@protontech/openpgp 6.2.1 → 6.2.2

package/dist/openpgp.min.mjs

@@ -1,6 +1,6 @@
-/*! OpenPGP.js v6.2.1 - 2025-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
-const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function t(e,t){return t.forEach((function(t){t&&"string"!=typeof t&&!Array.isArray(t)&&Object.keys(t).forEach((function(r){if("default"!==r&&!(r in e)){var n=Object.getOwnPropertyDescriptor(t,r);Object.defineProperty(e,r,n.get?n:{enumerable:!0,get:function(){return t[r]}})}}))})),Object.freeze(e)}const r=Symbol("doneWritingPromise"),n=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),s=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[r]=new Promise(((e,t)=>{this[n]=e,this[i]=t})),this[r].catch((()=>{}))}}function a(e){return e&&e.getReader&&Array.isArray(e)}function o(e){if(!a(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function c(t){if(a(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function u(e){return Uint8Array.prototype.isPrototypeOf(e)}function h(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!u(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let n=0;return e.forEach((function(e){r.set(e,n),n+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[s]&&(this[s]=0),{read:async()=>(await this[r],this[s]===this.length?{value:void 0,done:!0}:{value:this[this[s]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[r];const t=e(this.slice(this[s]));return this.length=0,t},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[r]=this[r].then((()=>{e.push(...this)})),e},o.prototype.write=async function(e){this.stream.push(e)},o.prototype.close=async function(){this.stream[n]()},o.prototype.abort=async function(e){return this.stream[i](e),e},o.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const l=new WeakSet,f=Symbol("externalBuffer");function y(e){if(this.stream=e,e[f]&&(this[f]=e[f].slice()),a(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(c(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||l.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{l.add(e)}catch(e){}}}function p(e){return c(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(c(e))return e;const t=new ArrayStream;return(async()=>{const r=D(t);await r.write(e),await r.close()})(),t}function g(e){return e.some((e=>c(e)&&!a(e)))?function(e){e=e.map(p);const t=m((async function(e){await Promise.all(n.map((t=>C(t,e))))}));let r=Promise.resolve();const n=e.map(((n,i)=>k(n,((n,s)=>(r=r.then((()=>A(n,t.writable,{preventClose:i!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>a(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((n,i)=>(r=r.then((()=>A(n,t,{preventClose:i!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):h(e)}async function A(e,t,{preventClose:r=!1,preventAbort:n=!1,preventCancel:i=!1}={}){if(c(e)&&!a(e)){e=p(e);try{if(e[f]){const r=D(t);for(let t=0;t<e[f].length;t++)await r.ready,await r.write(e[f][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:n,preventCancel:i})}catch(e){}return}const s=P(e=d(e)),o=D(t);try{for(;;){await o.ready;const{done:e,value:t}=await s.read();if(e){r||await o.close();break}await o.write(t)}}catch(e){n||await o.abort(e)}finally{s.releaseLock(),o.releaseLock()}}function w(e,t){const r=new TransformStream(t);return A(e,r.writable),r.readable}function m(e){let t,r,n,i=!1,s=!1;return{readable:new ReadableStream({start(e){n=e},pull(){t?t():i=!0},async cancel(t){s=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(s)throw Error("Stream is cancelled");n.enqueue(e),i?i=!1:(await new Promise(((e,n)=>{t=e,r=n})),t=null,r=null)},close:n.close.bind(n),abort:n.error.bind(n)})}}function b(e,t=()=>{},r=()=>{}){if(a(e)){const n=new ArrayStream;return(async()=>{const i=D(n);try{const n=await B(e),s=t(n),a=r();let o;o=void 0!==s&&void 0!==a?g([s,a]):void 0!==s?s:a,await i.write(o),await i.close()}catch(e){await i.abort(e)}})(),n}if(c(e))return w(e,{async transform(e,r){try{const n=await t(e);void 0!==n&&r.enqueue(n)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const n=t(e),i=r();return void 0!==n&&void 0!==i?g([n,i]):void 0!==n?n:i}function k(e,t){if(c(e)&&!a(e)){let r;const n=new TransformStream({start(e){r=e}}),i=A(e,n.writable),s=m((async function(e){r.error(e),await i,await new Promise(setTimeout)}));return t(n.readable,s.writable),s.readable}e=d(e);const r=new ArrayStream;return t(e,r),r}function E(e,t){let r;const n=k(e,((e,i)=>{const s=P(e);s.remainder=()=>(s.releaseLock(),A(e,i),n),r=t(s)}));return r}function v(e){if(a(e))return e.clone();if(c(e)){const t=function(e){if(a(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(c(e)){const t=p(e).tee();return t[0][f]=t[1][f]=e[f],t}return[I(e),I(e)]}(e);return S(e,t[0]),t[1]}return I(e)}function K(e){return a(e)?v(e):c(e)?new ReadableStream({start(t){const r=k(e,(async(e,r)=>{const n=P(e),i=D(r);try{for(;;){await i.ready;const{done:e,value:r}=await n.read();if(e){try{t.close()}catch(e){}return void await i.close()}try{t.enqueue(r)}catch(e){}await i.write(r)}}catch(e){t.error(e),await i.abort(e)}}));S(e,r)}}):I(e)}function S(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,n])=>{"constructor"!==r&&(n.value?n.value=n.value.bind(t):n.get=n.get.bind(t),Object.defineProperty(e,r,n))}))}function I(e,t=0,r=1/0){if(a(e))throw Error("Not implemented");if(c(e)){if(t>=0&&r>=0){let n=0;return w(e,{transform(e,i){n<r?(n+e.length>=t&&i.enqueue(I(e,Math.max(t-n,0),r-n)),n+=e.length):i.terminate()}})}if(t<0&&(r<0||r===1/0)){let n=[];return b(e,(e=>{e.length>=-t?n=[e]:n.push(e)}),(()=>I(g(n),t,r)))}if(0===t&&r<0){let n;return b(e,(e=>{const i=n?g([n,e]):e;if(i.length>=-r)return n=I(i,r),I(i,t,r);n=i}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),U((async()=>I(await B(e),t,r)))}return e[f]&&(e=g(e[f].concat([e]))),u(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function B(e,t=g){return a(e)?e.readToEnd(t):c(e)?P(e).readToEnd(t):e}async function C(e,t){if(c(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function U(e){const t=new ArrayStream;return(async()=>{const r=D(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function P(e){return new y(e)}function D(e){return new o(e)}y.prototype.read=async function(){if(this[f]&&this[f].length){return{done:!1,value:this[f].shift()}}return this._read()},y.prototype.releaseLock=function(){this[f]&&(this.stream[f]=this[f]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:n}=await this.read();if(n+="",r)return t.length?g(t):void 0;const i=n.indexOf("\n")+1;i&&(e=g(t.concat(n.substr(0,i))),t=[]),i!==n.length&&t.push(n.substr(i))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(I(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:n,value:i}=await this.read();if(n)return t.length?g(t):void 0;if(t.push(i),r+=i.length,r>=e){const r=g(t);return this.unshift(I(r,e)),I(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[f]||(this[f]=[]),1===e.length&&u(e[0])&&this[f].length&&e[0].length&&this[f][0].byteOffset>=e[0].length?this[f][0]=new Uint8Array(this[f][0].buffer,this[f][0].byteOffset-e[0].length,this[f][0].byteLength+e[0].length):this[f].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=g){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const x=Symbol("byValue");var Q={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mldsa_ed25519:30,pqc_mlkem_x25519:35,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[x]||(e[x]=[],Object.entries(e).forEach((([t,r])=>{e[x][r]=t}))),void 0!==e[x][t])return e[x][t];throw Error("Invalid enum value.")}},R={preferredHashAlgorithm:Q.hash.sha512,preferredSymmetricAlgorithm:Q.symmetric.aes256,preferredCompressionAlgorithm:Q.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:Q.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:Q.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([Q.symmetric.aes128,Q.symmetric.aes192,Q.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,enforceGrammar:!0,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.2.1",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([Q.hash.md5,Q.hash.ripemd]),rejectMessageHashAlgorithms:new Set([Q.hash.md5,Q.hash.ripemd,Q.hash.sha1]),rejectPublicKeyAlgorithms:new Set([Q.publicKey.elgamal,Q.publicKey.dsa]),rejectCurves:new Set([Q.curve.secp256k1])};const T=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),M={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:u,isStream:c,getNobleCurve:async(e,t)=>{if(!R.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await Promise.resolve().then((function(){return sf}));switch(e){case Q.publicKey.ecdh:case Q.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case Q.publicKey.x448:return r.get("x448");case Q.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let n=0;n<t;n++)r[n]=e>>8*(t-n-1)&255;return r},readDate:function(e){const t=M.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return M.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return M.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),n=t-e.length;return r.set(e,n),r},uint8ArrayToMPI:function(e){const t=M.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),n=new Uint8Array([(65280&t)>>8,255&t]);return M.concatUint8Array([n,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+M.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return b(e,(e=>{if(!M.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,n=(e=new Uint8Array(e)).length;for(let i=0;i<n;i+=r)t.push(String.fromCharCode.apply(String,e.subarray(i,i+r<n?i+r:n)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return b(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return b(e,r,(()=>r(new Uint8Array,!0)))},concat:g,concatUint8Array:h,equalsUint8Array:function(e,t){if(!M.isUint8Array(e)||!M.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},findLastIndex:function(e,t){for(let r=e.length;r>=0;r--)if(t(e[r],r,e))return r;return-1},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return M.writeNumber(t,2)},printDebug:function(e){T&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){T&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let n=0;n<r;n++)t[n]=e[n]<<1^e[n+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!M.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return b(e,(e=>{let r;t&&(e=M.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const n=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&n.push(r);if(!n.length)return e;const i=new Uint8Array(e.length+n.length);let s=0;for(let t=0;t<n.length;t++){const r=e.subarray(n[t-1]||0,n[t]);i.set(r,s),s+=r.length,i[s-1]=13,i[s]=10,s++}return i.set(e.subarray(n[n.length-1]||0),s),i}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return b(e,(e=>{let r;13===(e=t&&10!==e[0]?M.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let n=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const i=r-(10===e[r]?1:0);t&&e.copyWithin(n,t,i),n+=i-t}return e.subarray(0,n)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return e instanceof Error?e:Error(e);if(e instanceof Error){try{e.message+=": "+t.message,e.cause=t}catch(e){}return e}return Error(e+": "+t.message,{cause:t})},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let n;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){n=e}}))),r(n)}))},selectUint8Array:function(e,t,r){const n=Math.max(t.length,r.length),i=new Uint8Array(n);let s=0;for(let n=0;n<i.length;n++)i[n]=t[n]&256-e|r[n]&255+e,s+=e&n<t.length|1-e&n<r.length;return i.subarray(0,s)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===Q.symmetric.aes128||e===Q.symmetric.aes192||e===Q.symmetric.aes256}},L=M.getNodeBuffer();let F,O;function N(e){let t=new Uint8Array;return b(e,(e=>{t=M.concatUint8Array([t,e]);const r=[],n=Math.floor(t.length/45),i=45*n,s=F(t.subarray(0,i));for(let e=0;e<n;e++)r.push(s.substr(60*e,60)),r.push("\n");return t=t.subarray(i),r.join("")}),(()=>t.length?F(t)+"\n":""))}function _(e){let t="";return b(e,(e=>{t+=e;let r=0;const n=[" ","\t","\r","\n"];for(let e=0;e<n.length;e++){const i=n[e];for(let e=t.indexOf(i);-1!==e;e=t.indexOf(i,e+1))r++}let i=t.length;for(;i>0&&(i-r)%4!=0;i--)n.includes(t[i])&&r--;const s=O(t.substr(0,i));return t=t.substr(i),s}),(()=>O(t)))}function H(e){return _(e.replace(/-/g,"+").replace(/_/g,"/"))}function z(e,t){let r=N(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function G(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?Q.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?Q.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?Q.armor.signed:/MESSAGE/.test(t[1])?Q.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?Q.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?Q.armor.privateKey:/SIGNATURE/.test(t[1])?Q.armor.signature:void 0}function q(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function j(e){const t=function(e){let t=13501623;return b(e,(e=>{const r=Y?Math.floor(e.length/4):0,n=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=n[e],t=V[0][t>>24&255]^V[1][t>>16&255]^V[2][t>>8&255]^V[3][255&t];for(let n=4*r;n<e.length;n++)t=t>>8^V[0][255&t^e[n]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return N(t)}L?(F=e=>L.from(e).toString("base64"),O=e=>{const t=L.