e.subarray(h,l))}else{for(var y=Eo[t-1],p=y>>>13,d=8191&y,g=(1<<r)-1,f=new zs(32768),m=new zs(g+1),w=Math.ceil(r/3),b=2*w,k=function(t){return(e[t]^e[t+1]<<w^e[t+2]<<b)&g},v=new Os(25e3),K=new zs(288),A=new zs(32),E=0,S=0,P=(h=0,0),U=0,D=0;h<s;++h){var x=k(h),I=32767&h,C=m[x];if(f[I]=C,m[x]=I,U<=h){var B=s-h;if((E>7e3||P>24576)&&B>423){u=Ao(e,c,0,v,K,A,S,P,D,h-D,u),P=E=S=0,D=h;for(var T=0;T<286;++T)K[T]=0;for(T=0;T<30;++T)A[T]=0}var M=2,F=0,_=d,R=I-C&32767;if(B>2&&x==k(h-R))for(var L=Math.min(p,B)-1,N=Math.min(32767,h),z=Math.min(258,B);R<=N&&--_&&I!=C;){if(e[h+M]==e[h+M-R]){for(var O=0;O<z&&e[h+O]==e[h+O-R];++O);if(O>M){if(M=O,F=R,O>L)break;var j=Math.min(R,O-2),q=0;for(T=0;T<j;++T){var H=h-R+T+32768&32767,G=H-f[H]+32768&32767;G>q&&(q=G,C=H)}}}R+=(I=C)-(C=f[I])+32768&32767}if(F){v[P++]=268435456|$s[M]<<18|Qs[F];var V=31&$s[M],W=31&Qs[F];S+=js[V]+qs[W],++K[257+V],++A[W],U=h+M,++E}else v[P++]=e[h],++K[e[h]]}}u=Ao(e,c,a,v,K,A,S,P,D,h-D,u),!a&&7&u&&(u=Ko(c,u+1,So))}return yo(o,0,i+lo(u)+n)}(e,null==t.level?6:t.level,null==t.mem?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):12+t.mem,r,i,!n)},Uo=/*#__PURE__*/function(){function e(e,t){t||"function"!=typeof e||(t=e,e={}),this.ondata=t,this.o=e||{}}return e.prototype.p=function(e,t){this.ondata(Po(e,this.o,0,0,!t),t)},e.prototype.push=function(e,t){this.ondata||go(5),this.d&&go(4),this.d=t,this.p(e,t||!1)},e}(),Do=/*#__PURE__*/function(){function e(e){this.s={},this.p=new Ns(0),this.ondata=e}return e.prototype.e=function(e){this.ondata||go(5),this.d&&go(4);var t=this.p.length,r=new Ns(t+e.length);r.set(this.p),r.set(e,t),this.p=r},e.prototype.c=function(e){this.d=this.s.i=e||!1;var t=this.s.b,r=function(e,t,r){var i=e.length;if(!i||r&&r.f&&!r.l)return t||new Ns(0);var n=!t||r,a=!r||r.i;r||(r={}),t||(t=new Ns(3*i));var s=function(e){var r=t.length;if(e>r){var i=new Ns(Math.max(2*r,e));i.set(t),t=i}},o=r.f||0,c=r.p||0,u=r.b||0,h=r.l,l=r.d,y=r.m,p=r.n,d=8*i;do{if(!h){o=uo(e,c,1);var g=uo(e,c+1,3);if(c+=3,!g){var f=e[(U=lo(c)+4)-4]|e[U-3]<<8,m=U+f;if(m>i){a&&go(0);break}n&&s(u+f),t.set(e.subarray(U,m),u),r.b=u+=f,r.p=c=8*m,r.f=o;continue}if(1==g)h=ao,l=oo,y=9,p=5;else if(2==g){var w=uo(e,c,31)+257,b=uo(e,c+10,15)+4,k=w+uo(e,c+5,31)+1;c+=14;for(var v=new Ns(k),K=new Ns(19),A=0;A<b;++A)K[Hs[A]]=uo(e,c+3*A,7);c+=3*b;var E=co(K),S=(1<<E)-1,P=to(K,E,1);for(A=0;A<k;){var U,D=P[uo(e,c,S)];if(c+=15&D,(U=D>>>4)<16)v[A++]=U;else{var x=0,I=0;for(16==U?(I=3+uo(e,c,3),c+=2,x=v[A-1]):17==U?(I=3+uo(e,c,7),c+=3):18==U&&(I=11+uo(e,c,127),c+=7);I--;)v[A++]=x}}var C=v.subarray(0,w),B=v.subarray(w);y=co(C),p=co(B),h=to(C,y,1),l=to(B,p,1)}else go(1);if(c>d){a&&go(0);break}}n&&s(u+131072);for(var T=(1<<y)-1,M=(1<<p)-1,F=c;;F=c){var _=(x=h[ho(e,c)&T])>>>4;if((c+=15&x)>d){a&&go(0);break}if(x||go(2),_<256)t[u++]=_;else{if(256==_){F=c,h=null;break}var R=_-254;if(_>264){var L=js[A=_-257];R=uo(e,c,(1<<L)-1)+Ws[A],c+=L}var N=l[ho(e,c)&M],z=N>>>4;if(N||go(3),c+=15&N,B=Xs[z],z>3&&(L=qs[z],B+=ho(e,c)&(1<<L)-1,c+=L),c>d){a&&go(0);break}n&&s(u+131072);for(var O=u+R;u<O;u+=4)t[u]=t[u-B],t[u+1]=t[u+1-B],t[u+2]=t[u+2-B],t[u+3]=t[u+3-B];u=O}}r.l=h,r.p=F,r.b=u,r.f=o,h&&(o=1,r.m=y,r.d=l,r.n=p)}while(!o);return u==t.length?t:yo(t,0,u)}(this.p,this.o,this.s);this.ondata(yo(r,t,this.s.b),this.d),this.o=yo(r,this.s.b-32768),this.s.b=this.o.length,this.p=yo(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),xo=/*#__PURE__*/function(){function e(e,t){var r,i;this.c=(r=1,i=0,{p:function(e){for(var t=r,n=i,a=0|e.length,s=0;s!=a;){for(var o=Math.min(s+2655,a);s<o;++s)n+=t+=e[s];t=(65535&t)+15*(t>>16),n=(65535&n)+15*(n>>16)}r=t,i=n},d:function(){return(255&(r%=65521))<<24|r>>>8<<16|(255&(i%=65521))<<8|i>>>8}}),this.v=1,Uo.call(this,e,t)}return e.prototype.push=function(e,t){Uo.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){this.c.p(e);var r=Po(e,this.o,this.v&&2,t&&4,!t);this.v&&(function(e,t){var r=t.level,i=0==r?0:r<6?1:9==r?3:2;e[0]=120,e[1]=i<<6|(i?32-2*i:1)}(r,this.o),this.v=0),t&&function(e,t,r){for(;r;++t)e[t]=r,r>>>=8}(r,r.length-4,this.c.d()),this.ondata(r,t)},e}(),Io=/*#__PURE__*/function(){function e(e){this.v=1,Do.call(this,e)}return e.prototype.push=function(e,t){if(Do.prototype.e.call(this,e),this.v){if(this.p.length<2&&!t)return;this.p=this.p.subarray(2),this.v=0}t&&(this.p.length<4&&go(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),Do.prototype.c.call(this,t)},e}(),Co="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Co.decode(So,{stream:!0}),1}catch(e){}class Bo{static get tag(){return B.packet.literalData}constructor(e=new Date){this.format=B.literal.utf8,this.date=F.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=B.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||F.isStream(this.text))&&(this.text=F.decodeUTF8(F.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=F.canonicalizeEOL(F.encodeUTF8(this.text))),e?A(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await v(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=F.decodeUTF8(await e.readBytes(r)),this.date=F.readDate(await e.readBytes(4));let i=e.remainder();a(i)&&(i=await P(i)),this.setBytes(i,t)}))}writeHeader(){const e=F.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=F.writeDate(this.date);return F.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return F.concat([e,t])}}class To{constructor(){this.bytes=""}read(e){return this.bytes=F.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return F.stringToUint8Array(this.bytes)}toHex(){return F.uint8ArrayToHex(F.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new To;return t.read(F.hexToUint8Array(e)),t}static wildcard(){const e=new To;return e.read(new Uint8Array(8)),e}}const Mo=Symbol("verified"),Fo="salt@notations.openpgpjs.org",_o=new Set([B.signatureSubpacket.issuerKeyID,B.signatureSubpacket.issuerFingerprint,B.signatureSubpacket.embeddedSignature]);class Ro{static get tag(){return B.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new To,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[Mo]=null}read(e,t=T){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Wt("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const i=e.subarray(r,e.length),{read:n,signatureParams:a}=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case B.publicKey.dsa:case B.publicKey.ecdsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case B.publicKey.eddsaLegacy:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case B.publicKey.ed25519:case B.publicKey.ed448:{const i=2*Hr(e),n=F.readExactSubarray(t,r,r+i);return r+=n.length,{read:r,signatureParams:{RS:n}}}case B.publicKey.hmac:{const e=new ba;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case B.publicKey.pqc_mldsa_ed25519:{const e=2*Hr(B.publicKey.ed25519),i=F.readExactSubarray(t,r,r+e);r+=i.length;const n=F.readExactSubarray(t,r,r+3309);return r+=n.length,{read:r,signatureParams:{eccSignature:i,mldsaSignature:n}}}default:throw new Wt("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,i);if(n<i.length)throw Error("Error reading MPIs");this.params=a}writeParams(){return this.params instanceof Promise?D((async()=>vs(this.publicKeyAlgorithm,await this.params))):vs(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),F.concat(e)}async sign(e,t,r=new Date,i=!1,n){this.version=e.version,this.created=F.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const a=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=No(this.hashAlgorithm);if(null===this.salt)this.salt=le(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(n.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===Fo)).length)throw Error("Unexpected existing salt notation");{const e=le(No(this.hashAlgorithm));this.rawNotations.push({name:Fo,value:e,humanReadable:!1,critical:!1})}}a.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=F.concat(a);const s=this.toHash(this.signatureType,t,i),o=await this.hash(this.signatureType,t,s,i);this.signedHashValue=S(K(o),0,2);const c=async()=>xs(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,s,await P(o));F.isStream(o)?this.params=c():(this.params=await c(),this[Mo]=!0)}writeHashedSubPackets(){const e=B.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(Lo(e.signatureCreationTime,!0,F.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(Lo(e.signatureExpirationTime,!0,F.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(Lo(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(Lo(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(Lo(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(Lo(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(Lo(e.keyExpirationTime,!0,F.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(Lo(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=F.concat([r,this.revocationKeyFingerprint]),t.push(Lo(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(Lo(e.issuerKeyID,!0,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:n,humanReadable:a,critical:s})=>{r=[new Uint8Array([a?128:0,0,0,0])];const o=F.encodeUTF8(i);r.push(F.writeNumber(o.length,2)),r.push(F.writeNumber(n.length,2)),r.push(o),r.push(n),r=F.concat(r),t.push(Lo(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(Lo(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(Lo(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyServerPreferences)),t.push(Lo(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(Lo(e.preferredKeyServer,!1,F.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(Lo(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(Lo(e.policyURI,!1,F.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyFlags)),t.push(Lo(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(Lo(e.signersUserID,!1,F.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=F.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(Lo(e.reasonForRevocation,!0,r))),null!==this.features&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.features)),t.push(Lo(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(F.stringToUint8Array(this.signatureTargetHash)),r=F.concat(r),t.push(Lo(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(Lo(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=F.concat(r),t.push(Lo(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(Lo(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(Lo(e.preferredCipherSuites,!1,r)));const i=F.concat(t),n=F.writeNumber(i.length,6===this.version?4:2);return F.concat([n,i])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>Lo(e,t,r))),t=F.concat(e),r=F.writeNumber(t.length,6===this.version?4:2);return F.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),n=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:n,critical:i,body:e.subarray(r,e.length)}),_o.has(n)))switch(n){case B.signatureSubpacket.signatureCreationTime:this.created=F.readDate(e.subarray(r,e.length));break;case B.signatureSubpacket.signatureExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case B.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case B.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case B.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case B.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case B.signatureSubpacket.keyExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case B.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case B.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case B.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const n=F.readNumber(e.subarray(r,r+2));r+=2;const a=F.readNumber(e.subarray(r,r+2));r+=2;const s=F.decodeUTF8(e.subarray(r,r+n)),o=e.subarray(r+n,r+n+a);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=F.decodeUTF8(o));break}case B.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=F.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case B.signatureSubpacket.policyURI:this.policyURI=F.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.signersUserID:this.signersUserID=F.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=F.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Be(this.signatureTargetHashAlgorithm);this.signatureTargetHash=F.uint8ArrayToString(e.subarray(r,r+t));break}case B.signatureSubpacket.embeddedSignature:this.embeddedSignature=new Ro,this.embeddedSignature.read(e.subarray(r,e.length));break;case B.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case B.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:n,critical:i,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const i=6===this.version?4:2,n=F.readNumber(e.subarray(0,i));let a=i;for(;a<2+n;){const i=zt(e.subarray(a,e.length));a+=i.offset,this.readSubPacket(e.subarray(a,a+i.len),t,r),a+=i.len}return a}toSign(e,t){const r=B.signature;switch(e){case r.binary:return null!==t.text?F.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return F.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const n=e.write();return F.concat([this.toSign(r.key,t),new Uint8Array([i]),F.writeNumber(n.length,4),n])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return F.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return b(K(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==B.signature.binary&&this.signatureType!==B.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(F.writeNumber(r,4)),F.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return F.concat([this.salt||new Uint8Array,i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){if(6===this.version&&this.salt.length!==No(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,i)),Ce(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,n=!1,a=T){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===B.signature.binary||t===B.signature.text;if(!(this[Mo]&&!s)){let i,a;if(this.hashed?a=await this.hashed:(i=this.toHash(t,r,n),a=await this.hash(t,r,i)),a=await P(a),this.signedHashValue[0]!==a[0]||this.signedHashValue[1]!==a[1])throw Error("Signed digest did not match");this.params=await this.params;const s=this.publicKeyAlgorithm===B.publicKey.hmac?e.privateParams:null;if(this[Mo]=await Ds(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,s,i,a),!this[Mo])throw Error("Signature verification failed")}const o=F.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(a.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+B.read(B.hash,this.hashAlgorithm).toUpperCase());if(a.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[B.signature.binary,B.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+B.read(B.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&a.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=F.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function Lo(e,t,r){const i=[];return i.push(Ot(r.length+1)),i.push(new Uint8Array([(t?128:0)|e])),i.push(r),F.concat(i)}function No(e){switch(e){case B.hash.sha256:return 16;case B.hash.sha384:return 24;case B.hash.sha512:return 32;case B.hash.sha224:case B.hash.sha3_256:return 16;case B.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class zo{static get tag(){return B.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new zo;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new To,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new To,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),F.concatUint8Array(e)}calculateTrailer(...e){return D((async()=>Ro.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==B.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!F.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!F.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}zo.prototype.hash=Ro.prototype.hash,zo.prototype.toHash=Ro.prototype.toHash,zo.prototype.toSign=Ro.prototype.toSign;class Oo extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Oo),this.name="GrammarError"}}const jo=(e,t)=>{const r=e.filter((e=>e!==B.packet.marker&&e!==B.packet.padding&&!(e=>{try{return B.read(B.packet,e),!1}catch(e){return!0}})(e)));return 1===(i=r).length&&i[0]===B.packet.literalData||(e=>1===e.length&&e[0]===B.packet.compressedData)(r)||(e=>{const t=(e,t)=>e.every((e=>new Set([B.packet.publicKeyEncryptedSessionKey,B.packet.symEncryptedSessionKey]).has(e))),r=e.findIndex((e=>new Set([B.packet.aeadEncryptedData,B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData]).has(e)));return r<0?t(e):r===e.length-1&&t(e.slice(0,r))})(r)||((e,t)=>{if(0===e.findIndex((e=>e===B.packet.signature)))return jo(e.slice(1),t);if(0===e.findIndex((e=>e===B.packet.onePassSignature))){const r=F.findLastIndex(e,(e=>e===B.packet.signature));return!(r!==e.length-1&&!t)&&jo(e.slice(1,r<0?void 0:r),t)}return!1})(r,t);var i},qo=({delayReporting:e})=>{let t=!1;return(r,i,n)=>{if(e&&i)return null;if(!jo(r,i)){const e=new Oo(`Data does not respect OpenPGP grammar [${r}]`);if(t||(n.pluggableGrammarErrorReporter?.(e.message),F.printDebugError(e),t=!0),n.enforceGrammar)throw e;return!0}return!0}};function Ho(e,t){if(!t[e]){let t;try{t=B.read(B.packet,e)}catch(t){throw new $t("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}class Go extends Array{static async fromBinary(e,t,r=T,i=null){const n=new Go;return await n.read(e,t,r,i),n}async read(e,t,r=T,i=null){r.additionalAllowedPackets.length&&(t={...t,...F.constructAllowedPackets(r.additionalAllowedPackets)}),this.stream=k(e,(async(e,n)=>{const a=I(n),s=[];try{for(;;){await a.ready;if(await Vt(e,(async e=>{try{if(e.tag===B.packet.marker||e.tag===B.packet.trust||e.tag===B.packet.padding)return;const n=Ho(e.tag,t);n.packets=new Go,n.fromStream=F.isStream(e.packet),await n.read(e.packet,r),await a.write(n),s.push(e.tag),i?.(s,!0,r)}catch(t){if(t instanceof $t){if(!(e.tag<=39))return;await a.abort(t)}const n=!r.ignoreUnsupportedPackets&&t instanceof Wt,o=!(r.ignoreMalformedPackets||t instanceof Wt);if(n||o||t instanceof Oo||Gt(e.tag))await a.abort(t);else{const t=new Zt(e.tag,e.packet);await a.write(t),s.push(e.tag),i?.(s,!0,r)}F.printDebugError(t)}})))return i?.(s,!1,r),await a.ready,void await a.close()}}catch(e){await a.abort(e)}}));const n=x(this.stream);for(;;){const{done:e,value:t}=await n.read();if(e?this.stream=null:this.push(t),e||Gt(t.constructor.tag))break}n.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof Zt?this[t].tag:this[t].constructor.tag,i=this[t].write();if(F.isStream(i)&&Gt(this[t].constructor.tag)){let t=[],n=0;const a=512;e.push(qt(r)),e.push(b(i,(e=>{if(t.push(e),n+=e.length,n>=a){const e=Math.min(Math.log(n)/Math.LN2|0,30),r=2**e,i=F.concat([jt(e)].concat(t));return t=[i.subarray(1+r)],n=t[0].length,i.subarray(0,1+r)}}),(()=>F.concat([Ot(n)].concat(t)))))}else{if(F.isStream(i)){let t=0;e.push(b(K(i),(e=>{t+=e.length}),(()=>Ht(r,t))))}else e.push(Ht(r,i.length));e.push(i)}}return F.concat(e)}filterByTag(...e){const t=new Go,r=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(r(this[i].constructor.tag))&&t.push(this[i]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let n=0;n<this.length;n++)e.some(i(r[n].constructor.tag))&&t.push(n);return t}}const Vo=/*#__PURE__*/F.constructAllowedPackets([Bo,zo,Ro]);class Wo{static get tag(){return B.packet.compressedData}constructor(e=T){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=T){await v(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),F.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=T){const t=B.read(B.compression,this.algorithm),r=Yo[t];if(!r)throw Error(t+" decompression not supported");this.packets=await Go.fromBinary(await r(this.compressed),Vo,e,qo({enforceDelay:!1}))}compress(){const e=B.read(B.compression,this.algorithm),t=Qo[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function $o(e,t){return r=>{if(!F.isStream(r)||a(r))return D((()=>P(r).then((e=>new Promise(((r,i)=>{const n=new t;n.ondata=e=>{r(e)};try{n.push(e,!0)}catch(e){i(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const i=r.getReader(),n=new t;return new ReadableStream({async start(e){for(n.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await i.read();if(e)return void n.push(new Uint8Array,!0);t.length&&n.push(t)}}})}}function Zo(){return async function(e){const{decode:t}=await import("./seek-bzip.min.mjs").then((function(e){return e.i}));return D((async()=>t(await P(e))))}}const Xo=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),Qo={zip:/*#__PURE__*/$o(Xo("deflate-raw").compressor,Uo),zlib:/*#__PURE__*/$o(Xo("deflate").compressor,xo)},Yo={uncompressed:e=>e,zip:/*#__PURE__*/$o(Xo("deflate-raw").decompressor,Do),zlib:/*#__PURE__*/$o(Xo("deflate").decompressor,Io),bzip2:/*#__PURE__*/Zo()},Jo=/*#__PURE__*/F.constructAllowedPackets([Bo,Wo,zo,Ro]);class ec{static get tag(){return B.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new ec;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new Wt(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):F.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=T){const{blockSize:i,keySize:n}=en(e);if(t.length!==n)throw Error("Unexpected session key size");let s=this.packets.write();if(a(s)&&(s=await P(s)),2===this.version)this.cipherAlgorithm=e,this.salt=le(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await tc(this,"encrypt",t,s);else{const r=await Ia(e),n=new Uint8Array([211,20]),a=F.concat([r,s,n]),o=await Ce(B.hash.sha1,A(a)),c=F.concat([a,o]);this.encrypted=await Ca(e,t,c,new Uint8Array(i))}return!0}async decrypt(e,t,r=T){if(t.length!==en(e).keySize)throw Error("Unexpected session key size");let i,n,s=K(this.encrypted);if(a(s)&&(s=await P(s)),2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");i=await tc(this,"decrypt",t,s),n=qo({delayReporting:!1})}else{const{blockSize:a}=en(e),o=await Ba(e,t,s,new Uint8Array(a)),c=F.isStream(s)&&r.allowUnauthenticatedStream;n=qo({delayReporting:c});const u=S(A(o),-20),h=S(o,0,-20),l=Promise.all([P(await Ce(B.hash.sha1,A(h))),P(u)]).then((([e,t])=>{if(!F.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),y=S(h,a+2);i=S(y,0,-2),i=g([i,D((()=>l))]),c||(i=await P(i))}return this.packets=await Go.fromBinary(i,Jo,r,n),!0}}async function tc(e,t,r,i){const n=e instanceof ec&&2===e.version,a=!n&&e.constructor.tag===B.packet.aeadEncryptedData;if(!n&&!a)throw Error("Unexpected packet type");const s=ms(e.aeadAlgorithm,a),o="decrypt"===t?s.tagLength:0,c="encrypt"===t?s.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=a?8:0,l=new ArrayBuffer(13+h),y=new Uint8Array(l,0,5+h),p=new Uint8Array(l),d=new DataView(l),g=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let m,w,b=0,v=Promise.resolve(),K=0,A=0;if(n){const{keySize:t}=en(e.cipherAlgorithm),{ivLength:i}=s,n=new Uint8Array(l,0,5),a=await sn(B.hash.sha256,r,e.salt,n,t+i);r=a.subarray(0,t),m=a.subarray(t),m.fill(0,m.length-8),w=new DataView(m.buffer,m.byteOffset,m.byteLength)}else m=e.iv;const E=await s(e.cipherAlgorithm,r);return k(i,(async(r,i)=>{if("array"!==F.isStream(r)){const t=new TransformStream({},{highWaterMark:F.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});f(t.readable,i),i=t.writable}const a=x(r),s=I(i);try{for(;;){let e=await a.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let i,l,f;if(e=e.subarray(0,e.length-o),n)f=m;else{f=m.slice();for(let e=0;e<8;e++)f[m.length-8+e]^=g[e]}if(!b||e.length?(a.unshift(r),i=E[t](e,f,y),i.catch((()=>{})),A+=e.length-o+c):(d.setInt32(5+h+4,K),i=E[t](r,f,p),i.catch((()=>{})),A+=c,l=!0),K+=e.length-o,v=v.then((()=>i)).then((async e=>{await s.ready,await s.write(e),A-=e.length})).catch((e=>s.abort(e))),(l||A>s.desiredSize)&&await v,l){await s.close();break}n?w.setInt32(m.length-4,++b):d.setInt32(9,++b)}}catch(e){await s.ready.catch((()=>{})),await s.abort(e)}}))}const rc=/*#__PURE__*/F.constructAllowedPackets([Bo,Wo,zo,Ro]);class ic{static get tag(){return B.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=B.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{const t=await e.readByte();if(1!==t)throw new Wt(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=ms(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=T){this.packets=await Go.fromBinary(await tc(this,"decrypt",t,K(this.encrypted)),rc,r,qo({enforceDelay:!1}))}async encrypt(e,t,r=T){this.cipherAlgorithm=e;const{ivLength:i}=ms(this.aeadAlgorithm,!0);this.iv=le(i),this.chunkSizeByte=r.aeadChunkSizeByte;const n=this.packets.write();this.encrypted=await tc(this,"encrypt",t,n)}}const nc=new Set([B.publicKey.x25519,B.publicKey.x448,B.publicKey.pqc_mlkem_x25519]);class ac{static get tag(){return B.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new To,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:i,sessionKeyAlgorithm:n}){const a=new ac;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return a.version=e,6===e&&(a.publicKeyVersion=r?null:t.version,a.publicKeyFingerprint=r?null:t.getFingerprintBytes()),a.publicKeyID=r?To.wildcard():t.getKeyID(),a.publicKeyAlgorithm=t.algorithm,a.sessionKey=i,a.sessionKeyAlgorithm=n,a}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const i=r-1;this.publicKeyFingerprint=e.subarray(t,t+i),t+=i,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=To.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:return{c:F.readMPI(t.subarray(r))};case B.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:F.readMPI(t.subarray(r))}}case B.publicKey.ecdh:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=new wa;return i.read(t.subarray(r)),{V:e,C:i}}case B.publicKey.x25519:case B.publicKey.x448:{const i=Us(e),n=F.readExactSubarray(t,r,r+i);r+=n.length;const a=new Sa;return a.read(t.subarray(r)),{ephemeralPublicKey:n,C:a}}case B.publicKey.aead:{const e=new Ka;r+=e.read(t.subarray(r));const{ivLength:i}=ms(e.getValue()),n=t.subarray(r,r+i);r+=i;const a=new ba;return r+=a.read(t.subarray(r)),{aeadMode:e,iv:n,c:a}}case B.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Us(B.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1088);r+=i.length;const n=new Sa;return n.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:i,C:n}}default:throw new Wt("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),nc.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=B.write(B.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),vs(this.publicKeyAlgorithm,this.encrypted)),F.concatUint8Array(e)}async encrypt(e){const t=B.write(B.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),n=sc(this.version,t,r,this.sessionKey),a=t===B.publicKey.aead?e.privateParams:null;this.encrypted=await ws(t,r,e.publicParams,a,n,i)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?sc(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),n=await bs(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,i,r),{sessionKey:a,sessionKeyAlgorithm:s}=function(e,t,r,i){switch(t){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.aead:{const t=r.subarray(0,r.length-2),n=r.subarray(r.length-2),a=F.writeChecksum(t.subarray(t.length%8)),s=a[0]===n[0]&a[1]===n[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(i){const t=s&o.sessionKeyAlgorithm===i.sessionKeyAlgorithm&o.sessionKey.length===i.sessionKey.length;return{sessionKey:F.selectUint8Array(t,o.sessionKey,i.sessionKey),sessionKeyAlgorithm:6===e?null:F.selectUint8(t,o.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(s&&(6===e||B.read(B.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,n,t);if(3===this.version){const e=!nc.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?s:this.sessionKeyAlgorithm,a.length!==en(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=a}}function sc(e,t,r,i){switch(t){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.aead:return F.concatUint8Array([new Uint8Array(6===e?[]:[r]),i,F.writeChecksum(i.subarray(i.length%8))]);case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return i;default:throw Error("Unsupported public key algorithm")}}class oc{static get tag(){return B.packet.symEncryptedSessionKey}constructor(e=T){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=B.write(B.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new Wt(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const i=e[t++];if(this.s2k=Rs(i),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=ms(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const i=r.length,n=3+i+this.iv.length;t=F.concatUint8Array([new Uint8Array([this.version,n,e,this.aeadAlgorithm,i]),r,this.iv,this.encrypted])}else 5===this.version?t=F.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=F.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=F.concatUint8Array([t,this.encrypted])));return t}async decrypt(e){const t=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:r,keySize:i}=en(t),n=await this.s2k.produceKey(e,i);if(this.version>=5){const e=ms(this.aeadAlgorithm,!0),r=new Uint8Array([192|oc.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),a=6===this.version?await sn(B.hash.sha256,n,new Uint8Array,r,i):n,s=await e(t,a);this.sessionKey=await s.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await Ba(t,n,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=B.write(B.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==en(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=n}async encrypt(e,t=T){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=Ls(t),this.s2k.generateSalt();const{blockSize:i,keySize:n}=en(r),a=await this.s2k.produceKey(e,n);if(null===this.sessionKey&&(this.sessionKey=Ss(this.sessionKeyAlgorithm)),this.version>=5){const e=ms(this.aeadAlgorithm);this.iv=le(e.ivLength);const t=new Uint8Array([192|oc.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await sn(B.hash.sha256,a,new Uint8Array,t,n):a,s=await e(r,i);this.encrypted=await s.encrypt(this.sessionKey,this.iv,t)}else{const e=F.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await Ca(r,a,e,new Uint8Array(i))}}}class cc{static get tag(){return B.packet.publicKey}constructor(e=new Date,t=T){this.version=t.v6Keys?6:4,this.created=F.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new cc,{version:r,created:i,algorithm:n,publicParams:a,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=n,t.publicParams=a,t.keyID=s,t.fingerprint=o,t}async read(e,t=T){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new Wt("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=F.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:i}=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case B.publicKey.dsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const n=F.readMPI(t.subarray(r));r+=n.length+2;const a=F.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,q:i,g:n,y:a}}}case B.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,g:i,y:n}}}case B.publicKey.ecdsa:{const e=new Nt;r+=e.read(t),Ps(e);const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case B.publicKey.eddsaLegacy:{const e=new Nt;if(r+=e.read(t),Ps(e),e.getName()!==B.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let i=F.readMPI(t.subarray(r));return r+=i.length+2,i=F.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case B.publicKey.ecdh:{const e=new Nt;r+=e.read(t),Ps(e);const i=F.readMPI(t.subarray(r));r+=i.length+2;const n=new ka;return r+=n.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:n}}}case B.publicKey.ed25519:case B.publicKey.ed448:case B.publicKey.x25519:case B.publicKey.x448:{const i=F.readExactSubarray(t,r,r+Us(e));return r+=i.length,{read:r,publicParams:{A:i}}}case B.publicKey.hmac:case B.publicKey.aead:{const e=new Aa;r+=e.read(t);const i=Be(B.hash.sha256),n=t.subarray(r,r+i);return r+=i,{read:r,publicParams:{cipher:e,digest:n}}}case B.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Us(B.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1184);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:i}}}case B.publicKey.pqc_mldsa_ed25519:{const e=F.readExactSubarray(t,r,r+Us(B.publicKey.ed25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1952);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:i}}}default:throw new Wt("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&i.oid&&(i.oid.getName()===B.curve.curve25519Legacy||i.oid.getName()===B.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&this.algorithm===B.publicKey.pqc_mldsa_ed25519)throw Error("Unexpected key version: ML-DSA algorithms can only be used with v6 keys");return this.publicParams=i,r+=t,await this.computeFingerprintAndKeyID(),r}throw new Wt(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(F.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=vs(this.algorithm,this.publicParams);return this.version>=5&&e.push(F.writeNumber(t.length,4)),e.push(t),F.