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(F=e=>btoa(M.uint8ArrayToString(e)),O=e=>M.stringToUint8Array(atob(e)));const V=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);V[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)V[1][e]=V[0][e]>>8^V[0][255&V[0][e]];for(let e=0;e<=255;e++)V[2][e]=V[1][e]>>8^V[0][255&V[1][e]];for(let e=0;e<=255;e++)V[3][e]=V[2][e]>>8^V[0][255&V[2][e]];const Y=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function Z(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||M.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||M.printDebugError(Error("Unknown header: "+e[t]))}function J(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function X(e){return new Promise((async(t,r)=>{try{const n=/^-----[^-]+-----$/m,i=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const a=[];let o,c,u=a,h=[];const l=_(k(e,(async(e,f)=>{const y=P(e);try{for(;;){let e=await y.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=M.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(o)c||s!==Q.armor.signed||(n.test(e)?(h=h.join("\r\n"),c=!0,Z(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(n.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),i.test(e)){if(Z(u),o=!0,c||s!==Q.armor.signed){t({text:h,data:l,headers:a,type:s});break}}else u.push(e);else n.test(e)&&(s=G(e))}}catch(e){return void r(e)}const p=D(f);try{for(;;){await p.ready;const{done:e,value:t}=await y.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await y.readToEnd();e.length||(e=""),e=r+e,e=M.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=J(t[0].slice(0,-1));await p.write(i);break}await p.write(r)}await p.ready,await p.close()}catch(e){await p.abort(e)}})))}catch(e){r(e)}})).then((async e=>(a(e.data)&&(e.data=await B(e.data)),e)))}function W(e,t,r,n,i,s=!1,a=R){let o,c;e===Q.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=s&&K(t),h=[];switch(e){case Q.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+n+"-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+n+"-----\n");break;case Q.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case Q.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP SIGNATURE-----\n");break;case Q.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP MESSAGE-----\n");break;case Q.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case Q.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case Q.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP SIGNATURE-----\n")}return M.concat(h)}const $=BigInt(0),ee=BigInt(1);function te(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function re(e,t){const r=e%t;return r<$?r+t:r}function ne(e,t,r){if(r===$)throw Error("Modulo cannot be zero");if(r===ee)return BigInt(0);if(t<$)throw Error("Unsopported negative exponent");let n=t,i=e;i%=r;let s=BigInt(1);for(;n>$;){const e=n&ee;n>>=ee;s=e?s*i%r:s,i=i*i%r}return s}function ie(e){return e>=$?e:-e}function se(e,t){const{gcd:r,x:n}=function(e,t){let r=BigInt(0),n=BigInt(1),i=BigInt(1),s=BigInt(0),a=ie(e),o=ie(t);const c=e<$,u=t<$;for(;o!==$;){const e=a/o;let t=r;r=i-e*r,i=t,t=n,n=s-e*n,s=t,t=o,o=a%o,a=t}return{x:c?-i:i,y:u?-s:s,gcd:a}}(e,t);if(r!==ee)throw Error("Inverse does not exist");return re(n+t,t)}function ae(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function oe(e,t){return(e>>BigInt(t)&ee)===$?0:1}function ce(e){const t=e<$?BigInt(-1):$;let r=1,n=e;for(;(n>>=ee)!==t;)r++;return r}function ue(e){const t=e<$?BigInt(-1):$,r=BigInt(8);let n=1,i=e;for(;(i>>=r)!==t;)n++;return n}function he(e,t="be",r){let n=e.toString(16);n.length%2==1&&(n="0"+n);const i=n.length/2,s=new Uint8Array(r||i),a=r?r-i:0;let o=0;for(;o<i;)s[o+a]=parseInt(n.slice(2*o,2*o+2),16),o++;return"be"!==t&&s.reverse(),s}const le=M.getNodeCrypto();function fe(e){const t="undefined"!=typeof crypto?crypto:le?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function ye(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return re(te(fe(ue(r)+8)),r)+e}const pe=BigInt(1);function de(e,t,r){const n=BigInt(30),i=pe<<BigInt(e-1),s=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let a=ye(i,i<<pe),o=ae(re(a,n));do{a+=BigInt(s[o]),o=(o+s[o])%s.length,ce(a)>e&&(a=re(a,i<<pe),a+=i,o=ae(re(a,n)))}while(!ge(a,t,r));return a}function ge(e,t,r){return(!t||function(e,t){let r=e,n=t;for(;n!==$;){const e=n;n=r%n,r=e}return r}(e-pe,t)===pe)&&(!!function(e){const t=BigInt(0);return Ae.every((r=>re(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return ne(t,e-pe,e)===pe}(e)&&!!function(e,t){const r=ce(e);t||(t=Math.max(1,r/48|0));const n=e-pe;let i=0;for(;!oe(n,i);)i++;const s=e>>BigInt(i);for(;t>0;t--){let t,r=ne(ye(BigInt(2),n),s,e);if(r!==pe&&r!==n){for(t=1;t<i;t++){if(r=re(r*r,e),r===pe)return!1;if(r===n)break}if(t===i)return!1}}return!0}(e,r)))}const Ae=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const we=M.getWebCrypto(),me=M.getNodeCrypto(),be=me&&me.getHashes();function ke(e){if(me&&be.includes(e))return async function(t){const r=me.createHash(e);return b(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function Ee(e,t){const r=async()=>{const{nobleHashes:t}=await Promise.resolve().then((function(){return xf})),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(a(e)&&(e=await B(e)),M.isStream(e)){const t=(await r()).create();return b(e,(e=>{t.update(e)}),(()=>t.digest()))}if(we&&t)return new Uint8Array(await we.digest(t,e));return(await r())(e)}}const ve=ke("md5")||Ee("md5"),Ke=ke("sha1")||Ee("sha1","SHA-1"),Se=ke("sha224")||Ee("sha224"),Ie=ke("sha256")||Ee("sha256","SHA-256"),Be=ke("sha384")||Ee("sha384","SHA-384"),Ce=ke("sha512")||Ee("sha512","SHA-512"),Ue=ke("ripemd160")||Ee("ripemd160"),Pe=ke("sha3-256")||Ee("sha3_256"),De=ke("sha3-512")||Ee("sha3_512");function xe(e,t){switch(e){case Q.hash.md5:return ve(t);case Q.hash.sha1:return Ke(t);case Q.hash.ripemd:return Ue(t);case Q.hash.sha256:return Ie(t);case Q.hash.sha384:return Be(t);case Q.hash.sha512:return Ce(t);case Q.hash.sha224:return Se(t);case Q.hash.sha3_256:return Pe(t);case Q.hash.sha3_512:return De(t);default:throw Error("Unsupported hash function")}}function Qe(e){switch(e){case Q.hash.md5:return 16;case Q.hash.sha1:case Q.hash.ripemd:return 20;case Q.hash.sha256:return 32;case Q.hash.sha384:return 48;case Q.hash.sha512:return 64;case Q.hash.sha224:return 28;case Q.hash.sha3_256:return 32;case Q.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Re=[];function Te(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const n=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const n=fe(e-r);for(let e=0;e<n.length;e++)0!==n[e]&&(t[r++]=n[e])}return t}(t-r-3),i=new Uint8Array(t);return i[1]=2,i.set(n,2),i.set(e,t-r),i}function Me(e,t){let r=2,n=1;for(let t=r;t<e.length;t++)n&=0!==e[t],r+=n;const i=r-2,s=e.subarray(r+1),a=0===e[0]&2===e[1]&i>=8&!n;if(t)return M.selectUint8Array(a,s,t);if(a)return s;throw Error("Decryption error")}function Le(e,t,r){let n;if(t.length!==Qe(e))throw Error("Invalid hash length");const i=new Uint8Array(Re[e].length);for(n=0;n<Re[e].length;n++)i[n]=Re[e][n];const s=i.length+t.length;if(r<s+11)throw Error("Intended encoded message length too short");const a=new Uint8Array(r-s-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(a,2),o.set(i,r-s),o.set(t,r-t.length),o}Re[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Re[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Re[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Re[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Re[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Re[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Re[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const Fe=M.getWebCrypto(),Oe=M.getNodeCrypto(),Ne=BigInt(1);async function _e(e,t,r,n,i,s,a,o,c){if(Qe(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!M.isStream(t))if(M.getWebCrypto())try{return await async function(e,t,r,n,i,s,a,o){const c=await qe(r,n,i,s,a,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await Fe.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await Fe.sign("RSASSA-PKCS1-v1_5",h,t))}(Q.read(Q.webHash,e),t,r,n,i,s,a,o)}catch(e){M.printDebugError(e)}else if(M.getNodeCrypto())return async function(e,t,r,n,i,s,a,o){const c=Oe.createSign(Q.read(Q.hash,e));c.write(t),c.end();const u=await qe(r,n,i,s,a,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,n,i,s,a,o);return async function(e,t,r,n){t=te(t);const i=te(Le(e,n,ue(t)));return r=te(r),he(ne(i,r,t),"be",ue(t))}(e,r,i,c)}async function He(e,t,r,n,i,s){if(t&&!M.isStream(t))if(M.getWebCrypto())try{return await async function(e,t,r,n,i){const s=je(n,i),a=await Fe.importKey("jwk",s,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return Fe.verify("RSASSA-PKCS1-v1_5",a,r,t)}(Q.read(Q.webHash,e),t,r,n,i)}catch(e){M.printDebugError(e)}else if(M.getNodeCrypto())return async function(e,t,r,n,i){const s=je(n,i),a={key:s,format:"jwk",type:"pkcs1"},o=Oe.createVerify(Q.read(Q.hash,e));o.write(t),o.end();try{return o.verify(a,r)}catch(e){return!1}}(e,t,r,n,i);return async function(e,t,r,n,i){if(r=te(r),t=te(t),n=te(n),t>=r)throw Error("Signature size cannot exceed modulus size");const s=he(ne(t,n,r),"be",ue(r)),a=Le(e,i,ue(r));return M.equalsUint8Array(s,a)}(e,r,n,i,s)}async function ze(e,t,r){return M.getNodeCrypto()?async function(e,t,r){const n=je(t,r),i={key:n,format:"jwk",type:"pkcs1",padding:Oe.constants.RSA_PKCS1_PADDING};return new Uint8Array(Oe.publicEncrypt(i,e))}(e,t,r):async function(e,t,r){if(t=te(t),e=te(Te(e,ue(t))),r=te(r),e>=t)throw Error("Message size cannot exceed modulus size");return he(ne(e,r,t),"be",ue(t))}(e,t,r)}async function Ge(e,t,r,n,i,s,a,o){if(M.getNodeCrypto()&&!o)try{return await async function(e,t,r,n,i,s,a){const o=await qe(t,r,n,i,s,a),c={key:o,format:"jwk",type:"pkcs1",padding:Oe.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Oe.privateDecrypt(c,e))}catch(e){throw Error("Decryption error")}}(e,t,r,n,i,s,a)}catch(e){M.printDebugError(e)}return async function(e,t,r,n,i,s,a,o){if(e=te(e),t=te(t),r=te(r),n=te(n),i=te(i),s=te(s),a=te(a),e>=t)throw Error("Data too large.");const c=re(n,s-Ne),u=re(n,i-Ne),h=ye(BigInt(2),t),l=ne(se(h,t),r,t);e=re(e*l,t);const f=ne(e,u,i),y=ne(e,c,s),p=re(a*(y-f),s);let d=p*i+f;return d=re(d*h,t),Me(he(d,"be",ue(t)),o)}(e,t,r,n,i,s,a,o)}async function qe(e,t,r,n,i,s){const a=te(n),o=te(i),c=te(r);let u=re(c,o-Ne),h=re(c,a-Ne);return h=he(h),u=he(u),{kty:"RSA",n:z(e),e:z(t),d:z(r),p:z(i),q:z(n),dp:z(u),dq:z(h),qi:z(s),ext:!0}}function je(e,t){return{kty:"RSA",n:z(e),e:z(t),ext:!0}}function Ve(e,t){return{n:H(e.n),e:he(t),d:H(e.d),p:H(e.q),q:H(e.p),u:H(e.qi)}}const Ye=BigInt(1);const Ze={"2a8648ce3d030107":Q.curve.nistP256,"2b81040022":Q.curve.nistP384,"2b81040023":Q.curve.nistP521,"2b8104000a":Q.curve.secp256k1,"2b06010401da470f01":Q.curve.ed25519Legacy,"2b060104019755010501":Q.curve.curve25519Legacy,"2b2403030208010107":Q.curve.brainpoolP256r1,"2b240303020801010b":Q.curve.brainpoolP384r1,"2b240303020801010d":Q.curve.brainpoolP512r1};class Je{constructor(e){if(e instanceof Je)this.oid=e.oid;else if(M.isArray(e)||M.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return M.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return M.uint8ArrayToHex(this.oid)}getName(){const e=Ze[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Xe(e){let t,r=0;const n=e[0];return n<192?([r]=e,t=1):n<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===n&&(r=M.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function We(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):M.concatUint8Array([new Uint8Array([255]),M.writeNumber(e,4)])}function $e(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function et(e){return new Uint8Array([192|e])}function tt(e,t){return M.concatUint8Array([et(e),We(t)])}function rt(e){return[Q.packet.literalData,Q.packet.compressedData,Q.packet.symmetricallyEncryptedData,Q.packet.symEncryptedIntegrityProtectedData,Q.packet.aeadEncryptedData].includes(e)}async function nt(e,t,r){let n,i;try{const s=await e.peekBytes(2);if(!s||s.length<2||!(128&s[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const a=await e.readByte();let o,c,u=-1,h=-1;h=0,64&a&&(h=1),h?u=63&a:(u=(63&a)>>2,c=3&a);const l=rt(u);let f,y=null;if(t&&l){if("array"===t){const e=new ArrayStream;n=D(e),y=e}else{const e=new TransformStream;n=D(e.writable),y=e.readable}i=r({tag:u,packet:y})}else y=[];do{if(h){const t=await e.readByte();if(f=!1,t<192)o=t;else if(t>=192&&t<224)o=(t-192<<8)+await e.readByte()+192;else if(t>223&&t<255){if(o=1<<(31&t),f=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte()}else switch(c){case 0:o=await e.readByte();break;case 1:o=await e.readByte()<<8|await e.readByte();break;case 2:o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte();break;default:o=1/0}if(o>0){let t=0;for(;;){n&&await n.ready;const{done:r,value:i}=await e.read();if(r){if(o===1/0)break;throw Error("Unexpected end of packet")}const s=o===1/0?i:i.subarray(0,o-t);if(n?await n.write(s):y.push(s),t+=i.length,t>=o){e.unshift(i.subarray(o-t+i.length));break}}}}while(f);n?(await n.ready,await n.close()):(y=M.concatUint8Array(y),await r({tag:u,packet:y}))}catch(e){if(n)return await n.abort(e),!0;throw e}finally{n&&await i}}class it extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnsupportedError"}}class st extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnknownPacketError"}}class at extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="MalformedPacketError"}}class ot{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function ct(e){switch(e){case Q.publicKey.ed25519:try{const e=M.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),n=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(H(n.x)),seed:H(r.d)}}catch(t){if("NotSupportedError"!==t.name)throw t;const{default:r}=await Promise.resolve().then((function(){return vy})),n=fe(ft(e)),{publicKey:i}=r.sign.keyPair.fromSeed(n);return{A:i,seed:n}}case Q.publicKey.ed448:{const e=await M.getNobleCurve(Q.publicKey.ed448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function ut(e,t,r,n,i,s){switch(e){case Q.publicKey.ed25519:try{const t=M.getWebCrypto(),r=dt(e,n,i),a=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",a,s))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await Promise.resolve().then((function(){return vy})),r=M.concatUint8Array([i,n]);return{RS:t.sign.detached(s,r)}}case Q.publicKey.ed448:return{RS:(await M.getNobleCurve(Q.publicKey.ed448)).sign(s,i)};default:throw Error("Unsupported EdDSA algorithm")}}async function ht(e,t,{RS:r},n,i,s){switch(e){case Q.publicKey.ed25519:try{const t=M.getWebCrypto(),n=pt(e,i),a=await t.importKey("jwk",n,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",a,r,s)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await Promise.resolve().then((function(){return vy}));return t.sign.detached.verify(s,r,i)}case Q.publicKey.ed448:return(await M.getNobleCurve(Q.publicKey.ed448)).verify(r,s,i);default:throw Error("Unsupported EdDSA algorithm")}}async function lt(e,t,r){switch(e){case Q.publicKey.ed25519:try{const n=M.getWebCrypto(),i=dt(e,t,r),s=pt(e,t),a=await n.importKey("jwk",i,"Ed25519",!1,["sign"]),o=await n.importKey("jwk",s,"Ed25519",!1,["verify"]),c=fe(8),u=new Uint8Array(await n.sign("Ed25519",a,c));return await n.verify("Ed25519",o,u,c)}catch(e){if("NotSupportedError"!==e.name)return!1;const{default:n}=await Promise.resolve().then((function(){return vy})),{publicKey:i}=n.sign.keyPair.fromSeed(r);return M.equalsUint8Array(t,i)}case Q.publicKey.ed448:{const e=(await M.getNobleCurve(Q.publicKey.ed448)).getPublicKey(r);return M.equalsUint8Array(t,e)}default:return!1}}function ft(e){switch(e){case Q.publicKey.ed25519:return 32;case Q.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function yt(e){switch(e){case Q.publicKey.ed25519:return Q.hash.sha256;case Q.publicKey.ed448:return Q.hash.sha512;default:throw Error("Unknown EdDSA algo")}}const pt=(e,t)=>{if(e===Q.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:z(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},dt=(e,t,r)=>{if(e===Q.publicKey.ed25519){const n=pt(e,t);return n.d=z(r),n}throw Error("Unsupported EdDSA algorithm")};var gt=/*#__PURE__*/Object.freeze({__proto__:null,generate:ct,getPayloadSize:ft,getPreferredHashAlgo:yt,sign:ut,validateParams:lt,verify:ht});
-/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */function At(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&"Uint8Array"===e.constructor.name}function wt(e,...t){if(!At(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error("Uint8Array expected of length "+t+", got length="+e.length)}function mt(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function bt(e,t){wt(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}function kt(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function Et(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function vt(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function Kt(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}const St=/* @__PURE__ */(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])();function It(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected");return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!At(e))throw Error("Uint8Array expected, got "+typeof e);e=Rt(e)}return e}function Bt(e,t){return e.buffer===t.buffer&&e.byteOffset<t.byteOffset+t.byteLength&&t.byteOffset<e.byteOffset+e.byteLength}function Ct(e,t){if(Bt(e,t)&&e.byteOffset<t.byteOffset)throw Error("complex overlap of input and output is not supported")}function Ut(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return 0===r}const Pt=(e,t)=>{function r(r,...n){if(wt(r),!St)throw Error("Non little-endian hardware is not yet supported");if(void 0!==e.nonceLength){const t=n[0];if(!t)throw Error("nonce / iv required");e.varSizeNonce?wt(t):wt(t,e.nonceLength)}const i=e.tagLength;i&&void 0!==n[1]&&wt(n[1]);const s=t(r,...n),a=(e,t)=>{if(void 0!==t){if(2!==e)throw Error("cipher output not supported");wt(t)}};let o=!1;return{encrypt(e,t){if(o)throw Error("cannot encrypt() twice with same key + nonce");return o=!0,wt(e),a(s.encrypt.length,t),s.encrypt(e,t)},decrypt(e,t){if(wt(e),i&&e.length<i)throw Error("invalid ciphertext length: smaller than tagLength="+i);return a(s.decrypt.length,t),s.decrypt(e,t)}}}return Object.assign(r,e),r};function Dt(e,t,r=!0){if(void 0===t)return new Uint8Array(e);if(t.length!==e)throw Error("invalid output length, expected "+e+", got: "+t.length);if(r&&!Qt(t))throw Error("invalid output, must be aligned");return t}function xt(e,t,r,n){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,n);const i=BigInt(32),s=BigInt(4294967295),a=Number(r>>i&s),o=Number(r&s);e.setUint32(t+0,a,n),e.setUint32(t+4,o,n)}function Qt(e){return e.byteOffset%4==0}function Rt(e){return Uint8Array.from(e)}const Tt=16,Mt=/* @__PURE__ */new Uint8Array(16),Lt=Et(Mt),Ft=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Ot{constructor(e,t){this.blockLen=Tt,this.outputLen=Tt,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,wt(e=It(e),16);const r=Kt(e);let n=r.getUint32(0,!1),i=r.getUint32(4,!1),s=r.getUint32(8,!1),a=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:Ft(n),s1:Ft(i),s2:Ft(s),s3:Ft(a)}),({s0:n,s1:i,s2:s,s3:a}={s3:(h=s)<<31|(l=a)>>>1,s2:(u=i)<<31|h>>>1,s1:(c=n)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const f=(y=t||1024)>65536?8:y>1024?4:2;var y;if(![1,2,4,8].includes(f))throw Error("ghash: invalid window size, expected 2, 4 or 8");this.W=f;const p=128/f,d=this.windowSize=2**f,g=[];for(let e=0;e<p;e++)for(let t=0;t<d;t++){let r=0,n=0,i=0,s=0;for(let a=0;a<f;a++){if(!(t>>>f-a-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[f*e+a];r^=c,n^=u,i^=h,s^=l}g.push({s0:r,s1:n,s2:i,s3:s})}this.t=g}_updateBlock(e,t,r,n){e^=this.s0,t^=this.s1,r^=this.s2,n^=this.s3;const{W:i,t:s,windowSize:a}=this;let o=0,c=0,u=0,h=0;const l=(1<<i)-1;let f=0;for(const y of[e,t,r,n])for(let e=0;e<4;e++){const t=y>>>8*e&255;for(let e=8/i-1;e>=0;e--){const r=t>>>i*e&l,{s0:n,s1:y,s2:p,s3:d}=s[f*a+r];o^=n,c^=y,u^=p,h^=d,f+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){mt(this),wt(e=It(e));const t=Et(e),r=Math.floor(e.length/Tt),n=e.length%Tt;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return n&&(Mt.set(e.subarray(r*Tt)),this._updateBlock(Lt[0],Lt[1],Lt[2],Lt[3]),vt(Lt)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){mt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:n,s3:i}=this,s=Et(e);return s[0]=t,s[1]=r,s[2]=n,s[3]=i,e}digest(){const e=new Uint8Array(Tt);return this.digestInto(e),this.destroy(),e}}class Nt extends Ot{constructor(e,t){wt(e=It(e));const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const n=e[t];e[t]=n>>>1|r,r=(1&n)<<7}return e[0]^=225&-t,e}(Rt(e));super(r,t),vt(r)}update(e){e=It(e),mt(this);const t=Et(e),r=e.length%Tt,n=Math.floor(e.length/Tt);for(let e=0;e<n;e++)this._updateBlock(Ft(t[4*e+3]),Ft(t[4*e+2]),Ft(t[4*e+1]),Ft(t[4*e+0]));return r&&(Mt.set(e.subarray(n*Tt)),this._updateBlock(Ft(Lt[3]),Ft(Lt[2]),Ft(Lt[1]),Ft(Lt[0])),vt(Lt)),this}digestInto(e){mt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:n,s3:i}=this,s=Et(e);return s[0]=t,s[1]=r,s[2]=n,s[3]=i,e.reverse()}}function _t(e){const t=(t,r)=>e(r,t.length).update(It(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const Ht=_t(((e,t)=>new Ot(e,t)));_t(((e,t)=>new Nt(e,t)));const zt=16,Gt=/* @__PURE__ */new Uint8Array(zt);function qt(e){return e<<1^283&-(e>>7)}function jt(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=qt(e);return r}const Vt=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=qt(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let n=e[255-r];n|=n<<8,t[e[r]]=255&(n^n>>4^n>>5^n>>6^n>>7^99)}return vt(e),t})(),Yt=/* @__PURE__ */Vt.map(((e,t)=>Vt.indexOf(t))),Zt=e=>e<<8|e>>>24,Jt=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Xt(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,n)=>t(e[n]))),n=r.map(Zt),i=n.map(Zt),s=i.map(Zt),a=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;a[h]=r[t]^n[u],o[h]=i[t]^s[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:n,T2:i,T3:s,T01:a,T23:o}}const Wt=/* @__PURE__ */Xt(Vt,(e=>jt(e,3)<<24|e<<16|e<<8|jt(e,2))),$t=/* @__PURE__ */Xt(Yt,(e=>jt(e,11)<<24|jt(e,13)<<16|jt(e,9)<<8|jt(e,14))),er=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=qt(r))e[t]=r;return e})();function tr(e){wt(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: invalid key size, should be 16, 24 or 32, got "+t);const{sbox2:r}=Wt,n=[];Qt(e)||n.push(e=Rt(e));const i=Et(e),s=i.length,a=e=>ir(r,e,e,e,e),o=new Uint32Array(t+28);o.set(i);for(let e=s;e<o.length;e++){let t=o[e-1];e%s==0?t=a((c=t)<<24|c>>>8)^er[e/s-1]:s>6&&e%s==4&&(t=a(t)),o[e]=o[e-s]^t}var c;return vt(...n),o}function rr(e){const t=tr(e),r=t.slice(),n=t.length,{sbox2:i}=Wt,{T0:s,T1:a,T2:o,T3:c}=$t;for(let e=0;e<n;e+=4)for(let i=0;i<4;i++)r[e+i]=t[n-e-4+i];vt(t);for(let e=4;e<n-4;e++){const t=r[e],n=ir(i,t,t,t,t);r[e]=s[255&n]^a[n>>>8&255]^o[n>>>16&255]^c[n>>>24]}return r}function nr(e,t,r,n,i,s){return e[r<<8&65280|n>>>8&255]^t[i>>>8&65280|s>>>24&255]}function ir(e,t,r,n,i){return e[255&t|65280&r]|e[n>>>16&255|i>>>16&65280]<<16}function sr(e,t,r,n,i){const{sbox2:s,T01:a,T23:o}=Wt;let c=0;t^=e[c++],r^=e[c++],n^=e[c++],i^=e[c++];const u=e.length/4-2;for(let s=0;s<u;s++){const s=e[c++]^nr(a,o,t,r,n,i),u=e[c++]^nr(a,o,r,n,i,t),h=e[c++]^nr(a,o,n,i,t,r),l=e[c++]^nr(a,o,i,t,r,n);t=s,r=u,n=h,i=l}return{s0:e[c++]^ir(s,t,r,n,i),s1:e[c++]^ir(s,r,n,i,t),s2:e[c++]^ir(s,n,i,t,r),s3:e[c++]^ir(s,i,t,r,n)}}function ar(e,t,r,n,i){const{sbox2:s,T01:a,T23:o}=$t;let c=0;t^=e[c++],r^=e[c++],n^=e[c++],i^=e[c++];const u=e.length/4-2;for(let s=0;s<u;s++){const s=e[c++]^nr(a,o,t,i,n,r),u=e[c++]^nr(a,o,r,t,i,n),h=e[c++]^nr(a,o,n,r,t,i),l=e[c++]^nr(a,o,i,n,r,t);t=s,r=u,n=h,i=l}return{s0:e[c++]^ir(s,t,i,n,r),s1:e[c++]^ir(s,r,t,i,n),s2:e[c++]^ir(s,n,r,t,i),s3:e[c++]^ir(s,i,n,r,t)}}function or(e,t,r,n){wt(t,zt),wt(r);const i=r.length;Ct(r,n=Dt(i,n));const s=t,a=Et(s);let{s0:o,s1:c,s2:u,s3:h}=sr(e,a[0],a[1],a[2],a[3]);const l=Et(r),f=Et(n);for(let t=0;t+4<=l.length;t+=4){f[t+0]=l[t+0]^o,f[t+1]=l[t+1]^c,f[t+2]=l[t+2]^u,f[t+3]=l[t+3]^h;let r=1;for(let e=s.length-1;e>=0;e--)r=r+(255&s[e])|0,s[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=sr(e,a[0],a[1],a[2],a[3]))}const y=zt*Math.floor(l.length/4);if(y<i){const e=new Uint32Array([o,c,u,h]),t=kt(e);for(let e=y,s=0;e<i;e++,s++)n[e]=r[e]^t[s];vt(e)}return n}function cr(e,t,r,n,i){wt(r,zt),wt(n),i=Dt(n.length,i);const s=r,a=Et(s),o=Kt(s),c=Et(n),u=Et(i),h=t?0:12,l=n.length;let f=o.getUint32(h,t),{s0:y,s1:p,s2:d,s3:g}=sr(e,a[0],a[1],a[2],a[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^y,u[r+1]=c[r+1]^p,u[r+2]=c[r+2]^d,u[r+3]=c[r+3]^g,f=f+1>>>0,o.setUint32(h,f,t),({s0:y,s1:p,s2:d,s3:g}=sr(e,a[0],a[1],a[2],a[3]));const A=zt*Math.floor(c.length/4);if(A<l){const e=new Uint32Array([y,p,d,g]),t=kt(e);for(let e=A,r=0;e<l;e++,r++)i[e]=n[e]^t[r];vt(e)}return i}const ur=/* @__PURE__ */Pt({blockSize:16,nonceLength:16},(function(e,t){function r(r,n){if(wt(r),void 0!==n&&(wt(n),!Qt(n)))throw Error("unaligned destination");const i=tr(e),s=Rt(t),a=[i,s];Qt(r)||a.push(r=Rt(r));const o=or(i,s,r,n);return vt(...a),o}return{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const hr=/* @__PURE__ */Pt({blockSize:16,nonceLength:16},(function(e,t,r={}){const n=!r.disablePadding;return{encrypt(r,i){const s=tr(e),{b:a,o,out:c}=function(e,t,r){wt(e);let n=e.length;const i=n%zt;if(!t&&0!==i)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Qt(e)||(e=Rt(e));const s=Et(e);if(t){let e=zt-i;e||(e=zt),n+=e}return Ct(e,r=Dt(n,r)),{b:s,o:Et(r),out:r}}(r,n,i);let u=t;const h=[s];Qt(u)||h.push(u=Rt(u));const l=Et(u);let f=l[0],y=l[1],p=l[2],d=l[3],g=0;for(;g+4<=a.length;)f^=a[g+0],y^=a[g+1],p^=a[g+2],d^=a[g+3],({s0:f,s1:y,s2:p,s3:d}=sr(s,f,y,p,d)),o[g++]=f,o[g++]=y,o[g++]=p,o[g++]=d;if(n){const e=function(e){const t=new Uint8Array(16),r=Et(t);t.set(e);const n=zt-e.length;for(let e=zt-n;e<zt;e++)t[e]=n;return r}(r.subarray(4*g));f^=e[0],y^=e[1],p^=e[2],d^=e[3],({s0:f,s1:y,s2:p,s3:d}=sr(s,f,y,p,d)),o[g++]=f,o[g++]=y,o[g++]=p,o[g++]=d}return vt(...h),c},decrypt(r,i){!function(e){if(wt(e),e.length%zt!