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,i=e>=5?4:2;return F.concatUint8Array([new Uint8Array([r]),F.writeNumber(t.length,i),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new To,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await Ce(B.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await Ce(B.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return F.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&F.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=B.read(B.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=F.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}cc.prototype.readPublicKey=cc.prototype.read,cc.prototype.writePublicKey=cc.prototype.write;const uc=/*#__PURE__*/F.constructAllowedPackets([Bo,Wo,zo,Ro]);class hc{static get tag(){return B.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=T){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:i}=en(e),n=await P(K(this.encrypted)),a=await Ba(e,t,n.subarray(i+2),n.subarray(2,i+2));this.packets=await Go.fromBinary(a,uc,r)}async encrypt(e,t,r=T){const i=this.packets.write(),{blockSize:n}=en(e),a=await Ia(e),s=await Ca(e,t,a,new Uint8Array(n)),o=await Ca(e,t,i,s.subarray(2));this.encrypted=F.concat([s,o])}}class lc{static get tag(){return B.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class yc extends cc{static get tag(){return B.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new yc,{version:r,created:i,algorithm:n,publicParams:a,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=n,t.publicParams=a,t.keyID=s,t.fingerprint=o,t}}class pc{static get tag(){return B.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=zt(e.subarray(t,e.length));t+=r.offset,this.attributes.push(F.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(Ot(this.attributes[t].length)),e.push(F.stringToUint8Array(this.attributes[t]));return F.concatUint8Array(e)}equals(e){return!!(e&&e instanceof pc)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class dc extends cc{static get tag(){return B.packet.secretKey}constructor(e=new Date,t=T){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=T){let r=await this.readPublicKey(e,t);const i=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=Rs(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+en(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+ms(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(i),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!F.equalsUint8Array(F.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await ks(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof Wt)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return F.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=vs(this.algorithm,this.privateParams)),5===this.version&&t.push(F.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(F.writeChecksum(this.keyMaterial))),F.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=T){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=Rs(B.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=B.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=T){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=Ls(t),this.s2k.generateSalt();const r=vs(this.algorithm,this.privateParams);this.symmetric=B.symmetric.aes256;const{blockSize:i}=en(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const n=ms(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const a=qt(this.constructor.tag),s=await gc(this.version,this.s2k,e,this.symmetric,this.aead,a,this.isLegacyAEAD),o=await n(this.symmetric,s);this.iv=this.isLegacyAEAD?le(i):le(n.ivLength);const c=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([a,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,n.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const t=await gc(this.version,this.s2k,e,this.symmetric);this.iv=le(i),this.keyMaterial=await Ca(this.symmetric,t,F.concatUint8Array([r,await Ce(B.hash.sha1,r)]),this.iv)}}async decrypt(e){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let t;const r=qt(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let i;if(t=await gc(this.version,this.s2k,e,this.symmetric,this.aead,r,this.isLegacyAEAD),253===this.s2kUsage){const e=ms(this.aead,!0),n=await e(this.symmetric,t);try{const t=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([r,this.writePublicKey()]);i=await n.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),t)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await Ba(this.symmetric,t,this.keyMaterial,this.iv);i=e.subarray(0,-20);const r=await Ce(B.hash.sha1,i);if(!F.equalsUint8Array(r,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await ks(this.algorithm,i,this.publicParams);this.privateParams=e}catch(e){throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await Es(this.algorithm,this.publicParams,this.privateParams)}catch(t){e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===B.publicKey.ecdh&&t===B.curve.curve25519Legacy||this.algorithm===B.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&this.algorithm===B.publicKey.pqc_mldsa_ed25519)throw Error(`Cannot generate v${this.version} signing keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:i,publicParams:n}=await Ks(this.algorithm,e,t,r);this.privateParams=i,this.publicParams=n,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function gc(e,t,r,i,n,a,s){if("argon2"===t.type&&!n)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=en(i),c=await t.produceKey(r,o);if(!n||5===e||s)return c;const u=F.concatUint8Array([a,new Uint8Array([e,i,n])]);return sn(B.hash.sha256,c,new Uint8Array,u,o)}class fc{static get tag(){return B.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(F.isString(e)||e.name&&!F.isString(e.name)||e.email&&!F.isEmailAddress(e.email)||e.comment&&!F.isString(e.comment))throw Error("Invalid user ID format");const t=new fc;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=T){const r=F.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const i=/^(?<name>[^()]+\s+)?(?<comment>\([^()]+\)\s+)?(?<email><\S+@\S+>)$/.exec(r);if(null!==i){const{name:e,comment:t,email:r}=i.groups;this.comment=t?.replace(/^\(|\)|\s$/g,"").trim()||"",this.name=e?.trim()||"",this.email=r.substring(1,r.length-1)}else/^[^\s@]+@[^\s@]+$/.test(r)&&(this.email=r);this.userID=r}write(){return F.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class mc extends dc{static get tag(){return B.packet.secretSubkey}constructor(e=new Date,t=T){super(e,t)}}class wc{static get tag(){return B.packet.trust}read(){throw new Wt("Trust packets are not supported")}write(){throw new Wt("Trust packets are not supported")}}class bc{static get tag(){return B.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await le(e)}}const kc=/*#__PURE__*/F.constructAllowedPackets([Ro]);class vc{constructor(e){this.packets=e||new Go}write(){return this.packets.write()}armor(e=T){const t=this.packets.some((e=>e.constructor.tag===Ro.tag&&6!==e.version));return Q(B.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Kc({armoredSignature:e,binarySignature:t,config:r,...i}){r={...T,...r};let n=e||t;if(!n)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!F.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!F.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:e,data:t}=await X(n);if(e!==B.armor.signature)throw Error("Armored text not of type signature");n=t}const s=await Go.fromBinary(n,kc,r);return new vc(s)}async function Ac(e,t){const r=new mc(e.date,t);return r.packets=null,r.algorithm=B.write(B.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Ec(e,t){const r=new dc(e.date,t);return r.packets=null,r.algorithm=B.write(B.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Sc(e,t,r,i,n=new Date,a){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,n,void 0,a),s=e[c])}catch(e){o=e}if(!s)throw F.wrapError(`Could not find valid ${B.read(B.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Pc(e,t,r=new Date){const i=F.normalizeDate(r);if(null!==i){const r=Bc(e,t);return!(e.created<=i&&i<r)}return!1}async function Uc(e,t,r,i){const n={};n.key=t,n.bind=e;const a={signatureType:B.signature.subkeyBinding};r.sign?(a.keyFlags=[B.keyFlags.signData],a.embeddedSignature=await xc(n,[],e,{signatureType:B.signature.keyBinding},r.date,void 0,void 0,void 0,i)):a.keyFlags=r.forwarding?[B.keyFlags.forwardedCommunication]:[B.keyFlags.encryptCommunication|B.keyFlags.encryptStorage],r.keyExpirationTime>0&&(a.keyExpirationTime=r.keyExpirationTime,a.keyNeverExpires=!1);return await xc(n,[],t,a,r.date,void 0,void 0,void 0,i)}async function Dc(e,t,r=new Date,i=[],n){const a=B.hash.sha256,s=n.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,i[t],n)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=B.write(B.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===a,h=()=>{if(0===c.size)return a;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Be(e)-Be(t)))[0];return Be(e)>=Be(a)?e:a},l=new Set([B.publicKey.ecdsa,B.publicKey.eddsaLegacy,B.publicKey.ed25519,B.publicKey.ed448]),y=new Set([B.publicKey.pqc_mldsa_ed25519]);if(l.has(t.algorithm)){const e=function(e,t){switch(e){case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:return Pn(t);case B.publicKey.ed25519:case B.publicKey.ed448:return Gr(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(s),i=Be(s)>=Be(e);if(r&&i)return s;{const t=h();return Be(t)>=Be(e)?t:e}}if(y.has(t.algorithm)){if(u(s)&&fa(t.algorithm,s))return s;{const e=h();return fa(t.algorithm,e)?e:a}}return u(s)?s:h()}async function xc(e,t,r,i,n,a,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new Ro;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Dc(t,r,n,a,c),u.rawNotations=[...s],await u.sign(r,e,n,o,c),u}async function Ic(e,t,r,i=new Date,n){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||n&&!await n(e)||t[r].some((function(t){return F.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Cc(e,t,r,i,n,a,s=new Date,o){a=a||e;const c=[];return await Promise.all(i.map((async function(e){try{if(!n||e.issuerKeyID.equals(n.issuerKeyID)){const i=![B.reasonForRevocation.keyRetired,B.reasonForRevocation.keySuperseded,B.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(a,t,r,i?null:s,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),n?(n.revoked=!!c.some((e=>e.equals(n.issuerKeyID)))||(n.revoked||!1),n.revoked):c.length>0}function Bc(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function Tc(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=B.publicKey.pqc_mldsa_ed25519:e.algorithm=B.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=B.write(B.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==B.curve.ed25519Legacy&&e.curve!==B.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?B.curve.ed25519Legacy:B.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===B.curve.ed25519Legacy?B.publicKey.eddsaLegacy:B.publicKey.ecdsa:e.algorithm=B.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?B.publicKey.ed25519:B.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?B.publicKey.ed448:B.publicKey.x448;break;case"rsa":e.algorithm=B.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=B.publicKey.hmac;try{e.symmetric=B.write(B.hash,e.symmetricHash)}catch(e){throw Error("Unknown hash algorithm")}}else{e.algorithm=B.publicKey.aead;try{e.symmetric=B.write(B.symmetric,e.symmetricCipher)}catch(e){throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function Mc(e,t,r){switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.dsa:case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:case B.publicKey.ed25519:case B.publicKey.ed448:case B.publicKey.hmac:case B.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.signData);default:return!1}}function Fc(e,t,r){switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.aead:case B.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&B.keyFlags.encryptStorage);default:return!1}}function _c(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&B.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&B.keyFlags.forwardedCommunication));default:return!1}}function Rc(e,t){const r=B.write(B.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.rsaEncrypt:if(i.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:case B.publicKey.ecdh:if(t.rejectCurves.has(i.curve))throw Error(`Support for ${i.algorithm} keys using curve ${i.curve} is disabled.`)}}class Lc{constructor(e,t){this.userID=e.constructor.tag===B.packet.userID?e:null,this.userAttribute=e.constructor.tag===B.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new Go;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new Lc(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i},a=new Lc(n.userID||n.userAttribute,this.mainKey);return a.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(i))throw Error("The user's own key can only be used for self-certifications");const a=await e.getSigningKey(void 0,t,void 0,r);return xc(n,[e],a.keyPacket,{signatureType:B.signature.certGeneric,keyFlags:[B.keyFlags.certifyKeys|B.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await a.update(this,t,r),a}async isRevoked(e,t,r=new Date,i=T){const n=this.mainKey.keyPacket;return Cc(n,B.signature.certRevocation,{key:n,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,i)}async verifyCertificate(e,t,r=new Date,i){const n=this,a=this.mainKey.keyPacket,s={userID:this.userID,userAttribute:this.userAttribute,key:a},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const a=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await n.isRevoked(e,a.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(a.keyPacket,B.signature.certGeneric,s,r,void 0,i)}catch(e){throw F.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,n=this.selfCertifications.concat(this.otherCertifications);return Promise.all(n.map((async n=>({keyID:n.issuerKeyID,valid:await i.verifyCertificate(n,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};let a;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const a=this.selfCertifications[s];if(a.revoked||await r.isRevoked(a,void 0,e,t))throw Error("Self-certification is revoked");try{await a.verify(i,B.signature.certGeneric,n,e,void 0,t)}catch(e){throw F.wrapError("Self-certification is invalid",e)}return!0}catch(e){a=e}throw a}async update(e,t,r){const i=this.mainKey.keyPacket,n={userID:this.userID,userAttribute:this.userAttribute,key:i};await Ic(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,B.signature.certGeneric,n,t,!1,r),!0}catch(e){return!1}})),await Ic(e,this,"otherCertifications",t),await Ic(e,this,"revocationSignatures",t,(function(e){return Cc(i,B.signature.certRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=B.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=T){const a={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new Lc(a.userID||a.userAttribute,this.mainKey);return s.revocationSignatures.push(await xc(a,[],e,{signatureType:B.signature.certRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}}class Nc{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new Go;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new Nc(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=T){const n=this.mainKey.keyPacket;return Cc(n,B.signature.subkeyRevocation,{key:n,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=T){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},n=await Sc(this.bindingSignatures,r,B.signature.subkeyBinding,i,e,t);if(n.revoked||await this.isRevoked(n,null,e,t))throw Error("Subkey is revoked");if(Pc(this.keyPacket,n,e))throw Error("Subkey is expired");return n}async getExpirationTime(e=new Date,t=T){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let n;try{n=await Sc(this.bindingSignatures,r,B.signature.subkeyBinding,i,e,t)}catch(e){return null}const a=Bc(this.keyPacket,n),s=n.getExpirationTime();return a<s?a:s}async update(e,t=new Date,r=T){const i=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===B.packet.publicSubkey&&e.keyPacket.constructor.tag===B.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const n=this,a={key:i,bind:n.keyPacket};await Ic(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<n.bindingSignatures.length;t++)if(n.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>n.bindingSignatures[t].created&&(n.bindingSignatures[t]=e),!1;try{return await e.verify(i,B.signature.subkeyBinding,a,t,void 0,r),!0}catch(e){return!1}})),await Ic(e,this,"revocationSignatures",t,(function(e){return Cc(i,B.signature.subkeyRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=B.reasonForRevocation.noReason,string:r=""}={},i=new Date,n=T){const a={key:e,bind:this.keyPacket},s=new Nc(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await xc(a,[],e,{signatureType:B.signature.subkeyRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,n)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{Nc.prototype[e]=function(){return this.keyPacket[e]()}}));const zc=/*#__PURE__*/F.constructAllowedPackets([Ro]),Oc=new Set([B.packet.publicKey,B.packet.privateKey]),jc=new Set([B.packet.publicKey,B.packet.privateKey,B.packet.publicSubkey,B.packet.privateSubkey]);class qc{packetListToStructure(e,t=new Set){let r,i,n,a;for(const s of e){if(s instanceof Zt){jc.has(s.tag)&&!a&&(a=Oc.has(s.tag)?Oc:jc);continue}const e=s.constructor.tag;if(a){if(!a.has(e))continue;a=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case B.packet.publicKey:case B.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case B.packet.userID:case B.packet.userAttribute:r=new Lc(s,this),this.users.push(r);break;case B.packet.publicSubkey:case B.packet.secretSubkey:r=null,n=new Nc(s,this),this.subkeys.push(n);break;case B.packet.signature:switch(s.signatureType){case B.signature.certGeneric:case B.signature.certPersona:case B.signature.certCasual:case B.signature.certPositive:if(!r){F.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case B.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case B.signature.key:this.directSignatures.push(s);break;case B.signature.subkeyBinding:if(!n){F.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}n.bindingSignatures.push(s);break;case B.signature.keyRevocation:this.revocationSignatures.push(s);break;case B.signature.subkeyRevocation:if(!n){F.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}n.revocationSignatures.push(s)}}}}toPacketList(){const e=new Go;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=T){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket;try{Rc(n,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await Sc(r.bindingSignatures,n,B.signature.subkeyBinding,e,t,i);if(!Mc(r.keyPacket,a,i))continue;if(!a.embeddedSignature)throw Error("Missing embedded signature");return await Sc([a.embeddedSignature],r.keyPacket,B.signature.keyBinding,e,t,i),Rc(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimarySelfSignature(t,r,i);if((!e||n.getKeyID().equals(e))&&Mc(n,a,i))return Rc(n,i),this}catch(e){s=e}throw F.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=T){await this.verifyPrimaryKey(t,r,i);const n=this.keyPacket;try{Rc(n,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const a=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created));let s;for(const r of a)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:n,bind:r.keyPacket},a=await Sc(r.bindingSignatures,n,B.signature.subkeyBinding,e,t,i);if(Fc(r.keyPacket,a,i))return Rc(r.keyPacket,i),r}catch(e){s=e}try{const a=await this.getPrimarySelfSignature(t,r,i);if((!e||n.getKeyID().equals(e))&&Fc(n,a,i))return Rc(n,i),this}catch(e){s=e}throw F.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=T){return Cc(this.keyPacket,B.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=T){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Pc(i,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==i.version){const t=await Sc(this.directSignatures,i,B.signature.key,{key:i},e,r).catch((()=>{}));if(t&&Pc(i,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=T){let r;try{const i=await this.getPrimarySelfSignature(null,e,t),n=Bc(this.keyPacket,i),a=i.getExpirationTime(),s=6!==this.keyPacket.version&&await Sc(this.directSignatures,this.keyPacket,B.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=Bc(this.keyPacket,s);r=Math.min(n,a,e)}else r=n<a?n:a}catch(e){r=null}return F.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=T){const i=this.keyPacket;if(6===i.version)return Sc(this.directSignatures,i,B.signature.key,{key:i},e,r);const{selfCertification:n}=await this.getPrimaryUser(e,t,r);return n}async getPrimaryUser(e=new Date,t={},r=T){const i=this.keyPacket,n=[];let a;for(let s=0;s<this.users.length;s++)try{const a=this.users[s];if(!a.userID)continue;if(void 0!==t.name&&a.userID.name!==t.name||void 0!==t.email&&a.userID.email!==t.email||void 0!==t.comment&&a.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:a.userID,key:i},c=await Sc(a.selfCertifications,i,B.signature.certGeneric,o,e,r);n.push({index:s,user:a,selfCertification:c})}catch(e){a=e}if(!n.length)throw a||Error("Could not find primary user");await Promise.all(n.map((async function(t){return t.selfCertification.revoked||t.user.isRevoked(t.selfCertification,null,e,r)})));const s=n.sort((function(e,t){const r=e.selfCertification,i=t.selfCertification;return i.revoked-r.revoked||r.isPrimaryUserID-i.isPrimaryUserID||r.created-i.created})).pop(),{user:o,selfCertification:c}=s;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return s}async update(e,t=new Date,r=T){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await Ic(e,i,"revocationSignatures",t,(n=>Cc(i.keyPacket,B.signature.keyRevocation,i,[n],null,e.keyPacket,t,r))),await Ic(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const n=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const n=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(n.length>0)await Promise.all(n.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=T){const r={key:this.keyPacket},i=await Sc(this.revocationSignatures,this.keyPacket,B.signature.keyRevocation,r,e,t),n=new Go;n.push(i);const a=6!==this.keyPacket.version;return Q(B.armor.publicKey,n.write(),null,null,"This is a revocation certificate",a,t)}async applyRevocationCertificate(e,t=new Date,r=T){const i=await X(e),n=(await Go.fromBinary(i.data,zc,r)).findPacket(B.packet.signature);if(!n||n.signatureType!==B.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!n.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await n.verify(this.keyPacket,B.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw F.wrapError("Could not verify revocation signature",e)}const a=this.clone();return a.revocationSignatures.push(n),a}async signPrimaryUser(e,t,r,i=T){const{index:n,user:a}=await this.getPrimaryUser(t,r,i),s=await a.certify(e,t,i),o=this.clone();return o.users[n]=s,o}async signAllUsers(e,t=new Date,r=T){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=T){const n=this.keyPacket,{user:a}=await this.getPrimaryUser(t,r,i);return e?await a.verifyAllCertifications(e,t,i):[{keyID:n.getKeyID(),valid:await a.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=T){const i=this.keyPacket,n=[];return await Promise.all(this.users.map((async a=>{const s=e?await a.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await a.verify(t,r).catch((()=>!1))}];n.push(...s.map((e=>({userID:a.userID?a.userID.userID:null,userAttribute:a.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),n}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{qc.prototype[e]=Nc.prototype[e]}));class Hc extends qc{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([B.packet.secretKey,B.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=T){const t=6!==this.keyPacket.version;return Q(B.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class Gc extends Hc{constructor(e){if(super(),this.packetListToStructure(e,new Set([B.packet.publicKey,B.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new Go,t=this.toPacketList();let r=!1;for(const i of t)if(!r||i.constructor.tag!==B.packet.Signature)switch(r&&(r=!1),i.constructor.tag){case B.packet.secretKey:{if(i.algorithm===B.publicKey.aead||i.algorithm===B.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=cc.fromSecretKeyPacket(i);e.push(t);break}case B.packet.secretSubkey:{if(i.algorithm===B.publicKey.aead||i.algorithm===B.publicKey.hmac){r=!0;break}const t=yc.fromSecretSubkeyPacket(i);e.push(t);break}default:e.push(i)}return new Hc(e)}armor(e=T){const t=6!==this.keyPacket.version;return Q(B.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},i=T){const n=this.keyPacket,a=[];let s=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){s=s||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:n,bind:this.subkeys[r].keyPacket},s=await Sc(this.subkeys[r].bindingSignatures,n,B.signature.subkeyBinding,e,t,i);_c(this.subkeys[r].keyPacket,s,i)&&a.push(this.subkeys[r])}catch(e){s=e}}const o=await this.getPrimarySelfSignature(t,r,i);if(e&&!n.getKeyID().equals(e,!0)||!_c(n,o,i)||(n.isDummy()?s=s||Error("Gnu-dummy key packets cannot be used for decryption"):a.push(this)),0===a.length)throw s||Error("No decryption key packets found");return a}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=T){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=B.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=T){if(!this.isPrivate())throw Error("Need private key for revoking");const n={key:this.keyPacket},a=this.clone();return a.revocationSignatures.push(await xc(n,[],this.keyPacket,{signatureType:B.signature.keyRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),a}async addSubkey(e={}){const t={...T,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const i=r.getAlgorithmInfo();i.type=function(e){switch(B.write(B.publicKey,e)){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.dsa:return"rsa";case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:return"ecc";case B.publicKey.ed25519:return"curve25519";case B.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(i.algorithm),i.rsaBits=i.bits||4096,i.curve=i.curve||"curve25519Legacy",e=Tc(e,i);const n=await Ac(e,{...t,v6Keys:6===this.keyPacket.version});Rc(n,t);const a=await Uc(n,r,e,t),s=this.toPacketList();return s.push(n,a),new Gc(s)}}const Vc=/*#__PURE__*/F.constructAllowedPackets([cc,yc,dc,mc,fc,pc,Ro]);function Wc(e){for(const t of e)switch(t.constructor.tag){case B.packet.secretKey:return new Gc(e);case B.packet.publicKey:return new Hc(e)}throw Error("No key packet found")}async function $c(e,t,r,i){r.passphrase&&await e.encrypt(r.passphrase,i),await Promise.all(t.map((async function(e,t){const n=r.subkeys[t].passphrase;n&&await e.encrypt(n,i)})));const n=new Go;function a(e,t){return[t,...e.filter((e=>e!==t))]}function s(){const t={};t.keyFlags=[B.keyFlags.certifyKeys|B.keyFlags.signData];const n=a([B.symmetric.aes256,B.symmetric.aes128],i.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=n,i.aeadProtect){const e=a([B.aead.gcm,B.aead.eax,B.aead.ocb],i.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>n.map((t=>[t,e]))))}return t.preferredHashAlgorithms=a([B.hash.sha512,B.hash.sha256,...6===e.version?[B.hash.sha3_512,B.hash.sha3_256]:[]],i.preferredHashAlgorithm),t.preferredCompressionAlgorithms=a([B.compression.uncompressed,B.compression.zlib,B.compression.zip],i.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=B.features.modificationDetection,i.aeadProtect&&(t.features[0]|=B.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(n.push(e),6===e.version){const t={key:e},a=s();a.signatureType=B.signature.key;const o=await xc(t,[],e,a,r.date,void 0,void 0,void 0,i);n.push(o)}await Promise.all(r.userIDs.map((async function(t,n){const a=fc.fromObject(t),o={userID:a,key:e},c=6!==e.version?s():{};c.signatureType=B.signature.certPositive,0===n&&(c.isPrimaryUserID=!0);return{userIDPacket:a,signaturePacket:await xc(o,[],e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{n.push(e),n.push(t)}))})),await Promise.all(t.map((async function(t,n){const a=r.subkeys[n];return{secretSubkeyPacket:t,subkeySignaturePacket:await Uc(t,e,a,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{n.push(e),n.push(t)}))}));const o={key:e};return n.push(await xc(o,[],e,{signatureType:B.signature.keyRevocation,reasonForRevocationFlag:B.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new Gc(n)}async function Zc({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...T,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:r}=await X(e);if(t!==B.armor.publicKey&&t!==B.armor.privateKey)throw Error("Armored text not of type key");a=r}else a=t;const s=await Go.fromBinary(a,Vc,r),o=s.indexOfTag(B.packet.publicKey,B.packet.secretKey);if(0===o.length)throw Error("No key packet found");return Wc(s.slice(o[0],o[1]))}async function Xc({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...T,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));let a;if(e){const{type:t,data:r}=await X(e);if(t!==B.armor.privateKey)throw Error("Armored text not of type private key");a=r}else a=t;const s=await Go.fromBinary(a,Vc,r),o=s.indexOfTag(B.packet.publicKey,B.packet.secretKey);for(let e=0;e<o.length;e++){if(s[o[e]].constructor.tag===B.packet.publicKey)continue;const t=s.slice(o[e],o[e+1]);return new Gc(t)}throw Error("No secret key packet found")}async function Qc({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...T,...r};let n=e||t;if(!n)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(e){const{type:t,data:r}=await X(e);if(t!==B.armor.publicKey&&t!==B.armor.privateKey)throw Error("Armored text not of type key");n=r}const s=[],o=await Go.fromBinary(n,Vc,r),c=o.indexOfTag(B.packet.publicKey,B.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=Wc(o.slice(c[e],c[e+1]));s.push(t)}return s}async function Yc({armoredKeys:e,binaryKeys:t,config:r}){r={...T,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await X(e);if(t!==B.armor.privateKey)throw Error("Armored text not of type private key");i=r}const n=[],a=await Go.fromBinary(i,Vc,r),s=a.indexOfTag(B.packet.publicKey,B.packet.secretKey);for(let e=0;e<s.length;e++){if(a[s[e]].constructor.tag===B.packet.publicKey)continue;const t=a.slice(s[e],s[e+1]),r=new Gc(t);n.push(r)}if(0===n.length)throw Error("No secret key packet found");return n}const Jc=/*#__PURE__*/F.constructAllowedPackets([Bo,Wo,ic,ec,hc,ac,oc,zo,Ro]),eu=/*#__PURE__*/F.constructAllowedPackets([oc]),tu=/*#__PURE__*/F.constructAllowedPackets([Ro]);class ru{constructor(e){this.packets=e||new Go}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(B.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(B.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(B.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,n=T){const a=this.packets.filterByTag(B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData,B.packet.aeadEncryptedData);if(0===a.length)throw Error("No encrypted data found");const s=a[0],o=s.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,i,n);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!F.isUint8Array(t)||!s.cipherAlgorithm&&!F.isString(e))throw Error("Invalid session key for decryption.");try{const r=s.cipherAlgorithm||B.write(B.symmetric,e);await s.decrypt(r,t,n)}catch(e){F.printDebugError(e),u=e}})));if(U(s.encrypted),s.encrypted=null,await h,!s.packets||!s.packets.length)throw u||Error("Decryption failed.");const l=new ru(s.packets);return s.packets=new Go,l}async decryptSessionKeys(e,t,r,i=new Date,n=T){let a,s=[];if(t){const e=this.packets.filterByTag(B.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await Go.fromBinary(e.write(),eu,n):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t),s.push(e)}catch(e){F.printDebugError(e),e instanceof Is&&(a=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(B.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,n)).map((e=>e.keyPacket))}catch(e){return void(a=e)}let c=[B.symmetric.aes256,B.symmetric.aes128,B.symmetric.tripledes,B.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(i,void 0,n);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(n.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===B.publicKey.rsaEncrypt||t.publicKeyAlgorithm===B.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===B.publicKey.rsaSign||t.publicKeyAlgorithm===B.publicKey.elgamal)){const i=t.write();await Promise.all((r?[r]:Array.from(n.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new ac;r.read(i);const n={sessionKeyAlgorithm:t,sessionKey:Ss(t)};try{await r.decrypt(e,n),s.push(r)}catch(e){F.printDebugError(e),a=e}})))}else try{await t.decrypt(e);const i=r||t.sessionKeyAlgorithm;if(i&&!c.includes(B.write(B.symmetric,i)))throw Error("A non-preferred symmetric algorithm was used.");s.push(t)}catch(e){F.printDebugError(e),a=e}})))}))),U(t.encrypted),t.encrypted=null})))}}if(s.length>0){if(s.length>1){const e=new Set;s=s.filter((t=>{const r=t.sessionKeyAlgorithm+F.