=0)throw Error("aes-(cbc/ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const s=rr(e);let a=t;const o=[s];Qt(a)||o.push(a=Rt(a));const c=Et(a);i=Dt(r.length,i),Qt(r)||o.push(r=Rt(r)),Ct(r,i);const u=Et(r),h=Et(i);let l=c[0],f=c[1],y=c[2],p=c[3];for(let e=0;e+4<=u.length;){const t=l,r=f,n=y,i=p;l=u[e+0],f=u[e+1],y=u[e+2],p=u[e+3];const{s0:a,s1:o,s2:c,s3:d}=ar(s,l,f,y,p);h[e++]=a^t,h[e++]=o^r,h[e++]=c^n,h[e++]=d^i}return vt(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const n=e[r-1];if(n<=0||n>16)throw Error("aes/pcks5: wrong padding");const i=e.subarray(0,-n);for(let t=0;t<n;t++)if(e[r-t-1]!==n)throw Error("aes/pcks5: wrong padding");return i}(i,n)}}})),lr=/* @__PURE__ */Pt({blockSize:16,nonceLength:16},(function(e,t){function r(r,n,i){wt(r);const s=r.length;if(Bt(r,i=Dt(s,i)))throw Error("overlapping src and dst not supported.");const a=tr(e);let o=t;const c=[a];Qt(o)||c.push(o=Rt(o)),Qt(r)||c.push(r=Rt(r));const u=Et(r),h=Et(i),l=n?h:u,f=Et(o);let y=f[0],p=f[1],d=f[2],g=f[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:n,s3:i}=sr(a,y,p,d,g);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^n,h[e+3]=u[e+3]^i,y=l[e++],p=l[e++],d=l[e++],g=l[e++]}const A=zt*Math.floor(u.length/4);if(A<s){({s0:y,s1:p,s2:d,s3:g}=sr(a,y,p,d,g));const e=kt(new Uint32Array([y,p,d,g]));for(let t=A,n=0;t<s;t++,n++)i[t]=r[t]^e[n];vt(e)}return vt(...c),i}return{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));function fr(e,t,r,n,i){const s=i?i.length:0,a=e.create(r,n.length+s);i&&a.update(i);const o=function(e,t,r){const n=new Uint8Array(16),i=Kt(n);return xt(i,0,BigInt(t),r),xt(i,8,BigInt(e),r),n}(8*n.length,8*s,t);a.update(n),a.update(o);const c=a.digest();return vt(o),c}const yr=/* @__PURE__ */Pt({blockSize:16,nonceLength:12,tagLength:16,varSizeNonce:!0},(function(e,t,r){if(t.length<8)throw Error("aes/gcm: invalid nonce length");function n(e,t,n){const i=fr(Ht,!1,e,n,r);for(let e=0;e<t.length;e++)i[e]^=t[e];return i}function i(){const r=tr(e),n=Gt.slice(),i=Gt.slice();if(cr(r,!1,i,i,n),12===t.length)i.set(t);else{const e=Gt.slice();xt(Kt(e),8,BigInt(8*t.length),!1);const r=Ht.create(n).update(t).update(e);r.digestInto(i),r.destroy()}return{xk:r,authKey:n,counter:i,tagMask:cr(r,!1,i,Gt)}}return{encrypt(e){const{xk:t,authKey:r,counter:s,tagMask:a}=i(),o=new Uint8Array(e.length+16),c=[t,r,s,a];Qt(e)||c.push(e=Rt(e)),cr(t,!1,s,e,o.subarray(0,e.length));const u=n(r,a,o.subarray(0,o.length-16));return c.push(u),o.set(u,e.length),vt(...c),o},decrypt(e){const{xk:t,authKey:r,counter:s,tagMask:a}=i(),o=[t,r,a,s];Qt(e)||o.push(e=Rt(e));const c=e.subarray(0,-16),u=e.subarray(-16),h=n(r,a,c);if(o.push(h),!Ut(h,u))throw Error("aes/gcm: invalid ghash tag");const l=cr(t,!1,s,c);return vt(...o),l}}}));function pr(e){return e instanceof Uint32Array||ArrayBuffer.isView(e)&&"Uint32Array"===e.constructor.name}function dr(e,t){if(wt(t,16),!pr(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=Et(t);let{s0:n,s1:i,s2:s,s3:a}=sr(e,r[0],r[1],r[2],r[3]);return r[0]=n,r[1]=i,r[2]=s,r[3]=a,t}function gr(e,t){if(wt(t,16),!pr(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=Et(t);let{s0:n,s1:i,s2:s,s3:a}=ar(e,r[0],r[1],r[2],r[3]);return r[0]=n,r[1]=i,r[2]=s,r[3]=a,t}const Ar={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=tr(e);if(16===t.length)dr(r,t);else{const e=Et(t);let n=e[0],i=e[1];for(let t=0,s=1;t<6;t++)for(let t=2;t<e.length;t+=2,s++){const{s0:a,s1:o,s2:c,s3:u}=sr(r,n,i,e[t],e[t+1]);n=a,i=o^Jt(s),e[t]=c,e[t+1]=u}e[0]=n,e[1]=i}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=rr(e),n=t.length/8-1;if(1===n)gr(r,t);else{const e=Et(t);let i=e[0],s=e[1];for(let t=0,a=6*n;t<6;t++)for(let t=2*n;t>=1;t-=2,a--){s^=Jt(a);const{s0:n,s1:o,s2:c,s3:u}=ar(r,i,s,e[t],e[t+1]);i=n,s=o,e[t]=c,e[t+1]=u}e[0]=i,e[1]=s}r.fill(0)}},wr=/* @__PURE__ */new Uint8Array(8).fill(166),mr=/* @__PURE__ */Pt({blockSize:8},(e=>({encrypt(t){if(!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const n=e[r];wt(n),t+=n.length}const r=new Uint8Array(t);for(let t=0,n=0;t<e.length;t++){const i=e[t];r.set(i,n),n+=i.length}return r}(wr,t);return Ar.encrypt(e,r),r},decrypt(t){if(t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=Rt(t);if(Ar.decrypt(e,r),!Ut(r.subarray(0,8),wr))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),br={expandKeyLE:tr,expandKeyDecLE:rr,encrypt:sr,decrypt:ar,encryptBlock:dr,decryptBlock:gr,ctrCounter:or,ctr32:cr};async function kr(e){switch(e){case Q.symmetric.aes128:case Q.symmetric.aes192:case Q.symmetric.aes256:throw Error("Not a legacy cipher");case Q.symmetric.cast5:case Q.symmetric.blowfish:case Q.symmetric.twofish:case Q.symmetric.tripledes:{const{legacyCiphers:t}=await Promise.resolve().then((function(){return Fy})),r=Q.read(Q.symmetric,e),n=t.get(r);if(!n)throw Error("Unsupported cipher algorithm");return n}default:throw Error("Unsupported cipher algorithm")}}function Er(e){switch(e){case Q.symmetric.aes128:case Q.symmetric.aes192:case Q.symmetric.aes256:case Q.symmetric.twofish:return 16;case Q.symmetric.blowfish:case Q.symmetric.cast5:case Q.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function vr(e){switch(e){case Q.symmetric.aes128:case Q.symmetric.blowfish:case Q.symmetric.cast5:return 16;case Q.symmetric.aes192:case Q.symmetric.tripledes:return 24;case Q.symmetric.aes256:case Q.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function Kr(e){return{keySize:vr(e),blockSize:Er(e)}}const Sr=M.getWebCrypto();async function Ir(e,t,r){const{keySize:n}=Kr(e);if(!M.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");try{const e=await Sr.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),n=await Sr.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),i=await Sr.wrapKey("raw",n,e,{name:"AES-KW"});return new Uint8Array(i)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;M.printDebugError("Browser did not support operation: "+e.message)}return mr(t).encrypt(r)}async function Br(e,t,r){const{keySize:n}=Kr(e);if(!M.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");let i;try{i=await Sr.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return M.printDebugError("Browser did not support operation: "+e.message),mr(t).decrypt(r)}try{const e=await Sr.unwrapKey("raw",r,i,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await Sr.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}async function Cr(e,t,r,n,i){const s=M.getWebCrypto(),a=Q.read(Q.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");const o=await s.importKey("raw",t,"HKDF",!1,["deriveBits"]),c=await s.deriveBits({name:"HKDF",hash:a,salt:r,info:n},o,8*i);return new Uint8Array(c)}const Ur={x25519:M.encodeUTF8("OpenPGP X25519"),x448:M.encodeUTF8("OpenPGP X448")};async function Pr(e){switch(e){case Q.publicKey.x25519:try{const e=M.getWebCrypto(),t=await e.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),n=await e.exportKey("jwk",t.publicKey);if(r.x!==n.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}return{A:new Uint8Array(H(n.x)),k:H(r.d)}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await Promise.resolve().then((function(){return vy})),{secretKey:r,publicKey:n}=t.box.keyPair();return{A:n,k:r}}case Q.publicKey.x448:{const e=await M.getNobleCurve(Q.publicKey.x448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function Dr(e,t,r){switch(e){case Q.publicKey.x25519:try{const{ephemeralPublicKey:n,sharedSecret:i}=await Tr(e,t),s=await Mr(e,n,t,r);return M.equalsUint8Array(i,s)}catch(e){return!1}case Q.publicKey.x448:{const e=(await M.getNobleCurve(Q.publicKey.x448)).getPublicKey(r);return M.equalsUint8Array(t,e)}default:return!1}}async function xr(e,t,r){const{ephemeralPublicKey:n,sharedSecret:i}=await Tr(e,r),s=M.concatUint8Array([n,r,i]);switch(e){case Q.publicKey.x25519:{const e=Q.symmetric.aes128,{keySize:r}=Kr(e),i=await Cr(Q.hash.sha256,s,new Uint8Array,Ur.x25519,r);return{ephemeralPublicKey:n,wrappedKey:await Ir(e,i,t)}}case Q.publicKey.x448:{const e=Q.symmetric.aes256,{keySize:r}=Kr(Q.symmetric.aes256),i=await Cr(Q.hash.sha512,s,new Uint8Array,Ur.x448,r);return{ephemeralPublicKey:n,wrappedKey:await Ir(e,i,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function Qr(e,t,r,n,i){const s=await Mr(e,t,n,i),a=M.concatUint8Array([t,n,s]);switch(e){case Q.publicKey.x25519:{const e=Q.symmetric.aes128,{keySize:t}=Kr(e);return Br(e,await Cr(Q.hash.sha256,a,new Uint8Array,Ur.x25519,t),r)}case Q.publicKey.x448:{const e=Q.symmetric.aes256,{keySize:t}=Kr(Q.symmetric.aes256);return Br(e,await Cr(Q.hash.sha512,a,new Uint8Array,Ur.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function Rr(e){switch(e){case Q.publicKey.x25519:return 32;case Q.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function Tr(e,t){switch(e){case Q.publicKey.x25519:try{const r=M.getWebCrypto(),n=await r.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),i=await r.exportKey("jwk",n.publicKey);if((await r.exportKey("jwk",n.privateKey)).x!==i.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}const s=Fr(e,t),a=await r.importKey("jwk",s,"X25519",!1,[]),o=await r.deriveBits({name:"X25519",public:a},n.privateKey,8*Rr(e));return{sharedSecret:new Uint8Array(o),ephemeralPublicKey:new Uint8Array(H(i.x))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await Promise.resolve().then((function(){return vy})),{secretKey:n,publicKey:i}=r.box.keyPair(),s=r.scalarMult(n,t);return Lr(s),{ephemeralPublicKey:i,sharedSecret:s}}case Q.publicKey.x448:{const e=await M.getNobleCurve(Q.publicKey.x448),{secretKey:r,publicKey:n}=e.keygen(),i=e.getSharedSecret(r,t);return Lr(i),{ephemeralPublicKey:n,sharedSecret:i}}default:throw Error("Unsupported ECDH algorithm")}}async function Mr(e,t,r,n){switch(e){case Q.publicKey.x25519:try{const i=M.getWebCrypto(),s=function(e,t,r){if(e===Q.publicKey.x25519){const n=Fr(e,t);return n.d=z(r),n}throw Error("Unsupported ECDH algorithm")}(e,r,n),a=Fr(e,t),o=await i.importKey("jwk",s,"X25519",!1,["deriveKey","deriveBits"]),c=await i.importKey("jwk",a,"X25519",!1,[]),u=await i.deriveBits({name:"X25519",public:c},o,8*Rr(e));return new Uint8Array(u)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await Promise.resolve().then((function(){return vy})),i=r.scalarMult(n,t);return Lr(i),i}case Q.publicKey.x448:{const e=(await M.getNobleCurve(Q.publicKey.x448)).getSharedSecret(n,t);return Lr(e),e}default:throw Error("Unsupported ECDH algorithm")}}function Lr(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}function Fr(e,t){if(e===Q.publicKey.x25519){return{kty:"OKP",crv:"X25519",x:z(t),ext:!0}}throw Error("Unsupported ECDH algorithm")}var Or=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Qr,encrypt:xr,generate:Pr,generateEphemeralEncryptionMaterial:Tr,getPayloadSize:Rr,recomputeSharedSecret:Mr,validateParams:Dr});const Nr=M.getWebCrypto(),_r=M.getNodeCrypto(),Hr={[Q.curve.nistP256]:"P-256",[Q.curve.nistP384]:"P-384",[Q.curve.nistP521]:"P-521"},zr=_r?_r.getCurves():[],Gr=_r?{[Q.curve.secp256k1]:zr.includes("secp256k1")?"secp256k1":void 0,[Q.curve.nistP256]:zr.includes("prime256v1")?"prime256v1":void 0,[Q.curve.nistP384]:zr.includes("secp384r1")?"secp384r1":void 0,[Q.curve.nistP521]:zr.includes("secp521r1")?"secp521r1":void 0,[Q.curve.ed25519Legacy]:zr.includes("ED25519")?"ED25519":void 0,[Q.curve.curve25519Legacy]:zr.includes("X25519")?"X25519":void 0,[Q.curve.brainpoolP256r1]:zr.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[Q.curve.brainpoolP384r1]:zr.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[Q.curve.brainpoolP512r1]:zr.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},qr={[Q.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha256,cipher:Q.symmetric.aes128,node:Gr[Q.curve.nistP256],web:Hr[Q.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[Q.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha384,cipher:Q.symmetric.aes192,node:Gr[Q.curve.nistP384],web:Hr[Q.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[Q.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha512,cipher:Q.symmetric.aes256,node:Gr[Q.curve.nistP521],web:Hr[Q.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[Q.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha256,cipher:Q.symmetric.aes128,node:Gr[Q.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[Q.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:Q.publicKey.eddsaLegacy,hash:Q.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[Q.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:Q.publicKey.ecdh,hash:Q.hash.sha256,cipher:Q.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[Q.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha256,cipher:Q.symmetric.aes128,node:Gr[Q.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[Q.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha384,cipher:Q.symmetric.aes192,node:Gr[Q.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[Q.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha512,cipher:Q.symmetric.aes256,node:Gr[Q.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class jr{constructor(e){try{this.name=e instanceof Je?e.getName():Q.write(Q.curve,e)}catch(e){throw new it("Unknown curve")}const t=qr[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&M.getWebCrypto()?this.type="web":this.node&&M.getNodeCrypto()?this.type="node":this.name===Q.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===Q.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await Nr.generateKey({name:"ECDSA",namedCurve:Hr[e]},!0,["sign","verify"]),n=await Nr.exportKey("jwk",r.privateKey);return{publicKey:Wr(await Nr.exportKey("jwk",r.publicKey),t),privateKey:H(n.