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return s.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&B.read(B.symmetric,e.sessionKeyAlgorithm)})))}throw a||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=T){const{symmetricAlgo:n,aeadAlgo:a}=await async function(e=[],t=new Date,r=[],i=T){const n=await Promise.all(e.map(((e,n)=>e.getPrimarySelfSignature(t,r[n],i))));if(e.length?!i.ignoreSEIPDv2FeatureFlag&&n.every((e=>e.features&&e.features[0]&B.features.seipdv2)):i.aeadProtect){const e={symmetricAlgo:B.symmetric.aes128,aeadAlgo:B.aead.ocb},t=[{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:i.preferredAEADAlgorithm},{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:B.aead.ocb},{symmetricAlgo:B.symmetric.aes128,aeadAlgo:i.preferredAEADAlgorithm}];for(const e of t)if(n.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const a=B.symmetric.aes128,s=i.preferredSymmetricAlgorithm;return{symmetricAlgo:n.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(s)))?s:a,aeadAlgo:void 0}}(e,t,r,i),s=B.read(B.symmetric,n),o=a?B.read(B.aead,a):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===B.publicKey.x25519||e.keyPacket.algorithm===B.publicKey.x448)&&!o&&!F.isAES(n))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:Ss(n),algorithm:s,aeadAlgorithm:o}}async encrypt(e,t,r,i=!1,n=[],a=new Date,s=[],o=T){if(r){if(!F.isUint8Array(r.data)||!F.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await ru.generateSessionKey(e,a,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await ru.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await ru.encryptSessionKey(c,u,h,e,t,i,n,a,s,o),y=ec.fromObject({version:h?2:1,aeadAlgorithm:h?B.write(B.aead,h):null});y.packets=this.packets;const p=B.write(B.symmetric,u);return await y.encrypt(p,c,o),l.packets.push(y),y.packets=new Go,l}static async encryptSessionKey(e,t,r,i,n,a=!1,s=[],o=new Date,c=[],u=T){const h=new Go,l=B.write(B.symmetric,t),y=r&&B.write(B.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),n=ac.fromObject({version:y?6:3,encryptionKeyPacket:i.keyPacket,anonymousRecipient:a,sessionKey:e,sessionKeyAlgorithm:l});return await n.encrypt(i.keyPacket),delete n.sessionKey,n})));h.push(...t)}if(n){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,a,s,o){const c=new oc(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=a,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(n.map((e=>t(c,e))))).reduce(r))return i(e,a,o)}return delete c.sessionKey,c},a=await Promise.all(n.map((t=>i(e,l,y,t))));h.push(...a)}return new ru(h)}async sign(e=[],t=[],r=null,i=[],n=new Date,a=[],s=[],o=[],c=T){const u=new Go,h=this.packets.findPacket(B.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await iu(h,e,t,r,i,n,a,s,o,!1,c),y=l.map(((e,t)=>zo.fromSignaturePacket(e,0===t))).reverse();return u.push(...y),u.push(h),u.push(...l),new ru(u)}compress(e,t=T){if(e===B.compression.uncompressed)return this;const r=new Wo(t);r.algorithm=e,r.packets=this.packets;const i=new Go;return i.push(r),new ru(i)}async signDetached(e=[],t=[],r=null,i=[],n=[],a=new Date,s=[],o=[],c=T){const u=this.packets.findPacket(B.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new vc(await iu(u,e,t,r,i,n,a,s,o,!0,c))}async verify(e,t=new Date,r=T){const i=this.unwrapCompressed(),n=i.packets.filterByTag(B.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");a(i.packets.stream)&&i.packets.push(...await P(i.packets.stream,(e=>e||[])));const s=i.packets.filterByTag(B.packet.onePassSignature).reverse(),o=i.packets.filterByTag(B.packet.signature);return s.length&&!o.length&&F.isStream(i.packets.stream)&&!a(i.packets.stream)?(await Promise.all(s.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=D((async()=>(await e.correspondingSig).signatureData)),e.hashed=P(await e.hash(e.signatureType,n[0],void 0,!1)),e.hashed.catch((()=>{}))}))),i.packets.stream=k(i.packets.stream,(async(e,t)=>{const r=x(e),i=I(t);try{for(let e=0;e<s.length;e++){const{value:t}=await r.read();s[e].correspondingSigResolve(t)}await r.readToEnd(),await i.ready,await i.close()}catch(e){s.forEach((t=>{t.correspondingSigReject(e)})),await i.abort(e)}})),nu(s,n,e,t,!1,r)):nu(o,n,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=T){const n=this.unwrapCompressed().packets.filterByTag(B.packet.literalData);if(1!==n.length)throw Error("Can only verify message with one literal data packet.");return nu(e.packets.filterByTag(B.packet.signature),n,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(B.packet.compressedData);return e.length?new ru(e[0].packets):this}async appendSignature(e,t=T){await this.packets.read(F.isUint8Array(e)?e:(await X(e)).data,tu,t)}write(){return this.packets.write()}armor(e=T){const t=this.packets[this.packets.length-1],r=t.constructor.tag===ec.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===Ro.tag&&6!==e.version));return Q(B.armor.message,this.write(),null,null,null,r,e)}}async function iu(e,t,r=[],i=null,n=[],a=new Date,s=[],o=[],c=[],u=!1,h=T){const l=new Go,y=null===e.text?B.signature.binary:B.signature.text;if(await Promise.all(t.map((async(t,i)=>{const l=s[i];if(!t.isPrivate())throw Error("Need private key for signing");const p=await t.getSigningKey(n[i],a,l,h);return xc(e,r.length?r:[t],p.keyPacket,{signatureType:y},a,o,c,u,h)}))).then((e=>{l.push(...e)})),i){const e=i.packets.filterByTag(B.packet.signature);l.push(...e)}return l}async function nu(e,t,r,i=new Date,n=!1,a=T){return Promise.all(e.filter((function(e){return["text","binary"].includes(B.read(B.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,n=!1,a=T){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof zo?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,n,a);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,a)}catch(e){if(!a.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,a)}return!0})(),signature:(async()=>{const e=await c,t=new Go;return e&&t.push(e),new vc(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,n,a)})))}async function au({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...T,...r};let n=e||t;if(!n)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));const s=F.isStream(n);if(e){const{type:e,data:t}=await X(n);if(e!==B.armor.message)throw Error("Armored text not of type message");n=t}const o=await Go.fromBinary(n,Jc,r,qo({delayReporting:!1})),c=new ru(o);return c.fromStream=s,c}async function su({text:e,binary:t,filename:r,date:i=new Date,format:n=(void 0!==e?"utf8":"binary"),...a}){const s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=F.isStream(s),u=new Bo(i);void 0!==e?u.setText(s,B.write(B.literal,n)):u.setBytes(s,B.write(B.literal,n)),void 0!==r&&u.setFilename(r);const h=new Go;h.push(u);const l=new ru(h);return l.fromStream=c,l}const ou=/*#__PURE__*/F.constructAllowedPackets([Ro]);class cu{constructor(e,t){if(this.text=F.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof vc))throw Error("Invalid signature input");this.signature=t||new vc(new Go)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,i=[],n=new Date,a=[],s=[],o=[],c=T){const u=new Bo;u.setText(this.text);const h=new vc(await iu(u,e,t,r,i,n,a,s,o,!0,c));return new cu(this.text,h)}verify(e,t=new Date,r=T){const i=this.signature.packets.filterByTag(B.packet.signature),n=new Bo;return n.setText(this.text),nu(i,[n],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=T){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>B.read(B.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return Q(B.armor.signed,r,void 0,void 0,void 0,t,e)}}async function uu({cleartextMessage:e,config:t,...r}){if(t={...T,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!F.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const n=await X(e);if(n.type!==B.armor.signed)throw Error("No cleartext signed message.");const a=await Go.fromBinary(n.data,ou,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i<t.length;i++)if(t[i].constructor.tag===B.packet.signature&&!e.some(r(t[i])))return!1;return!0},i=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return B.write(B.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));i.push(...e)}})),i.length&&!r(i))throw Error("Hash algorithm mismatch in armor header and signature")}(n.headers,a);const s=new vc(a);return new cu(n.text,s)}async function hu({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!F.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new cu(e)}async function lu({userIDs:e=[],passphrase:t,type:r,curve:i,rsaBits:n=4096,symmetricHash:a="sha256",symmetricCipher:s="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...y}){Uu(l={...T,...l}),r||i?(r=r||"ecc",i=i||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",i="curve25519Legacy"),e=Du(e);const p=Object.keys(y);if(p.length>0)throw Error("Unknown option: "+p.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&n<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${n}`);const d={userIDs:e,passphrase:t,type:r,rsaBits:n,curve:i,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:a,symmetricCipher:s};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=Tc(e)).subkeys=e.subkeys.map(((t,r)=>Tc(e.subkeys[r],e)));let r=[Ec(e,t)];r=r.concat(e.subkeys.map((e=>Ac(e,t))));const i=await Promise.all(r),n=await $c(i[0],i.slice(1),e,t),a=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:a}}(d,l);return e.getKeys().forEach((({keyPacket:e})=>Rc(e,l))),{privateKey:Cu(e,h,l),publicKey:"symmetric"!==r?Cu(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw F.wrapError("Error generating keypair",e)}}async function yu({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:n,format:a="armored",config:s,...o}){Uu(s={...T,...s}),t=Du(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:n};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,n={key:i,bind:r},a=await Sc(e.bindingSignatures,i,B.signature.subkeyBinding,n,null,t).catch((()=>({})));return{sign:a.keyFlags&&a.keyFlags[0]&B.keyFlags.signData,forwarding:a.keyFlags&&a.keyFlags[0]&B.keyFlags.forwardedCommunication}}))));const n=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==n.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const a=await $c(i,n,e,t),s=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:Cu(e,a,s),publicKey:Cu(e.toPublic(),a,s),revocationCertificate:t}}catch(e){throw F.wrapError("Error reformatting keypair",e)}}async function pu({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:n="armored",config:a,...s}){Uu(a={...T,...a});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,a):await e.revoke(r,i,a);return s.isPrivate()?{privateKey:Cu(s,n,a),publicKey:Cu(s.toPublic(),n,a)}:{privateKey:null,publicKey:Cu(s,n,a)}}catch(e){throw F.wrapError("Error revoking key",e)}}async function du({privateKey:e,passphrase:t,config:r,...i}){Uu(r={...T,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const a=e.clone(!0),s=F.isArray(t)?t:[t];try{return await Promise.all(a.getKeys().map((e=>F.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await a.validate(r),a}catch(e){throw a.clearPrivateParams(),F.wrapError("Error decrypting private key",e)}}async function gu({privateKey:e,passphrase:t,config:r,...i}){Uu(r={...T,...r});const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const a=e.clone(!0),s=a.getKeys(),o=F.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),a}catch(e){throw a.clearPrivateParams(),F.wrapError("Error encrypting private key",e)}}async function fu({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:n,format:a="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:p=[],config:d,...g}){if(Uu(d={...T,...d}),Au(e),Su(a),t=Du(t),r=Du(r),i=Du(i),c=Du(c),u=Du(u),l=Du(l),y=Du(y),p=Du(p),g.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(g.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(g.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==g.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const f=Object.keys(g);if(f.length>0)throw Error("Unknown option: "+f.join(", "));r||(r=[]);try{if((r.length||s)&&(e=await e.sign(r,t,s,c,h,l,u,p,d)),e=e.compress(await async function(e=[],t=new Date,r=[],i=T){const n=B.compression.uncompressed,a=i.preferredCompressionAlgorithm,s=await Promise.all(e.map((async function(e,n){const s=(await e.getPrimarySelfSignature(t,r[n],i)).preferredCompressionAlgorithms;return!!s&&s.indexOf(a)>=0})));return s.every(Boolean)?a:n}(t,h,y,d),d),e=await e.encrypt(t,i,n,o,u,h,y,d),"object"===a)return e;const g="armored"===a?e.armor(d):e.write();return await xu(g)}catch(e){throw F.wrapError("Error encrypting message",e)}}async function mu({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:n,expectSigned:a=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Uu(u={...T,...u}),Au(e),n=Du(n),t=Du(t),r=Du(r),i=Du(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,i,c,u);n||(n=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,n,c,u):await h.verify(n,c,u),l.data="binary"===s?h.getLiteralData():h.getText(),l.filename=h.getFilename(),Iu(l,e,...new Set([h,h.unwrapCompressed()])),a){if(0===n.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=g([l.data,D((async()=>(await F.anyPromise(l.signatures.map((e=>e.verified))),"binary"===s?new Uint8Array:"")))])}return l.data=await xu(l.data),l}catch(e){throw F.wrapError("Error decrypting message",e)}}async function wu({message:e,signingKeys:t,recipientKeys:r=[],format:i="armored",detached:n=!1,signingKeyIDs:a=[],date:s=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if(Uu(h={...T,...h}),Eu(e),Su(i),t=Du(t),a=Du(a),o=Du(o),r=Du(r),c=Du(c),u=Du(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof cu&&"binary"===i)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof cu&&n)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=n?await e.signDetached(t,r,void 0,a,s,o,c,u,h):await e.sign(t,r,void 0,a,s,o,c,u,h),"object"===i)return l;return l="armored"===i?l.armor(h):l.write(),n&&(l=k(e.packets.write(),(async(e,t)=>{await Promise.all([f(l,t),P(e).catch((()=>{}))])}))),await xu(l)}catch(e){throw F.wrapError("Error signing message",e)}}async function bu({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:n=null,date:a=new Date,config:s,...o}){if(Uu(s={...T,...s}),Eu(e),t=Du(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof cu&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof cu&&n)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=n?await e.verifyDetached(n,t,a,s):await e.verify(t,a,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!n&&Iu(o,...new Set([e,e.unwrapCompressed()])),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=g([o.data,D((async()=>(await F.anyPromise(o.signatures.map((e=>e.verified))),"binary"===i?new Uint8Array:"")))])}return o.data=await xu(o.data),o}catch(e){throw F.wrapError("Error verifying signed message",e)}}async function ku({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...n}){if(Uu(i={...T,...i}),e=Du(e),r=Du(r),n.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const a=Object.keys(n);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await ru.generateSessionKey(e,t,r,i)}catch(e){throw F.wrapError("Error generating session key",e)}}async function vu({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:n,format:a="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if(Uu(h={...T,...h}),function(e){if(!F.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!F.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Su(a),i=Du(i),n=Du(n),o=Du(o),u=Du(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(i&&0!==i.length||n&&0!==n.length))throw Error("No encryption keys or passwords provided.");try{return Cu(await ru.encryptSessionKey(e,t,r,i,n,s,o,c,u,h),a,h)}catch(e){throw F.wrapError("Error encrypting session key",e)}}async function Ku({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:n,...a}){if(Uu(n={...T,...n}),Au(e),t=Du(t),r=Du(r),a.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(a);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,i,n)}catch(e){throw F.wrapError("Error decrypting session keys",e)}}function Au(e){if(!(e instanceof ru))throw Error("Parameter [message] needs to be of type Message")}function Eu(e){if(!(e instanceof cu||e instanceof ru))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Su(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Pu=Object.keys(T).length;function Uu(e){const t=Object.keys(e);if(t.length!==Pu)for(const e of t)if(void 0===T[e])throw Error("Unknown config property: "+e)}function Du(e){return e&&!F.isArray(e)&&(e=[e]),e}async function xu(e){return"array"===F.isStream(e)?P(e):e}function Iu(e,t,...r){e.data=k(t.packets.stream,(async(t,i)=>{await f(e.data,i,{preventClose:!0});const n=I(i);try{await P(t,(e=>e)),await Promise.all(r.map((e=>P(e.packets.stream,(e=>e))))),await n.close()}catch(e){await n.abort(e)}}))}function Cu(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{ic as AEADEncryptedDataPacket,Is as Argon2OutOfMemoryError,Ms as Argon2S2K,cu as CleartextMessage,Wo as CompressedDataPacket,Oo as GrammarError,ka as KDFParams,Bo as LiteralDataPacket,lc as MarkerPacket,ru as Message,zo as OnePassSignaturePacket,Go as PacketList,bc as PaddingPacket,Gc as PrivateKey,Hc as PublicKey,ac as PublicKeyEncryptedSessionKeyPacket,cc as PublicKeyPacket,yc as PublicSubkeyPacket,dc as SecretKeyPacket,mc as SecretSubkeyPacket,vc as Signature,Ro as SignaturePacket,Nc as Subkey,ec as SymEncryptedIntegrityProtectedDataPacket,oc as SymEncryptedSessionKeyPacket,hc as SymmetricallyEncryptedDataPacket,wc as TrustPacket,Zt as UnparseablePacket,pc as UserAttributePacket,fc as UserIDPacket,Q as armor,T as config,hu as createCleartextMessage,su as createMessage,mu as decrypt,du as decryptKey,Ku as decryptSessionKeys,fu as encrypt,gu as encryptKey,vu as encryptSessionKey,B as enums,lu as generateKey,ku as generateSessionKey,uu as readCleartextMessage,Zc as readKey,Qc as readKeys,au as readMessage,Xc as readPrivateKey,Yc as readPrivateKeys,Kc as readSignature,yu as reformatKey,pu as revokeKey,wu as sign,X as unarmor,bu as verify};
+/*! OpenPGP.js v6.2.2 - 2025-09-02 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),a=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function n(e){return e&&e.getReader&&Array.isArray(e)}function s(e){if(!n(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function o(t){if(n(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function c(e){return Uint8Array.prototype.isPrototypeOf(e)}function u(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!c(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let i=0;return e.forEach((function(e){r.set(e,i),i+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[a]&&(this[a]=0),{read:async()=>(await this[t],this[a]===this.length?{value:void 0,done:!0}:{value:this[this[a]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[a]));return this.length=0,r},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[t]=this[t].then((()=>{e.push(...this)})),e},s.prototype.write=async function(e){this.stream.push(e)},s.prototype.close=async function(){this.stream[r]()},s.prototype.abort=async function(e){return this.stream[i](e),e},s.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const h=new WeakSet,l=Symbol("externalBuffer");function y(e){if(this.stream=e,e[l]&&(this[l]=e[l].slice()),n(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||h.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{h.add(e)}catch(e){}}}function p(e){return o(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(o(e))return e;const t=new ArrayStream;return(async()=>{const r=C(t);await r.write(e),await r.close()})(),t}function g(e){return e.some((e=>o(e)&&!n(e)))?function(e){e=e.map(p);const t=w((async function(e){await Promise.all(i.map((t=>U(t,e))))}));let r=Promise.resolve();const i=e.map(((i,a)=>k(i,((i,n)=>(r=r.then((()=>m(i,t.writable,{preventClose:a!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>n(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((i,a)=>(r=r.then((()=>m(i,t,{preventClose:a!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):u(e)}async function m(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:a=!1}={}){if(o(e)&&!n(e)){e=p(e);try{if(e[l]){const r=C(t);for(let t=0;t<e[l].length;t++)await r.ready,await r.write(e[l][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:i,preventCancel:a})}catch(e){}return}const s=x(e=d(e)),c=C(t);try{for(;;){await c.ready;const{done:e,value:t}=await s.read();if(e){r||await c.close();break}await c.write(t)}}catch(e){i||await c.abort(e)}finally{s.releaseLock(),c.releaseLock()}}function f(e,t){const r=new TransformStream(t);return m(e,r.writable),r.readable}function w(e){let t,r,i,a=!1,n=!1;return{readable:new ReadableStream({start(e){i=e},pull(){t?t():a=!0},async cancel(t){n=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(n)throw Error("Stream is cancelled");i.enqueue(e),a?a=!1:(await new Promise(((e,i)=>{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function b(e,t=()=>{},r=()=>{}){if(n(e)){const i=new ArrayStream;return(async()=>{const a=C(i);try{const i=await P(e),n=t(i),s=r();let o;o=void 0!==n&&void 0!==s?g([n,s]):void 0!==n?n:s,await a.write(o),await a.close()}catch(e){await a.abort(e)}})(),i}if(o(e))return f(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),a=r();return void 0!==i&&void 0!==a?g([i,a]):void 0!==i?i:a}function k(e,t){if(o(e)&&!n(e)){let r;const i=new TransformStream({start(e){r=e}}),a=m(e,i.writable),n=w((async function(e){r.error(e),await a,await new Promise(setTimeout)}));return t(i.readable,n.writable),n.readable}e=d(e);const r=new ArrayStream;return t(e,r),r}function v(e,t){let r;const i=k(e,((e,a)=>{const n=x(e);n.remainder=()=>(n.releaseLock(),m(e,a),i),r=t(n)}));return r}function K(e){if(n(e))return e.clone();if(o(e)){const t=function(e){if(n(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(o(e)){const t=p(e).tee();return t[0][l]=t[1][l]=e[l],t}return[S(e),S(e)]}(e);return E(e,t[0]),t[1]}return S(e)}function A(e){return n(e)?K(e):o(e)?new ReadableStream({start(t){const r=k(e,(async(e,r)=>{const i=x(e),a=C(r);try{for(;;){await a.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await a.close()}try{t.enqueue(r)}catch(e){}await a.write(r)}}catch(e){t.error(e),await a.abort(e)}}));E(e,r)}}):S(e)}function E(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function S(e,t=0,r=1/0){if(n(e))throw Error("Not implemented");if(o(e)){if(t>=0&&r>=0){let i=0;return f(e,{transform(e,a){i<r?(i+e.length>=t&&a.enqueue(S(e,Math.max(t-i,0),r-i)),i+=e.length):a.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return b(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>S(g(i),t,r)))}if(0===t&&r<0){let i;return b(e,(e=>{const a=i?g([i,e]):e;if(a.length>=-r)return i=S(a,r),S(a,t,r);i=a}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),D((async()=>S(await P(e),t,r)))}return e[l]&&(e=g(e[l].concat([e]))),c(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function P(e,t=g){return n(e)?e.readToEnd(t):o(e)?x(e).readToEnd(t):e}async function U(e,t){if(o(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function D(e){const t=new ArrayStream;return(async()=>{const r=C(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function x(e){return new y(e)}function C(e){return new s(e)}y.prototype.read=async function(){if(this[l]&&this[l].length){return{done:!1,value:this[l].shift()}}return this._read()},y.prototype.releaseLock=function(){this[l]&&(this.stream[l]=this[l]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?g(t):void 0;const a=i.indexOf("\n")+1;a&&(e=g(t.concat(i.substr(0,a))),t=[]),a!==i.length&&t.push(i.substr(a))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(S(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:a}=await this.read();if(i)return t.length?g(t):void 0;if(t.push(a),r+=a.length,r>=e){const r=g(t);return this.unshift(S(r,e)),S(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[l]||(this[l]=[]),1===e.length&&c(e[0])&&this[l].length&&e[0].length&&this[l][0].byteOffset>=e[0].length?this[l][0]=new Uint8Array(this[l][0].buffer,this[l][0].byteOffset-e[0].length,this[l][0].byteLength+e[0].length):this[l].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=g){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const I=Symbol("byValue");var T={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mldsa_ed25519:30,pqc_mlkem_x25519:35,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[I]||(e[I]=[],Object.entries(e).forEach((([t,r])=>{e[I][r]=t}))),void 0!==e[I][t])return e[I][t];throw Error("Invalid enum value.")}},B={preferredHashAlgorithm:T.hash.sha512,preferredSymmetricAlgorithm:T.symmetric.aes256,preferredCompressionAlgorithm:T.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:T.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:T.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([T.symmetric.aes128,T.symmetric.aes192,T.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,enforceGrammar:!0,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.2.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd]),rejectMessageHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd,T.hash.sha1]),rejectPublicKeyAlgorithms:new Set([T.publicKey.elgamal,T.publicKey.dsa]),rejectCurves:new Set([T.curve.secp256k1])};const M=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),F={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:c,isStream:o,getNobleCurve:async(e,t)=>{if(!B.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await import("./noble_curves.min.mjs");switch(e){case T.publicKey.ecdh:case T.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case T.publicKey.x448:return r.get("x448");case T.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let i=0;i<t;i++)r[i]=e>>8*(t-i-1)&255;return r},readDate:function(e){const t=F.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return F.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return F.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=F.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return F.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+F.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return b(e,(e=>{if(!F.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,i=(e=new Uint8Array(e)).length;for(let a=0;a<i;a+=r)t.push(String.fromCharCode.apply(String,e.subarray(a,a+r<i?a+r:i)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return b(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return b(e,r,(()=>r(new Uint8Array,!0)))},concat:g,concatUint8Array:u,equalsUint8Array:function(e,t){if(!F.isUint8Array(e)||!F.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},findLastIndex:function(e,t){for(let r=e.length;r>=0;r--)if(t(e[r],r,e))return r;return-1},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return F.writeNumber(t,2)},printDebug:function(e){M&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){M&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i<r;i++)t[i]=e[i]<<1^e[i+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!F.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return b(e,(e=>{let r;t&&(e=F.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const a=new Uint8Array(e.length+i.length);let n=0;for(let t=0;t<i.length;t++){const r=e.subarray(i[t-1]||0,i[t]);a.set(r,n),n+=r.length,a[n-1]=13,a[n]=10,n++}return a.set(e.subarray(i[i.length-1]||0),n),a}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return b(e,(e=>{let r;13===(e=t&&10!==e[0]?F.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const a=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,a),i+=a-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return e instanceof Error?e:Error(e);if(e instanceof Error){try{e.message+=": "+t.message,e.cause=t}catch(e){}return e}return Error(e+": "+t.message,{cause:t})},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),a=new Uint8Array(i);let n=0;for(let i=0;i<a.length;i++)a[i]=t[i]&256-e|r[i]&255+e,n+=e&i<t.length|1-e&i<r.length;return a.subarray(0,n)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===T.symmetric.aes128||e===T.symmetric.aes192||e===T.symmetric.aes256}},L=F.getNodeBuffer();let _,N;function R(e){let t=new Uint8Array;return b(e,(e=>{t=F.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),a=45*i,n=_(t.subarray(0,a));for(let e=0;e<i;e++)r.push(n.substr(60*e,60)),r.push("\n");return t=t.subarray(a),r.join("")}),(()=>t.length?_(t)+"\n":""))}function z(e){let t="";return b(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e<i.length;e++){const a=i[e];for(let e=t.indexOf(a);-1!==e;e=t.indexOf(a,e+1))r++}let a=t.length;for(;a>0&&(a-r)%4!=0;a--)i.includes(t[a])&&r--;const n=N(t.substr(0,a));return t=t.substr(a),n}),(()=>N(t)))}function O(e){return z(e.replace(/-/g,"+").replace(/_/g,"/"))}function j(e,t){let r=R(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function q(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?T.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?T.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?T.armor.signed:/MESSAGE/.test(t[1])?T.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?T.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?T.armor.privateKey:/SIGNATURE/.test(t[1])?T.armor.signature:void 0}function H(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function G(e){const t=function(e){let t=13501623;return b(e,(e=>{const r=W?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=i[e],t=V[0][t>>24&255]^V[1][t>>16&255]^V[2][t>>8&255]^V[3][255&t];for(let i=4*r;i<e.length;i++)t=t>>8^V[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return R(t)}L?(_=e=>L.from(e).toString("base64"),N=e=>{const t=L.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(_=e=>btoa(F.uint8ArrayToString(e)),N=e=>F.stringToUint8Array(atob(e)));const V=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);V[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)V[1][e]=V[0][e]>>8^V[0][255&V[0][e]];for(let e=0;e<=255;e++)V[2][e]=V[1][e]>>8^V[0][255&V[1][e]];for(let e=0;e<=255;e++)V[3][e]=V[2][e]>>8^V[0][255&V[2][e]];const W=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function $(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||F.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||F.printDebugError(Error("Unknown header: "+e[t]))}function Q(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function X(e){return new Promise((async(t,r)=>{try{const i=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let n;const s=[];let o,c,u=s,h=[];const l=z(k(e,(async(e,y)=>{const p=x(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=F.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),n)if(o)c||n!==T.armor.signed||(i.test(e)?(h=h.join("\r\n"),c=!0,$(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(i.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if($(u),o=!0,c||n!==T.armor.signed){t({text:h,data:l,headers:s,type:n});break}}else u.push(e);else i.test(e)&&(n=q(e))}}catch(e){return void r(e)}const d=C(y);try{for(;;){await d.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=F.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const a=Q(t[0].slice(0,-1));await d.write(a);break}await d.write(r)}await d.ready,await d.close()}catch(e){await d.abort(e)}})))}catch(e){r(e)}})).then((async e=>(n(e.data)&&(e.data=await P(e.data)),e)))}function Y(e,t,r,i,a,n=!1,s=B){let o,c;e===T.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=n&&A(t),h=[];switch(e){case T.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case T.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case T.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n");break;case T.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE-----\n");break;case T.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case T.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case T.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n")}return F.concat(h)}const Z=BigInt(0),J=BigInt(1);function ee(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function te(e,t){const r=e%t;return r<Z?r+t:r}function re(e,t,r){if(r===Z)throw Error("Modulo cannot be zero");if(r===J)return BigInt(0);if(t<Z)throw Error("Unsopported negative exponent");let i=t,a=e;a%=r;let n=BigInt(1);for(;i>Z;){const e=i&J;i>>=J;n=e?n*a%r:n,a=a*a%r}return n}function ie(e){return e>=Z?e:-e}function ae(e,t){const{gcd:r,x:i}=function(e,t){let r=BigInt(0),i=BigInt(1),a=BigInt(1),n=BigInt(0),s=ie(e),o=ie(t);const c=e<Z,u=t<Z;for(;o!==Z;){const e=s/o;let t=r;r=a-e*r,a=t,t=i,i=n-e*i,n=t,t=o,o=s%o,s=t}return{x:c?-a:a,y:u?-n:n,gcd:s}}(e,t);if(r!==J)throw Error("Inverse does not exist");return te(i+t,t)}function ne(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function se(e,t){return(e>>BigInt(t)&J)===Z?0:1}function oe(e){const t=e<Z?BigInt(-1):Z;let r=1,i=e;for(;(i>>=J)!==t;)r++;return r}function ce(e){const t=e<Z?BigInt(-1):Z,r=BigInt(8);let i=1,a=e;for(;(a>>=r)!==t;)i++;return i}function ue(e,t="be",r){let i=e.toString(16);i.length%2==1&&(i="0"+i);const a=i.length/2,n=new Uint8Array(r||a),s=r?r-a:0;let o=0;for(;o<a;)n[o+s]=parseInt(i.slice(2*o,2*o+2),16),o++;return"be"!==t&&n.reverse(),n}const he=F.getNodeCrypto();function le(e){const t="undefined"!=typeof crypto?crypto:he?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function ye(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return te(ee(le(ce(r)+8)),r)+e}const pe=BigInt(1);function de(e,t,r){const i=BigInt(30),a=pe<<BigInt(e-1),n=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let s=ye(a,a<<pe),o=ne(te(s,i));do{s+=BigInt(n[o]),o=(o+n[o])%n.length,oe(s)>e&&(s=te(s,a<<pe),s+=a,o=ne(te(s,i)))}while(!ge(s,t,r));return s}function ge(e,t,r){return(!t||function(e,t){let r=e,i=t;for(;i!==Z;){const e=i;i=r%i,r=e}return r}(e-pe,t)===pe)&&(!!function(e){const t=BigInt(0);return me.every((r=>te(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return re(t,e-pe,e)===pe}(e)&&!!function(e,t){const r=oe(e);t||(t=Math.max(1,r/48|0));const i=e-pe;let a=0;for(;!se(i,a);)a++;const n=e>>BigInt(a);for(;t>0;t--){let t,r=re(ye(BigInt(2),i),n,e);if(r!==pe&&r!==i){for(t=1;t<a;t++){if(r=te(r*r,e),r===pe)return!1;if(r===i)break}if(t===a)return!1}}return!0}(e,r)))}const me=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const fe=F.getWebCrypto(),we=F.getNodeCrypto(),be=we&&we.getHashes();function ke(e){if(we&&be.includes(e))return async function(t){const r=we.createHash(e);return b(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function ve(e,t){const r=async()=>{const{nobleHashes:t}=await import("./noble_hashes.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(n(e)&&(e=await P(e)),F.isStream(e)){const t=(await r()).create();return b(e,(e=>{t.update(e)}),(()=>t.digest()))}if(fe&&t)return new Uint8Array(await fe.digest(t,e));return(await r())(e)}}const Ke=ke("md5")||ve("md5"),Ae=ke("sha1")||ve("sha1","SHA-1"),Ee=ke("sha224")||ve("sha224"),Se=ke("sha256")||ve("sha256","SHA-256"),Pe=ke("sha384")||ve("sha384","SHA-384"),Ue=ke("sha512")||ve("sha512","SHA-512"),De=ke("ripemd160")||ve("ripemd160"),xe=ke("sha3-256")||ve("sha3_256"),Ce=ke("sha3-512")||ve("sha3_512");function Ie(e,t){switch(e){case T.hash.md5:return Ke(t);case T.hash.sha1:return Ae(t);case T.hash.ripemd:return De(t);case T.hash.sha256:return Se(t);case T.hash.sha384:return Pe(t);case T.hash.sha512:return Ue(t);case T.hash.sha224:return Ee(t);case T.hash.sha3_256:return xe(t);case T.hash.sha3_512:return Ce(t);default:throw Error("Unsupported hash function")}}function Te(e){switch(e){case T.hash.md5:return 16;case T.hash.sha1:case T.hash.ripemd:return 20;case T.hash.sha256:return 32;case T.hash.sha384:return 48;case T.hash.sha512:return 64;case T.hash.sha224:return 28;case T.hash.sha3_256:return 32;case T.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Be=[];function Me(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const i=le(e-r);for(let e=0;e<i.length;e++)0!==i[e]&&(t[r++]=i[e])}return t}(t-r-3),a=new Uint8Array(t);return a[1]=2,a.set(i,2),a.set(e,t-r),a}function Fe(e,t){let r=2,i=1;for(let t=r;t<e.length;t++)i&=0!==e[t],r+=i;const a=r-2,n=e.subarray(r+1),s=0===e[0]&2===e[1]&a>=8&!i;if(t)return F.selectUint8Array(s,n,t);if(s)return n;throw Error("Decryption error")}function Le(e,t,r){let i;if(t.length!==Te(e))throw Error("Invalid hash length");const a=new Uint8Array(Be[e].length);for(i=0;i<Be[e].length;i++)a[i]=Be[e][i];const n=a.length+t.length;if(r<n+11)throw Error("Intended encoded message length too short");const s=new Uint8Array(r-n-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(s,2),o.set(a,r-n),o.set(t,r-t.length),o}Be[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Be[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Be[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Be[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Be[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Be[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Be[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const _e=F.getWebCrypto(),Ne=F.getNodeCrypto(),Re=BigInt(1);async function ze(e,t,r,i,a,n,s,o,c){if(Te(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a,n,s,o){const c=await He(r,i,a,n,s,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await _e.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await _e.sign("RSASSA-PKCS1-v1_5",h,t))}(T.read(T.webHash,e),t,r,i,a,n,s,o)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,a,n,s,o){const c=Ne.createSign(T.read(T.hash,e));c.write(t),c.end();const u=await He(r,i,a,n,s,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,i,a,n,s,o);return async function(e,t,r,i){t=ee(t);const a=ee(Le(e,i,ce(t)));return r=ee(r),ue(re(a,r,t),"be",ce(t))}(e,r,a,c)}async function Oe(e,t,r,i,a,n){if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a){const n=Ge(i,a),s=await _e.importKey("jwk",n,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return _e.verify("RSASSA-PKCS1-v1_5",s,r,t)}(T.read(T.webHash,e),t,r,i,a)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,a){const n=Ge(i,a),s={key:n,format:"jwk",type:"pkcs1"},o=Ne.createVerify(T.read(T.hash,e));o.write(t),o.end();try{return o.verify(s,r)}catch(e){return!1}}(e,t,r,i,a);return async function(e,t,r,i,a){if(r=ee(r),t=ee(t),i=ee(i),t>=r)throw Error("Signature size cannot exceed modulus size");const n=ue(re(t,i,r),"be",ce(r)),s=Le(e,a,ce(r));return F.equalsUint8Array(n,s)}(e,r,i,a,n)}async function je(e,t,r){return F.getNodeCrypto()?async function(e,t,r){const i=Ge(t,r),a={key:i,format:"jwk",type:"pkcs1",padding:Ne.constants.RSA_PKCS1_PADDING};return new Uint8Array(Ne.publicEncrypt(a,e))}(e,t,r):async function(e,t,r){if(t=ee(t),e=ee(Me(e,ce(t))),r=ee(r),e>=t)throw Error("Message size cannot exceed modulus size");return ue(re(e,r,t),"be",ce(t))}(e,t,r)}async function qe(e,t,r,i,a,n,s,o){if(F.getNodeCrypto()&&!o)try{return await async function(e,t,r,i,a,n,s){const o=await He(t,r,i,a,n,s),c={key:o,format:"jwk",type:"pkcs1",padding:Ne.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Ne.privateDecrypt(c,e))}catch(e){throw Error("Decryption error")}}(e,t,r,i,a,n,s)}catch(e){F.printDebugError(e)}return async function(e,t,r,i,a,n,s,o){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),a=ee(a),n=ee(n),s=ee(s),e>=t)throw Error("Data too large.");const c=te(i,n-Re),u=te(i,a-Re),h=ye(BigInt(2),t),l=re(ae(h,t),r,t);e=te(e*l,t);const y=re(e,u,a),p=re(e,c,n),d=te(s*(p-y),n);let g=d*a+y;return g=te(g*h,t),Fe(ue(g,"be",ce(t)),o)}(e,t,r,i,a,n,s,o)}async function He(e,t,r,i,a,n){const s=ee(i),o=ee(a),c=ee(r);let u=te(c,o-Re),h=te(c,s-Re);return h=ue(h),u=ue(u),{kty:"RSA",n:j(e),e:j(t),d:j(r),p:j(a),q:j(i),dp:j(u),dq:j(h),qi:j(n),ext:!0}}function Ge(e,t){return{kty:"RSA",n:j(e),e:j(t),ext:!0}}function Ve(e,t){return{n:O(e.n),e:ue(t),d:O(e.d),p:O(e.q),q:O(e.p),u:O(e.qi)}}const We=BigInt(1);const $e={"2a8648ce3d030107":T.curve.nistP256,"2b81040022":T.curve.nistP384,"2b81040023":T.curve.nistP521,"2b8104000a":T.curve.secp256k1,"2b06010401da470f01":T.curve.ed25519Legacy,"2b060104019755010501":T.curve.curve25519Legacy,"2b2403030208010107":T.curve.brainpoolP256r1,"2b240303020801010b":T.curve.brainpoolP384r1,"2b240303020801010d":T.curve.brainpoolP512r1};class Qe{constructor(e){if(e instanceof Qe)this.oid=e.oid;else if(F.isArray(e)||F.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return F.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return F.uint8ArrayToHex(this.oid)}getName(){const e=$e[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Xe(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=F.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Ye(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):F.concatUint8Array([new Uint8Array([255]),F.writeNumber(e,4)])}function Ze(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function Je(e){return new Uint8Array([192|e])}function et(e,t){return F.concatUint8Array([Je(e),Ye(t)])}function tt(e){return[T.packet.literalData,T.packet.compressedData,T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData].includes(e)}async function rt(e,t,r){let i,a;try{const n=await e.peekBytes(2);if(!n||n.length<2||!(128&n[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await e.readByte();let o,c,u=-1,h=-1;h=0,64&s&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const l=tt(u);let y,p=null;if(t&&l){if("array"===t){const e=new ArrayStream;i=C(e),p=e}else{const e=new TransformStream;i=C(e.writable),p=e.readable}a=r({tag:u,packet:p})}else p=[];do{if(h){const t=await e.readByte();if(y=!1,t<192)o=t;else if(t>=192&&t<224)o=(t-192<<8)+await e.readByte()+192;else if(t>223&&t<255){if(o=1<<(31&t),y=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte()}else switch(c){case 0:o=await e.readByte();break;case 1:o=await e.readByte()<<8|await e.readByte();break;case 2:o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte();break;default:o=1/0}if(o>0){let t=0;for(;;){i&&await i.ready;const{done:r,value:a}=await e.read();if(r){if(o===1/0)break;throw Error("Unexpected end of packet")}const n=o===1/0?a:a.subarray(0,o-t);if(i?await i.write(n):p.push(n),t+=a.length,t>=o){e.unshift(a.subarray(o-t+a.length));break}}}}while(y);i?(await i.ready,await i.close()):(p=F.concatUint8Array(p),await r({tag:u,packet:p}))}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await a}}class it extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnsupportedError"}}class at extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnknownPacketError"}}class nt extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="MalformedPacketError"}}class st{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function ot(e){switch(e){case T.publicKey.ed25519:try{const e=F.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(O(i.x)),seed:O(r.d)}}catch(t){if("NotSupportedError"!==t.name)throw t;const{default:r}=await import("./nacl-fast.min.mjs"),i=le(lt(e)),{publicKey:a}=r.sign.keyPair.fromSeed(i);return{A:a,seed:i}}case T.publicKey.ed448:{const e=await F.getNobleCurve(T.publicKey.ed448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function ct(e,t,r,i,a,n){switch(e){case T.publicKey.ed25519:try{const t=F.getWebCrypto(),r=dt(e,i,a),s=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",s,n))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),r=F.concatUint8Array([a,i]);return{RS:t.sign.detached(n,r)}}case T.publicKey.ed448:return{RS:(await F.getNobleCurve(T.publicKey.ed448)).sign(n,a)};default:throw Error("Unsupported EdDSA algorithm")}}async function ut(e,t,{RS:r},i,a,n){switch(e){case T.publicKey.ed25519:try{const t=F.getWebCrypto(),i=pt(e,a),s=await t.importKey("jwk",i,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",s,r,n)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs");return t.sign.detached.verify(n,r,a)}case T.publicKey.ed448:return(await F.getNobleCurve(T.publicKey.ed448)).verify(r,n,a);default:throw Error("Unsupported EdDSA algorithm")}}async function ht(e,t,r){switch(e){case T.publicKey.ed25519:try{const i=F.getWebCrypto(),a=dt(e,t,r),n=pt(e,t),s=await i.importKey("jwk",a,"Ed25519",!1,["sign"]),o=await i.importKey("jwk",n,"Ed25519",!1,["verify"]),c=le(8),u=new Uint8Array(await i.sign("Ed25519",s,c));return await i.verify("Ed25519",o,u,c)}catch(e){if("NotSupportedError"!==e.name)return!1;const{default:i}=await import("./nacl-fast.min.mjs"),{publicKey:a}=i.sign.keyPair.fromSeed(r);return F.equalsUint8Array(t,a)}case T.publicKey.ed448:{const e=(await F.getNobleCurve(T.publicKey.ed448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}function lt(e){switch(e){case T.publicKey.ed25519:return 32;case T.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function yt(e){switch(e){case T.publicKey.ed25519:return T.hash.sha256;case T.publicKey.ed448:return T.hash.sha512;default:throw Error("Unknown EdDSA algo")}}const pt=(e,t)=>{if(e===T.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:j(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},dt=(e,t,r)=>{if(e===T.publicKey.ed25519){const i=pt(e,t);return i.d=j(r),i}throw Error("Unsupported EdDSA algorithm")};var gt=/*#__PURE__*/Object.freeze({__proto__:null,generate:ot,getPayloadSize:lt,getPreferredHashAlgo:yt,sign:ct,validateParams:ht,verify:ut});
+/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */function mt(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&"Uint8Array"===e.constructor.name}function ft(e,...t){if(!mt(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error("Uint8Array expected of length "+t+", got length="+e.length)}function wt(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function bt(e,t){ft(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}function kt(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function vt(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Kt(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function At(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}const Et=/* @__PURE__ */(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])();function St(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected");return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!mt(e))throw Error("Uint8Array expected, got "+typeof e);e=Bt(e)}return e}function Pt(e,t){return e.buffer===t.buffer&&e.byteOffset<t.byteOffset+t.byteLength&&t.byteOffset<e.byteOffset+e.byteLength}function Ut(e,t){if(Pt(e,t)&&e.byteOffset<t.byteOffset)throw Error("complex overlap of input and output is not supported")}function Dt(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i<e.length;i++)r|=e[i]^t[i];return 0===r}const xt=(e,t)=>{function r(r,...i){if(ft(r),!Et)throw Error("Non little-endian hardware is not yet supported");if(void 0!==e.nonceLength){const t=i[0];if(!t)throw Error("nonce / iv required");e.varSizeNonce?ft(t):ft(t,e.nonceLength)}const a=e.tagLength;a&&void 0!==i[1]&&ft(i[1]);const n=t(r,...i),s=(e,t)=>{if(void 0!==t){if(2!==e)throw Error("cipher output not supported");ft(t)}};let o=!1;return{encrypt(e,t){if(o)throw Error("cannot encrypt() twice with same key + nonce");return o=!0,ft(e),s(n.encrypt.length,t),n.encrypt(e,t)},decrypt(e,t){if(ft(e),a&&e.length<a)throw Error("invalid ciphertext length: smaller than tagLength="+a);return s(n.decrypt.length,t),n.decrypt(e,t)}}}return Object.assign(r,e),r};function Ct(e,t,r=!0){if(void 0===t)return new Uint8Array(e);if(t.length!==e)throw Error("invalid output length, expected "+e+", got: "+t.length);if(r&&!Tt(t))throw Error("invalid output, must be aligned");return t}function It(e,t,r,i){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,i);const a=BigInt(32),n=BigInt(4294967295),s=Number(r>>a&n),o=Number(r&n);e.setUint32(t+0,s,i),e.setUint32(t+4,o,i)}function Tt(e){return e.byteOffset%4==0}function Bt(e){return Uint8Array.from(e)}const Mt=16,Ft=/* @__PURE__ */new Uint8Array(16),Lt=vt(Ft),_t=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Nt{constructor(e,t){this.blockLen=Mt,this.outputLen=Mt,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,ft(e=St(e),16);const r=At(e);let i=r.getUint32(0,!1),a=r.getUint32(4,!1),n=r.getUint32(8,!1),s=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:_t(i),s1:_t(a),s2:_t(n),s3:_t(s)}),({s0:i,s1:a,s2:n,s3:s}={s3:(h=n)<<31|(l=s)>>>1,s2:(u=a)<<31|h>>>1,s1:(c=i)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const y=(p=t||1024)>65536?8:p>1024?4:2;var p;if(![1,2,4,8].includes(y))throw Error("ghash: invalid window size, expected 2, 4 or 8");this.W=y;const d=128/y,g=this.windowSize=2**y,m=[];for(let e=0;e<d;e++)for(let t=0;t<g;t++){let r=0,i=0,a=0,n=0;for(let s=0;s<y;s++){if(!(t>>>y-s-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[y*e+s];r^=c,i^=u,a^=h,n^=l}m.push({s0:r,s1:i,s2:a,s3:n})}this.t=m}_updateBlock(e,t,r,i){e^=this.s0,t^=this.s1,r^=this.s2,i^=this.s3;const{W:a,t:n,windowSize:s}=this;let o=0,c=0,u=0,h=0;const l=(1<<a)-1;let y=0;for(const p of[e,t,r,i])for(let e=0;e<4;e++){const t=p>>>8*e&255;for(let e=8/a-1;e>=0;e--){const r=t>>>a*e&l,{s0:i,s1:p,s2:d,s3:g}=n[y*s+r];o^=i,c^=p,u^=d,h^=g,y+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){wt(this),ft(e=St(e));const t=vt(e),r=Math.floor(e.length/Mt),i=e.length%Mt;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return i&&(Ft.set(e.subarray(r*Mt)),this._updateBlock(Lt[0],Lt[1],Lt[2],Lt[3]),Kt(Lt)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){wt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=vt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e}digest(){const e=new Uint8Array(Mt);return this.digestInto(e),this.destroy(),e}}class Rt extends Nt{constructor(e,t){ft(e=St(e));const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const i=e[t];e[t]=i>>>1|r,r=(1&i)<<7}return e[0]^=225&-t,e}(Bt(e));super(r,t),Kt(r)}update(e){e=St(e),wt(this);const t=vt(e),r=e.length%Mt,i=Math.floor(e.length/Mt);for(let e=0;e<i;e++)this._updateBlock(_t(t[4*e+3]),_t(t[4*e+2]),_t(t[4*e+1]),_t(t[4*e+0]));return r&&(Ft.set(e.subarray(i*Mt)),this._updateBlock(_t(Lt[3]),_t(Lt[2]),_t(Lt[1]),_t(Lt[0])),Kt(Lt)),this}digestInto(e){wt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=vt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e.reverse()}}function zt(e){const t=(t,r)=>e(r,t.length).update(St(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const Ot=zt(((e,t)=>new Nt(e,t)));zt(((e,t)=>new Rt(e,t)));const jt=16,qt=/* @__PURE__ */new Uint8Array(jt);function Ht(e){return e<<1^283&-(e>>7)}function Gt(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=Ht(e);return r}const Vt=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=Ht(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let i=e[255-r];i|=i<<8,t[e[r]]=255&(i^i>>4^i>>5^i>>6^i>>7^99)}return Kt(e),t})(),Wt=/* @__PURE__ */Vt.map(((e,t)=>Vt.indexOf(t))),$t=e=>e<<8|e>>>24,Qt=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Xt(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,i)=>t(e[i]))),i=r.map($t),a=i.map($t),n=a.map($t),s=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;s[h]=r[t]^i[u],o[h]=a[t]^n[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:i,T2:a,T3:n,T01:s,T23:o}}const Yt=/* @__PURE__ */Xt(Vt,(e=>Gt(e,3)<<24|e<<16|e<<8|Gt(e,2))),Zt=/* @__PURE__ */Xt(Wt,(e=>Gt(e,11)<<24|Gt(e,13)<<16|Gt(e,9)<<8|Gt(e,14))),Jt=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=Ht(r))e[t]=r;return e})();function er(e){ft(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: invalid key size, should be 16, 24 or 32, got "+t);const{sbox2:r}=Yt,i=[];Tt(e)||i.push(e=Bt(e));const a=vt(e),n=a.length,s=e=>ir(r,e,e,e,e),o=new Uint32Array(t+28);o.set(a);for(let e=n;e<o.length;e++){let t=o[e-1];e%n==0?t=s((c=t)<<24|c>>>8)^Jt[e/n-1]:n>6&&e%n==4&&(t=s(t)),o[e]=o[e-n]^t}var c;return Kt(...i),o}function tr(e){const t=er(e),r=t.slice(),i=t.length,{sbox2:a}=Yt,{T0:n,T1:s,T2:o,T3:c}=Zt;for(let e=0;e<i;e+=4)for(let a=0;a<4;a++)r[e+a]=t[i-e-4+a];Kt(t);for(let e=4;e<i-4;e++){const t=r[e],i=ir(a,t,t,t,t);r[e]=n[255&i]^s[i>>>8&255]^o[i>>>16&255]^c[i>>>24]}return r}function rr(e,t,r,i,a,n){return e[r<<8&65280|i>>>8&255]^t[a>>>8&65280|n>>>24&255]}function ir(e,t,r,i,a){return e[255&t|65280&r]|e[i>>>16&255|a>>>16&65280]<<16}function ar(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Yt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^rr(s,o,t,r,i,a),u=e[c++]^rr(s,o,r,i,a,t),h=e[c++]^rr(s,o,i,a,t,r),l=e[c++]^rr(s,o,a,t,r,i);t=n,r=u,i=h,a=l}return{s0:e[c++]^ir(n,t,r,i,a),s1:e[c++]^ir(n,r,i,a,t),s2:e[c++]^ir(n,i,a,t,r),s3:e[c++]^ir(n,a,t,r,i)}}function nr(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Zt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^rr(s,o,t,a,i,r),u=e[c++]^rr(s,o,r,t,a,i),h=e[c++]^rr(s,o,i,r,t,a),l=e[c++]^rr(s,o,a,i,r,t);t=n,r=u,i=h,a=l}return{s0:e[c++]^ir(n,t,a,i,r),s1:e[c++]^ir(n,r,t,a,i),s2:e[c++]^ir(n,i,r,t,a),s3:e[c++]^ir(n,a,i,r,t)}}function sr(e,t,r,i){ft(t,jt),ft(r);const a=r.length;Ut(r,i=Ct(a,i));const n=t,s=vt(n);let{s0:o,s1:c,s2:u,s3:h}=ar(e,s[0],s[1],s[2],s[3]);const l=vt(r),y=vt(i);for(let t=0;t+4<=l.length;t+=4){y[t+0]=l[t+0]^o,y[t+1]=l[t+1]^c,y[t+2]=l[t+2]^u,y[t+3]=l[t+3]^h;let r=1;for(let e=n.length-1;e>=0;e--)r=r+(255&n[e])|0,n[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=ar(e,s[0],s[1],s[2],s[3]))}const p=jt*Math.floor(l.length/4);if(p<a){const e=new Uint32Array([o,c,u,h]),t=kt(e);for(let e=p,n=0;e<a;e++,n++)i[e]=r[e]^t[n];Kt(e)}return i}function or(e,t,r,i,a){ft(r,jt),ft(i),a=Ct(i.length,a);const n=r,s=vt(n),o=At(n),c=vt(i),u=vt(a),h=t?0:12,l=i.length;let y=o.getUint32(h,t),{s0:p,s1:d,s2:g,s3:m}=ar(e,s[0],s[1],s[2],s[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^p,u[r+1]=c[r+1]^d,u[r+2]=c[r+2]^g,u[r+3]=c[r+3]^m,y=y+1>>>0,o.setUint32(h,y,t),({s0:p,s1:d,s2:g,s3:m}=ar(e,s[0],s[1],s[2],s[3]));const f=jt*Math.floor(c.length/4);if(f<l){const e=new Uint32Array([p,d,g,m]),t=kt(e);for(let e=f,r=0;e<l;e++,r++)a[e]=i[e]^t[r];Kt(e)}return a}const cr=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t){function r(r,i){if(ft(r),void 0!==i&&(ft(i),!Tt(i)))throw Error("unaligned destination");const a=er(e),n=Bt(t),s=[a,n];Tt(r)||s.push(r=Bt(r));const o=sr(a,n,r,i);return Kt(...s),o}return{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const ur=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t,r={}){const i=!r.disablePadding;return{encrypt(r,a){const n=er(e),{b:s,o,out:c}=function(e,t,r){ft(e);let i=e.length;const a=i%jt;if(!t&&0!==a)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Tt(e)||(e=Bt(e));const n=vt(e);if(t){let e=jt-a;e||(e=jt),i+=e}return Ut(e,r=Ct(i,r)),{b:n,o:vt(r),out:r}}(r,i,a);let u=t;const h=[n];Tt(u)||h.push(u=Bt(u));const l=vt(u);let y=l[0],p=l[1],d=l[2],g=l[3],m=0;for(;m+4<=s.length;)y^=s[m+0],p^=s[m+1],d^=s[m+2],g^=s[m+3],({s0:y,s1:p,s2:d,s3:g}=ar(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g;if(i){const e=function(e){const t=new Uint8Array(16),r=vt(t);t.set(e);const i=jt-e.length;for(let e=jt-i;e<jt;e++)t[e]=i;return r}(r.subarray(4*m));y^=e[0],p^=e[1],d^=e[2],g^=e[3],({s0:y,s1:p,s2:d,s3:g}=ar(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g}return Kt(...h),c},decrypt(r,a){!function(e){if(ft(e),e.length%jt!=0)throw Error("aes-(cbc/ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const n=tr(e);let s=t;const o=[n];Tt(s)||o.push(s=Bt(s));const c=vt(s);a=Ct(r.length,a),Tt(r)||o.push(r=Bt(r)),Ut(r,a);const u=vt(r),h=vt(a);let l=c[0],y=c[1],p=c[2],d=c[3];for(let e=0;e+4<=u.length;){const t=l,r=y,i=p,a=d;l=u[e+0],y=u[e+1],p=u[e+2],d=u[e+3];const{s0:s,s1:o,s2:c,s3:g}=nr(n,l,y,p,d);h[e++]=s^t,h[e++]=o^r,h[e++]=c^i,h[e++]=g^a}return Kt(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const i=e[r-1];if(i<=0||i>16)throw Error("aes/pcks5: wrong padding");const a=e.subarray(0,-i);for(let t=0;t<i;t++)if(e[r-t-1]!==i)throw Error("aes/pcks5: wrong padding");return a}(a,i)}}})),hr=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t){function r(r,i,a){ft(r);const n=r.length;if(Pt(r,a=Ct(n,a)))throw Error("overlapping src and dst not supported.");const s=er(e);let o=t;const c=[s];Tt(o)||c.push(o=Bt(o)),Tt(r)||c.push(r=Bt(r));const u=vt(r),h=vt(a),l=i?h:u,y=vt(o);let p=y[0],d=y[1],g=y[2],m=y[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:i,s3:a}=ar(s,p,d,g,m);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^i,h[e+3]=u[e+3]^a,p=l[e++],d=l[e++],g=l[e++],m=l[e++]}const f=jt*Math.floor(u.length/4);if(f<n){({s0:p,s1:d,s2:g,s3:m}=ar(s,p,d,g,m));const e=kt(new Uint32Array([p,d,g,m]));for(let t=f,i=0;t<n;t++,i++)a[t]=r[t]^e[i];Kt(e)}return Kt(...c),a}return{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));function lr(e,t,r,i,a){const n=a?a.length:0,s=e.create(r,i.length+n);a&&s.update(a);const o=function(e,t,r){const i=new Uint8Array(16),a=At(i);return It(a,0,BigInt(t),r),It(a,8,BigInt(e),r),i}(8*i.length,8*n,t);s.update(i),s.update(o);const c=s.digest();return Kt(o),c}const yr=/* @__PURE__ */xt({blockSize:16,nonceLength:12,tagLength:16,varSizeNonce:!0},(function(e,t,r){if(t.length<8)throw Error("aes/gcm: invalid nonce length");function i(e,t,i){const a=lr(Ot,!1,e,i,r);for(let e=0;e<t.length;e++)a[e]^=t[e];return a}function a(){const r=er(e),i=qt.slice(),a=qt.slice();if(or(r,!1,a,a,i),12===t.length)a.set(t);else{const e=qt.slice();It(At(e),8,BigInt(8*t.length),!1);const r=Ot.create(i).update(t).update(e);r.digestInto(a),r.destroy()}return{xk:r,authKey:i,counter:a,tagMask:or(r,!1,a,qt)}}return{encrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=new Uint8Array(e.length+16),c=[t,r,n,s];Tt(e)||c.push(e=Bt(e)),or(t,!1,n,e,o.subarray(0,e.length));const u=i(r,s,o.subarray(0,o.length-16));return c.push(u),o.set(u,e.length),Kt(...c),o},decrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=[t,r,s,n];Tt(e)||o.push(e=Bt(e));const c=e.subarray(0,-16),u=e.subarray(-16),h=i(r,s,c);if(o.push(h),!Dt(h,u))throw Error("aes/gcm: invalid ghash tag");const l=or(t,!1,n,c);return Kt(...o),l}}}));function pr(e){return e instanceof Uint32Array||ArrayBuffer.isView(e)&&"Uint32Array"===e.constructor.name}function dr(e,t){if(ft(t,16),!pr(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=vt(t);let{s0:i,s1:a,s2:n,s3:s}=ar(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}function gr(e,t){if(ft(t,16),!pr(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=vt(t);let{s0:i,s1:a,s2:n,s3:s}=nr(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}const mr={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=er(e);if(16===t.length)dr(r,t);else{const e=vt(t);let i=e[0],a=e[1];for(let t=0,n=1;t<6;t++)for(let t=2;t<e.length;t+=2,n++){const{s0:s,s1:o,s2:c,s3:u}=ar(r,i,a,e[t],e[t+1]);i=s,a=o^Qt(n),e[t]=c,e[t+1]=u}e[0]=i,e[1]=a}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=tr(e),i=t.length/8-1;if(1===i)gr(r,t);else{const e=vt(t);let a=e[0],n=e[1];for(let t=0,s=6*i;t<6;t++)for(let t=2*i;t>=1;t-=2,s--){n^=Qt(s);const{s0:i,s1:o,s2:c,s3:u}=nr(r,a,n,e[t],e[t+1]);a=i,n=o,e[t]=c,e[t+1]=u}e[0]=a,e[1]=n}r.fill(0)}},fr=/* @__PURE__ */new Uint8Array(8).fill(166),wr=/* @__PURE__ */xt({blockSize:8},(e=>({encrypt(t){if(!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const i=e[r];ft(i),t+=i.length}const r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const a=e[t];r.set(a,i),i+=a.length}return r}(fr,t);return mr.encrypt(e,r),r},decrypt(t){if(t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=Bt(t);if(mr.decrypt(e,r),!Dt(r.subarray(0,8),fr))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),br={expandKeyLE:er,expandKeyDecLE:tr,encrypt:ar,decrypt:nr,encryptBlock:dr,decryptBlock:gr,ctrCounter:sr,ctr32:or};async function kr(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:throw Error("Not a legacy cipher");case T.symmetric.cast5:case T.symmetric.blowfish:case T.symmetric.twofish:case T.symmetric.tripledes:{const{legacyCiphers:t}=await import("./legacy_ciphers.min.mjs"),r=T.read(T.symmetric,e),i=t.get(r);if(!i)throw Error("Unsupported cipher algorithm");return i}default:throw Error("Unsupported cipher algorithm")}}function vr(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:case T.symmetric.twofish:return 16;case T.symmetric.blowfish:case T.symmetric.cast5:case T.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function Kr(e){switch(e){case T.symmetric.aes128:case T.symmetric.blowfish:case T.symmetric.cast5:return 16;case T.symmetric.aes192:case T.symmetric.tripledes:return 24;case T.symmetric.aes256:case T.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function Ar(e){return{keySize:Kr(e),blockSize:vr(e)}}const Er=F.getWebCrypto();async function Sr(e,t,r){const{keySize:i}=Ar(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");try{const e=await Er.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),i=await Er.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),a=await Er.wrapKey("raw",i,e,{name:"AES-KW"});return new Uint8Array(a)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return wr(t).encrypt(r)}async function Pr(e,t,r){const{keySize:i}=Ar(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");let a;try{a=await Er.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return F.printDebugError("Browser did not support operation: "+e.message),wr(t).decrypt(r)}try{const e=await Er.unwrapKey("raw",r,a,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await Er.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}async function Ur(e,t,r,i,a){const n=F.getWebCrypto(),s=T.read(T.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const o=await n.importKey("raw",t,"HKDF",!1,["deriveBits"]),c=await n.deriveBits({name:"HKDF",hash:s,salt:r,info:i},o,8*a);return new Uint8Array(c)}const Dr={x25519:F.encodeUTF8("OpenPGP X25519"),x448:F.encodeUTF8("OpenPGP X448")};async function xr(e){switch(e){case T.publicKey.x25519:try{const e=F.getWebCrypto(),t=await e.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);if(r.x!==i.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}return{A:new Uint8Array(O(i.x)),k:O(r.d)}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),{secretKey:r,publicKey:i}=t.box.keyPair();return{A:i,k:r}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function Cr(e,t,r){switch(e){case T.publicKey.x25519:try{const{ephemeralPublicKey:i,sharedSecret:a}=await Mr(e,t),n=await Fr(e,i,t,r);return F.equalsUint8Array(a,n)}catch(e){return!1}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}async function Ir(e,t,r){const{ephemeralPublicKey:i,sharedSecret:a}=await Mr(e,r),n=F.concatUint8Array([i,r,a]);switch(e){case T.publicKey.x25519:{const e=T.symmetric.aes128,{keySize:r}=Ar(e),a=await Ur(T.hash.sha256,n,new Uint8Array,Dr.x25519,r);return{ephemeralPublicKey:i,wrappedKey:await Sr(e,a,t)}}case T.publicKey.x448:{const e=T.symmetric.aes256,{keySize:r}=Ar(T.symmetric.aes256),a=await Ur(T.hash.sha512,n,new Uint8Array,Dr.x448,r);return{ephemeralPublicKey:i,wrappedKey:await Sr(e,a,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function Tr(e,t,r,i,a){const n=await Fr(e,t,i,a),s=F.concatUint8Array([t,i,n]);switch(e){case T.publicKey.x25519:{const e=T.symmetric.aes128,{keySize:t}=Ar(e);return Pr(e,await Ur(T.hash.sha256,s,new Uint8Array,Dr.x25519,t),r)}case T.publicKey.x448:{const e=T.symmetric.aes256,{keySize:t}=Ar(T.symmetric.aes256);return Pr(e,await Ur(T.hash.sha512,s,new Uint8Array,Dr.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function Br(e){switch(e){case T.publicKey.x25519:return 32;case T.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function Mr(e,t){switch(e){case T.publicKey.x25519:try{const r=F.getWebCrypto(),i=await r.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),a=await r.exportKey("jwk",i.publicKey);if((await r.exportKey("jwk",i.privateKey)).x!==a.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}const n=_r(e,t),s=await r.importKey("jwk",n,"X25519",!1,[]),o=await r.deriveBits({name:"X25519",public:s},i.privateKey,8*Br(e));return{sharedSecret:new Uint8Array(o),ephemeralPublicKey:new Uint8Array(O(a.x))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),{secretKey:i,publicKey:a}=r.box.keyPair(),n=r.scalarMult(i,t);return Lr(n),{ephemeralPublicKey:a,sharedSecret:n}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),{secretKey:r,publicKey:i}=e.keygen(),a=e.getSharedSecret(r,t);return Lr(a),{ephemeralPublicKey:i,sharedSecret:a}}default:throw Error("Unsupported ECDH algorithm")}}async function Fr(e,t,r,i){switch(e){case T.publicKey.x25519:try{const a=F.getWebCrypto(),n=function(e,t,r){if(e===T.publicKey.x25519){const i=_r(e,t);return i.d=j(r),i}throw Error("Unsupported ECDH algorithm")}(e,r,i),s=_r(e,t),o=await a.importKey("jwk",n,"X25519",!1,["deriveKey","deriveBits"]),c=await a.importKey("jwk",s,"X25519",!1,[]),u=await a.deriveBits({name:"X25519",public:c},o,8*Br(e));return new Uint8Array(u)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),a=r.scalarMult(i,t);return Lr(a),a}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getSharedSecret(i,t);return Lr(e),e}default:throw Error("Unsupported ECDH algorithm")}}function Lr(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}function _r(e,t){if(e===T.publicKey.x25519){return{kty:"OKP",crv:"X25519",x:j(t),ext:!0}}throw Error("Unsupported ECDH algorithm")}var Nr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Tr,encrypt:Ir,generate:xr,generateEphemeralEncryptionMaterial:Mr,getPayloadSize:Br,recomputeSharedSecret:Fr,validateParams:Cr});const Rr=F.getWebCrypto(),zr=F.getNodeCrypto(),Or={[T.curve.nistP256]:"P-256",[T.curve.nistP384]:"P-384",[T.curve.nistP521]:"P-521"},jr=zr?zr.getCurves():[],qr=zr?