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return M.printDebugError("Browser did not support generating ec key "+e.message),Xr(this.name)}case"node":return async function(e){const t=_r.createECDH(Gr[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await Pr(Q.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:M.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await ct(Q.publicKey.ed25519);return{publicKey:M.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return Xr(this.name)}}}async function Vr(e){const t=new jr(e),{oid:r,hash:n,cipher:i}=t,s=await t.genKeyPair();return{oid:r,Q:s.publicKey,secret:M.leftPad(s.privateKey,t.payloadSize),hash:n,cipher:i}}function Yr(e){return qr[e.getName()].hash}async function Zr(e,t,r,n){const i={[Q.curve.nistP256]:!0,[Q.curve.nistP384]:!0,[Q.curve.nistP521]:!0,[Q.curve.secp256k1]:!0,[Q.curve.curve25519Legacy]:e===Q.publicKey.ecdh,[Q.curve.brainpoolP256r1]:!0,[Q.curve.brainpoolP384r1]:!0,[Q.curve.brainpoolP512r1]:!0},s=t.getName();if(!i[s])return!1;if(s===Q.curve.curve25519Legacy){const e=n.slice().reverse();return!(r.length<1||64!==r[0])&&Dr(Q.publicKey.x25519,r.subarray(1),e)}const a=(await M.getNobleCurve(Q.publicKey.ecdsa,s)).getPublicKey(n,!1);return!!M.equalsUint8Array(a,r)}function Jr(e,t){const{payloadSize:r,wireFormatLeadingByte:n,name:i}=e,s=i===Q.curve.curve25519Legacy||i===Q.curve.ed25519Legacy?r:2*r;if(t[0]!==n||t.length!==s+1)throw Error("Invalid point encoding")}async function Xr(e){const t=await M.getNobleCurve(Q.publicKey.ecdsa,e),{secretKey:r}=t.keygen();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function Wr(e,t){const r=H(e.x),n=H(e.y),i=new Uint8Array(r.length+n.length+1);return i[0]=t,i.set(r,1),i.set(n,r.length+1),i}function $r(e,t,r){const n=e,i=r.slice(1,n+1),s=r.slice(n+1,2*n+1);return{kty:"EC",crv:t,x:z(i),y:z(s),ext:!0}}function en(e,t,r,n){const i=$r(e,t,r);return i.d=z(n),i}const tn=M.getWebCrypto(),rn=M.getNodeCrypto();async function nn(e,t,r,n,i,s){const a=new jr(e);if(Jr(a,n),r&&!M.isStream(r)){const e={publicKey:n,privateKey:i};switch(a.type){case"web":try{return await async function(e,t,r,n){const i=e.payloadSize,s=en(e.payloadSize,Hr[e.name],n.publicKey,n.privateKey),a=await tn.importKey("jwk",s,{name:"ECDSA",namedCurve:Hr[e.name],hash:{name:Q.read(Q.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await tn.sign({name:"ECDSA",namedCurve:Hr[e.name],hash:{name:Q.read(Q.webHash,t)}},a,r));return{r:o.slice(0,i),s:o.slice(i,i<<1)}}(a,t,r,e)}catch(e){if("nistP521"!==a.name&&("DataError"===e.name||"OperationError"===e.name))throw e;M.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return async function(e,t,r,n){const i=M.nodeRequire("eckey-utils"),s=M.getNodeBuffer(),{privateKey:a}=i.generateDer({curveName:Gr[e.name],privateKey:s.from(n)}),o=rn.createSign(Q.read(Q.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:a,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(a,t,r,i)}}const o=(await M.getNobleCurve(Q.publicKey.ecdsa,a.name)).sign(s,i,{lowS:!1});return{r:he(o.r,"be",a.payloadSize),s:he(o.s,"be",a.payloadSize)}}async function sn(e,t,r,n,i,s){const a=new jr(e);Jr(a,i);const o=async()=>0===s[0]&&an(a,r,s.subarray(1),i);if(n&&!M.isStream(n))switch(a.type){case"web":try{const e=await async function(e,t,{r,s:n},i,s){const a=$r(e.payloadSize,Hr[e.name],s),o=await tn.importKey("jwk",a,{name:"ECDSA",namedCurve:Hr[e.name],hash:{name:Q.read(Q.webHash,e.hash)}},!1,["verify"]),c=M.concatUint8Array([r,n]).buffer;return tn.verify({name:"ECDSA",namedCurve:Hr[e.name],hash:{name:Q.read(Q.webHash,t)}},o,c,i)}(a,t,r,n,i);return e||o()}catch(e){if("nistP521"!==a.name&&("DataError"===e.name||"OperationError"===e.name))throw e;M.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:n},i,s){const a=M.nodeRequire("eckey-utils"),o=M.getNodeBuffer(),{publicKey:c}=a.generateDer({curveName:Gr[e.name],publicKey:o.from(s)}),u=rn.createVerify(Q.read(Q.hash,t));u.write(i),u.end();const h=M.concatUint8Array([r,n]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(a,t,r,n,i);return e||o()}}return await an(a,r,s,i)||o()}async function an(e,t,r,n){return(await M.getNobleCurve(Q.publicKey.ecdsa,e.name)).verify(M.concatUint8Array([t.r,t.s]),r,n,{lowS:!1})}var on=/*#__PURE__*/Object.freeze({__proto__:null,sign:nn,validateParams:async function(e,t,r){const n=new jr(e);if(n.keyType!==Q.publicKey.ecdsa)return!1;switch(n.type){case"web":case"node":{const n=fe(8),i=Q.hash.sha256,s=await xe(i,n);try{const a=await nn(e,i,n,t,r,s);return await sn(e,i,a,n,t,s)}catch(e){return!1}}default:return Zr(Q.publicKey.ecdsa,e,t,r)}},verify:sn});async function cn(e,t,r,n,i,s){Jr(new jr(e),n);const{RS:a}=await ut(Q.publicKey.ed25519,0,0,n.subarray(1),i,s);return{r:a.subarray(0,32),s:a.subarray(32)}}async function un(e,t,{r,s:n},i,s,a){Jr(new jr(e),s);const o=M.concatUint8Array([r,n]);return ht(Q.publicKey.ed25519,0,{RS:o},0,s.subarray(1),a)}async function hn(e,t,r){return e.getName()===Q.curve.ed25519Legacy&&(!(t.length<1||64!==t[0])&&lt(Q.publicKey.ed25519,t.subarray(1),r))}var ln=/*#__PURE__*/Object.freeze({__proto__:null,sign:cn,validateParams:hn,verify:un});function fn(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const n=e.subarray(t-r),i=new Uint8Array(r).fill(r);if(M.equalsUint8Array(n,i))return e.subarray(0,t-r)}}throw Error("Invalid padding")}function yn(e,t,r,n){return M.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),M.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||n])}async function pn(e,t,r,n,i=!1,s=!1){let a;if(i){for(a=0;a<t.length&&0===t[a];a++);t=t.subarray(a)}if(s){for(a=t.length-1;a>=0&&0===t[a];a--);t=t.subarray(0,a+1)}return(await xe(e,M.concatUint8Array([new Uint8Array([0,0,0,1]),t,n]))).subarray(0,r)}async function dn(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:n}=await Tr(Q.publicKey.x25519,t.subarray(1));return{publicKey:M.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),n]),sharedKey:r}}case"web":if(e.web&&M.getWebCrypto())try{return await async function(e,t){const r=M.getWebCrypto(),n=$r(e.payloadSize,e.web,t);let i=r.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),s=r.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!1,[]);[i,s]=await Promise.all([i,s]);let a=r.deriveBits({name:"ECDH",namedCurve:e.web,public:s},i.privateKey,e.sharedSize),o=r.exportKey("jwk",i.publicKey);[a,o]=await Promise.all([a,o]);const c=new Uint8Array(a),u=new Uint8Array(Wr(o,e.wireFormatLeadingByte));return{publicKey:u,sharedKey:c}}(e,t)}catch(r){return M.printDebugError(r),bn(e,t)}break;case"node":return async function(e,t){const r=M.getNodeCrypto(),n=r.createECDH(e.node);n.generateKeys();const i=new Uint8Array(n.computeSecret(t));return{publicKey:new Uint8Array(n.getPublicKey()),sharedKey:i}}(e,t);default:return bn(e,t)}}async function gn(e,t,r,n,i){const s=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),a=new jr(e);Jr(a,n);const{publicKey:o,sharedKey:c}=await dn(a,n),u=yn(Q.publicKey.ecdh,e,t,i),{keySize:h}=Kr(t.cipher),l=await pn(t.hash,c,h,u);return{publicKey:o,wrappedKey:await Ir(t.cipher,l,s)}}async function An(e,t,r,n){if(n.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(n,e.payloadSize-n.length),n=t}switch(e.type){case"curve25519Legacy":{const e=n.slice().reverse();return{secretKey:e,sharedKey:await Mr(Q.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&M.getWebCrypto())try{return await async function(e,t,r,n){const i=M.getWebCrypto(),s=en(e.payloadSize,e.web,r,n);let a=i.importKey("jwk",s,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const o=$r(e.payloadSize,e.web,t);let c=i.importKey("jwk",o,{name:"ECDH",namedCurve:e.web},!0,[]);[a,c]=await Promise.all([a,c]);let u=i.deriveBits({name:"ECDH",namedCurve:e.web,public:c},a,e.sharedSize),h=i.exportKey("jwk",a);[u,h]=await Promise.all([u,h]);const l=new Uint8Array(u);return{secretKey:H(h.d),sharedKey:l}}(e,t,r,n)}catch(r){return M.printDebugError(r),mn(e,t,n)}break;case"node":return async function(e,t,r){const n=M.getNodeCrypto(),i=n.createECDH(e.node);i.setPrivateKey(r);const s=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:s}}(e,t,n);default:return mn(e,t,n)}}async function wn(e,t,r,n,i,s,a){const o=new jr(e);Jr(o,i),Jr(o,r);const{sharedKey:c}=await An(o,r,i,s),u=yn(Q.publicKey.ecdh,e,t,a),{keySize:h}=Kr(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await pn(t.hash,c,h,u,1===e,2===e);return fn(await Br(t.cipher,r,n))}catch(e){l=e}throw l}async function mn(e,t,r){return{secretKey:r,sharedKey:(await M.getNobleCurve(Q.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function bn(e,t){const r=await M.getNobleCurve(Q.publicKey.ecdh,e.name),{publicKey:n,privateKey:i}=await e.genKeyPair();return{publicKey:n,sharedKey:r.getSharedSecret(i,t).subarray(1)}}var kn=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:wn,encrypt:gn,validateParams:async function(e,t,r){return Zr(Q.publicKey.ecdh,e,t,r)}}),En=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:jr,ecdh:kn,ecdhX:Or,ecdsa:on,eddsa:gt,eddsaLegacy:ln,generate:Vr,getPreferredHashAlgo:Yr});const vn=BigInt(0),Kn=BigInt(1);const Sn=new Set([Q.hash.sha1,Q.hash.sha256,Q.hash.sha512]),In=M.getWebCrypto(),Bn=M.getNodeCrypto();async function Cn(e,t){if(e===Q.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await Promise.resolve().then((function(){return ld})),{publicKey:r,secretKey:n}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:n}}throw Error("Unsupported KEM algorithm")}async function Un(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===Q.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await Pr(Q.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:n,mlkemSeed:i,mlkemSecretKey:s}=await async function(e){if(e===Q.publicKey.pqc_mlkem_x25519){const t=fe(64),{mlkemSecretKey:r,mlkemPublicKey:n}=await Cn(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:n}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:n,mlkemSeed:i,mlkemSecretKey:s}}async function Pn(e,t,r,n){const{eccKeyShare:i,eccCipherText:s}=await async function(e,t){if(e===Q.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await Tr(Q.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:a,mlkemCipherText:o}=await async function(e,t){if(e===Q.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await Promise.resolve().then((function(){return ld})),{cipherText:r,sharedSecret:n}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:n}}throw Error("Unsupported KEM algorithm")}(e,r),c=await xn(e,a,i,s,t);return{eccCipherText:s,mlkemCipherText:o,wrappedKey:await Ir(Q.symmetric.aes256,c,n)}}async function Dn(e,t,r,n,i,s,a,o){const c=await async function(e,t,r,n){if(e===Q.publicKey.pqc_mlkem_x25519)return await Mr(Q.publicKey.x25519,t,n,r);throw Error("Unsupported KEM algorithm")}(e,t,n,i),u=await async function(e,t,r){if(e===Q.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await Promise.resolve().then((function(){return ld}));return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,s),h=await xn(e,u,c,t,i);return await Br(Q.symmetric.aes256,h,o)}async function xn(e,t,r,n,i){const s=M.encodeUTF8("OpenPGPCompositeKDFv1"),a=M.concatUint8Array([t,r,n,i,new Uint8Array([e]),s,new Uint8Array([s.length])]);return await xe(Q.hash.sha3_256,a)}async function Qn(e,t,r,n,i){const s=async function(e,t,r){if(e===Q.publicKey.pqc_mlkem_x25519)return Dr(Q.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),a=async function(e,t,r){if(e===Q.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:n}=await Cn(e,r);return M.equalsUint8Array(t,n)}throw Error("Unsupported KEM algorithm")}(e,n,i);return await s&&await a}async function Rn(e,t){if(e===Q.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await Promise.resolve().then((function(){return ld})),{secretKey:r,publicKey:n}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:n}}throw Error("Unsupported signature algorithm")}async function Tn(e){if(e===Q.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===Q.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await ct(Q.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:n,mldsaSecretKey:i,mldsaPublicKey:s}=await async function(e){if(e===Q.publicKey.pqc_mldsa_ed25519){const t=fe(32),{mldsaSecretKey:r,mldsaPublicKey:n}=await Rn(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:n}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:n,mldsaSecretKey:i,mldsaPublicKey:s}}throw Error("Unsupported signature algorithm")}async function Mn(e,t,r,n,i,s){if(e===Q.publicKey.pqc_mldsa_ed25519){const{eccSignature:t}=await async function(e,t,r,n,i){if(e===Q.publicKey.pqc_mldsa_ed25519){const{RS:e}=await ut(Q.publicKey.ed25519,0,0,n,r,i);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,0,r,n,s),{mldsaSignature:a}=await async function(e,t,r){if(e===Q.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await Promise.resolve().then((function(){return ld}));return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,i,s);return{eccSignature:t,mldsaSignature:a}}throw Error("Unsupported signature algorithm")}async function Ln(e,t,r,n,i,{eccSignature:s,mldsaSignature:a}){if(e===Q.publicKey.pqc_mldsa_ed25519){const t=async function(e,t,r,n,i){if(e===Q.publicKey.pqc_mldsa_ed25519)return ht(Q.publicKey.ed25519,0,{RS:i},0,r,n);throw Error("Unsupported signature algorithm")}(e,0,r,i,s),o=async function(e,t,r,n){if(e===Q.