{[T.curve.secp256k1]:jr.includes("secp256k1")?"secp256k1":void 0,[T.curve.nistP256]:jr.includes("prime256v1")?"prime256v1":void 0,[T.curve.nistP384]:jr.includes("secp384r1")?"secp384r1":void 0,[T.curve.nistP521]:jr.includes("secp521r1")?"secp521r1":void 0,[T.curve.ed25519Legacy]:jr.includes("ED25519")?"ED25519":void 0,[T.curve.curve25519Legacy]:jr.includes("X25519")?"X25519":void 0,[T.curve.brainpoolP256r1]:jr.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[T.curve.brainpoolP384r1]:jr.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[T.curve.brainpoolP512r1]:jr.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Hr={[T.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.nistP256],web:Or[T.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[T.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:T.publicKey.ecdsa,hash:T.hash.sha384,cipher:T.symmetric.aes192,node:qr[T.curve.nistP384],web:Or[T.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[T.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:T.publicKey.ecdsa,hash:T.hash.sha512,cipher:T.symmetric.aes256,node:qr[T.curve.nistP521],web:Or[T.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[T.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[T.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:T.publicKey.eddsaLegacy,hash:T.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[T.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:T.publicKey.ecdh,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[T.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[T.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:T.publicKey.ecdsa,hash:T.hash.sha384,cipher:T.symmetric.aes192,node:qr[T.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[T.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:T.publicKey.ecdsa,hash:T.hash.sha512,cipher:T.symmetric.aes256,node:qr[T.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class Gr{constructor(e){try{this.name=e instanceof Qe?e.getName():T.write(T.curve,e)}catch(e){throw new it("Unknown curve")}const t=Hr[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&F.getWebCrypto()?this.type="web":this.node&&F.getNodeCrypto()?this.type="node":this.name===T.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===T.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await Rr.generateKey({name:"ECDSA",namedCurve:Or[e]},!0,["sign","verify"]),i=await Rr.exportKey("jwk",r.privateKey);return{publicKey:Yr(await Rr.exportKey("jwk",r.publicKey),t),privateKey:O(i.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return F.printDebugError("Browser did not support generating ec key "+e.message),Xr(this.name)}case"node":return async function(e){const t=zr.createECDH(qr[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await xr(T.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await ot(T.publicKey.ed25519);return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return Xr(this.name)}}}async function Vr(e){const t=new Gr(e),{oid:r,hash:i,cipher:a}=t,n=await t.genKeyPair();return{oid:r,Q:n.publicKey,secret:F.leftPad(n.privateKey,t.payloadSize),hash:i,cipher:a}}function Wr(e){return Hr[e.getName()].hash}async function $r(e,t,r,i){const a={[T.curve.nistP256]:!0,[T.curve.nistP384]:!0,[T.curve.nistP521]:!0,[T.curve.secp256k1]:!0,[T.curve.curve25519Legacy]:e===T.publicKey.ecdh,[T.curve.brainpoolP256r1]:!0,[T.curve.brainpoolP384r1]:!0,[T.curve.brainpoolP512r1]:!0},n=t.getName();if(!a[n])return!1;if(n===T.curve.curve25519Legacy){const e=i.slice().reverse();return!(r.length<1||64!==r[0])&&Cr(T.publicKey.x25519,r.subarray(1),e)}const s=(await F.getNobleCurve(T.publicKey.ecdsa,n)).getPublicKey(i,!1);return!!F.equalsUint8Array(s,r)}function Qr(e,t){const{payloadSize:r,wireFormatLeadingByte:i,name:a}=e,n=a===T.curve.curve25519Legacy||a===T.curve.ed25519Legacy?r:2*r;if(t[0]!==i||t.length!==n+1)throw Error("Invalid point encoding")}async function Xr(e){const t=await F.getNobleCurve(T.publicKey.ecdsa,e),{secretKey:r}=t.keygen();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function Yr(e,t){const r=O(e.x),i=O(e.y),a=new Uint8Array(r.length+i.length+1);return a[0]=t,a.set(r,1),a.set(i,r.length+1),a}function Zr(e,t,r){const i=e,a=r.slice(1,i+1),n=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:j(a),y:j(n),ext:!0}}function Jr(e,t,r,i){const a=Zr(e,t,r);return a.d=j(i),a}const ei=F.getWebCrypto(),ti=F.getNodeCrypto();async function ri(e,t,r,i,a,n){const s=new Gr(e);if(Qr(s,i),r&&!F.isStream(r)){const e={publicKey:i,privateKey:a};switch(s.type){case"web":try{return await async function(e,t,r,i){const a=e.payloadSize,n=Jr(e.payloadSize,Or[e.name],i.publicKey,i.privateKey),s=await ei.importKey("jwk",n,{name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await ei.sign({name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,t)}},s,r));return{r:o.slice(0,a),s:o.slice(a,a<<1)}}(s,t,r,e)}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return async function(e,t,r,i){const a=F.nodeRequire("eckey-utils"),n=F.getNodeBuffer(),{privateKey:s}=a.generateDer({curveName:qr[e.name],privateKey:n.from(i)}),o=ti.createSign(T.read(T.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:s,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(s,t,r,a)}}const o=(await F.getNobleCurve(T.publicKey.ecdsa,s.name)).sign(n,a,{lowS:!1});return{r:ue(o.r,"be",s.payloadSize),s:ue(o.s,"be",s.payloadSize)}}async function ii(e,t,r,i,a,n){const s=new Gr(e);Qr(s,a);const o=async()=>0===n[0]&&ai(s,r,n.subarray(1),a);if(i&&!F.isStream(i))switch(s.type){case"web":try{const e=await async function(e,t,{r,s:i},a,n){const s=Zr(e.payloadSize,Or[e.name],n),o=await ei.importKey("jwk",s,{name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["verify"]),c=F.concatUint8Array([r,i]).buffer;return ei.verify({name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,t)}},o,c,a)}(s,t,r,i,a);return e||o()}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:i},a,n){const s=F.nodeRequire("eckey-utils"),o=F.getNodeBuffer(),{publicKey:c}=s.generateDer({curveName:qr[e.name],publicKey:o.from(n)}),u=ti.createVerify(T.read(T.hash,t));u.write(a),u.end();const h=F.concatUint8Array([r,i]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(s,t,r,i,a);return e||o()}}return await ai(s,r,n,a)||o()}async function ai(e,t,r,i){return(await F.getNobleCurve(T.publicKey.ecdsa,e.name)).verify(F.concatUint8Array([t.r,t.s]),r,i,{lowS:!1})}var ni=/*#__PURE__*/Object.freeze({__proto__:null,sign:ri,validateParams:async function(e,t,r){const i=new Gr(e);if(i.keyType!==T.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=le(8),a=T.hash.sha256,n=await Ie(a,i);try{const s=await ri(e,a,i,t,r,n);return await ii(e,a,s,i,t,n)}catch(e){return!1}}default:return $r(T.publicKey.ecdsa,e,t,r)}},verify:ii});async function si(e,t,r,i,a,n){Qr(new Gr(e),i);const{RS:s}=await ct(T.publicKey.ed25519,0,0,i.subarray(1),a,n);return{r:s.subarray(0,32),s:s.subarray(32)}}async function oi(e,t,{r,s:i},a,n,s){Qr(new Gr(e),n);const o=F.concatUint8Array([r,i]);return ut(T.publicKey.ed25519,0,{RS:o},0,n.subarray(1),s)}async function ci(e,t,r){return e.getName()===T.curve.ed25519Legacy&&(!(t.length<1||64!==t[0])&&ht(T.publicKey.ed25519,t.subarray(1),r))}var ui=/*#__PURE__*/Object.freeze({__proto__:null,sign:si,validateParams:ci,verify:oi});function hi(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),a=new Uint8Array(r).fill(r);if(F.equalsUint8Array(i,a))return e.subarray(0,t-r)}}throw Error("Invalid padding")}function li(e,t,r,i){return F.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),F.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||i])}async function yi(e,t,r,i,a=!1,n=!1){let s;if(a){for(s=0;s<t.length&&0===t[s];s++);t=t.subarray(s)}if(n){for(s=t.length-1;s>=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Ie(e,F.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function pi(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:i}=await Mr(T.publicKey.x25519,t.subarray(1));return{publicKey:F.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),i]),sharedKey:r}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t){const r=F.getWebCrypto(),i=Zr(e.payloadSize,e.web,t);let a=r.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),n=r.importKey("jwk",i,{name:"ECDH",namedCurve:e.web},!1,[]);[a,n]=await Promise.all([a,n]);let s=r.deriveBits({name:"ECDH",namedCurve:e.web,public:n},a.privateKey,e.sharedSize),o=r.exportKey("jwk",a.publicKey);[s,o]=await Promise.all([s,o]);const c=new Uint8Array(s),u=new Uint8Array(Yr(o,e.wireFormatLeadingByte));return{publicKey:u,sharedKey:c}}(e,t)}catch(r){return F.printDebugError(r),wi(e,t)}break;case"node":return async function(e,t){const r=F.getNodeCrypto(),i=r.createECDH(e.node);i.generateKeys();const a=new Uint8Array(i.computeSecret(t));return{publicKey:new Uint8Array(i.getPublicKey()),sharedKey:a}}(e,t);default:return wi(e,t)}}async function di(e,t,r,i,a){const n=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),s=new Gr(e);Qr(s,i);const{publicKey:o,sharedKey:c}=await pi(s,i),u=li(T.publicKey.ecdh,e,t,a),{keySize:h}=Ar(t.cipher),l=await yi(t.hash,c,h,u);return{publicKey:o,wrappedKey:await Sr(t.cipher,l,n)}}async function gi(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519Legacy":{const e=i.slice().reverse();return{secretKey:e,sharedKey:await Fr(T.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t,r,i){const a=F.getWebCrypto(),n=Jr(e.payloadSize,e.web,r,i);let s=a.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const o=Zr(e.payloadSize,e.web,t);let c=a.importKey("jwk",o,{name:"ECDH",namedCurve:e.web},!0,[]);[s,c]=await Promise.all([s,c]);let u=a.deriveBits({name:"ECDH",namedCurve:e.web,public:c},s,e.sharedSize),h=a.exportKey("jwk",s);[u,h]=await Promise.all([u,h]);const l=new Uint8Array(u);return{secretKey:O(h.d),sharedKey:l}}(e,t,r,i)}catch(r){return F.printDebugError(r),fi(e,t,i)}break;case"node":return async function(e,t,r){const i=F.getNodeCrypto(),a=i.createECDH(e.node);a.setPrivateKey(r);const n=new Uint8Array(a.computeSecret(t));return{secretKey:new Uint8Array(a.getPrivateKey()),sharedKey:n}}(e,t,i);default:return fi(e,t,i)}}async function mi(e,t,r,i,a,n,s){const o=new Gr(e);Qr(o,a),Qr(o,r);const{sharedKey:c}=await gi(o,r,a,n),u=li(T.publicKey.ecdh,e,t,s),{keySize:h}=Ar(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await yi(t.hash,c,h,u,1===e,2===e);return hi(await Pr(t.cipher,r,i))}catch(e){l=e}throw l}async function fi(e,t,r){return{secretKey:r,sharedKey:(await F.getNobleCurve(T.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function wi(e,t){const r=await F.getNobleCurve(T.publicKey.ecdh,e.name),{publicKey:i,privateKey:a}=await e.genKeyPair();return{publicKey:i,sharedKey:r.getSharedSecret(a,t).subarray(1)}}var bi=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Gr,ecdh:/*#__PURE__*/Object.freeze({__proto__:null,decrypt:mi,encrypt:di,validateParams:async function(e,t,r){return $r(T.publicKey.ecdh,e,t,r)}}),ecdhX:Nr,ecdsa:ni,eddsa:gt,eddsaLegacy:ui,generate:Vr,getPreferredHashAlgo:Wr});const ki=BigInt(0),vi=BigInt(1);const Ki=new Set([T.hash.sha1,T.hash.sha256,T.hash.sha512]),Ai=F.getWebCrypto(),Ei=F.getNodeCrypto();async function Si(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{publicKey:r,secretKey:i}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:i}}throw Error("Unsupported KEM algorithm")}async function Pi(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===T.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await xr(T.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}=await async function(e){if(e===T.publicKey.pqc_mlkem_x25519){const t=le(64),{mlkemSecretKey:r,mlkemPublicKey:i}=await Si(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:i}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}}async function Ui(e,t,r,i){const{eccKeyShare:a,eccCipherText:n}=await async function(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await Mr(T.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:s,mlkemCipherText:o}=await async function(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{cipherText:r,sharedSecret:i}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:i}}throw Error("Unsupported KEM algorithm")}(e,r),c=await xi(e,s,a,n,t);return{eccCipherText:n,mlkemCipherText:o,wrappedKey:await Sr(T.symmetric.aes256,c,i)}}async function Di(e,t,r,i,a,n,s,o){const c=await async function(e,t,r,i){if(e===T.publicKey.pqc_mlkem_x25519)return await Fr(T.publicKey.x25519,t,i,r);throw Error("Unsupported KEM algorithm")}(e,t,i,a),u=await async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs");return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,n),h=await xi(e,u,c,t,a);return await Pr(T.symmetric.aes256,h,o)}async function xi(e,t,r,i,a){const n=F.encodeUTF8("OpenPGPCompositeKDFv1"),s=F.concatUint8Array([t,r,i,a,new Uint8Array([e]),n,new Uint8Array([n.length])]);return await Ie(T.hash.sha3_256,s)}async function Ci(e,t,r,i,a){const n=async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519)return Cr(T.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),s=async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:i}=await Si(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported KEM algorithm")}(e,i,a);return await n&&await s}async function Ii(e,t){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs"),{secretKey:r,publicKey:i}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}async function Ti(e){if(e===T.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===T.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await ot(T.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}=await async function(e){if(e===T.publicKey.pqc_mldsa_ed25519){const t=le(32),{mldsaSecretKey:r,mldsaPublicKey:i}=await Ii(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}}throw Error("Unsupported signature algorithm")}async function Bi(e,t,r,i,a,n){if(e===T.publicKey.pqc_mldsa_ed25519){const{eccSignature:t}=await async function(e,t,r,i,a){if(e===T.publicKey.pqc_mldsa_ed25519){const{RS:e}=await ct(T.publicKey.ed25519,0,0,i,r,a);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,0,r,i,n),{mldsaSignature:s}=await async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,a,n);return{eccSignature:t,mldsaSignature:s}}throw Error("Unsupported signature algorithm")}async function Mi(e,t,r,i,a,{eccSignature:n,mldsaSignature:s}){if(e===T.publicKey.pqc_mldsa_ed25519){const t=async function(e,t,r,i,a){if(e===T.publicKey.pqc_mldsa_ed25519)return ut(T.publicKey.ed25519,0,{RS:a},0,r,i);throw Error("Unsupported signature algorithm")}(e,0,r,a,n),o=async function(e,t,r,i){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return e.verify(t,r,i)}throw Error("Unsupported signature algorithm")}(e,i,a,s);return await t&&await o}throw Error("Unsupported signature algorithm")}function Fi(e,t){if(e===T.publicKey.pqc_mldsa_ed25519)return Te(t)>=32;throw Error("Unsupported signature algorithm")}async function Li(e,t,r,i,a){const n=async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519)return ht(T.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),s=async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:i}=await Ii(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported signature algorithm")}(e,i,a);return await n&&await s}class _i{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return F.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class Ni{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!F.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return F.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class Ri{constructor(e){if(e){const{version:t,hash:r,cipher:i,replacementFingerprint:a}=e;this.version=t||1,this.hash=r,this.cipher=i,this.replacementFingerprint=a}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new it("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const i=t-r+1;this.replacementFingerprint=e.slice(r,r+i),r+=i}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return F.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const zi=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=T.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return T.read(e,this.data)}getValue(){return this.data}},Oi=zi(T.aead),ji=zi(T.symmetric),qi=zi(T.hash);class Hi{static fromObject({wrappedKey:e,algorithm:t}){const r=new Hi;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=F.readExactSubarray(e,t,t+r),t+=r}write(){return F.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Gi=F.getWebCrypto(),Vi=F.getNodeCrypto(),Wi=Vi?Vi.getCiphers():[],$i={idea:Wi.includes("idea-cfb")?"idea-cfb":void 0,tripledes:Wi.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:Wi.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:Wi.includes("bf-cfb")?"bf-cfb":void 0,aes128:Wi.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:Wi.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:Wi.includes("aes-256-cfb")?"aes-256-cfb":void 0};async function Qi(e){const{blockSize:t}=Ar(e),r=await le(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return F.concat([r,i])}async function Xi(e,t,r,i,a){const n=T.read(T.symmetric,e);if(F.getNodeCrypto()&&$i[n])return function(e,t,r,i){const a=T.read(T.symmetric,e),n=new Vi.createCipheriv($i[a],t,i);return b(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(Gi&&await Zi.isSupported(e)){const a=new Zi(e,t,i);return F.isStream(r)?b(r,(e=>a.encryptChunk(e)),(()=>a.finish())):a.encrypt(r)}if(F.isStream(r)){const a=new Ji(!0,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return hr(t,i).encrypt(r)}(e,t,r,i);const s=new(await kr(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=F.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[i++]=c[r];u=u.subarray(o)}return t.subarray(0,i)};return b(r,h,h)}async function Yi(e,t,r,i){const a=T.read(T.symmetric,e);if(Vi&&$i[a])return function(e,t,r,i){const a=T.read(T.symmetric,e),n=new Vi.createDecipheriv($i[a],t,i);return b(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(F.isStream(r)){const a=new Ji(!1,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return hr(t,i).decrypt(r)}(e,t,r,i);const n=new(await kr(e))(t),s=n.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=F.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=n.encrypt(o);for(o=c.subarray(0,s),r=0;r<s;r++)t[i++]=o[r]^e[r];c=c.subarray(s)}return t.subarray(0,i)};return b(r,u,u)}class Zi{constructor(e,t,r){const{blockSize:i}=Ar(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i,this.zeroBlock=new Uint8Array(this.blockSize)}static async isSupported(e){const{keySize:t}=Ar(e);return Gi.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Gi.importKey("raw",this.key,r,!1,["encrypt"]);const i=await Gi.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(i).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=F.concatUint8Array([this.prevBlock,i.subarray(0,i.length-this.blockSize)]),n=await this._runCBC(a);return ea(n,i),this.prevBlock=n.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,n}let i;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;i=await this._runCBC(this.prevBlock),ea(i,t),this.prevBlock=i.slice(),this.i=0;const a=e.subarray(r.length);this.nextBlock.set(a,this.i),this.i+=a.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);ea(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(F.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return ea(t,e),this.clearSensitiveData(),t}}class Ji{constructor(e,t,r,i){this.forEncryption=e;const{blockSize:a}=Ar(t);this.key=br.expandKeyLE(r),i.byteOffset%4!=0&&(i=i.slice()),this.prevBlock=ta(i),this.nextBlock=new Uint8Array(a),this.i=0,this.blockSize=a}_runCFB(e){const t=ta(e),r=new Uint8Array(e.length),i=ta(r);for(let e=0;e+4<=i.length;e+=4){const{s0:r,s1:a,s2:n,s3:s}=br.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);i[e+0]=t[e+0]^r,i[e+1]=t[e+1]^a,i[e+2]=t[e+2]^n,i[e+3]=t[e+3]^s,this.prevBlock=(this.forEncryption?i:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=this._runCFB(i);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,a}let i;if(this.i+=r.length,this.i===this.nextBlock.length){i=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function ea(e,t){const r=Math.min(e.length,t.length);for(let i=0;i<r;i++)e[i]=e[i]^t[i]}const ta=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const ra=F.getWebCrypto(),ia=F.getNodeCrypto(),aa=16;function na(e,t){const r=e.length-aa;for(let i=0;i<aa;i++)e[i+r]^=t[i];return e}const sa=new Uint8Array(aa);async function oa(e){const t=await ca(e),r=F.double(await t(sa)),i=F.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%aa==0)return na(e,t);const i=new Uint8Array(e.length+(aa-e.length%aa));return i.set(e),i[e.length]=128,na(i,r)}(e,r,i))).subarray(-16)}}async function ca(e){if(F.getNodeCrypto())return async function(t){const r=new ia.createCipheriv("aes-"+8*e.length+"-cbc",e,sa).update(t);return new Uint8Array(r)};if(F.getWebCrypto())try{return e=await ra.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await ra.encrypt({name:"AES-CBC",iv:sa,length:128},e,t);return new Uint8Array(r).subarray(0,r.byteLength-aa)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return ur(e,sa,{disablePadding:!0}).encrypt(t)}}const ua=F.getWebCrypto(),ha=F.getNodeCrypto(),la=F.getNodeBuffer(),ya=16,pa=ya,da=new Uint8Array(ya),ga=new Uint8Array(ya);ga[15]=1;const ma=new Uint8Array(ya);async function fa(e){const t=await oa(e);return function(e,r){return t(F.concatUint8Array([e,r]))}}async function wa(e){if(F.getNodeCrypto())return async function(t,r){const i=new ha.createCipheriv("aes-"+8*e.length+"-ctr",e,r),a=la.concat([i.update(t),i.final()]);return new Uint8Array(a)};if(F.getWebCrypto())try{const t=await ua.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const i=await ua.encrypt({name:"AES-CTR",counter:r,length:128},t,e);return new Uint8Array(i)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return cr(e,r).encrypt(t)}}async function ba(e,t){if(e!==T.symmetric.aes128&&e!==T.symmetric.aes192&&e!==T.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,i]=await Promise.all([fa(t),wa(t)]);return{encrypt:async function(e,t,a){const[n,s]=await Promise.all([r(da,t),r(ga,a)]),o=await i(e,n),c=await r(ma,o);for(let e=0;e<pa;e++)c[e]^=s[e]^n[e];return F.concatUint8Array([o,c])},decrypt:async function(e,t,a){if(e.length<pa)throw Error("Invalid EAX ciphertext");const n=e.subarray(0,-16),s=e.subarray(-16),[o,c,u]=await Promise.all([r(da,t),r(ga,a),r(ma,n)]),h=u;for(let e=0;e<pa;e++)h[e]^=c[e]^o[e];if(!F.equalsUint8Array(s,h))throw Error("Authentication tag mismatch");return await i(n,o)}}}ma[15]=2,ba.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},ba.blockLength=ya,ba.ivLength=16,ba.tagLength=pa;const ka=16,va=16;function Ka(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function Aa(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function Ea(e,t){return Aa(e.slice(),t)}const Sa=new Uint8Array(ka),Pa=new Uint8Array([1]);async function Ua(e,t){const{keySize:r}=Ar(e);if(!F.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let i=0;const a=e=>ur(t,Sa,{disablePadding:!0}).encrypt(e),n=e=>ur(t,Sa,{disablePadding:!0}).decrypt(e);let s;function o(e,t,r,n){const o=t.length/ka|0;!function(e,t){const r=F.nbits(Math.max(e.length,t.length)/ka|0)-1;for(let e=i+1;e<=r;e++)s[e]=F.double(s[e-1]);i=r}(t,n);const c=F.concatUint8Array([Sa.subarray(0,15-r.length),Pa,r]),u=63&c[15];c[15]&=192;const h=a(c),l=F.concatUint8Array([h,Ea(h.subarray(0,8),h.subarray(1,9))]),y=F.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),p=new Uint8Array(ka),d=new Uint8Array(t.length+va);let g,m=0;for(g=0;g<o;g++)Aa(y,s[Ka(g+1)]),d.set(Aa(e(Ea(y,t)),y),m),Aa(p,e===a?t:d.subarray(m)),t=t.subarray(ka),m+=ka;if(t.length){Aa(y,s.x);const r=a(y);d.set(Ea(t,r),m);const i=new Uint8Array(ka);i.set(e===a?t:d.subarray(m,-16),0),i[t.length]=128,Aa(p,i),m+=t.length}const f=Aa(a(Aa(Aa(p,y),s.$)),function(e){if(!e.length)return Sa;const t=e.length/ka|0,r=new Uint8Array(ka),i=new Uint8Array(ka);for(let n=0;n<t;n++)Aa(r,s[Ka(n+1)]),Aa(i,a(Ea(r,e))),e=e.subarray(ka);if(e.length){Aa(r,s.x);const t=new Uint8Array(ka);t.set(e,0),t[e.length]=128,Aa(t,r),Aa(i,a(t))}return i}(n));return d.set(f,m),d}return function(){const e=a(Sa),t=F.double(e);s=[],s[0]=F.double(t),s.x=e,s.$=t}(),{encrypt:async function(e,t,r){return o(a,e,t,r)},decrypt:async function(e,t,r){if(e.length<va)throw Error("Invalid OCB ciphertext");const i=e.subarray(-16);e=e.subarray(0,-16);const a=o(n,e,t,r);if(F.equalsUint8Array(i,a.subarray(-16)))return a.subarray(0,-16);throw Error("Authentication tag mismatch")}}}Ua.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},Ua.blockLength=ka,Ua.ivLength=15,Ua.tagLength=va;const Da=F.getWebCrypto(),xa=F.getNodeCrypto(),Ca=F.getNodeBuffer(),Ia=16,Ta="AES-GCM";async function Ba(e,t){if(e!==T.symmetric.aes128&&e!==T.symmetric.aes192&&e!==T.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(F.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const a=new xa.createCipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i);const n=Ca.concat([a.update(e),a.final(),a.getAuthTag()]);return new Uint8Array(n)},decrypt:async function(e,r,i=new Uint8Array){const a=new xa.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i),a.setAuthTag(e.slice(e.length-Ia,e.length));const n=Ca.concat([a.update(e.slice(0,e.length-Ia)),a.final()]);return new Uint8Array(n)}};if(F.getWebCrypto())try{const e=await Da.importKey("raw",t,{name:Ta},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(i,a,n=new Uint8Array){if(r&&!i.length)return yr(t,a,n).encrypt(i);const s=await Da.encrypt({name:Ta,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(s)},decrypt:async function(i,a,n=new Uint8Array){if(r&&i.length===Ia)return yr(t,a,n).decrypt(i);try{const t=await Da.decrypt({name:Ta,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,i){return yr(t,r,i).encrypt(e)},decrypt:async function(e,r,i){return yr(t,r,i).decrypt(e)}}}function Ma(e,t=!1){switch(e){case T.aead.eax:return ba;case T.aead.ocb:return Ua;case T.aead.gcm:return Ba;case T.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return Ba;default:throw Error("Unsupported AEAD mode")}}async function Fa(e,t,r,i,a,n){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await je(a,e,t)}}case T.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return async function(e,t,r,i){t=ee(t),r=ee(r),i=ee(i);const a=ee(Me(e,ce(t))),n=ye(We,t-We);return{c1:ue(re(r,n,t)),c2:ue(te(re(i,n,t)*a,t))}}(a,e,t,i)}case T.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:i}=r,{publicKey:s,wrappedKey:o}=await di(e,i,a,t,n);return{V:s,C:new _i(o)}}case T.publicKey.x25519:case T.publicKey.x448:{if(t&&!F.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:n,wrappedKey:s}=await Ir(e,a,i);return{ephemeralPublicKey:n,C:Hi.fromObject({algorithm:t,wrappedKey:s})}}case T.publicKey.aead:{if(!i)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:n}=i,s=B.preferredAEADAlgorithm,o=Ma(B.preferredAEADAlgorithm),{ivLength:c}=o,u=le(c),h=await o(t,n),l=await h.encrypt(a,u,new Uint8Array);return{aeadMode:new Oi(s),iv:u,c:new Ni(l)}}case T.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:i,mlkemPublicKey:n}=r,{eccCipherText:s,mlkemCipherText:o,wrappedKey:c}=await Ui(e,i,n,a);return{eccCipherText:s,mlkemCipherText:o,C:Hi.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function La(e,t,r,i,a,n){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:{const{c:e}=i,{n:a,e:s}=t,{d:o,p:c,q:u,u:h}=r;return qe(e,a,s,o,c,u,h,n)}case T.publicKey.elgamal:{const{c1:e,c2:a}=i;return async function(e,t,r,i,a){return e=ee(e),t=ee(t),r=ee(r),Fe(ue(te(ae(re(e,i=ee(i),r),r)*t,r),"be",ce(r)),a)}(e,a,t.p,r.x,n)}case T.publicKey.ecdh:{const{oid:e,Q:n,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return mi(e,s,c,u.data,n,o,a)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:a}=t,{k:n}=r,{ephemeralPublicKey:s,C:o}=i;if(null!==o.algorithm&&!F.isAES(o.algorithm))throw Error("AES session key expected");return Tr(e,s,o.wrappedKey,a,n)}case T.publicKey.aead:{const{cipher:e}=t,a=e.getValue(),{keyMaterial:n}=r,{aeadMode:s,iv:o,c}=i,u=Ma(s.getValue());return(await u(a,n)).decrypt(c.data,o,new Uint8Array)}case T.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:a,mlkemSecretKey:n}=r,{eccPublicKey:s,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=i;return Di(e,c,u,a,s,n,0,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function _a(e,t,r){let i=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(i));i+=e.length+2;const r=F.readMPI(t.subarray(i));i+=r.length+2;const a=F.readMPI(t.subarray(i));i+=a.length+2;const n=F.readMPI(t.subarray(i));return i+=n.length+2,{read:i,privateParams:{d:e,p:r,q:a,u:n}}}case T.publicKey.dsa:case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const a=Ha(e,r.oid);let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{d:n}}}case T.publicKey.eddsaLegacy:{const a=Ha(e,r.oid);if(r.oid.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{seed:n}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const r=Ha(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{seed:a}}}case T.publicKey.x25519:case T.publicKey.x448:{const r=Ha(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{k:a}}}case T.publicKey.hmac:{const{cipher:e}=r,a=Te(e.getValue()),n=t.subarray(i,i+32);i+=32;const s=t.subarray(i,i+a);return i+=a,{read:i,privateParams:{hashSeed:n,keyMaterial:s}}}case T.publicKey.aead:{const{cipher:e}=r,a=t.subarray(i,i+32);i+=32;const{keySize:n}=Ar(e.getValue()),s=t.subarray(i,i+n);return i+=n,{read:i,privateParams:{hashSeed:a,keyMaterial:s}}}case T.publicKey.pqc_mlkem_x25519:{const r=F.readExactSubarray(t,i,i+Ha(T.publicKey.x25519));i+=r.length;const a=F.readExactSubarray(t,i,i+64);i+=a.length;const{mlkemSecretKey:n}=await Si(e,a);return{read:i,privateParams:{eccSecretKey:r,mlkemSecretKey:n,mlkemSeed:a}}}case T.publicKey.pqc_mldsa_ed25519:{const r=F.readExactSubarray(t,i,i+Ha(T.publicKey.ed25519));i+=r.length;const a=F.readExactSubarray(t,i,i+32);i+=a.length;const{mldsaSecretKey:n}=await Ii(e,a);return{read:i,privateParams:{eccSecretKey:r,mldsaSecretKey:n,mldsaSeed:a}}}default:throw new it("Unknown public key encryption algorithm.")}}function Na(e,t){const r=new Set([T.publicKey.ed25519,T.publicKey.x25519,T.publicKey.ed448,T.publicKey.x448,T.publicKey.aead,T.publicKey.hmac,T.publicKey.pqc_mlkem_x25519,T.publicKey.pqc_mldsa_ed25519]),i={[T.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[T.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},a=Object.keys(t).map((a=>{if(i[e]?.has(a))return new Uint8Array;const n=t[a];return F.isUint8Array(n)?r.has(e)?n:F.uint8ArrayToMPI(n):n.write()}));return F.concatUint8Array(a)}async function Ra(e,t,r,i){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),F.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:ue(t),hash:{name:"SHA-1"}},i=await _e.generateKey(r,!0,["sign","verify"]);return Ve(await _e.exportKey("jwk",i.privateKey),t)}if(F.getNodeCrypto()){const r={modulusLength:e,publicExponent:ne(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},i=await new Promise(((e,t)=>{Ne.generateKeyPair("rsa",r,((r,i,a)=>{r?t(r):e(a)}))}));return Ve(i,t)}let r,i,a;do{i=de(e-(e>>1),t,40),r=de(e>>1,t,40),a=r*i}while(oe(a)!==e);const n=(r-Re)*(i-Re);return i<r&&([r,i]=[i,r]),{n:ue(a),e:ue(t),d:ue(ae(t,n)),p:ue(r),q:ue(i),u:ue(ae(r,i))}}(t,65537).then((({n:e,e:t,d:r,p:i,q:a,u:n})=>({privateParams:{d:r,p:i,q:a,u:n},publicParams:{n:e,e:t}})));case T.publicKey.ecdsa:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Qe(e),Q:t}})));case T.publicKey.eddsaLegacy:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Qe(e),Q:t}})));case T.publicKey.ecdh:return Vr(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:a})=>({privateParams:{d:r},publicParams:{oid:new Qe(e),Q:t,kdfParams:new Ri({hash:i,cipher:a})}})));case T.publicKey.ed25519:case T.publicKey.ed448:return ot(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case T.publicKey.x25519:case T.publicKey.x448:return xr(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case T.publicKey.hmac:return za(await async function(e){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const t=T.read(T.webHash,e),r=Ai||Ei.webcrypto.subtle,i=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),a=await r.exportKey("raw",i);return new Uint8Array(a)}(i),new qi(i));case T.publicKey.aead:return za(ja(i),new ji(i));case T.publicKey.pqc_mlkem_x25519:return Pi(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:i,mlkemPublicKey:a})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:i},publicParams:{eccPublicKey:t,mlkemPublicKey:a}})));case T.publicKey.pqc_mldsa_ed25519:return Ti(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:i,mldsaPublicKey:a})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:i},publicParams:{eccPublicKey:t,mldsaPublicKey:a}})));case T.publicKey.dsa:case T.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function za(e,t){const r=le(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await Ie(T.hash.sha256,r)}}}async function Oa(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const{n:e,e:i}=t,{d:a,p:n,q:s,u:o}=r;return async function(e,t,r,i,a,n){if(e=ee(e),(i=ee(i))*(a=ee(a))!==e)return!1;const s=BigInt(2);if(te(i*(n=ee(n)),a)!==BigInt(1))return!1;t=ee(t),r=ee(r);const o=ye(s,s<<BigInt(Math.floor(oe(e)/3))),c=o*r*t;return!(te(c,i-Re)!==o||te(c,a-Re)!==o)}(e,i,a,n,s,o)}case T.publicKey.dsa:{const{p:e,q:i,g:a,y:n}=t,{x:s}=r;return async function(e,t,r,i,a){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),r<=vi||r>=e)return!1;if(te(e-vi,t)!==ki)return!1;if(re(r,t,e)!==vi)return!1;const n=BigInt(oe(t));if(n<BigInt(150)||!ge(t,null,32))return!1;a=ee(a);const s=BigInt(2);return i===re(r,t*ye(s<<n-vi,s<<n)+a,e)}(e,i,a,n,s)}case T.publicKey.elgamal:{const{p:e,g:i,y:a}=t,{x:n}=r;return async function(e,t,r,i){if(e=ee(e),t=ee(t),r=ee(r),t<=We||t>=e)return!1;const a=BigInt(oe(e));if(a<BigInt(1023))return!1;if(re(t,e-We,e)!==We)return!1;let n=t,s=BigInt(1);const o=BigInt(2),c=o<<BigInt(17);for(;s<c;){if(n=te(n*t,e),n===We)return!1;s++}i=ee(i);const u=ye(o<<a-We,o<<a);return r===re(t,(e-We)*u+i,e)}(e,i,a,n)}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const i=bi[T.read(T.publicKey,e)],{oid:a,Q:n}=t,{d:s}=r;return i.validateParams(a,n,s)}case T.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:a}=r;return ci(i,e,a)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:i}=t,{seed:a}=r;return ht(e,i,a)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:i}=t,{k:a}=r;return Cr(e,i,a)}case T.publicKey.hmac:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r;return Te(e.getValue())===n.length&&F.equalsUint8Array(i,await Ie(T.hash.sha256,a))}case T.publicKey.aead:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r,{keySize:s}=Ar(e.getValue());return s===n.length&&F.equalsUint8Array(i,await Ie(T.hash.sha256,a))}case T.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSeed:a}=r,{eccPublicKey:n,mlkemPublicKey:s}=t;return Ci(e,n,i,s,a)}case T.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:i,mldsaSeed:a}=r,{eccPublicKey:n,mldsaPublicKey:s}=t;return Li(e,n,i,s,a)}default:throw Error("Unknown public key algorithm.")}}function ja(e){const{keySize:t}=Ar(e);return le(t)}function qa(e){try{e.getName()}catch(e){throw new it("Unknown curve OID")}}function Ha(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.ecdh:case T.publicKey.eddsaLegacy:return new Gr(t).payloadSize;case T.publicKey.ed25519:case T.publicKey.ed448:return lt(e);case T.publicKey.x25519:case T.publicKey.x448:return Br(e);default:throw Error("Unknown elliptic algo")}}async function Ga(e,t,r,i,a,n,s){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:a}=i;return Oe(t,n,F.leftPad(r.s,e.length),e,a,s)}case T.publicKey.dsa:{const{g:e,p:t,q:a,y:n}=i,{r:o,s:c}=r;return async function(e,t,r,i,a,n,s,o){if(t=ee(t),r=ee(r),n=ee(n),s=ee(s),a=ee(a),o=ee(o),t<=ki||t>=s||r<=ki||r>=s)return F.printDebug("invalid DSA Signature"),!1;const c=te(ee(i.subarray(0,ce(s))),s),u=ae(r,s);if(u===ki)return F.printDebug("invalid DSA Signature"),!1;a=te(a,n),o=te(o,n);const h=te(c*u,s),l=te(t*u,s);return te(te(re(a,h,n)*re(o,l,n),n),s)===t}(0,o,c,s,e,t,a,n)}case T.publicKey.ecdsa:{const{oid:e,Q:a}=i,o=new Gr(e).payloadSize;return ii(e,t,{r:F.leftPad(r.r,o),s:F.leftPad(r.s,o)},n,a,s)}case T.publicKey.eddsaLegacy:{if(Te(t)<Te(T.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=i,n=new Gr(e).payloadSize;return oi(e,0,{r:F.leftPad(r.r,n),s:F.leftPad(r.s,n)},0,a,s)}case T.publicKey.ed25519:case T.publicKey.ed448:{if(Te(t)<Te(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=i;return ut(e,0,r,0,a,s)}case T.publicKey.hmac:{if(!a)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=i,{keyMaterial:t}=a;return async function(e,t,r,i){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const a=T.read(T.webHash,e),n=Ai||Ei.webcrypto.subtle,s=await n.importKey("raw",t,{name:"HMAC",hash:{name:a}},!1,["verify"]);return n.verify("HMAC",s,r,i)}(e.getValue(),t,r.mac.data,s)}case T.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a,mldsaPublicKey:n}=i;return Mi(e,0,a,n,s,r)}default:throw Error("Unknown signature algorithm.")}}async function Va(e,t,r,i,a,n){if(!r||!i)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await ze(t,a,e,s,o,c,u,h,n)}}case T.publicKey.dsa:{const{g:e,p:t,q:a}=r,{x:s}=i;return async function(e,t,r,i,a,n){const s=BigInt(0);let o,c,u,h;i=ee(i),a=ee(a),r=ee(r),n=ee(n),r=te(r,i),n=te(n,a);const l=te(ee(t.subarray(0,ce(a))),a);for(;;){if(o=ye(vi,a),c=te(re(r,o,i),a),c===s)continue;const e=te(n*c,a);if(h=te(l+e,a),u=te(ae(o,a)*h,a),u!==s)break}return{r:ue(c,"be",ce(i)),s:ue(u,"be",ce(i))}}(0,n,e,t,a,s)}case T.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case T.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return ri(e,t,a,s,o,n)}case T.publicKey.eddsaLegacy:{if(Te(t)<Te(T.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=r,{seed:s}=i;return si(e,0,0,a,s,n)}case T.publicKey.ed25519:case T.publicKey.ed448:{if(Te(t)<Te(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=r,{seed:s}=i;return ct(e,0,0,a,s,n)}case T.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=i,a=await async function(e,t,r){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const i=T.read(T.webHash,e),a=Ai||Ei.webcrypto.subtle,n=await a.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["sign"]),s=await a.sign("HMAC",n,r);return new Uint8Array(s)}(e.getValue(),t,n);return{mac:new Ni(a)}}case T.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a}=r,{eccSecretKey:s,mldsaSecretKey:o}=i;return Bi(e,0,s,a,o,n)}default:throw Error("Unknown signature algorithm.")}}Ba.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},Ba.blockLength=16,Ba.ivLength=12,Ba.tagLength=Ia;class Wa extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wa),this.name="Argon2OutOfMemoryError"}}let $a,Qa,Xa=2<<19;class Ya{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return Xa}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){Xa=e}static reloadWasmModule(){$a&&(Qa=$a(),Qa.catch((()=>{})))}constructor(e=B){const{passes:t,parallelism:r,memoryExponent:i}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=i}generateSalt(){this.salt=le(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([T.write(T.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return F.concatUint8Array(e)}async produceKey(e,t){const r=2<<this.encodedM-1;try{$a=$a||(await import("./argon2id.min.mjs")).default,Qa=Qa||$a();const i=await Qa,a=i({version:19,type:2,password:F.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:r,parallelism:this.p,passes:this.t});return r>Ya.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&Ya.reloadWasmModule(),a}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new Wa("Could not allocate required memory for Argon2"):e}}}class Za{constructor(e,t=B){this.algorithm=T.hash.sha256,this.type=T.read(T.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=le(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==F.uint8ArrayToString(e.subarray(t,t+3)))throw new it("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new it("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new it("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...F.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([T.write(T.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return F.concatUint8Array(e)}async produceKey(e,t){e=F.encodeUTF8(e);const r=[];let i=0,a=0;for(;i<t;){let t;switch(this.type){case"simple":t=F.concatUint8Array([new Uint8Array(a),e]);break;case"salted":t=F.concatUint8Array([new Uint8Array(a),this.salt,e]);break;case"iterated":{const r=F.concatUint8Array([this.salt,e]);let i=r.length;const n=Math.max(this.getCount(),i);t=new Uint8Array(a+n),t.set(r,a);for(let e=a+i;e<n;e+=i,i*=2)t.copyWithin(e,a,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const n=await Ie(this.algorithm,t);r.push(n),i+=n.length,a++}return F.concatUint8Array(r).subarray(0,t)}}const Ja=new Set([T.s2k.argon2,T.s2k.iterated]);function en(e,t=B){switch(e){case T.s2k.argon2:return new Ya(t);case T.s2k.iterated:case T.s2k.gnu:case T.s2k.salted:case T.s2k.simple:return new Za(e,t);default:throw new it("Unsupported S2K type")}}function tn(e){const{s2kType:t}=e;if(!Ja.has(t))throw Error("The provided `config.s2kType` value is not allowed");return en(t,e)}var rn=Uint8Array,an=Uint16Array,nn=Int32Array,sn=new rn([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),on=new rn([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),cn=new rn([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),un=function(e,t){for(var r=new an(31),i=0;i<31;++i)r[i]=t+=1<<e[i-1];var a=new nn(r[30]);for(i=1;i<30;++i)for(var n=r[i];n<r[i+1];++n)a[n]=n-r[i]<<5|i;return{b:r,r:a}},hn=un(sn,2),ln=hn.b,yn=hn.r;ln[28]=258,yn[258]=28;for(var pn=un(on,0),dn=pn.b,gn=pn.r,mn=new an(32768),fn=0;fn<32768;++fn){var wn=(43690&fn)>>1|(21845&fn)<<1;wn=(61680&(wn=(52428&wn)>>2|(13107&wn)<<2))>>4|(3855&wn)<<4,mn[fn]=((65280&wn)>>8|(255&wn)<<8)>>1}var bn=function(e,t,r){for(var i=e.length,a=0,n=new an(t);a<i;++a)e[a]&&++n[e[a]-1];var s,o=new an(t);for(a=1;a<t;++a)o[a]=o[a-1]+n[a-1]<<1;if(r){s=new an(1<<t);var c=15-t;for(a=0;a<i;++a)if(e[a])for(var u=a<<4|e[a],h=t-e[a],l=o[e[a]-1]++<<h,y=l|(1<<h)-1;l<=y;++l)s[mn[l]>>c]=u}else for(s=new an(i),a=0;a<i;++a)e[a]&&(s[a]=mn[o[e[a]-1]++]>>15-e[a]);return s},kn=new rn(288);for(fn=0;fn<144;++fn)kn[fn]=8;for(fn=144;fn<256;++fn)kn[fn]=9;for(fn=256;fn<280;++fn)kn[fn]=7;for(fn=280;fn<288;++fn)kn[fn]=8;var vn=new rn(32);for(fn=0;fn<32;++fn)vn[fn]=5;var Kn=/*#__PURE__*/bn(kn,9,0),An=/*#__PURE__*/bn(kn,9,1),En=/*#__PURE__*/bn(vn,5,0),Sn=/*#__PURE__*/bn(vn,5,1),Pn=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},Un=function(e,t,r){var i=t/8|0;return(e[i]|e[i+1]<<8)>>(7&t)&r},Dn=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},xn=function(e){return(e+7)/8|0},Cn=function(e,t,r){return(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length),new rn(e.subarray(t,r))},In=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Tn=function(e,t,r){var i=Error(t||In[e]);if(i.code=e,Error.captureStackTrace&&Error.captureStackTrace(i,Tn),!r)throw i;return i},Bn=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8},Mn=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8,e[i+2]|=r>>16},Fn=function(e,t){for(var r=[],i=0;i<e.length;++i)e[i]&&r.push({s:i,f:e[i]});var a=r.length,n=r.slice();if(!a)return{t:jn,l:0};if(1==a){var s=new rn(r[0].s+1);return s[r[0].s]=1,{t:s,l:1}}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=a-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var y=n[0].s;for(i=1;i<a;++i)n[i].s>y&&(y=n[i].s);var p=new an(y+1),d=Ln(r[h-1],p,0);if(d>t){i=0;var g=0,m=d-t,f=1<<m;for(n.sort((function(e,t){return p[t.s]-p[e.s]||e.f-t.f}));i<a;++i){var w=n[i].s;if(!(p[w]>t))break;g+=f-(1<<d-p[w]),p[w]=t}for(g>>=m;g>0;){var b=n[i].s;p[b]<t?g-=1<<t-p[b]++-1:++i}for(;i>=0&&g;--i){var k=n[i].s;p[k]==t&&(--p[k],++g)}d=t}return{t:new rn(p),l:d}},Ln=function(e,t,r){return-1==e.s?Math.max(Ln(e.l,t,r+1),Ln(e.r,t,r+1)):t[e.s]=r},_n=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new an(++t),i=0,a=e[0],n=1,s=function(e){r[i++]=e},o=1;o<=t;++o)if(e[o]==a&&o!=t)++n;else{if(!a&&n>2){for(;n>138;n-=138)s(32754);n>2&&(s(n>10?n-11<<5|28690:n-3<<5|12305),n=0)}else if(n>3){for(s(a),--n;n>6;n-=6)s(8304);n>2&&(s(n-3<<5|8208),n=0)}for(;n--;)s(a);n=1,a=e[o]}return{c:r.subarray(0,i),n:t}},Nn=function(e,t){for(var r=0,i=0;i<t.length;++i)r+=e[i]*t[i];return r},Rn=function(e,t,r){var i=r.length,a=xn(t+2);e[a]=255&i,e[a+1]=i>>8,e[a+2]=255^e[a],e[a+3]=255^e[a+1];for(var n=0;n<i;++n)e[a+n+4]=r[n];return 8*(a+4+i)},zn=function(e,t,r,i,a,n,s,o,c,u,h){Bn(t,h++,r),++a[256];for(var l=Fn(a,15),y=l.t,p=l.l,d=Fn(n,15),g=d.t,m=d.l,f=_n(y),w=f.c,b=f.n,k=_n(g),v=k.c,K=k.n,A=new an(19),E=0;E<w.length;++E)++A[31&w[E]];for(E=0;E<v.length;++E)++A[31&v[E]];for(var S=Fn(A,7),P=S.t,U=S.l,D=19;D>4&&!P[cn[D-1]];--D);var x,C,I,T,B=u+5<<3,M=Nn(a,kn)+Nn(n,vn)+s,F=Nn(a,y)+Nn(n,g)+s+14+3*D+Nn(A,P)+2*A[16]+3*A[17]+7*A[18];if(c>=0&&B<=M&&B<=F)return Rn(t,h,e.subarray(c,c+u));if(Bn(t,h,1+(F<M)),h+=2,F<M){x=bn(y,p,0),C=y,I=bn(g,m,0),T=g;var L=bn(P,U,0);Bn(t,h,b-257),Bn(t,h+5,K-1),Bn(t,h+10,D-4),h+=14;for(E=0;E<D;++E)Bn(t,h+3*E,P[cn[E]]);h+=3*D;for(var _=[w,v],N=0;N<2;++N){var R=_[N];for(E=0;E<R.length;++E){var z=31&R[E];Bn(t,h,L[z]),h+=P[z],z>15&&(Bn(t,h,R[E]>>5&127),h+=R[E]>>12)}}}else x=Kn,C=kn,I=En,T=vn;for(E=0;E<o;++E){var O=i[E];if(O>255){Mn(t,h,x[(z=O>>18&31)+257]),h+=C[z+257],z>7&&(Bn(t,h,O>>23&31),h+=sn[z]);var j=31&O;Mn(t,h,I[j]),h+=T[j],j>3&&(Mn(t,h,O>>5&8191),h+=on[j])}else Mn(t,h,x[O]),h+=C[O]}return Mn(t,h,x[256]),h+C[256]},On=/*#__PURE__*/new nn([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),jn=/*#__PURE__*/new rn(0),qn=function(){var e=1,t=0;return{p:function(r){for(var i=e,a=t,n=0|r.length,s=0;s!=n;){for(var o=Math.min(s+2655,n);s<o;++s)a+=i+=r[s];i=(65535&i)+15*(i>>16),a=(65535&a)+15*(a>>16)}e=i,t=a},d:function(){return(255&(e%=65521))<<24|(65280&e)<<8|(255&(t%=65521))<<8|t>>8}}},Hn=function(e,t,r,i,a){if(!a&&(a={l:1},t.dictionary)){var n=t.dictionary.subarray(-32768),s=new rn(n.length+e.length);s.set(n),s.set(e,n.length),e=s,a.w=n.length}return function(e,t,r,i,a,n){var s=n.z||e.length,o=new rn(i+s+5*(1+Math.ceil(s/7e3))+a),c=o.subarray(i,o.length-a),u=n.l,h=7&(n.r||0);if(t){h&&(c[0]=n.r>>3);for(var l=On[t-1],y=l>>13,p=8191&l,d=(1<<r)-1,g=n.p||new an(32768),m=n.h||new an(d+1),f=Math.ceil(r/3),w=2*f,b=function(t){return(e[t]^e[t+1]<<f^e[t+2]<<w)&d},k=new nn(25e3),v=new an(288),K=new an(32),A=0,E=0,S=n.i||0,P=0,U=n.w||0,D=0;S+2<s;++S){var x=b(S),C=32767&S,I=m[x];if(g[C]=I,m[x]=C,U<=S){var T=s-S;if((A>7e3||P>24576)&&(T>423||!u)){h=zn(e,c,0,k,v,K,E,P,D,S-D,h),P=A=E=0,D=S;for(var B=0;B<286;++B)v[B]=0;for(B=0;B<30;++B)K[B]=0}var M=2,F=0,L=p,_=C-I&32767;if(T>2&&x==b(S-_))for(var N=Math.min(y,T)-1,R=Math.min(32767,S),z=Math.min(258,T);_<=R&&--L&&C!=I;){if(e[S+M]==e[S+M-_]){for(var O=0;O<z&&e[S+O]==e[S+O-_];++O);if(O>M){if(M=O,F=_,O>N)break;var j=Math.min(_,O-2),q=0;for(B=0;B<j;++B){var H=S-_+B&32767,G=H-g[H]&32767;G>q&&(q=G,I=H)}}}_+=(C=I)-(I=g[C])&32767}if(F){k[P++]=268435456|yn[M]<<18|gn[F];var V=31&yn[M],W=31&gn[F];E+=sn[V]+on[W],++v[257+V],++K[W],U=S+M,++A}else k[P++]=e[S],++v[e[S]]}}for(S=Math.max(S,U);S<s;++S)k[P++]=e[S],++v[e[S]];h=zn(e,c,u,k,v,K,E,P,D,S-D,h),u||(n.r=7&h|c[h/8|0]<<3,h-=7,n.h=m,n.p=g,n.i=S,n.w=U)}else{for(S=n.w||0;S<s+u;S+=65535){var $=S+65535;$>=s&&(c[h/8|0]=u,$=s),h=Rn(c,h+1,e.subarray(S,$))}n.i=s}return Cn(o,0,i+xn(h)+a)}(e,null==t.level?6:t.level,null==t.mem?a.l?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):20:12+t.mem,r,i,a)},Gn=function(e,t,r){for(;r;++t)e[t]=r,r>>>=8},Vn=/*#__PURE__*/function(){function e(e,t){if("function"==typeof e&&(t=e,e={}),this.ondata=t,this.o=e||{},this.s={l:0,i:32768,w:32768,z:32768},this.b=new rn(98304),this.o.dictionary){var r=this.o.dictionary.subarray(-32768);this.b.set(r,32768-r.length),this.s.i=32768-r.length}}return e.prototype.p=function(e,t){this.ondata(Hn(e,this.o,0,0,this.s),t)},e.prototype.push=function(e,t){this.ondata||Tn(5),this.s.l&&Tn(4);var r=e.length+this.s.z;if(r>this.b.length){if(r>2*this.b.length-32768){var i=new rn(-32768&r);i.set(this.b.subarray(0,this.s.z)),this.b=i}var a=this.b.length-this.s.z;this.b.set(e.subarray(0,a),this.s.z),this.s.z=this.b.length,this.p(this.b,!1),this.b.set(this.b.subarray(-32768)),this.b.set(e.subarray(a),32768),this.s.z=e.length-a+32768,this.s.i=32766,this.s.w=32768}else this.b.set(e,this.s.z),this.s.z+=e.length;this.s.l=1&t,(this.s.z>this.s.w+8191||t)&&(this.p(this.b,t||!1),this.s.w=this.s.i,this.s.i-=2)},e.prototype.flush=function(){this.ondata||Tn(5),this.s.l&&Tn(4),this.p(this.b,!1),this.s.w=this.s.i,this.s.i-=2},e}(),Wn=/*#__PURE__*/function(){function e(e,t){"function"==typeof e&&(t=e,e={}),this.ondata=t;var r=e&&e.dictionary&&e.dictionary.subarray(-32768);this.s={i:0,b:r?r.length:0},this.o=new rn(32768),this.p=new rn(0),r&&this.o.set(r)}return e.prototype.e=function(e){if(this.ondata||Tn(5),this.d&&Tn(4),this.p.length){if(e.length){var t=new rn(this.p.length+e.length);t.set(this.p),t.set(e,this.p.length),this.p=t}}else this.p=e},e.prototype.c=function(e){this.s.i=+(this.d=e||!1);var t=this.s.b,r=function(e,t,r,i){var a=e.length;if(!a||t.f&&!t.l)return r||new rn(0);var n=!r,s=n||2!=t.i,o=t.i;n&&(r=new rn(3*a));var c=function(e){var t=r.length;if(e>t){var i=new rn(Math.max(2*t,e));i.set(r),r=i}},u=t.f||0,h=t.p||0,l=t.b||0,y=t.l,p=t.d,d=t.m,g=t.n,m=8*a;do{if(!y){u=Un(e,h,1);var f=Un(e,h+1,3);if(h+=3,!f){var w=e[(x=xn(h)+4)-4]|e[x-3]<<8,b=x+w;if(b>a){o&&Tn(0);break}s&&c(l+w),r.set(e.subarray(x,b),l),t.b=l+=w,t.p=h=8*b,t.f=u;continue}if(1==f)y=An,p=Sn,d=9,g=5;else if(2==f){var k=Un(e,h,31)+257,v=Un(e,h+10,15)+4,K=k+Un(e,h+5,31)+1;h+=14;for(var A=new rn(K),E=new rn(19),S=0;S<v;++S)E[cn[S]]=Un(e,h+3*S,7);h+=3*v;var P=Pn(E),U=(1<<P)-1,D=bn(E,P,1);for(S=0;S<K;){var x,C=D[Un(e,h,U)];if(h+=15&C,(x=C>>4)<16)A[S++]=x;else{var I=0,T=0;for(16==x?(T=3+Un(e,h,3),h+=2,I=A[S-1]):17==x?(T=3+Un(e,h,7),h+=3):18==x&&(T=11+Un(e,h,127),h+=7);T--;)A[S++]=I}}var B=A.subarray(0,k),M=A.subarray(k);d=Pn(B),g=Pn(M),y=bn(B,d,1),p=bn(M,g,1)}else Tn(1);if(h>m){o&&Tn(0);break}}s&&c(l+131072);for(var F=(1<<d)-1,L=(1<<g)-1,_=h;;_=h){var N=(I=y[Dn(e,h)&F])>>4;if((h+=15&I)>m){o&&Tn(0);break}if(I||Tn(2),N<256)r[l++]=N;else{if(256==N){_=h,y=null;break}var R=N-254;if(N>264){var z=sn[S=N-257];R=Un(e,h,(1<<z)-1)+ln[S],h+=z}var O=p[Dn(e,h)&L],j=O>>4;if(O||Tn(3),h+=15&O,M=dn[j],j>3&&(z=on[j],M+=Dn(e,h)&(1<<z)-1,h+=z),h>m){o&&Tn(0);break}s&&c(l+131072);var q=l+R;if(l<M){var H=0-M,G=Math.min(M,q);for(H+l<0&&Tn(3);l<G;++l)r[l]=i[H+l]}for(;l<q;++l)r[l]=r[l-M]}}t.l=y,t.p=_,t.b=l,t.f=u,y&&(u=1,t.m=d,t.d=p,t.n=g)}while(!u);return l!=r.length&&n?Cn(r,0,l):r.subarray(0,l)}(this.p,this.s,this.o);this.ondata(Cn(r,t,this.s.b),this.d),this.o=Cn(r,this.s.b-32768),this.s.b=this.o.length,this.p=Cn(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),$n=/*#__PURE__*/function(){function e(e,t){this.c=qn(),this.v=1,Vn.call(this,e,t)}return e.prototype.push=function(e,t){this.c.p(e),Vn.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){var r=Hn(e,this.o,this.v&&(this.o.dictionary?6:2),t&&4,this.s);this.v&&(function(e,t){var r=t.level,i=0==r?0:r<6?1:9==r?3:2;if(e[0]=120,e[1]=i<<6|(t.dictionary&&32),e[1]|=31-(e[0]<<8|e[1])%31,t.dictionary){var a=qn();a.p(t.dictionary),Gn(e,2,a.d())}}(r,this.o),this.v=0),t&&Gn(r,r.length-4,this.c.d()),this.ondata(r,t)},e.prototype.flush=function(){Vn.prototype.flush.call(this)},e}(),Qn=/*#__PURE__*/function(){function e(e,t){Wn.call(this,e,t),this.v=e&&e.dictionary?2:1}return e.prototype.push=function(e,t){if(Wn.prototype.e.call(this,e),this.v){if(this.p.length<6&&!t)return;this.p=this.p.subarray((r=this.p,i=this.v-1,(8!=(15&r[0])||r[0]>>4>7||(r[0]<<8|r[1])%31)&&Tn(6,"invalid zlib data"),(r[1]>>5&1)==+!i&&Tn(6,"invalid zlib data: "+(32&r[1]?"need":"unexpected")+" dictionary"),2+(r[1]>>3&4))),this.v=0}var r,i;t&&(this.p.length<4&&Tn(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),Wn.prototype.c.call(this,t)},e}(),Xn="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Xn.decode(jn,{stream:!0})}catch(e){}class Yn{static get tag(){return T.packet.literalData}constructor(e=new Date){this.format=T.literal.utf8,this.date=F.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=T.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||F.isStream(this.text))&&(this.text=F.decodeUTF8(F.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=F.canonicalizeEOL(F.encodeUTF8(this.text))),e?A(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await v(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=F.decodeUTF8(await e.readBytes(r)),this.date=F.readDate(await e.readBytes(4));let i=e.remainder();n(i)&&(i=await P(i)),this.setBytes(i,t)}))}writeHeader(){const e=F.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=F.writeDate(this.date);return F.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return F.concat([e,t])}}class Zn{constructor(){this.bytes=""}read(e){return this.bytes=F.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return F.stringToUint8Array(this.bytes)}toHex(){return F.uint8ArrayToHex(F.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new Zn;return t.read(F.hexToUint8Array(e)),t}static wildcard(){const e=new Zn;return e.read(new Uint8Array(8)),e}}const Jn=Symbol("verified"),es="salt@notations.openpgpjs.org",ts=new Set([T.signatureSubpacket.issuerKeyID,T.signatureSubpacket.issuerFingerprint,T.signatureSubpacket.embeddedSignature]);class rs{static get tag(){return T.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new Zn,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[Jn]=null}read(e,t=B){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const i=e.subarray(r,e.length),{read:a,signatureParams:n}=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case T.publicKey.dsa:case T.publicKey.ecdsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.eddsaLegacy:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const i=2*lt(e),a=F.readExactSubarray(t,r,r+i);return r+=a.length,{read:r,signatureParams:{RS:a}}}case T.publicKey.hmac:{const e=new Ni;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case T.publicKey.pqc_mldsa_ed25519:{const e=2*lt(T.publicKey.ed25519),i=F.readExactSubarray(t,r,r+e);r+=i.length;const a=F.readExactSubarray(t,r,r+3309);return r+=a.length,{read:r,signatureParams:{eccSignature:i,mldsaSignature:a}}}default:throw new it("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,i);if(a<i.length)throw Error("Error reading MPIs");this.params=n}writeParams(){return this.params instanceof Promise?D((async()=>Na(this.publicKeyAlgorithm,await this.params))):Na(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),F.concat(e)}async sign(e,t,r=new Date,i=!1,a){this.version=e.version,this.created=F.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const n=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=as(this.hashAlgorithm);if(null===this.salt)this.salt=le(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(a.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===es)).length)throw Error("Unexpected existing salt notation");{const e=le(as(this.hashAlgorithm));this.rawNotations.push({name:es,value:e,humanReadable:!1,critical:!1})}}n.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=F.concat(n);const s=this.toHash(this.signatureType,t,i),o=await this.hash(this.signatureType,t,s,i);this.signedHashValue=S(K(o),0,2);const c=async()=>Va(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,s,await P(o));F.isStream(o)?this.params=c():(this.params=await c(),this[Jn]=!0)}writeHashedSubPackets(){const e=T.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(is(e.signatureCreationTime,!0,F.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(is(e.signatureExpirationTime,!0,F.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(is(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(is(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(is(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(is(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(is(e.keyExpirationTime,!0,F.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(is(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=F.concat([r,this.revocationKeyFingerprint]),t.push(is(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(is(e.issuerKeyID,!1,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:a,humanReadable:n,critical:s})=>{r=[new Uint8Array([n?128:0,0,0,0])];const o=F.encodeUTF8(i);r.push(F.writeNumber(o.length,2)),r.push(F.writeNumber(a.length,2)),r.push(o),r.push(a),r=F.concat(r),t.push(is(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(is(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(is(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyServerPreferences)),t.push(is(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(is(e.preferredKeyServer,!1,F.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(is(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(is(e.policyURI,!1,F.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyFlags)),t.push(is(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(is(e.signersUserID,!1,F.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=F.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(is(e.reasonForRevocation,!0,r))),null!==this.features&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.features)),t.push(is(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(F.stringToUint8Array(this.signatureTargetHash)),r=F.concat(r),t.push(is(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(is(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=F.concat(r),t.push(is(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(is(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(is(e.preferredCipherSuites,!1,r)));const i=F.concat(t),a=F.writeNumber(i.length,6===this.version?4:2);return F.concat([a,i])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>is(e,t,r))),t=F.concat(e),r=F.writeNumber(t.length,6===this.version?4:2);return F.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),a=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)}),ts.has(a)))switch(a){case T.signatureSubpacket.signatureCreationTime:this.created=F.readDate(e.subarray(r,e.length));break;case T.signatureSubpacket.signatureExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case T.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case T.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case T.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case T.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case T.signatureSubpacket.keyExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case T.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case T.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case T.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const a=F.readNumber(e.subarray(r,r+2));r+=2;const n=F.readNumber(e.subarray(r,r+2));r+=2;const s=F.decodeUTF8(e.subarray(r,r+a)),o=e.subarray(r+a,r+a+n);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=F.decodeUTF8(o));break}case T.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case T.signatureSubpacket.policyURI:this.policyURI=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signersUserID:this.signersUserID=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Te(this.signatureTargetHashAlgorithm);this.signatureTargetHash=F.uint8ArrayToString(e.subarray(r,r+t));break}case T.signatureSubpacket.embeddedSignature:this.embeddedSignature=new rs,this.embeddedSignature.read(e.subarray(r,e.length));break;case T.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case T.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const i=6===this.version?4:2,a=F.readNumber(e.subarray(0,i));let n=i;for(;n<2+a;){const i=Xe(e.subarray(n,e.length));n+=i.offset,this.readSubPacket(e.subarray(n,n+i.len),t,r),n+=i.len}return n}toSign(e,t){const r=T.signature;switch(e){case r.binary:return null!==t.text?F.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return F.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const a=e.write();return F.concat([this.toSign(r.key,t),new Uint8Array([i]),F.writeNumber(a.length,4),a])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return F.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return b(K(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==T.signature.binary&&this.signatureType!==T.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(F.writeNumber(r,4)),F.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return F.concat([this.salt||new Uint8Array,i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){if(6===this.version&&this.salt.length!==as(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,i)),Ie(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,a=!1,n=B){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===T.signature.binary||t===T.signature.text;if(!(this[Jn]&&!s)){let i,n;if(this.hashed?n=await this.hashed:(i=this.toHash(t,r,a),n=await this.hash(t,r,i)),n=await P(n),this.signedHashValue[0]!==n[0]||this.signedHashValue[1]!==n[1])throw Error("Signed digest did not match");this.params=await this.params;const s=this.publicKeyAlgorithm===T.publicKey.hmac?e.privateParams:null;if(this[Jn]=await Ga(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,s,i,n),!this[Jn])throw Error("Signature verification failed")}const o=F.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(n.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(n.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[T.signature.binary,T.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&n.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=F.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function is(e,t,r){const i=[];return i.push(Ye(r.length+1)),i.push(new Uint8Array([(t?128:0)|e])),i.push(r),F.concat(i)}function as(e){switch(e){case T.hash.sha256:return 16;case T.hash.sha384:return 24;case T.hash.sha512:return 32;case T.hash.sha224:case T.hash.sha3_256:return 16;case T.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class ns{static get tag(){return T.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new ns;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new Zn,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new Zn,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),F.concatUint8Array(e)}calculateTrailer(...e){return D((async()=>rs.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==T.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!F.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!F.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function ss(e,t){if(!t[e]){let t;try{t=T.read(T.packet,e)}catch(t){throw new at("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}ns.prototype.hash=rs.prototype.hash,ns.prototype.toHash=rs.prototype.toHash,ns.prototype.toSign=rs.prototype.toSign;class os extends Array{static async fromBinary(e,t,r=B,i=null,a=!1){const n=new os;return await n.read(e,t,r,i,a),n}async read(e,t,r=B,i=null,a=!1){let n;r.additionalAllowedPackets.length&&(n=F.constructAllowedPackets(r.additionalAllowedPackets),t={...t,...n}),this.stream=k(e,(async(e,s)=>{const o=x(e),c=C(s);try{let s=F.isStream(e);for(;;){let e,u;if(await c.ready,await rt(o,s,(async s=>{try{if(s.tag===T.packet.marker||s.tag===T.packet.trust||s.tag===T.packet.padding)return;const e=ss(s.tag,t);try{i?.recordPacket(s.tag,n)}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}e.packets=new os,e.fromStream=F.isStream(s.packet),u=e.fromStream;try{await e.read(s.packet,r)}catch(t){if(!(t instanceof it))throw F.wrapError(new nt(`Parsing ${e.constructor.name} failed`),t);throw t}await c.write(e)}catch(t){const i=t instanceof at&&s.tag<=39,n=t instanceof it&&!(t instanceof at)&&!r.ignoreUnsupportedPackets,o=t instanceof nt&&!r.ignoreMalformedPackets,u=tt(s.tag);if(i||n||o||u||!(t instanceof at||t instanceof it||t instanceof nt))a?e=t:await c.abort(t);else{const e=new st(s.tag,s.packet);await c.write(e)}F.printDebugError(t)}})),u&&(s=null),e)throw await o.readToEnd(),e;const h=await o.peekBytes(2);if(!h||!h.length){try{i?.recordEnd()}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}return await c.ready,void await c.close()}}}catch(e){await c.abort(e)}}));const s=x(this.stream);for(;;){const{done:e,value:t}=await s.read();if(e?this.stream=null:this.push(t),e||tt(t.constructor.tag))break}s.