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await Promise.resolve().then((function(){return ld}));return e.verify(t,r,n)}throw Error("Unsupported signature algorithm")}(e,n,i,a);return await t&&await o}throw Error("Unsupported signature algorithm")}function Fn(e,t){if(e===Q.publicKey.pqc_mldsa_ed25519)return Qe(t)>=32;throw Error("Unsupported signature algorithm")}async function On(e,t,r,n,i){const s=async function(e,t,r){if(e===Q.publicKey.pqc_mldsa_ed25519)return lt(Q.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),a=async function(e,t,r){if(e===Q.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:n}=await Rn(e,r);return M.equalsUint8Array(t,n)}throw Error("Unsupported signature algorithm")}(e,n,i);return await s&&await a}class Nn{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return M.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class _n{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!M.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return M.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class Hn{constructor(e){if(e){const{version:t,hash:r,cipher:n,replacementFingerprint:i}=e;this.version=t||1,this.hash=r,this.cipher=n,this.replacementFingerprint=i}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new it("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const n=t-r+1;this.replacementFingerprint=e.slice(r,r+n),r+=n}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return M.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const zn=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=Q.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return Q.read(e,this.data)}getValue(){return this.data}},Gn=zn(Q.aead),qn=zn(Q.symmetric),jn=zn(Q.hash);class Vn{static fromObject({wrappedKey:e,algorithm:t}){const r=new Vn;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=M.readExactSubarray(e,t,t+r),t+=r}write(){return M.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Yn=M.getWebCrypto(),Zn=M.getNodeCrypto(),Jn=Zn?Zn.getCiphers():[],Xn={idea:Jn.includes("idea-cfb")?"idea-cfb":void 0,tripledes:Jn.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:Jn.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:Jn.includes("bf-cfb")?"bf-cfb":void 0,aes128:Jn.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:Jn.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:Jn.includes("aes-256-cfb")?"aes-256-cfb":void 0};async function Wn(e){const{blockSize:t}=Kr(e),r=await fe(t),n=new Uint8Array([r[r.length-2],r[r.length-1]]);return M.concat([r,n])}async function $n(e,t,r,n,i){const s=Q.read(Q.symmetric,e);if(M.getNodeCrypto()&&Xn[s])return function(e,t,r,n){const i=Q.read(Q.symmetric,e),s=new Zn.createCipheriv(Xn[i],t,n);return b(r,(e=>new Uint8Array(s.update(e))))}(e,t,r,n);if(M.isAES(e))return async function(e,t,r,n){if(Yn&&await ti.isSupported(e)){const i=new ti(e,t,n);return M.isStream(r)?b(r,(e=>i.encryptChunk(e)),(()=>i.finish())):i.encrypt(r)}if(M.isStream(r)){const i=new ri(!0,e,t,n);return b(r,(e=>i.processChunk(e)),(()=>i.finish()))}return lr(t,n).encrypt(r)}(e,t,r,n);const a=new(await kr(e))(t),o=a.blockSize,c=n.slice();let u=new Uint8Array;const h=e=>{e&&(u=M.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,n=0;for(;e?u.length>=o:u.length;){const e=a.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[n++]=c[r];u=u.subarray(o)}return t.subarray(0,n)};return b(r,h,h)}async function ei(e,t,r,n){const i=Q.read(Q.symmetric,e);if(Zn&&Xn[i])return function(e,t,r,n){const i=Q.read(Q.symmetric,e),s=new Zn.createDecipheriv(Xn[i],t,n);return b(r,(e=>new Uint8Array(s.update(e))))}(e,t,r,n);if(M.isAES(e))return async function(e,t,r,n){if(M.isStream(r)){const i=new ri(!1,e,t,n);return b(r,(e=>i.processChunk(e)),(()=>i.finish()))}return lr(t,n).decrypt(r)}(e,t,r,n);const s=new(await kr(e))(t),a=s.blockSize;let o=n,c=new Uint8Array;const u=e=>{e&&(c=M.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,n=0;for(;e?c.length>=a:c.length;){const e=s.encrypt(o);for(o=c.subarray(0,a),r=0;r<a;r++)t[n++]=o[r]^e[r];c=c.subarray(a)}return t.subarray(0,n)};return b(r,u,u)}class ti{constructor(e,t,r){const{blockSize:n}=Kr(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(n),this.i=0,this.blockSize=n,this.zeroBlock=new Uint8Array(this.blockSize)}static async isSupported(e){const{keySize:t}=Kr(e);return Yn.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Yn.importKey("raw",this.key,r,!1,["encrypt"]);const n=await Yn.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(n).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=M.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=M.concatUint8Array([this.prevBlock,n.subarray(0,n.length-this.blockSize)]),s=await this._runCBC(i);return ni(s,n),this.prevBlock=s.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,s}let n;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;n=await this._runCBC(this.prevBlock),ni(n,t),this.prevBlock=n.slice(),this.i=0;const i=e.subarray(r.length);this.nextBlock.set(i,this.i),this.i+=i.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);ni(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(M.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return ni(t,e),this.clearSensitiveData(),t}}class ri{constructor(e,t,r,n){this.forEncryption=e;const{blockSize:i}=Kr(t);this.key=br.expandKeyLE(r),n.byteOffset%4!=0&&(n=n.slice()),this.prevBlock=ii(n),this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i}_runCFB(e){const t=ii(e),r=new Uint8Array(e.length),n=ii(r);for(let e=0;e+4<=n.length;e+=4){const{s0:r,s1:i,s2:s,s3:a}=br.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);n[e+0]=t[e+0]^r,n[e+1]=t[e+1]^i,n[e+2]=t[e+2]^s,n[e+3]=t[e+3]^a,this.prevBlock=(this.forEncryption?n:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=M.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=this._runCFB(n);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,i}let n;if(this.i+=r.length,this.i===this.nextBlock.length){n=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function ni(e,t){const r=Math.min(e.length,t.length);for(let n=0;n<r;n++)e[n]=e[n]^t[n]}const ii=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const si=M.getWebCrypto(),ai=M.getNodeCrypto(),oi=16;function ci(e,t){const r=e.length-oi;for(let n=0;n<oi;n++)e[n+r]^=t[n];return e}const ui=new Uint8Array(oi);async function hi(e){const t=await li(e),r=M.double(await t(ui)),n=M.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%oi==0)return ci(e,t);const n=new Uint8Array(e.length+(oi-e.length%oi));return n.set(e),n[e.length]=128,ci(n,r)}(e,r,n))).subarray(-16)}}async function li(e){if(M.getNodeCrypto())return async function(t){const r=new ai.createCipheriv("aes-"+8*e.length+"-cbc",e,ui).update(t);return new Uint8Array(r)};if(M.getWebCrypto())try{return e=await si.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await si.encrypt({name:"AES-CBC",iv:ui,length:128},e,t);return new Uint8Array(r).subarray(0,r.byteLength-oi)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;M.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return hr(e,ui,{disablePadding:!0}).encrypt(t)}}const fi=M.getWebCrypto(),yi=M.getNodeCrypto(),pi=M.getNodeBuffer(),di=16,gi=di,Ai=new Uint8Array(di),wi=new Uint8Array(di);wi[15]=1;const mi=new Uint8Array(di);async function bi(e){const t=await hi(e);return function(e,r){return t(M.concatUint8Array([e,r]))}}async function ki(e){if(M.getNodeCrypto())return async function(t,r){const n=new yi.createCipheriv("aes-"+8*e.length+"-ctr",e,r),i=pi.concat([n.update(t),n.final()]);return new Uint8Array(i)};if(M.getWebCrypto())try{const t=await fi.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const n=await fi.encrypt({name:"AES-CTR",counter:r,length:128},t,e);return new Uint8Array(n)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;M.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return ur(e,r).encrypt(t)}}async function Ei(e,t){if(e!==Q.symmetric.aes128&&e!==Q.symmetric.aes192&&e!==Q.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,n]=await Promise.all([bi(t),ki(t)]);return{encrypt:async function(e,t,i){const[s,a]=await Promise.all([r(Ai,t),r(wi,i)]),o=await n(e,s),c=await r(mi,o);for(let e=0;e<gi;e++)c[e]^=a[e]^s[e];return M.concatUint8Array([o,c])},decrypt:async function(e,t,i){if(e.length<gi)throw Error("Invalid EAX ciphertext");const s=e.subarray(0,-16),a=e.subarray(-16),[o,c,u]=await Promise.all([r(Ai,t),r(wi,i),r(mi,s)]),h=u;for(let e=0;e<gi;e++)h[e]^=c[e]^o[e];if(!M.equalsUint8Array(a,h))throw Error("Authentication tag mismatch");return await n(s,o)}}}mi[15]=2,Ei.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},Ei.blockLength=di,Ei.ivLength=16,Ei.tagLength=gi;const vi=16,Ki=16;function Si(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function Ii(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function Bi(e,t){return Ii(e.slice(),t)}const Ci=new Uint8Array(vi),Ui=new Uint8Array([1]);async function Pi(e,t){const{keySize:r}=Kr(e);if(!M.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let n=0;const i=e=>hr(t,Ci,{disablePadding:!0}).encrypt(e),s=e=>hr(t,Ci,{disablePadding:!0}).decrypt(e);let a;function o(e,t,r,s){const o=t.length/vi|0;!function(e,t){const r=M.nbits(Math.max(e.length,t.length)/vi|0)-1;for(let e=n+1;e<=r;e++)a[e]=M.double(a[e-1]);n=r}(t,s);const c=M.concatUint8Array([Ci.subarray(0,15-r.length),Ui,r]),u=63&c[15];c[15]&=192;const h=i(c),l=M.concatUint8Array([h,Bi(h.subarray(0,8),h.subarray(1,9))]),f=M.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),y=new Uint8Array(vi),p=new Uint8Array(t.length+Ki);let d,g=0;for(d=0;d<o;d++)Ii(f,a[Si(d+1)]),p.set(Ii(e(Bi(f,t)),f),g),Ii(y,e===i?t:p.subarray(g)),t=t.subarray(vi),g+=vi;if(t.length){Ii(f,a.x);const r=i(f);p.set(Bi(t,r),g);const n=new Uint8Array(vi);n.set(e===i?t:p.subarray(g,-16),0),n[t.length]=128,Ii(y,n),g+=t.length}const A=Ii(i(Ii(Ii(y,f),a.$)),function(e){if(!e.length)return Ci;const t=e.length/vi|0,r=new Uint8Array(vi),n=new Uint8Array(vi);for(let s=0;s<t;s++)Ii(r,a[Si(s+1)]),Ii(n,i(Bi(r,e))),e=e.subarray(vi);if(e.length){Ii(r,a.x);const t=new Uint8Array(vi);t.set(e,0),t[e.length]=128,Ii(t,r),Ii(n,i(t))}return n}(s));return p.set(A,g),p}return function(){const e=i(Ci),t=M.double(e);a=[],a[0]=M.double(t),a.x=e,a.$=t}(),{encrypt:async function(e,t,r){return o(i,e,t,r)},decrypt:async function(e,t,r){if(e.length<Ki)throw Error("Invalid OCB ciphertext");const n=e.subarray(-16);e=e.subarray(0,-16);const i=o(s,e,t,r);if(M.equalsUint8Array(n,i.subarray(-16)))return i.subarray(0,-16);throw Error("Authentication tag mismatch")}}}Pi.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},Pi.blockLength=vi,Pi.ivLength=15,Pi.tagLength=Ki;const Di=M.getWebCrypto(),xi=M.getNodeCrypto(),Qi=M.getNodeBuffer(),Ri=16,Ti="AES-GCM";async function Mi(e,t){if(e!==Q.symmetric.aes128&&e!==Q.symmetric.aes192&&e!==Q.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(M.getNodeCrypto())return{encrypt:async function(e,r,n=new Uint8Array){const i=new xi.createCipheriv("aes-"+8*t.length+"-gcm",t,r);i.setAAD(n);const s=Qi.concat([i.update(e),i.final(),i.getAuthTag()]);return new Uint8Array(s)},decrypt:async function(e,r,n=new Uint8Array){const i=new xi.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);i.setAAD(n),i.setAuthTag(e.slice(e.length-Ri,e.length));const s=Qi.concat([i.update(e.slice(0,e.length-Ri)),i.final()]);return new Uint8Array(s)}};if(M.getWebCrypto())try{const e=await Di.importKey("raw",t,{name:Ti},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(n,i,s=new Uint8Array){if(r&&!n.length)return yr(t,i,s).encrypt(n);const a=await Di.encrypt({name:Ti,iv:i,additionalData:s,tagLength:128},e,n);return new Uint8Array(a)},decrypt:async function(n,i,s=new Uint8Array){if(r&&n.length===Ri)return yr(t,i,s).decrypt(n);try{const t=await Di.decrypt({name:Ti,iv:i,additionalData:s,tagLength:128},e,n);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;M.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,n){return yr(t,r,n).encrypt(e)},decrypt:async function(e,r,n){return yr(t,r,n).decrypt(e)}}}function Li(e,t=!1){switch(e){case Q.aead.eax:return Ei;case Q.aead.ocb:return Pi;case Q.aead.gcm:return Mi;case Q.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return Mi;default:throw Error("Unsupported AEAD mode")}}async function Fi(e,t,r,n,i,s){switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await ze(i,e,t)}}case Q.publicKey.elgamal:{const{p:e,g:t,y:n}=r;return async function(e,t,r,n){t=te(t),r=te(r),n=te(n);const i=te(Te(e,ue(t))),s=ye(Ye,t-Ye);return{c1:he(ne(r,s,t)),c2:he(re(ne(n,s,t)*i,t))}}(i,e,t,n)}case Q.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:n}=r,{publicKey:a,wrappedKey:o}=await gn(e,n,i,t,s);return{V:a,C:new Nn(o)}}case Q.publicKey.x25519:case Q.publicKey.x448:{if(t&&!M.