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof st?this[t].tag:this[t].constructor.tag,i=this[t].write();if(F.isStream(i)&&tt(this[t].constructor.tag)){let t=[],a=0;const n=512;e.push(Je(r)),e.push(b(i,(e=>{if(t.push(e),a+=e.length,a>=n){const e=Math.min(Math.log(a)/Math.LN2|0,30),r=2**e,i=F.concat([Ze(e)].concat(t));return t=[i.subarray(1+r)],a=t[0].length,i.subarray(0,1+r)}}),(()=>F.concat([Ye(a)].concat(t)))))}else{if(F.isStream(i)){let t=0;e.push(b(K(i),(e=>{t+=e.length}),(()=>et(r,t))))}else e.push(et(r,i.length));e.push(i)}}return F.concat(e)}filterByTag(...e){const t=new os,r=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(r(this[i].constructor.tag))&&t.push(this[i]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let a=0;a<this.length;a++)e.some(i(r[a].constructor.tag))&&t.push(a);return t}}class cs extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,cs),this.name="GrammarError"}}var us;!function(e){e[e.EmptyMessage=0]="EmptyMessage",e[e.PlaintextOrEncryptedData=1]="PlaintextOrEncryptedData",e[e.EncryptedSessionKeys=2]="EncryptedSessionKeys",e[e.StandaloneAdditionalAllowedData=3]="StandaloneAdditionalAllowedData"}(us||(us={}));class hs{constructor(){this.state=us.EmptyMessage,this.leadingOnePassSignatureCounter=0}recordPacket(e,t){switch(this.state){case us.EmptyMessage:case us.StandaloneAdditionalAllowedData:switch(e){case T.packet.literalData:case T.packet.compressedData:case T.packet.aeadEncryptedData:case T.packet.symEncryptedIntegrityProtectedData:case T.packet.symmetricallyEncryptedData:return void(this.state=us.PlaintextOrEncryptedData);case T.packet.signature:if(this.state===us.StandaloneAdditionalAllowedData&&--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return;case T.packet.onePassSignature:if(this.state===us.StandaloneAdditionalAllowedData)throw new cs("OPS following StandaloneAdditionalAllowedData");return void this.leadingOnePassSignatureCounter++;case T.packet.publicKeyEncryptedSessionKey:case T.packet.symEncryptedSessionKey:return void(this.state=us.EncryptedSessionKeys);default:if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=us.StandaloneAdditionalAllowedData)}case us.PlaintextOrEncryptedData:if(e===T.packet.signature){if(--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return void(this.state=us.PlaintextOrEncryptedData)}if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=us.PlaintextOrEncryptedData);case us.EncryptedSessionKeys:switch(e){case T.packet.publicKeyEncryptedSessionKey:case T.packet.symEncryptedSessionKey:return void(this.state=us.EncryptedSessionKeys);case T.packet.symEncryptedIntegrityProtectedData:case T.packet.aeadEncryptedData:case T.packet.symmetricallyEncryptedData:return void(this.state=us.PlaintextOrEncryptedData);case T.packet.signature:if(--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return void(this.state=us.PlaintextOrEncryptedData);default:if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);this.state=us.EncryptedSessionKeys}}}recordEnd(){switch(this.state){case us.EmptyMessage:case us.PlaintextOrEncryptedData:case us.EncryptedSessionKeys:case us.StandaloneAdditionalAllowedData:if(this.leadingOnePassSignatureCounter>0)throw new cs("Missing trailing signature packets")}}}const ls=/*#__PURE__*/F.constructAllowedPackets([Yn,ns,rs]);class ys{static get tag(){return T.packet.compressedData}constructor(e=B){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=B){await v(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),F.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=B){const t=T.read(T.compression,this.algorithm),r=fs[t];if(!r)throw Error(t+" decompression not supported");this.packets=await os.fromBinary(await r(this.compressed),ls,e,new hs)}compress(){const e=T.read(T.compression,this.algorithm),t=ms[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function ps(e,t){return r=>{if(!F.isStream(r)||n(r))return D((()=>P(r).then((e=>new Promise(((r,i)=>{const a=new t,n=[];a.ondata=(e,t)=>{n.push(e),t&&r(F.concatUint8Array(n))};try{a.push(e,!0)}catch(e){i(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const i=r.getReader(),a=new t;return new ReadableStream({async start(e){for(a.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await i.read();if(e)return void a.push(new Uint8Array,!0);t.length&&a.push(t)}}})}}function ds(){return async function(e){const{decode:t}=await import("./seek-bzip.min.mjs").then((function(e){return e.i}));return D((async()=>t(await P(e))))}}const gs=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),ms={zip:/*#__PURE__*/ps(gs("deflate-raw").compressor,Vn),zlib:/*#__PURE__*/ps(gs("deflate").compressor,$n)},fs={uncompressed:e=>e,zip:/*#__PURE__*/ps(gs("deflate-raw").decompressor,Wn),zlib:/*#__PURE__*/ps(gs("deflate").decompressor,Qn),bzip2:/*#__PURE__*/ds()},ws=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class bs{static get tag(){return T.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new bs;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new it(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):F.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=B){const{blockSize:i,keySize:a}=Ar(e);if(t.length!==a)throw Error("Unexpected session key size");let s=this.packets.write();if(n(s)&&(s=await P(s)),2===this.version)this.cipherAlgorithm=e,this.salt=le(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await ks(this,"encrypt",t,s);else{const r=await Qi(e),a=new Uint8Array([211,20]),n=F.concat([r,s,a]),o=await Ie(T.hash.sha1,A(n)),c=F.concat([n,o]);this.encrypted=await Xi(e,t,c,new Uint8Array(i))}return!0}async decrypt(e,t,r=B){if(t.length!==Ar(e).keySize)throw Error("Unexpected session key size");let i,a=K(this.encrypted);n(a)&&(a=await P(a));let s=!1;if(2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");i=await ks(this,"decrypt",t,a)}else{const{blockSize:n}=Ar(e),o=await Yi(e,t,a,new Uint8Array(n)),c=S(A(o),-20),u=S(o,0,-20),h=Promise.all([P(await Ie(T.hash.sha1,A(u))),P(c)]).then((([e,t])=>{if(!F.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),l=S(u,n+2);i=S(l,0,-2),i=g([i,D((()=>h))]),F.isStream(a)&&r.allowUnauthenticatedStream?s=!0:i=await P(i)}return this.packets=await os.fromBinary(i,ws,r,new hs,s),!0}}async function ks(e,t,r,i){const a=e instanceof bs&&2===e.version,n=!a&&e.constructor.tag===T.packet.aeadEncryptedData;if(!a&&!n)throw Error("Unexpected packet type");const s=Ma(e.aeadAlgorithm,n),o="decrypt"===t?s.tagLength:0,c="encrypt"===t?s.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=n?8:0,l=new ArrayBuffer(13+h),y=new Uint8Array(l,0,5+h),p=new Uint8Array(l),d=new DataView(l),g=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let f,w,b=0,v=Promise.resolve(),K=0,A=0;if(a){const{keySize:t}=Ar(e.cipherAlgorithm),{ivLength:i}=s,a=new Uint8Array(l,0,5),n=await Ur(T.hash.sha256,r,e.salt,a,t+i);r=n.subarray(0,t),f=n.subarray(t),f.fill(0,f.length-8),w=new DataView(f.buffer,f.byteOffset,f.byteLength)}else f=e.iv;const E=await s(e.cipherAlgorithm,r);return k(i,(async(r,i)=>{if("array"!==F.isStream(r)){const t=new TransformStream({},{highWaterMark:F.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});m(t.readable,i),i=t.writable}const n=x(r),s=C(i);try{for(;;){let e=await n.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let i,l,m;if(e=e.subarray(0,e.length-o),a)m=f;else{m=f.slice();for(let e=0;e<8;e++)m[f.length-8+e]^=g[e]}if(!b||e.length?(n.unshift(r),i=E[t](e,m,y),i.catch((()=>{})),A+=e.length-o+c):(d.setInt32(5+h+4,K),i=E[t](r,m,p),i.catch((()=>{})),A+=c,l=!0),K+=e.length-o,v=v.then((()=>i)).then((async e=>{await s.ready,await s.write(e),A-=e.length})).catch((e=>s.abort(e))),(l||A>s.desiredSize)&&await v,l){await s.close();break}a?w.setInt32(f.length-4,++b):d.setInt32(9,++b)}}catch(e){await s.ready.catch((()=>{})),await s.abort(e)}}))}const vs=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class Ks{static get tag(){return T.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=T.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{const t=await e.readByte();if(1!==t)throw new it(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=Ma(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=B){this.packets=await os.fromBinary(await ks(this,"decrypt",t,K(this.encrypted)),vs,r,new hs)}async encrypt(e,t,r=B){this.cipherAlgorithm=e;const{ivLength:i}=Ma(this.aeadAlgorithm,!0);this.iv=le(i),this.chunkSizeByte=r.aeadChunkSizeByte;const a=this.packets.write();this.encrypted=await ks(this,"encrypt",t,a)}}const As=new Set([T.publicKey.x25519,T.publicKey.x448,T.publicKey.pqc_mlkem_x25519]);class Es{static get tag(){return T.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new Zn,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:i,sessionKeyAlgorithm:a}){const n=new Es;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return n.version=e,6===e&&(n.publicKeyVersion=r?null:t.version,n.publicKeyFingerprint=r?null:t.getFingerprintBytes()),n.publicKeyID=r?Zn.wildcard():t.getKeyID(),n.publicKeyAlgorithm=t.algorithm,n.sessionKey=i,n.sessionKeyAlgorithm=a,n}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const i=r-1;this.publicKeyFingerprint=e.subarray(t,t+i),t+=i,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=Zn.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:return{c:F.readMPI(t.subarray(r))};case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:F.readMPI(t.subarray(r))}}case T.publicKey.ecdh:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=new _i;return i.read(t.subarray(r)),{V:e,C:i}}case T.publicKey.x25519:case T.publicKey.x448:{const i=Ha(e),a=F.readExactSubarray(t,r,r+i);r+=a.length;const n=new Hi;return n.read(t.subarray(r)),{ephemeralPublicKey:a,C:n}}case T.publicKey.aead:{const e=new Oi;r+=e.read(t.subarray(r));const{ivLength:i}=Ma(e.getValue()),a=t.subarray(r,r+i);r+=i;const n=new Ni;return r+=n.read(t.subarray(r)),{aeadMode:e,iv:a,c:n}}case T.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1088);r+=i.length;const a=new Hi;return a.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:i,C:a}}default:throw new it("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),As.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=T.write(T.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),Na(this.publicKeyAlgorithm,this.encrypted)),F.concatUint8Array(e)}async encrypt(e){const t=T.write(T.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=Ss(this.version,t,r,this.sessionKey),n=t===T.publicKey.aead?e.privateParams:null;this.encrypted=await Fa(t,r,e.publicParams,n,a,i)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ss(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=await La(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,i,r),{sessionKey:n,sessionKeyAlgorithm:s}=function(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.aead:{const t=r.subarray(0,r.length-2),a=r.subarray(r.length-2),n=F.writeChecksum(t.subarray(t.length%8)),s=n[0]===a[0]&n[1]===a[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(i){const t=s&o.sessionKeyAlgorithm===i.sessionKeyAlgorithm&o.sessionKey.length===i.sessionKey.length;return{sessionKey:F.selectUint8Array(t,o.sessionKey,i.sessionKey),sessionKeyAlgorithm:6===e?null:F.selectUint8(t,o.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(s&&(6===e||T.read(T.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,a,t);if(3===this.version){const e=!As.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?s:this.sessionKeyAlgorithm,n.length!==Ar(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=n}}function Ss(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.aead:return F.concatUint8Array([new Uint8Array(6===e?[]:[r]),i,F.writeChecksum(i.subarray(i.length%8))]);case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return i;default:throw Error("Unsupported public key algorithm")}}class Ps{static get tag(){return T.packet.symEncryptedSessionKey}constructor(e=B){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=T.write(T.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const i=e[t++];if(this.s2k=en(i),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=Ma(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const i=r.length,a=3+i+this.iv.length;t=F.concatUint8Array([new Uint8Array([this.version,a,e,this.aeadAlgorithm,i]),r,this.iv,this.encrypted])}else 5===this.version?t=F.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=F.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=F.concatUint8Array([t,this.encrypted])));return t}async decrypt(e){const t=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:r,keySize:i}=Ar(t),a=await this.s2k.produceKey(e,i);if(this.version>=5){const e=Ma(this.aeadAlgorithm,!0),r=new Uint8Array([192|Ps.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await Ur(T.hash.sha256,a,new Uint8Array,r,i):a,s=await e(t,n);this.sessionKey=await s.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await Yi(t,a,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=T.write(T.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==Ar(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=a}async encrypt(e,t=B){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=tn(t),this.s2k.generateSalt();const{blockSize:i,keySize:a}=Ar(r),n=await this.s2k.produceKey(e,a);if(null===this.sessionKey&&(this.sessionKey=ja(this.sessionKeyAlgorithm)),this.version>=5){const e=Ma(this.aeadAlgorithm);this.iv=le(e.ivLength);const t=new Uint8Array([192|Ps.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await Ur(T.hash.sha256,n,new Uint8Array,t,a):n,s=await e(r,i);this.encrypted=await s.encrypt(this.sessionKey,this.iv,t)}else{const e=F.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await Xi(r,n,e,new Uint8Array(i))}}}class Us{static get tag(){return T.packet.publicKey}constructor(e=new Date,t=B){this.version=t.v6Keys?6:4,this.created=F.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Us,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}async read(e,t=B){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=F.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:i}=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case T.publicKey.dsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));r+=a.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,q:i,g:a,y:n}}}case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,g:i,y:a}}}case T.publicKey.ecdsa:{const e=new Qe;r+=e.read(t),qa(e);const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.eddsaLegacy:{const e=new Qe;if(r+=e.read(t),qa(e),e.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let i=F.readMPI(t.subarray(r));return r+=i.length+2,i=F.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.ecdh:{const e=new Qe;r+=e.read(t),qa(e);const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=new Ri;return r+=a.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:a}}}case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.x25519:case T.publicKey.x448:{const i=F.readExactSubarray(t,r,r+Ha(e));return r+=i.length,{read:r,publicParams:{A:i}}}case T.publicKey.hmac:case T.publicKey.aead:{const e=new ji;r+=e.read(t);const i=Te(T.hash.sha256),a=t.subarray(r,r+i);return r+=i,{read:r,publicParams:{cipher:e,digest:a}}}case T.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1184);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:i}}}case T.publicKey.pqc_mldsa_ed25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.ed25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1952);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:i}}}default:throw new it("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&i.oid&&(i.oid.getName()===T.curve.curve25519Legacy||i.oid.getName()===T.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&this.algorithm===T.publicKey.pqc_mldsa_ed25519)throw Error("Unexpected key version: ML-DSA algorithms can only be used with v6 keys");return this.publicParams=i,r+=t,await this.computeFingerprintAndKeyID(),r}throw new it(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(F.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=Na(this.algorithm,this.publicParams);return this.version>=5&&e.push(F.writeNumber(t.length,4)),e.push(t),F.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,i=e>=5?4:2;return F.concatUint8Array([new Uint8Array([r]),F.writeNumber(t.length,i),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new Zn,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await Ie(T.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await Ie(T.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return F.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&F.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=T.read(T.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=F.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}Us.prototype.readPublicKey=Us.prototype.read,Us.prototype.writePublicKey=Us.prototype.write;const Ds=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class xs{static get tag(){return T.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=B){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:i}=Ar(e),a=await P(K(this.encrypted)),n=await Yi(e,t,a.subarray(i+2),a.subarray(2,i+2));this.packets=await os.fromBinary(n,Ds,r)}async encrypt(e,t,r=B){const i=this.packets.write(),{blockSize:a}=Ar(e),n=await Qi(e),s=await Xi(e,t,n,new Uint8Array(a)),o=await Xi(e,t,i,s.subarray(2));this.encrypted=F.concat([s,o])}}class Cs{static get tag(){return T.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Is extends Us{static get tag(){return T.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Is,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}}class Ts{static get tag(){return T.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=Xe(e.subarray(t,e.length));t+=r.offset,this.attributes.push(F.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(Ye(this.attributes[t].length)),e.push(F.stringToUint8Array(this.attributes[t]));return F.concatUint8Array(e)}equals(e){return!!(e&&e instanceof Ts)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class Bs extends Us{static get tag(){return T.packet.secretKey}constructor(e=new Date,t=B){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=B){let r=await this.readPublicKey(e,t);const i=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=en(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+Ar(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+Ma(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(i),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!F.equalsUint8Array(F.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await _a(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof it)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return F.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=Na(this.algorithm,this.privateParams)),5===this.version&&t.push(F.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(F.writeChecksum(this.keyMaterial))),F.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=B){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=en(T.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=T.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=B){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=tn(t),this.s2k.generateSalt();const r=Na(this.algorithm,this.privateParams);this.symmetric=T.symmetric.aes256;const{blockSize:i}=Ar(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const a=Ma(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const n=Je(this.constructor.tag),s=await Ms(this.version,this.s2k,e,this.symmetric,this.aead,n,this.isLegacyAEAD),o=await a(this.symmetric,s);this.iv=this.isLegacyAEAD?le(i):le(a.ivLength);const c=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([n,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,a.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const t=await Ms(this.version,this.s2k,e,this.symmetric);this.iv=le(i),this.keyMaterial=await Xi(this.symmetric,t,F.concatUint8Array([r,await Ie(T.hash.sha1,r)]),this.iv)}}async decrypt(e){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let t;const r=Je(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let i;if(t=await Ms(this.version,this.s2k,e,this.symmetric,this.aead,r,this.isLegacyAEAD),253===this.s2kUsage){const e=Ma(this.aead,!0),a=await e(this.symmetric,t);try{const t=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([r,this.writePublicKey()]);i=await a.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),t)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await Yi(this.symmetric,t,this.keyMaterial,this.iv);i=e.subarray(0,-20);const r=await Ie(T.hash.sha1,i);if(!F.equalsUint8Array(r,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await _a(this.algorithm,i,this.publicParams);this.privateParams=e}catch(e){throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await Oa(this.algorithm,this.publicParams,this.privateParams)}catch(t){e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===T.publicKey.ecdh&&t===T.curve.curve25519Legacy||this.algorithm===T.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&this.algorithm===T.publicKey.pqc_mldsa_ed25519)throw Error(`Cannot generate v${this.version} signing keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:i,publicParams:a}=await Ra(this.algorithm,e,t,r);this.privateParams=i,this.publicParams=a,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ms(e,t,r,i,a,n,s){if("argon2"===t.type&&!a)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=Ar(i),c=await t.produceKey(r,o);if(!a||5===e||s)return c;const u=F.concatUint8Array([n,new Uint8Array([e,i,a])]);return Ur(T.hash.sha256,c,new Uint8Array,u,o)}class Fs{static get tag(){return T.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(F.isString(e)||e.name&&!F.isString(e.name)||e.email&&!F.isEmailAddress(e.email)||e.comment&&!F.isString(e.comment))throw Error("Invalid user ID format");const t=new Fs;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=B){const r=F.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const i=e=>/^[^\s@]+@[^\s@]+$/.test(e),a=r.indexOf("<"),n=r.lastIndexOf(">");if(-1!==a&&-1!==n&&n>a){const e=r.substring(a+1,n);if(i(e)){this.email=e;const t=r.substring(0,a).trim(),i=t.indexOf("("),n=t.lastIndexOf(")");-1!==i&&-1!==n&&n>i?(this.comment=t.substring(i+1,n).trim(),this.name=t.substring(0,i).trim()):(this.name=t,this.comment="")}}else i(r.trim())&&(this.email=r.trim(),this.name="",this.comment="");this.userID=r}write(){return F.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Ls extends Bs{static get tag(){return T.packet.secretSubkey}constructor(e=new Date,t=B){super(e,t)}}class _s{static get tag(){return T.packet.trust}read(){throw new it("Trust packets are not supported")}write(){throw new it("Trust packets are not supported")}}class Ns{static get tag(){return T.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await le(e)}}const Rs=/*#__PURE__*/F.constructAllowedPackets([rs]);class zs{constructor(e){this.packets=e||new os}write(){return this.packets.write()}armor(e=B){const t=this.packets.some((e=>e.constructor.tag===rs.tag&&6!==e.version));return Y(T.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Os({armoredSignature:e,binarySignature:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!F.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!F.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:e,data:t}=await X(a);if(e!==T.armor.signature)throw Error("Armored text not of type signature");a=t}const s=await os.fromBinary(a,Rs,r);return new zs(s)}async function js(e,t){const r=new Ls(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function qs(e,t){const r=new Bs(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Hs(e,t,r,i,a=new Date,n){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,a,void 0,n),s=e[c])}catch(e){o=e}if(!s)throw F.wrapError(`Could not find valid ${T.read(T.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Gs(e,t,r=new Date){const i=F.normalizeDate(r);if(null!==i){const r=Ys(e,t);return!(e.created<=i&&i<r)}return!1}async function Vs(e,t,r,i){const a={};a.key=t,a.bind=e;const n={signatureType:T.signature.subkeyBinding};r.sign?(n.keyFlags=[T.keyFlags.signData],n.embeddedSignature=await $s(a,[],e,{signatureType:T.signature.keyBinding},r.date,void 0,void 0,void 0,i)):n.keyFlags=r.forwarding?[T.keyFlags.forwardedCommunication]:[T.keyFlags.encryptCommunication|T.keyFlags.encryptStorage],r.keyExpirationTime>0&&(n.keyExpirationTime=r.keyExpirationTime,n.keyNeverExpires=!1);return await $s(a,[],t,n,r.date,void 0,void 0,void 0,i)}async function Ws(e,t,r=new Date,i=[],a){const n=T.hash.sha256,s=a.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,i[t],a)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=T.write(T.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===n,h=()=>{if(0===c.size)return n;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Te(e)-Te(t)))[0];return Te(e)>=Te(n)?e:n},l=new Set([T.publicKey.ecdsa,T.publicKey.eddsaLegacy,T.publicKey.ed25519,T.publicKey.ed448]),y=new Set([T.publicKey.pqc_mldsa_ed25519]);if(l.has(t.algorithm)){const e=function(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return Wr(t);case T.publicKey.ed25519:case T.publicKey.ed448:return yt(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(s),i=Te(s)>=Te(e);if(r&&i)return s;{const t=h();return Te(t)>=Te(e)?t:e}}if(y.has(t.algorithm)){if(u(s)&&Fi(t.algorithm,s))return s;{const e=h();return Fi(t.algorithm,e)?e:n}}return u(s)?s:h()}async function $s(e,t,r,i,a,n,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new rs;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Ws(t,r,a,n,c),u.rawNotations=[...s],await u.sign(r,e,a,o,c),u}async function Qs(e,t,r,i=new Date,a){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||a&&!await a(e)||t[r].some((function(t){return F.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Xs(e,t,r,i,a,n,s=new Date,o){n=n||e;const c=[];return await Promise.all(i.map((async function(e){try{if(!a||e.issuerKeyID.equals(a.issuerKeyID)){const i=![T.reasonForRevocation.keyRetired,T.reasonForRevocation.keySuperseded,T.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(n,t,r,i?null:s,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),a?(a.revoked=!!c.some((e=>e.equals(a.issuerKeyID)))||(a.revoked||!1),a.revoked):c.length>0}function Ys(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function Zs(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=T.publicKey.pqc_mldsa_ed25519:e.algorithm=T.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=T.write(T.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==T.curve.ed25519Legacy&&e.curve!==T.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?T.curve.ed25519Legacy:T.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===T.curve.ed25519Legacy?T.publicKey.eddsaLegacy:T.publicKey.ecdsa:e.algorithm=T.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?T.publicKey.ed25519:T.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?T.publicKey.ed448:T.publicKey.x448;break;case"rsa":e.algorithm=T.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=T.publicKey.hmac;try{e.symmetric=T.write(T.hash,e.symmetricHash)}catch(e){throw Error("Unknown hash algorithm")}}else{e.algorithm=T.publicKey.aead;try{e.symmetric=T.write(T.symmetric,e.symmetricCipher)}catch(e){throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function Js(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.hmac:case T.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData);default:return!1}}function eo(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.aead:case T.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage);default:return!1}}function to(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&T.keyFlags.forwardedCommunication));default:return!1}}function ro(e,t){const r=T.write(T.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.rsaEncrypt:if(i.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ecdh:if(t.rejectCurves.has(i.curve))throw Error(`Support for ${i.algorithm} keys using curve ${i.curve} is disabled.`)}}class io{constructor(e,t){this.userID=e.constructor.tag===T.packet.userID?e:null,this.userAttribute=e.constructor.tag===T.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new os;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new io(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i},n=new io(a.userID||a.userAttribute,this.mainKey);return n.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(i))throw Error("The user's own key can only be used for self-certifications");const n=await e.getSigningKey(void 0,t,void 0,r);return $s(a,[e],n.keyPacket,{signatureType:T.signature.certGeneric,keyFlags:[T.keyFlags.certifyKeys|T.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await n.update(this,t,r),n}async isRevoked(e,t,r=new Date,i=B){const a=this.mainKey.keyPacket;return Xs(a,T.signature.certRevocation,{key:a,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,i)}async verifyCertificate(e,t,r=new Date,i){const a=this,n=this.mainKey.keyPacket,s={userID:this.userID,userAttribute:this.userAttribute,key:n},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const n=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await a.isRevoked(e,n.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(n.keyPacket,T.signature.certGeneric,s,r,void 0,i)}catch(e){throw F.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,a=this.selfCertifications.concat(this.otherCertifications);return Promise.all(a.map((async a=>({keyID:a.issuerKeyID,valid:await i.verifyCertificate(a,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};let n;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const n=this.selfCertifications[s];if(n.revoked||await r.isRevoked(n,void 0,e,t))throw Error("Self-certification is revoked");try{await n.verify(i,T.signature.certGeneric,a,e,void 0,t)}catch(e){throw F.wrapError("Self-certification is invalid",e)}return!0}catch(e){n=e}throw n}async update(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};await Qs(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,T.signature.certGeneric,a,t,!1,r),!0}catch(e){return!1}})),await Qs(e,this,"otherCertifications",t),await Qs(e,this,"revocationSignatures",t,(function(e){return Xs(i,T.signature.certRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=B){const n={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new io(n.userID||n.userAttribute,this.mainKey);return s.revocationSignatures.push(await $s(n,[],e,{signatureType:T.signature.certRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}}class ao{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new os;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new ao(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=B){const a=this.mainKey.keyPacket;return Xs(a,T.signature.subkeyRevocation,{key:a,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=B){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},a=await Hs(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t);if(a.revoked||await this.isRevoked(a,null,e,t))throw Error("Subkey is revoked");if(Gs(this.keyPacket,a,e))throw Error("Subkey is expired");return a}async getExpirationTime(e=new Date,t=B){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let a;try{a=await Hs(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t)}catch(e){return null}const n=Ys(this.keyPacket,a),s=a.getExpirationTime();return n<s?n:s}async update(e,t=new Date,r=B){const i=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===T.packet.publicSubkey&&e.keyPacket.constructor.tag===T.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const a=this,n={key:i,bind:a.keyPacket};await Qs(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<a.bindingSignatures.length;t++)if(a.