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:n}=r,{ephemeralPublicKey:s,wrappedKey:a}=await xr(e,i,n);return{ephemeralPublicKey:s,C:Vn.fromObject({algorithm:t,wrappedKey:a})}}case Q.publicKey.aead:{if(!n)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:s}=n,a=R.preferredAEADAlgorithm,o=Li(R.preferredAEADAlgorithm),{ivLength:c}=o,u=fe(c),h=await o(t,s),l=await h.encrypt(i,u,new Uint8Array);return{aeadMode:new Gn(a),iv:u,c:new _n(l)}}case Q.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:n,mlkemPublicKey:s}=r,{eccCipherText:a,mlkemCipherText:o,wrappedKey:c}=await Pn(e,n,s,i);return{eccCipherText:a,mlkemCipherText:o,C:Vn.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function Oi(e,t,r,n,i,s){switch(e){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:{const{c:e}=n,{n:i,e:a}=t,{d:o,p:c,q:u,u:h}=r;return Ge(e,i,a,o,c,u,h,s)}case Q.publicKey.elgamal:{const{c1:e,c2:i}=n;return async function(e,t,r,n,i){return e=te(e),t=te(t),r=te(r),Me(he(re(se(ne(e,n=te(n),r),r)*t,r),"be",ue(r)),i)}(e,i,t.p,r.x,s)}case Q.publicKey.ecdh:{const{oid:e,Q:s,kdfParams:a}=t,{d:o}=r,{V:c,C:u}=n;return wn(e,a,c,u.data,s,o,i)}case Q.publicKey.x25519:case Q.publicKey.x448:{const{A:i}=t,{k:s}=r,{ephemeralPublicKey:a,C:o}=n;if(null!==o.algorithm&&!M.isAES(o.algorithm))throw Error("AES session key expected");return Qr(e,a,o.wrappedKey,i,s)}case Q.publicKey.aead:{const{cipher:e}=t,i=e.getValue(),{keyMaterial:s}=r,{aeadMode:a,iv:o,c}=n,u=Li(a.getValue());return(await u(i,s)).decrypt(c.data,o,new Uint8Array)}case Q.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSecretKey:s}=r,{eccPublicKey:a,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=n;return Dn(e,c,u,i,a,s,0,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function Ni(e,t,r){let n=0;switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:{const e=M.readMPI(t.subarray(n));n+=e.length+2;const r=M.readMPI(t.subarray(n));n+=r.length+2;const i=M.readMPI(t.subarray(n));n+=i.length+2;const s=M.readMPI(t.subarray(n));return n+=s.length+2,{read:n,privateParams:{d:e,p:r,q:i,u:s}}}case Q.publicKey.dsa:case Q.publicKey.elgamal:{const e=M.readMPI(t.subarray(n));return n+=e.length+2,{read:n,privateParams:{x:e}}}case Q.publicKey.ecdsa:case Q.publicKey.ecdh:{const i=Vi(e,r.oid);let s=M.readMPI(t.subarray(n));return n+=s.length+2,s=M.leftPad(s,i),{read:n,privateParams:{d:s}}}case Q.publicKey.eddsaLegacy:{const i=Vi(e,r.oid);if(r.oid.getName()!==Q.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let s=M.readMPI(t.subarray(n));return n+=s.length+2,s=M.leftPad(s,i),{read:n,privateParams:{seed:s}}}case Q.publicKey.ed25519:case Q.publicKey.ed448:{const r=Vi(e),i=M.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{seed:i}}}case Q.publicKey.x25519:case Q.publicKey.x448:{const r=Vi(e),i=M.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{k:i}}}case Q.publicKey.hmac:{const{cipher:e}=r,i=Qe(e.getValue()),s=t.subarray(n,n+32);n+=32;const a=t.subarray(n,n+i);return n+=i,{read:n,privateParams:{hashSeed:s,keyMaterial:a}}}case Q.publicKey.aead:{const{cipher:e}=r,i=t.subarray(n,n+32);n+=32;const{keySize:s}=Kr(e.getValue()),a=t.subarray(n,n+s);return n+=s,{read:n,privateParams:{hashSeed:i,keyMaterial:a}}}case Q.publicKey.pqc_mlkem_x25519:{const r=M.readExactSubarray(t,n,n+Vi(Q.publicKey.x25519));n+=r.length;const i=M.readExactSubarray(t,n,n+64);n+=i.length;const{mlkemSecretKey:s}=await Cn(e,i);return{read:n,privateParams:{eccSecretKey:r,mlkemSecretKey:s,mlkemSeed:i}}}case Q.publicKey.pqc_mldsa_ed25519:{const r=M.readExactSubarray(t,n,n+Vi(Q.publicKey.ed25519));n+=r.length;const i=M.readExactSubarray(t,n,n+32);n+=i.length;const{mldsaSecretKey:s}=await Rn(e,i);return{read:n,privateParams:{eccSecretKey:r,mldsaSecretKey:s,mldsaSeed:i}}}default:throw new it("Unknown public key encryption algorithm.")}}function _i(e,t){const r=new Set([Q.publicKey.ed25519,Q.publicKey.x25519,Q.publicKey.ed448,Q.publicKey.x448,Q.publicKey.aead,Q.publicKey.hmac,Q.publicKey.pqc_mlkem_x25519,Q.publicKey.pqc_mldsa_ed25519]),n={[Q.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[Q.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},i=Object.keys(t).map((i=>{if(n[e]?.has(i))return new Uint8Array;const s=t[i];return M.isUint8Array(s)?r.has(e)?s:M.uint8ArrayToMPI(s):s.write()}));return M.concatUint8Array(i)}async function Hi(e,t,r,n){switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),M.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:he(t),hash:{name:"SHA-1"}},n=await Fe.generateKey(r,!0,["sign","verify"]);return Ve(await Fe.exportKey("jwk",n.privateKey),t)}if(M.getNodeCrypto()){const r={modulusLength:e,publicExponent:ae(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},n=await new Promise(((e,t)=>{Oe.generateKeyPair("rsa",r,((r,n,i)=>{r?t(r):e(i)}))}));return Ve(n,t)}let r,n,i;do{n=de(e-(e>>1),t,40),r=de(e>>1,t,40),i=r*n}while(ce(i)!==e);const s=(r-Ne)*(n-Ne);return n<r&&([r,n]=[n,r]),{n:he(i),e:he(t),d:he(se(t,s)),p:he(r),q:he(n),u:he(se(r,n))}}(t,65537).then((({n:e,e:t,d:r,p:n,q:i,u:s})=>({privateParams:{d:r,p:n,q:i,u:s},publicParams:{n:e,e:t}})));case Q.publicKey.ecdsa:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Je(e),Q:t}})));case Q.publicKey.eddsaLegacy:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Je(e),Q:t}})));case Q.publicKey.ecdh:return Vr(r).then((({oid:e,Q:t,secret:r,hash:n,cipher:i})=>({privateParams:{d:r},publicParams:{oid:new Je(e),Q:t,kdfParams:new Hn({hash:n,cipher:i})}})));case Q.publicKey.ed25519:case Q.publicKey.ed448:return ct(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case Q.publicKey.x25519:case Q.publicKey.x448:return Pr(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case Q.publicKey.hmac:return zi(await async function(e){if(!Sn.has(e))throw Error("Unsupported hash algorithm.");const t=Q.read(Q.webHash,e),r=In||Bn.webcrypto.subtle,n=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),i=await r.exportKey("raw",n);return new Uint8Array(i)}(n),new jn(n));case Q.publicKey.aead:return zi(qi(n),new qn(n));case Q.publicKey.pqc_mlkem_x25519:return Un(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:n,mlkemPublicKey:i})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:n},publicParams:{eccPublicKey:t,mlkemPublicKey:i}})));case Q.publicKey.pqc_mldsa_ed25519:return Tn(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:n,mldsaPublicKey:i})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:n},publicParams:{eccPublicKey:t,mldsaPublicKey:i}})));case Q.publicKey.dsa:case Q.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function zi(e,t){const r=fe(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await xe(Q.hash.sha256,r)}}}async function Gi(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:{const{n:e,e:n}=t,{d:i,p:s,q:a,u:o}=r;return async function(e,t,r,n,i,s){if(e=te(e),(n=te(n))*(i=te(i))!==e)return!1;const a=BigInt(2);if(re(n*(s=te(s)),i)!==BigInt(1))return!1;t=te(t),r=te(r);const o=ye(a,a<<BigInt(Math.floor(ce(e)/3))),c=o*r*t;return!(re(c,n-Ne)!==o||re(c,i-Ne)!==o)}(e,n,i,s,a,o)}case Q.publicKey.dsa:{const{p:e,q:n,g:i,y:s}=t,{x:a}=r;return async function(e,t,r,n,i){if(e=te(e),t=te(t),r=te(r),n=te(n),r<=Kn||r>=e)return!1;if(re(e-Kn,t)!==vn)return!1;if(ne(r,t,e)!==Kn)return!1;const s=BigInt(ce(t));if(s<BigInt(150)||!ge(t,null,32))return!1;i=te(i);const a=BigInt(2);return n===ne(r,t*ye(a<<s-Kn,a<<s)+i,e)}(e,n,i,s,a)}case Q.publicKey.elgamal:{const{p:e,g:n,y:i}=t,{x:s}=r;return async function(e,t,r,n){if(e=te(e),t=te(t),r=te(r),t<=Ye||t>=e)return!1;const i=BigInt(ce(e));if(i<BigInt(1023))return!1;if(ne(t,e-Ye,e)!==Ye)return!1;let s=t,a=BigInt(1);const o=BigInt(2),c=o<<BigInt(17);for(;a<c;){if(s=re(s*t,e),s===Ye)return!1;a++}n=te(n);const u=ye(o<<i-Ye,o<<i);return r===ne(t,(e-Ye)*u+n,e)}(e,n,i,s)}case Q.publicKey.ecdsa:case Q.publicKey.ecdh:{const n=En[Q.read(Q.publicKey,e)],{oid:i,Q:s}=t,{d:a}=r;return n.validateParams(i,s,a)}case Q.publicKey.eddsaLegacy:{const{Q:e,oid:n}=t,{seed:i}=r;return hn(n,e,i)}case Q.publicKey.ed25519:case Q.publicKey.ed448:{const{A:n}=t,{seed:i}=r;return lt(e,n,i)}case Q.publicKey.x25519:case Q.publicKey.x448:{const{A:n}=t,{k:i}=r;return Dr(e,n,i)}case Q.publicKey.hmac:{const{cipher:e,digest:n}=t,{hashSeed:i,keyMaterial:s}=r;return Qe(e.getValue())===s.length&&M.equalsUint8Array(n,await xe(Q.hash.sha256,i))}case Q.publicKey.aead:{const{cipher:e,digest:n}=t,{hashSeed:i,keyMaterial:s}=r,{keySize:a}=Kr(e.getValue());return a===s.length&&M.equalsUint8Array(n,await xe(Q.hash.sha256,i))}case Q.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:n,mlkemSeed:i}=r,{eccPublicKey:s,mlkemPublicKey:a}=t;return Qn(e,s,n,a,i)}case Q.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:n,mldsaSeed:i}=r,{eccPublicKey:s,mldsaPublicKey:a}=t;return On(e,s,n,a,i)}default:throw Error("Unknown public key algorithm.")}}function qi(e){const{keySize:t}=Kr(e);return fe(t)}function ji(e){try{e.getName()}catch(e){throw new it("Unknown curve OID")}}function Vi(e,t){switch(e){case Q.publicKey.ecdsa:case Q.publicKey.ecdh:case Q.publicKey.eddsaLegacy:return new jr(t).payloadSize;case Q.publicKey.ed25519:case Q.publicKey.ed448:return ft(e);case Q.publicKey.x25519:case Q.publicKey.x448:return Rr(e);default:throw Error("Unknown elliptic algo")}}async function Yi(e,t,r,n,i,s,a){switch(e){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaSign:{const{n:e,e:i}=n;return He(t,s,M.leftPad(r.s,e.length),e,i,a)}case Q.publicKey.dsa:{const{g:e,p:t,q:i,y:s}=n,{r:o,s:c}=r;return async function(e,t,r,n,i,s,a,o){if(t=te(t),r=te(r),s=te(s),a=te(a),i=te(i),o=te(o),t<=vn||t>=a||r<=vn||r>=a)return M.printDebug("invalid DSA Signature"),!1;const c=re(te(n.subarray(0,ue(a))),a),u=se(r,a);if(u===vn)return M.printDebug("invalid DSA Signature"),!1;i=re(i,s),o=re(o,s);const h=re(c*u,a),l=re(t*u,a);return re(re(ne(i,h,s)*ne(o,l,s),s),a)===t}(0,o,c,a,e,t,i,s)}case Q.publicKey.ecdsa:{const{oid:e,Q:i}=n,o=new jr(e).payloadSize;return sn(e,t,{r:M.leftPad(r.r,o),s:M.leftPad(r.s,o)},s,i,a)}case Q.publicKey.eddsaLegacy:{if(Qe(t)<Qe(Q.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:i}=n,s=new jr(e).payloadSize;return un(e,0,{r:M.leftPad(r.r,s),s:M.leftPad(r.s,s)},0,i,a)}case Q.publicKey.ed25519:case Q.publicKey.ed448:{if(Qe(t)<Qe(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:i}=n;return ht(e,0,r,0,i,a)}case Q.publicKey.hmac:{if(!i)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=n,{keyMaterial:t}=i;return async function(e,t,r,n){if(!Sn.has(e))throw Error("Unsupported hash algorithm.");const i=Q.read(Q.webHash,e),s=In||Bn.webcrypto.subtle,a=await s.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["verify"]);return s.verify("HMAC",a,r,n)}(e.getValue(),t,r.mac.data,a)}case Q.publicKey.pqc_mldsa_ed25519:{if(!Fn(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:i,mldsaPublicKey:s}=n;return Ln(e,0,i,s,a,r)}default:throw Error("Unknown signature algorithm.")}}async function Zi(e,t,r,n,i,s){if(!r||!n)throw Error("Missing key parameters");switch(e){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaSign:{const{n:e,e:a}=r,{d:o,p:c,q:u,u:h}=n;return{s:await _e(t,i,e,a,o,c,u,h,s)}}case Q.publicKey.dsa:{const{g:e,p:t,q:i}=r,{x:a}=n;return async function(e,t,r,n,i,s){const a=BigInt(0);let o,c,u,h;n=te(n),i=te(i),r=te(r),s=te(s),r=re(r,n),s=re(s,i);const l=re(te(t.subarray(0,ue(i))),i);for(;;){if(o=ye(Kn,i),c=re(ne(r,o,n),i),c===a)continue;const e=re(s*c,i);if(h=re(l+e,i),u=re(se(o,i)*h,i),u!==a)break}return{r:he(c,"be",ue(n)),s:he(u,"be",ue(n))}}(0,s,e,t,i,a)}case Q.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case Q.publicKey.ecdsa:{const{oid:e,Q:a}=r,{d:o}=n;return nn(e,t,i,a,o,s)}case Q.publicKey.eddsaLegacy:{if(Qe(t)<Qe(Q.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:i}=r,{seed:a}=n;return cn(e,0,0,i,a,s)}case Q.publicKey.ed25519:case Q.publicKey.ed448:{if(Qe(t)<Qe(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:i}=r,{seed:a}=n;return ut(e,0,0,i,a,s)}case Q.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=n,i=await async function(e,t,r){if(!Sn.has(e))throw Error("Unsupported hash algorithm.");const n=Q.read(Q.webHash,e),i=In||Bn.webcrypto.subtle,s=await i.importKey("raw",t,{name:"HMAC",hash:{name:n}},!1,["sign"]),a=await i.sign("HMAC",s,r);return new Uint8Array(a)}(e.getValue(),t,s);return{mac:new _n(i)}}case Q.publicKey.pqc_mldsa_ed25519:{if(!Fn(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:i}=r,{eccSecretKey:a,mldsaSecretKey:o}=n;return Mn(e,0,a,i,o,s)}default:throw Error("Unknown signature algorithm.")}}Mi.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},Mi.blockLength=16,Mi.ivLength=12,Mi.tagLength=Ri;class Ji extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Ji),this.name="Argon2OutOfMemoryError"}}let Xi,Wi,$i=2<<19;class es{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return $i}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){$i=e}static reloadWasmModule(){Xi&&(Wi=Xi(),Wi.catch((()=>{})))}constructor(e=R){const{passes:t,parallelism:r,memoryExponent:n}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=n}generateSalt(){this.salt=fe(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([Q.write(Q.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return M.concatUint8Array(e)}async produceKey(e,t){const r=2<<this.encodedM-1;try{Xi=Xi||(await Promise.resolve().then((function(){return zd}))).default,Wi=Wi||Xi();const n=await Wi,i=n({version:19,type:2,password:M.