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>a.bindingSignatures[t].created&&(a.bindingSignatures[t]=e),!1;try{return await e.verify(i,T.signature.subkeyBinding,n,t,void 0,r),!0}catch(e){return!1}})),await Qs(e,this,"revocationSignatures",t,(function(e){return Xs(i,T.signature.subkeyRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=B){const n={key:e,bind:this.keyPacket},s=new ao(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await $s(n,[],e,{signatureType:T.signature.subkeyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{ao.prototype[e]=function(){return this.keyPacket[e]()}}));const no=/*#__PURE__*/F.constructAllowedPackets([rs]),so=new Set([T.packet.publicKey,T.packet.privateKey]),oo=new Set([T.packet.publicKey,T.packet.privateKey,T.packet.publicSubkey,T.packet.privateSubkey]);class co{packetListToStructure(e,t=new Set){let r,i,a,n;for(const s of e){if(s instanceof st){oo.has(s.tag)&&!n&&(n=so.has(s.tag)?so:oo);continue}const e=s.constructor.tag;if(n){if(!n.has(e))continue;n=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case T.packet.publicKey:case T.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case T.packet.userID:case T.packet.userAttribute:r=new io(s,this),this.users.push(r);break;case T.packet.publicSubkey:case T.packet.secretSubkey:r=null,a=new ao(s,this),this.subkeys.push(a);break;case T.packet.signature:switch(s.signatureType){case T.signature.certGeneric:case T.signature.certPersona:case T.signature.certCasual:case T.signature.certPositive:if(!r){F.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case T.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case T.signature.key:this.directSignatures.push(s);break;case T.signature.subkeyBinding:if(!a){F.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}a.bindingSignatures.push(s);break;case T.signature.keyRevocation:this.revocationSignatures.push(s);break;case T.signature.subkeyRevocation:if(!a){F.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}a.revocationSignatures.push(s)}}}}toPacketList(){const e=new os;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=B){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{ro(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Hs(r.bindingSignatures,a,T.signature.subkeyBinding,e,t,i);if(!Js(r.keyPacket,n,i))continue;if(!n.embeddedSignature)throw Error("Missing embedded signature");return await Hs([n.embeddedSignature],r.keyPacket,T.signature.keyBinding,e,t,i),ro(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&Js(a,n,i))return ro(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=B){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{ro(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Hs(r.bindingSignatures,a,T.signature.subkeyBinding,e,t,i);if(eo(r.keyPacket,n,i))return ro(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&eo(a,n,i))return ro(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=B){return Xs(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=B){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Gs(i,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==i.version){const t=await Hs(this.directSignatures,i,T.signature.key,{key:i},e,r).catch((()=>{}));if(t&&Gs(i,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=B){let r;try{const i=await this.getPrimarySelfSignature(null,e,t),a=Ys(this.keyPacket,i),n=i.getExpirationTime(),s=6!==this.keyPacket.version&&await Hs(this.directSignatures,this.keyPacket,T.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=Ys(this.keyPacket,s);r=Math.min(a,n,e)}else r=a<n?a:n}catch(e){r=null}return F.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=B){const i=this.keyPacket;if(6===i.version)return Hs(this.directSignatures,i,T.signature.key,{key:i},e,r);const{selfCertification:a}=await this.getPrimaryUser(e,t,r);return a}async getPrimaryUser(e=new Date,t={},r=B){const i=this.keyPacket,a=[];let n;for(let s=0;s<this.users.length;s++)try{const n=this.users[s];if(!n.userID)continue;if(void 0!==t.name&&n.userID.name!==t.name||void 0!==t.email&&n.userID.email!==t.email||void 0!==t.comment&&n.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:n.userID,key:i},c=await Hs(n.selfCertifications,i,T.signature.certGeneric,o,e,r);a.push({index:s,user:n,selfCertification:c})}catch(e){n=e}if(!a.length)throw n||Error("Could not find primary user");await Promise.all(a.map((async function(t){return t.selfCertification.revoked||t.user.isRevoked(t.selfCertification,null,e,r)})));const s=a.sort((function(e,t){const r=e.selfCertification,i=t.selfCertification;return i.revoked-r.revoked||r.isPrimaryUserID-i.isPrimaryUserID||r.created-i.created})).pop(),{user:o,selfCertification:c}=s;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return s}async update(e,t=new Date,r=B){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await Qs(e,i,"revocationSignatures",t,(a=>Xs(i.keyPacket,T.signature.keyRevocation,i,[a],null,e.keyPacket,t,r))),await Qs(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const a=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const a=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=B){const r={key:this.keyPacket},i=await Hs(this.revocationSignatures,this.keyPacket,T.signature.keyRevocation,r,e,t),a=new os;a.push(i);const n=6!==this.keyPacket.version;return Y(T.armor.publicKey,a.write(),null,null,"This is a revocation certificate",n,t)}async applyRevocationCertificate(e,t=new Date,r=B){const i=await X(e),a=(await os.fromBinary(i.data,no,r)).findPacket(T.packet.signature);if(!a||a.signatureType!==T.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!a.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await a.verify(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw F.wrapError("Could not verify revocation signature",e)}const n=this.clone();return n.revocationSignatures.push(a),n}async signPrimaryUser(e,t,r,i=B){const{index:a,user:n}=await this.getPrimaryUser(t,r,i),s=await n.certify(e,t,i),o=this.clone();return o.users[a]=s,o}async signAllUsers(e,t=new Date,r=B){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=B){const a=this.keyPacket,{user:n}=await this.getPrimaryUser(t,r,i);return e?await n.verifyAllCertifications(e,t,i):[{keyID:a.getKeyID(),valid:await n.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=B){const i=this.keyPacket,a=[];return await Promise.all(this.users.map((async n=>{const s=e?await n.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await n.verify(t,r).catch((()=>!1))}];a.push(...s.map((e=>({userID:n.userID?n.userID.userID:null,userAttribute:n.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),a}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{co.prototype[e]=ao.prototype[e]}));class uo extends co{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([T.packet.secretKey,T.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=B){const t=6!==this.keyPacket.version;return Y(T.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class ho extends uo{constructor(e){if(super(),this.packetListToStructure(e,new Set([T.packet.publicKey,T.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new os,t=this.toPacketList();let r=!1;for(const i of t)if(!r||i.constructor.tag!==T.packet.Signature)switch(r&&(r=!1),i.constructor.tag){case T.packet.secretKey:{if(i.algorithm===T.publicKey.aead||i.algorithm===T.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=Us.fromSecretKeyPacket(i);e.push(t);break}case T.packet.secretSubkey:{if(i.algorithm===T.publicKey.aead||i.algorithm===T.publicKey.hmac){r=!0;break}const t=Is.fromSecretSubkeyPacket(i);e.push(t);break}default:e.push(i)}return new uo(e)}armor(e=B){const t=6!==this.keyPacket.version;return Y(T.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},i=B){const a=this.keyPacket,n=[];let s=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){s=s||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:a,bind:this.subkeys[r].keyPacket},s=await Hs(this.subkeys[r].bindingSignatures,a,T.signature.subkeyBinding,e,t,i);to(this.subkeys[r].keyPacket,s,i)&&n.push(this.subkeys[r])}catch(e){s=e}}const o=await this.getPrimarySelfSignature(t,r,i);if(e&&!a.getKeyID().equals(e,!0)||!to(a,o,i)||(a.isDummy()?s=s||Error("Gnu-dummy key packets cannot be used for decryption"):n.push(this)),0===n.length)throw s||Error("No decryption key packets found");return n}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=B){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=T.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=B){if(!this.isPrivate())throw Error("Need private key for revoking");const a={key:this.keyPacket},n=this.clone();return n.revocationSignatures.push(await $s(a,[],this.keyPacket,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),n}async addSubkey(e={}){const t={...B,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const i=r.getAlgorithmInfo();i.type=function(e){switch(T.write(T.publicKey,e)){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:return"rsa";case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return"ecc";case T.publicKey.ed25519:return"curve25519";case T.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(i.algorithm),i.rsaBits=i.bits||4096,i.curve=i.curve||"curve25519Legacy",e=Zs(e,i);const a=await js(e,{...t,v6Keys:6===this.keyPacket.version});ro(a,t);const n=await Vs(a,r,e,t),s=this.toPacketList();return s.push(a,n),new ho(s)}}const lo=/*#__PURE__*/F.constructAllowedPackets([Us,Is,Bs,Ls,Fs,Ts,rs]);function yo(e){for(const t of e)switch(t.constructor.tag){case T.packet.secretKey:return new ho(e);case T.packet.publicKey:return new uo(e)}throw Error("No key packet found")}async function po(e,t,r,i){r.passphrase&&await e.encrypt(r.passphrase,i),await Promise.all(t.map((async function(e,t){const a=r.subkeys[t].passphrase;a&&await e.encrypt(a,i)})));const a=new os;function n(e,t){return[t,...e.filter((e=>e!==t))]}function s(){const t={};t.keyFlags=[T.keyFlags.certifyKeys|T.keyFlags.signData];const a=n([T.symmetric.aes256,T.symmetric.aes128],i.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=a,i.aeadProtect){const e=n([T.aead.gcm,T.aead.eax,T.aead.ocb],i.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>a.map((t=>[t,e]))))}return t.preferredHashAlgorithms=n([T.hash.sha512,T.hash.sha256,...6===e.version?[T.hash.sha3_512,T.hash.sha3_256]:[]],i.preferredHashAlgorithm),t.preferredCompressionAlgorithms=n([T.compression.uncompressed,T.compression.zlib,T.compression.zip],i.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=T.features.modificationDetection,i.aeadProtect&&(t.features[0]|=T.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(a.push(e),6===e.version){const t={key:e},n=s();n.signatureType=T.signature.key;const o=await $s(t,[],e,n,r.date,void 0,void 0,void 0,i);a.push(o)}await Promise.all(r.userIDs.map((async function(t,a){const n=Fs.fromObject(t),o={userID:n,key:e},c=6!==e.version?s():{};c.signatureType=T.signature.certPositive,0===a&&(c.isPrimaryUserID=!0);return{userIDPacket:n,signaturePacket:await $s(o,[],e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{a.push(e),a.push(t)}))})),await Promise.all(t.map((async function(t,a){const n=r.subkeys[a];return{secretSubkeyPacket:t,subkeySignaturePacket:await Vs(t,e,n,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{a.push(e),a.push(t)}))}));const o={key:e};return a.push(await $s(o,[],e,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new ho(a)}async function go({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...B,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");n=r}else n=t;const s=await os.fromBinary(n,lo,r),o=s.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===o.length)throw Error("No key packet found");return yo(s.slice(o[0],o[1]))}async function mo({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...B,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");n=r}else n=t;const s=await os.fromBinary(n,lo,r),o=s.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e<o.length;e++){if(s[o[e]].constructor.tag===T.packet.publicKey)continue;const t=s.slice(o[e],o[e+1]);return new ho(t)}throw Error("No secret key packet found")}async function fo({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");a=r}const s=[],o=await os.fromBinary(a,lo,r),c=o.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=yo(o.slice(c[e],c[e+1]));s.push(t)}return s}async function wo({armoredKeys:e,binaryKeys:t,config:r}){r={...B,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");i=r}const a=[],n=await os.fromBinary(i,lo,r),s=n.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e<s.length;e++){if(n[s[e]].constructor.tag===T.packet.publicKey)continue;const t=n.slice(s[e],s[e+1]),r=new ho(t);a.push(r)}if(0===a.length)throw Error("No secret key packet found");return a}const bo=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,Ks,bs,xs,Es,Ps,ns,rs]),ko=/*#__PURE__*/F.constructAllowedPackets([Ps]),vo=/*#__PURE__*/F.constructAllowedPackets([rs]);class Ko{constructor(e){this.packets=e||new os}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(T.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(T.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,a=B){const n=this.packets.filterByTag(T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData);if(0===n.length)throw Error("No encrypted data found");const s=n[0],o=s.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,i,a);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!F.isUint8Array(t)||!s.cipherAlgorithm&&!F.isString(e))throw Error("Invalid session key for decryption.");try{const r=s.cipherAlgorithm||T.write(T.symmetric,e);await s.decrypt(r,t,a)}catch(e){F.printDebugError(e),u=e}})));if(U(s.encrypted),s.encrypted=null,await h,!s.packets||!s.packets.length)throw u||Error("Decryption failed.");const l=new Ko(s.packets);return s.packets=new os,l}async decryptSessionKeys(e,t,r,i=new Date,a=B){let n,s=[];if(t){const e=this.packets.filterByTag(T.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await os.fromBinary(e.write(),ko,a):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t),s.push(e)}catch(e){F.printDebugError(e),e instanceof Wa&&(n=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,a)).map((e=>e.keyPacket))}catch(e){return void(n=e)}let c=[T.symmetric.aes256,T.symmetric.aes128,T.symmetric.tripledes,T.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(i,void 0,a);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(a.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===T.publicKey.rsaEncrypt||t.publicKeyAlgorithm===T.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===T.publicKey.rsaSign||t.publicKeyAlgorithm===T.publicKey.elgamal)){const i=t.write();await Promise.all((r?[r]:Array.from(a.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Es;r.read(i);const a={sessionKeyAlgorithm:t,sessionKey:ja(t)};try{await r.decrypt(e,a),s.push(r)}catch(e){F.printDebugError(e),n=e}})))}else try{await t.decrypt(e);const i=r||t.sessionKeyAlgorithm;if(i&&!c.includes(T.write(T.symmetric,i)))throw Error("A non-preferred symmetric algorithm was used.");s.push(t)}catch(e){F.printDebugError(e),n=e}})))}))),U(t.encrypted),t.encrypted=null})))}}if(s.length>0){if(s.length>1){const e=new Set;s=s.filter((t=>{const r=t.sessionKeyAlgorithm+F.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return s.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&T.read(T.symmetric,e.sessionKeyAlgorithm)})))}throw n||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=B){const{symmetricAlgo:a,aeadAlgo:n}=await async function(e=[],t=new Date,r=[],i=B){const a=await Promise.all(e.map(((e,a)=>e.getPrimarySelfSignature(t,r[a],i))));if(e.length?!i.ignoreSEIPDv2FeatureFlag&&a.every((e=>e.features&&e.features[0]&T.features.seipdv2)):i.aeadProtect){const e={symmetricAlgo:T.symmetric.aes128,aeadAlgo:T.aead.ocb},t=[{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:i.preferredAEADAlgorithm},{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:T.aead.ocb},{symmetricAlgo:T.symmetric.aes128,aeadAlgo:i.preferredAEADAlgorithm}];for(const e of t)if(a.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const n=T.symmetric.aes128,s=i.preferredSymmetricAlgorithm;return{symmetricAlgo:a.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(s)))?s:n,aeadAlgo:void 0}}(e,t,r,i),s=T.read(T.symmetric,a),o=n?T.read(T.aead,n):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===T.publicKey.x25519||e.keyPacket.algorithm===T.publicKey.x448)&&!o&&!F.isAES(a))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:ja(a),algorithm:s,aeadAlgorithm:o}}async encrypt(e,t,r,i=!1,a=[],n=new Date,s=[],o=B){if(r){if(!F.isUint8Array(r.data)||!F.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ko.generateSessionKey(e,n,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ko.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await Ko.encryptSessionKey(c,u,h,e,t,i,a,n,s,o),y=bs.fromObject({version:h?2:1,aeadAlgorithm:h?T.write(T.aead,h):null});y.packets=this.packets;const p=T.write(T.symmetric,u);return await y.encrypt(p,c,o),l.packets.push(y),y.packets=new os,l}static async encryptSessionKey(e,t,r,i,a,n=!1,s=[],o=new Date,c=[],u=B){const h=new os,l=T.write(T.symmetric,t),y=r&&T.write(T.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),a=Es.fromObject({version:y?6:3,encryptionKeyPacket:i.keyPacket,anonymousRecipient:n,sessionKey:e,sessionKeyAlgorithm:l});return await a.encrypt(i.keyPacket),delete a.sessionKey,a})));h.push(...t)}if(a){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,n,s,o){const c=new Ps(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=n,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(a.map((e=>t(c,e))))).reduce(r))return i(e,n,o)}return delete c.sessionKey,c},n=await Promise.all(a.map((t=>i(e,l,y,t))));h.push(...n)}return new Ko(h)}async sign(e=[],t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=B){const u=new os,h=this.packets.findPacket(T.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await Ao(h,e,t,r,i,a,n,s,o,!1,c),y=l.map(((e,t)=>ns.fromSignaturePacket(e,0===t))).reverse();return u.push(...y),u.push(h),u.push(...l),new Ko(u)}compress(e,t=B){if(e===T.compression.uncompressed)return this;const r=new ys(t);r.algorithm=e,r.packets=this.packets;const i=new os;return i.push(r),new Ko(i)}async signDetached(e=[],t=[],r=null,i=[],a=[],n=new Date,s=[],o=[],c=B){const u=this.packets.findPacket(T.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new zs(await Ao(u,e,t,r,i,a,n,s,o,!0,c))}async verify(e,t=new Date,r=B){const i=this.unwrapCompressed(),a=i.packets.filterByTag(T.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");let s=i.packets;n(s.stream)&&(s=s.concat(await P(s.stream,(e=>e||[]))));const o=s.filterByTag(T.packet.onePassSignature).reverse(),c=s.filterByTag(T.packet.signature);return o.length&&!c.length&&F.isStream(s.stream)&&!n(s.stream)?(await Promise.all(o.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=D((async()=>(await e.correspondingSig).signatureData)),e.hashed=P(await e.hash(e.signatureType,a[0],void 0,!1)),e.hashed.catch((()=>{}))}))),s.stream=k(s.stream,(async(e,t)=>{const r=x(e),i=C(t);try{for(let e=0;e<o.length;e++){const{value:t}=await r.read();o[e].correspondingSigResolve(t)}await r.readToEnd(),await i.ready,await i.close()}catch(e){o.forEach((t=>{t.correspondingSigReject(e)})),await i.abort(e)}})),Eo(o,a,e,t,!1,r)):Eo(c,a,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=B){const a=this.unwrapCompressed().packets.filterByTag(T.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");return Eo(e.packets.filterByTag(T.packet.signature),a,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(T.packet.compressedData);return e.length?new Ko(e[0].packets):this}async appendSignature(e,t=B){await this.packets.read(F.isUint8Array(e)?e:(await X(e)).data,vo,t)}write(){return this.packets.write()}armor(e=B){const t=this.packets[this.packets.length-1],r=t.constructor.tag===bs.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===rs.tag&&6!==e.version));return Y(T.armor.message,this.write(),null,null,null,r,e)}}async function Ao(e,t,r=[],i=null,a=[],n=new Date,s=[],o=[],c=[],u=!1,h=B){const l=new os,y=null===e.text?T.signature.binary:T.signature.text;if(await Promise.all(t.map((async(t,i)=>{const l=s[i];if(!t.isPrivate())throw Error("Need private key for signing");const p=await t.getSigningKey(a[i],n,l,h);return $s(e,r.length?r:[t],p.keyPacket,{signatureType:y},n,o,c,u,h)}))).then((e=>{l.push(...e)})),i){const e=i.packets.filterByTag(T.packet.signature);l.push(...e)}return l}async function Eo(e,t,r,i=new Date,a=!1,n=B){return Promise.all(e.filter((function(e){return["text","binary"].includes(T.read(T.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,a=!1,n=B){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof ns?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,a,n);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,n)}catch(e){if(!n.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,n)}return!0})(),signature:(async()=>{const e=await c,t=new os;return e&&t.push(e),new zs(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,a,n)})))}async function So({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const s=F.isStream(a);if(e){const{type:e,data:t}=await X(a);if(e!==T.armor.message)throw Error("Armored text not of type message");a=t}const o=await os.fromBinary(a,bo,r,new hs),c=new Ko(o);return c.fromStream=s,c}async function Po({text:e,binary:t,filename:r,date:i=new Date,format:a=(void 0!==e?"utf8":"binary"),...n}){const s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(n);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=F.isStream(s),u=new Yn(i);void 0!==e?u.setText(s,T.write(T.literal,a)):u.setBytes(s,T.write(T.literal,a)),void 0!==r&&u.setFilename(r);const h=new os;h.push(u);const l=new Ko(h);return l.fromStream=c,l}const Uo=/*#__PURE__*/F.constructAllowedPackets([rs]);class Do{constructor(e,t){if(this.text=F.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof zs))throw Error("Invalid signature input");this.signature=t||new zs(new os)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=B){const u=new Yn;u.setText(this.text);const h=new zs(await Ao(u,e,t,r,i,a,n,s,o,!0,c));return new Do(this.text,h)}verify(e,t=new Date,r=B){const i=this.signature.packets.filterByTag(T.packet.signature),a=new Yn;return a.setText(this.text),Eo(i,[a],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=B){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>T.read(T.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return Y(T.armor.signed,r,void 0,void 0,void 0,t,e)}}async function xo({cleartextMessage:e,config:t,...r}){if(t={...B,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!F.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const a=await X(e);if(a.type!==T.armor.signed)throw Error("No cleartext signed message.");const n=await os.fromBinary(a.data,Uo,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i<t.length;i++)if(t[i].constructor.tag===T.packet.signature&&!e.some(r(t[i])))return!1;return!0},i=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return T.write(T.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));i.push(...e)}})),i.length&&!r(i))throw Error("Hash algorithm mismatch in armor header and signature")}(a.headers,n);const s=new zs(n);return new Do(a.text,s)}async function Co({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!F.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Do(e)}async function Io({userIDs:e=[],passphrase:t,type:r,curve:i,rsaBits:a=4096,symmetricHash:n="sha256",symmetricCipher:s="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...y}){Wo(l={...B,...l}),r||i?(r=r||"ecc",i=i||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",i="curve25519Legacy"),e=$o(e);const p=Object.keys(y);if(p.length>0)throw Error("Unknown option: "+p.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&a<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${a}`);const d={userIDs:e,passphrase:t,type:r,rsaBits:a,curve:i,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:n,symmetricCipher:s};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=Zs(e)).subkeys=e.subkeys.map(((t,r)=>Zs(e.subkeys[r],e)));let r=[qs(e,t)];r=r.concat(e.subkeys.map((e=>js(e,t))));const i=await Promise.all(r),a=await po(i[0],i.slice(1),e,t),n=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:n}}(d,l);return e.getKeys().forEach((({keyPacket:e})=>ro(e,l))),{privateKey:Yo(e,h,l),publicKey:"symmetric"!==r?Yo(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw F.wrapError("Error generating keypair",e)}}async function To({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:a,format:n="armored",config:s,...o}){Wo(s={...B,...s}),t=$o(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:a};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,a={key:i,bind:r},n=await Hs(e.bindingSignatures,i,T.signature.subkeyBinding,a,null,t).catch((()=>({})));return{sign:n.keyFlags&&n.keyFlags[0]&T.keyFlags.signData,forwarding:n.keyFlags&&n.keyFlags[0]&T.keyFlags.forwardedCommunication}}))));const a=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==a.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const n=await po(i,a,e,t),s=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:Yo(e,n,s),publicKey:Yo(e.toPublic(),n,s),revocationCertificate:t}}catch(e){throw F.wrapError("Error reformatting keypair",e)}}async function Bo({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:a="armored",config:n,...s}){Wo(n={...B,...n});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,n):await e.revoke(r,i,n);return s.isPrivate()?{privateKey:Yo(s,a,n),publicKey:Yo(s.toPublic(),a,n)}:{privateKey:null,publicKey:Yo(s,a,n)}}catch(e){throw F.wrapError("Error revoking key",e)}}async function Mo({privateKey:e,passphrase:t,config:r,...i}){Wo(r={...B,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const n=e.clone(!0),s=F.isArray(t)?t:[t];try{return await Promise.all(n.getKeys().map((e=>F.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await n.validate(r),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error decrypting private key",e)}}async function Fo({privateKey:e,passphrase:t,config:r,...i}){Wo(r={...B,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const n=e.clone(!0),s=n.getKeys(),o=F.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error encrypting private key",e)}}async function Lo({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:a,format:n="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:p=[],config:d,...g}){if(Wo(d={...B,...d}),qo(e),Go(n),t=$o(t),r=$o(r),i=$o(i),c=$o(c),u=$o(u),l=$o(l),y=$o(y),p=$o(p),g.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(g.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(g.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==g.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const m=Object.keys(g);if(m.length>0)throw Error("Unknown option: "+m.join(", "));r||(r=[]);try{if((r.length||s)&&(e=await e.sign(r,t,s,c,h,l,u,p,d)),e=e.compress(await async function(e=[],t=new Date,r=[],i=B){const a=T.compression.uncompressed,n=i.preferredCompressionAlgorithm,s=await Promise.all(e.map((async function(e,a){const s=(await e.getPrimarySelfSignature(t,r[a],i)).preferredCompressionAlgorithms;return!!s&&s.indexOf(n)>=0})));return s.every(Boolean)?n:a}(t,h,y,d),d),e=await e.encrypt(t,i,a,o,u,h,y,d),"object"===n)return e;const g="armored"===n?e.armor(d):e.write();return await Qo(g)}catch(e){throw F.wrapError("Error encrypting message",e)}}async function _o({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:a,expectSigned:n=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Wo(u={...B,...u}),qo(e),a=$o(a),t=$o(t),r=$o(r),i=$o(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,i,c,u);a||(a=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,a,c,u):await h.verify(a,c,u),l.data="binary"===s?h.getLiteralData():h.getText(),l.filename=h.getFilename(),Xo(l,e,...new Set([h,h.unwrapCompressed()])),n){if(0===a.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=g([l.data,D((async()=>(await F.anyPromise(l.signatures.map((e=>e.verified))),"binary"===s?new Uint8Array:"")))])}return l.data=await Qo(l.data),l}catch(e){throw F.wrapError("Error decrypting message",e)}}async function No({message:e,signingKeys:t,recipientKeys:r=[],format:i="armored",detached:a=!1,signingKeyIDs:n=[],date:s=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if(Wo(h={...B,...h}),Ho(e),Go(i),t=$o(t),n=$o(n),o=$o(o),r=$o(r),c=$o(c),u=$o(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof Do&&"binary"===i)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Do&&a)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=a?await e.signDetached(t,r,void 0,n,s,o,c,u,h):await e.sign(t,r,void 0,n,s,o,c,u,h),"object"===i)return l;return l="armored"===i?l.armor(h):l.write(),a&&(l=k(e.packets.write(),(async(e,t)=>{await Promise.all([m(l,t),P(e).catch((()=>{}))])}))),await Qo(l)}catch(e){throw F.wrapError("Error signing message",e)}}async function Ro({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:a=null,date:n=new Date,config:s,...o}){if(Wo(s={...B,...s}),Ho(e),t=$o(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Do&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof Do&&a)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=a?await e.verifyDetached(a,t,n,s):await e.verify(t,n,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!a&&Xo(o,...new Set([e,e.unwrapCompressed()])),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=g([o.data,D((async()=>(await F.anyPromise(o.signatures.map((e=>e.verified))),"binary"===i?new Uint8Array:"")))])}return o.data=await Qo(o.data),o}catch(e){throw F.wrapError("Error verifying signed message",e)}}async function zo({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...a}){if(Wo(i={...B,...i}),e=$o(e),r=$o(r),a.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const n=Object.keys(a);if(n.length>0)throw Error("Unknown option: "+n.join(", "));try{return await Ko.generateSessionKey(e,t,r,i)}catch(e){throw F.wrapError("Error generating session key",e)}}async function Oo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:a,format:n="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if(Wo(h={...B,...h}),function(e){if(!F.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!F.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Go(n),i=$o(i),a=$o(a),o=$o(o),u=$o(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(i&&0!==i.length||a&&0!==a.length))throw Error("No encryption keys or passwords provided.");try{return Yo(await Ko.encryptSessionKey(e,t,r,i,a,s,o,c,u,h),n,h)}catch(e){throw F.wrapError("Error encrypting session key",e)}}async function jo({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:a,...n}){if(Wo(a={...B,...a}),qo(e),t=$o(t),r=$o(r),n.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,i,a)}catch(e){throw F.wrapError("Error decrypting session keys",e)}}function qo(e){if(!(e instanceof Ko))throw Error("Parameter [message] needs to be of type Message")}function Ho(e){if(!(e instanceof Do||e instanceof Ko))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Go(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Vo=Object.keys(B).length;function Wo(e){const t=Object.keys(e);if(t.length!==Vo)for(const e of t)if(void 0===B[e])throw Error("Unknown config property: "+e)}function $o(e){return e&&!F.isArray(e)&&(e=[e]),e}async function Qo(e){return"array"===F.isStream(e)?P(e):e}function Xo(e,t,...r){e.data=k(t.packets.stream,(async(t,i)=>{await m(e.data,i,{preventClose:!0});const a=C(i);try{await P(t,(e=>e)),await Promise.all(r.map((e=>P(e.packets.stream,(e=>e))))),await a.close()}catch(e){await a.abort(e)}}))}function Yo(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{Ks as AEADEncryptedDataPacket,Wa as Argon2OutOfMemoryError,Ya as Argon2S2K,Do as CleartextMessage,ys as CompressedDataPacket,cs as GrammarError,Ri as KDFParams,Yn as LiteralDataPacket,Cs as MarkerPacket,Ko as Message,ns as OnePassSignaturePacket,os as PacketList,Ns as PaddingPacket,ho as PrivateKey,uo as PublicKey,Es as PublicKeyEncryptedSessionKeyPacket,Us as PublicKeyPacket,Is as PublicSubkeyPacket,Bs as SecretKeyPacket,Ls as SecretSubkeyPacket,zs as Signature,rs as SignaturePacket,ao as Subkey,bs as SymEncryptedIntegrityProtectedDataPacket,Ps as SymEncryptedSessionKeyPacket,xs as SymmetricallyEncryptedDataPacket,_s as TrustPacket,st as UnparseablePacket,Ts as UserAttributePacket,Fs as UserIDPacket,Y as armor,B as config,Co as createCleartextMessage,Po as createMessage,_o as decrypt,Mo as decryptKey,jo as decryptSessionKeys,Lo as encrypt,Fo as encryptKey,Oo as encryptSessionKey,T as enums,Io as generateKey,zo as generateSessionKey,xo as readCleartextMessage,go as readKey,fo as readKeys,So as readMessage,mo as readPrivateKey,wo as readPrivateKeys,Os as readSignature,To as reformatKey,Bo as revokeKey,No as sign,X as unarmor,Ro as verify};
 //# sourceMappingURL=openpgp.min.mjs.map