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:r,parallelism:this.p,passes:this.t});return r>es.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&es.reloadWasmModule(),i}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new Ji("Could not allocate required memory for Argon2"):e}}}class ts{constructor(e,t=R){this.algorithm=Q.hash.sha256,this.type=Q.read(Q.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=fe(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==M.uint8ArrayToString(e.subarray(t,t+3)))throw new it("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new it("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new it("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...M.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([Q.write(Q.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return M.concatUint8Array(e)}async produceKey(e,t){e=M.encodeUTF8(e);const r=[];let n=0,i=0;for(;n<t;){let t;switch(this.type){case"simple":t=M.concatUint8Array([new Uint8Array(i),e]);break;case"salted":t=M.concatUint8Array([new Uint8Array(i),this.salt,e]);break;case"iterated":{const r=M.concatUint8Array([this.salt,e]);let n=r.length;const s=Math.max(this.getCount(),n);t=new Uint8Array(i+s),t.set(r,i);for(let e=i+n;e<s;e+=n,n*=2)t.copyWithin(e,i,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const s=await xe(this.algorithm,t);r.push(s),n+=s.length,i++}return M.concatUint8Array(r).subarray(0,t)}}const rs=new Set([Q.s2k.argon2,Q.s2k.iterated]);function ns(e,t=R){switch(e){case Q.s2k.argon2:return new es(t);case Q.s2k.iterated:case Q.s2k.gnu:case Q.s2k.salted:case Q.s2k.simple:return new ts(e,t);default:throw new it("Unsupported S2K type")}}function is(e){const{s2kType:t}=e;if(!rs.has(t))throw Error("The provided `config.s2kType` value is not allowed");return ns(t,e)}var ss=Uint8Array,as=Uint16Array,os=Int32Array,cs=new ss([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),us=new ss([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),hs=new ss([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),ls=function(e,t){for(var r=new as(31),n=0;n<31;++n)r[n]=t+=1<<e[n-1];var i=new os(r[30]);for(n=1;n<30;++n)for(var s=r[n];s<r[n+1];++s)i[s]=s-r[n]<<5|n;return{b:r,r:i}},fs=ls(cs,2),ys=fs.b,ps=fs.r;ys[28]=258,ps[258]=28;for(var ds=ls(us,0),gs=ds.b,As=ds.r,ws=new as(32768),ms=0;ms<32768;++ms){var bs=(43690&ms)>>1|(21845&ms)<<1;bs=(61680&(bs=(52428&bs)>>2|(13107&bs)<<2))>>4|(3855&bs)<<4,ws[ms]=((65280&bs)>>8|(255&bs)<<8)>>1}var ks=function(e,t,r){for(var n=e.length,i=0,s=new as(t);i<n;++i)e[i]&&++s[e[i]-1];var a,o=new as(t);for(i=1;i<t;++i)o[i]=o[i-1]+s[i-1]<<1;if(r){a=new as(1<<t);var c=15-t;for(i=0;i<n;++i)if(e[i])for(var u=i<<4|e[i],h=t-e[i],l=o[e[i]-1]++<<h,f=l|(1<<h)-1;l<=f;++l)a[ws[l]>>c]=u}else for(a=new as(n),i=0;i<n;++i)e[i]&&(a[i]=ws[o[e[i]-1]++]>>15-e[i]);return a},Es=new ss(288);for(ms=0;ms<144;++ms)Es[ms]=8;for(ms=144;ms<256;++ms)Es[ms]=9;for(ms=256;ms<280;++ms)Es[ms]=7;for(ms=280;ms<288;++ms)Es[ms]=8;var vs=new ss(32);for(ms=0;ms<32;++ms)vs[ms]=5;var Ks=/*#__PURE__*/ks(Es,9,0),Ss=/*#__PURE__*/ks(Es,9,1),Is=/*#__PURE__*/ks(vs,5,0),Bs=/*#__PURE__*/ks(vs,5,1),Cs=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},Us=function(e,t,r){var n=t/8|0;return(e[n]|e[n+1]<<8)>>(7&t)&r},Ps=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},Ds=function(e){return(e+7)/8|0},xs=function(e,t,r){return(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length),new ss(e.subarray(t,r))},Qs=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Rs=function(e,t,r){var n=Error(t||Qs[e]);if(n.code=e,Error.captureStackTrace&&Error.captureStackTrace(n,Rs),!r)throw n;return n},Ts=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>8},Ms=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>8,e[n+2]|=r>>16},Ls=function(e,t){for(var r=[],n=0;n<e.length;++n)e[n]&&r.push({s:n,f:e[n]});var i=r.length,s=r.slice();if(!i)return{t:Gs,l:0};if(1==i){var a=new ss(r[0].s+1);return a[r[0].s]=1,{t:a,l:1}}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=i-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var f=s[0].s;for(n=1;n<i;++n)s[n].s>f&&(f=s[n].s);var y=new as(f+1),p=Fs(r[h-1],y,0);if(p>t){n=0;var d=0,g=p-t,A=1<<g;for(s.sort((function(e,t){return y[t.s]-y[e.s]||e.f-t.f}));n<i;++n){var w=s[n].s;if(!(y[w]>t))break;d+=A-(1<<p-y[w]),y[w]=t}for(d>>=g;d>0;){var m=s[n].s;y[m]<t?d-=1<<t-y[m]++-1:++n}for(;n>=0&&d;--n){var b=s[n].s;y[b]==t&&(--y[b],++d)}p=t}return{t:new ss(y),l:p}},Fs=function(e,t,r){return-1==e.s?Math.max(Fs(e.l,t,r+1),Fs(e.r,t,r+1)):t[e.s]=r},Os=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new as(++t),n=0,i=e[0],s=1,a=function(e){r[n++]=e},o=1;o<=t;++o)if(e[o]==i&&o!=t)++s;else{if(!i&&s>2){for(;s>138;s-=138)a(32754);s>2&&(a(s>10?s-11<<5|28690:s-3<<5|12305),s=0)}else if(s>3){for(a(i),--s;s>6;s-=6)a(8304);s>2&&(a(s-3<<5|8208),s=0)}for(;s--;)a(i);s=1,i=e[o]}return{c:r.subarray(0,n),n:t}},Ns=function(e,t){for(var r=0,n=0;n<t.length;++n)r+=e[n]*t[n];return r},_s=function(e,t,r){var n=r.length,i=Ds(t+2);e[i]=255&n,e[i+1]=n>>8,e[i+2]=255^e[i],e[i+3]=255^e[i+1];for(var s=0;s<n;++s)e[i+s+4]=r[s];return 8*(i+4+n)},Hs=function(e,t,r,n,i,s,a,o,c,u,h){Ts(t,h++,r),++i[256];for(var l=Ls(i,15),f=l.t,y=l.l,p=Ls(s,15),d=p.t,g=p.l,A=Os(f),w=A.c,m=A.n,b=Os(d),k=b.c,E=b.n,v=new as(19),K=0;K<w.length;++K)++v[31&w[K]];for(K=0;K<k.length;++K)++v[31&k[K]];for(var S=Ls(v,7),I=S.t,B=S.l,C=19;C>4&&!I[hs[C-1]];--C);var U,P,D,x,Q=u+5<<3,R=Ns(i,Es)+Ns(s,vs)+a,T=Ns(i,f)+Ns(s,d)+a+14+3*C+Ns(v,I)+2*v[16]+3*v[17]+7*v[18];if(c>=0&&Q<=R&&Q<=T)return _s(t,h,e.subarray(c,c+u));if(Ts(t,h,1+(T<R)),h+=2,T<R){U=ks(f,y,0),P=f,D=ks(d,g,0),x=d;var M=ks(I,B,0);Ts(t,h,m-257),Ts(t,h+5,E-1),Ts(t,h+10,C-4),h+=14;for(K=0;K<C;++K)Ts(t,h+3*K,I[hs[K]]);h+=3*C;for(var L=[w,k],F=0;F<2;++F){var O=L[F];for(K=0;K<O.length;++K){var N=31&O[K];Ts(t,h,M[N]),h+=I[N],N>15&&(Ts(t,h,O[K]>>5&127),h+=O[K]>>12)}}}else U=Ks,P=Es,D=Is,x=vs;for(K=0;K<o;++K){var _=n[K];if(_>255){Ms(t,h,U[(N=_>>18&31)+257]),h+=P[N+257],N>7&&(Ts(t,h,_>>23&31),h+=cs[N]);var H=31&_;Ms(t,h,D[H]),h+=x[H],H>3&&(Ms(t,h,_>>5&8191),h+=us[H])}else Ms(t,h,U[_]),h+=P[_]}return Ms(t,h,U[256]),h+P[256]},zs=/*#__PURE__*/new os([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),Gs=/*#__PURE__*/new ss(0),qs=function(){var e=1,t=0;return{p:function(r){for(var n=e,i=t,s=0|r.length,a=0;a!=s;){for(var o=Math.min(a+2655,s);a<o;++a)i+=n+=r[a];n=(65535&n)+15*(n>>16),i=(65535&i)+15*(i>>16)}e=n,t=i},d:function(){return(255&(e%=65521))<<24|(65280&e)<<8|(255&(t%=65521))<<8|t>>8}}},js=function(e,t,r,n,i){if(!i&&(i={l:1},t.dictionary)){var s=t.dictionary.subarray(-32768),a=new ss(s.length+e.length);a.set(s),a.set(e,s.length),e=a,i.w=s.length}return function(e,t,r,n,i,s){var a=s.z||e.length,o=new ss(n+a+5*(1+Math.ceil(a/7e3))+i),c=o.subarray(n,o.length-i),u=s.l,h=7&(s.r||0);if(t){h&&(c[0]=s.r>>3);for(var l=zs[t-1],f=l>>13,y=8191&l,p=(1<<r)-1,d=s.p||new as(32768),g=s.h||new as(p+1),A=Math.ceil(r/3),w=2*A,m=function(t){return(e[t]^e[t+1]<<A^e[t+2]<<w)&p},b=new os(25e3),k=new as(288),E=new as(32),v=0,K=0,S=s.i||0,I=0,B=s.w||0,C=0;S+2<a;++S){var U=m(S),P=32767&S,D=g[U];if(d[P]=D,g[U]=P,B<=S){var x=a-S;if((v>7e3||I>24576)&&(x>423||!u)){h=Hs(e,c,0,b,k,E,K,I,C,S-C,h),I=v=K=0,C=S;for(var Q=0;Q<286;++Q)k[Q]=0;for(Q=0;Q<30;++Q)E[Q]=0}var R=2,T=0,M=y,L=P-D&32767;if(x>2&&U==m(S-L))for(var F=Math.min(f,x)-1,O=Math.min(32767,S),N=Math.min(258,x);L<=O&&--M&&P!=D;){if(e[S+R]==e[S+R-L]){for(var _=0;_<N&&e[S+_]==e[S+_-L];++_);if(_>R){if(R=_,T=L,_>F)break;var H=Math.min(L,_-2),z=0;for(Q=0;Q<H;++Q){var G=S-L+Q&32767,q=G-d[G]&32767;q>z&&(z=q,D=G)}}}L+=(P=D)-(D=d[P])&32767}if(T){b[I++]=268435456|ps[R]<<18|As[T];var j=31&ps[R],V=31&As[T];K+=cs[j]+us[V],++k[257+j],++E[V],B=S+R,++v}else b[I++]=e[S],++k[e[S]]}}for(S=Math.max(S,B);S<a;++S)b[I++]=e[S],++k[e[S]];h=Hs(e,c,u,b,k,E,K,I,C,S-C,h),u||(s.r=7&h|c[h/8|0]<<3,h-=7,s.h=g,s.p=d,s.i=S,s.w=B)}else{for(S=s.w||0;S<a+u;S+=65535){var Y=S+65535;Y>=a&&(c[h/8|0]=u,Y=a),h=_s(c,h+1,e.subarray(S,Y))}s.i=a}return xs(o,0,n+Ds(h)+i)}(e,null==t.level?6:t.level,null==t.mem?i.l?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):20:12+t.mem,r,n,i)},Vs=function(e,t,r){for(;r;++t)e[t]=r,r>>>=8},Ys=/*#__PURE__*/function(){function e(e,t){if("function"==typeof e&&(t=e,e={}),this.ondata=t,this.o=e||{},this.s={l:0,i:32768,w:32768,z:32768},this.b=new ss(98304),this.o.dictionary){var r=this.o.dictionary.subarray(-32768);this.b.set(r,32768-r.length),this.s.i=32768-r.length}}return e.prototype.p=function(e,t){this.ondata(js(e,this.o,0,0,this.s),t)},e.prototype.push=function(e,t){this.ondata||Rs(5),this.s.l&&Rs(4);var r=e.length+this.s.z;if(r>this.b.length){if(r>2*this.b.length-32768){var n=new ss(-32768&r);n.set(this.b.subarray(0,this.s.z)),this.b=n}var i=this.b.length-this.s.z;this.b.set(e.subarray(0,i),this.s.z),this.s.z=this.b.length,this.p(this.b,!1),this.b.set(this.b.subarray(-32768)),this.b.set(e.subarray(i),32768),this.s.z=e.length-i+32768,this.s.i=32766,this.s.w=32768}else this.b.set(e,this.s.z),this.s.z+=e.length;this.s.l=1&t,(this.s.z>this.s.w+8191||t)&&(this.p(this.b,t||!1),this.s.w=this.s.i,this.s.i-=2)},e.prototype.flush=function(){this.ondata||Rs(5),this.s.l&&Rs(4),this.p(this.b,!1),this.s.w=this.s.i,this.s.i-=2},e}(),Zs=/*#__PURE__*/function(){function e(e,t){"function"==typeof e&&(t=e,e={}),this.ondata=t;var r=e&&e.dictionary&&e.dictionary.subarray(-32768);this.s={i:0,b:r?r.length:0},this.o=new ss(32768),this.p=new ss(0),r&&this.o.set(r)}return e.prototype.e=function(e){if(this.ondata||Rs(5),this.d&&Rs(4),this.p.length){if(e.length){var t=new ss(this.p.length+e.length);t.set(this.p),t.set(e,this.p.length),this.p=t}}else this.p=e},e.prototype.c=function(e){this.s.i=+(this.d=e||!1);var t=this.s.b,r=function(e,t,r,n){var i=e.length;if(!i||t.f&&!t.l)return r||new ss(0);var s=!r,a=s||2!=t.i,o=t.i;s&&(r=new ss(3*i));var c=function(e){var t=r.length;if(e>t){var n=new ss(Math.max(2*t,e));n.set(r),r=n}},u=t.f||0,h=t.p||0,l=t.b||0,f=t.l,y=t.d,p=t.m,d=t.n,g=8*i;do{if(!f){u=Us(e,h,1);var A=Us(e,h+1,3);if(h+=3,!A){var w=e[(U=Ds(h)+4)-4]|e[U-3]<<8,m=U+w;if(m>i){o&&Rs(0);break}a&&c(l+w),r.set(e.subarray(U,m),l),t.b=l+=w,t.p=h=8*m,t.f=u;continue}if(1==A)f=Ss,y=Bs,p=9,d=5;else if(2==A){var b=Us(e,h,31)+257,k=Us(e,h+10,15)+4,E=b+Us(e,h+5,31)+1;h+=14;for(var v=new ss(E),K=new ss(19),S=0;S<k;++S)K[hs[S]]=Us(e,h+3*S,7);h+=3*k;var I=Cs(K),B=(1<<I)-1,C=ks(K,I,1);for(S=0;S<E;){var U,P=C[Us(e,h,B)];if(h+=15&P,(U=P>>4)<16)v[S++]=U;else{var D=0,x=0;for(16==U?(x=3+Us(e,h,3),h+=2,D=v[S-1]):17==U?(x=3+Us(e,h,7),h+=3):18==U&&(x=11+Us(e,h,127),h+=7);x--;)v[S++]=D}}var Q=v.subarray(0,b),R=v.subarray(b);p=Cs(Q),d=Cs(R),f=ks(Q,p,1),y=ks(R,d,1)}else Rs(1);if(h>g){o&&Rs(0);break}}a&&c(l+131072);for(var T=(1<<p)-1,M=(1<<d)-1,L=h;;L=h){var F=(D=f[Ps(e,h)&T])>>4;if((h+=15&D)>g){o&&Rs(0);break}if(D||Rs(2),F<256)r[l++]=F;else{if(256==F){L=h,f=null;break}var O=F-254;if(F>264){var N=cs[S=F-257];O=Us(e,h,(1<<N)-1)+ys[S],h+=N}var _=y[Ps(e,h)&M],H=_>>4;if(_||Rs(3),h+=15&_,R=gs[H],H>3&&(N=us[H],R+=Ps(e,h)&(1<<N)-1,h+=N),h>g){o&&Rs(0);break}a&&c(l+131072);var z=l+O;if(l<R){var G=0-R,q=Math.min(R,z);for(G+l<0&&Rs(3);l<q;++l)r[l]=n[G+l]}for(;l<z;++l)r[l]=r[l-R]}}t.l=f,t.p=L,t.b=l,t.f=u,f&&(u=1,t.m=p,t.d=y,t.n=d)}while(!u);return l!=r.length&&s?xs(r,0,l):r.subarray(0,l)}(this.p,this.s,this.o);this.ondata(xs(r,t,this.s.b),this.d),this.o=xs(r,this.s.b-32768),this.s.b=this.o.length,this.p=xs(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),Js=/*#__PURE__*/function(){function e(e,t){this.c=qs(),this.v=1,Ys.call(this,e,t)}return e.prototype.push=function(e,t){this.c.p(e),Ys.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){var r=js(e,this.o,this.v&&(this.o.dictionary?6:2),t&&4,this.s);this.v&&(function(e,t){var r=t.level,n=0==r?0:r<6?1:9==r?3:2;if(e[0]=120,e[1]=n<<6|(t.dictionary&&32),e[1]|=31-(e[0]<<8|e[1])%31,t.dictionary){var i=qs();i.p(t.dictionary),Vs(e,2,i.d())}}(r,this.o),this.v=0),t&&Vs(r,r.length-4,this.c.d()),this.ondata(r,t)},e.prototype.flush=function(){Ys.prototype.flush.call(this)},e}(),Xs=/*#__PURE__*/function(){function e(e,t){Zs.call(this,e,t),this.v=e&&e.dictionary?2:1}return e.prototype.push=function(e,t){if(Zs.prototype.e.call(this,e),this.v){if(this.p.length<6&&!t)return;this.p=this.p.subarray((r=this.p,n=this.v-1,(8!=(15&r[0])||r[0]>>4>7||(r[0]<<8|r[1])%31)&&Rs(6,"invalid zlib data"),(r[1]>>5&1)==+!n&&Rs(6,"invalid zlib data: "+(32&r[1]?"need":"unexpected")+" dictionary"),2+(r[1]>>3&4))),this.v=0}var r,n;t&&(this.p.length<4&&Rs(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),Zs.prototype.c.call(this,t)},e}(),Ws="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Ws.decode(Gs,{stream:!0})}catch(e){}class $s{static get tag(){return Q.packet.literalData}constructor(e=new Date){this.format=Q.literal.utf8,this.date=M.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=Q.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||M.isStream(this.text))&&(this.text=M.decodeUTF8(M.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=M.canonicalizeEOL(M.encodeUTF8(this.text))),e?K(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await E(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=M.decodeUTF8(await e.readBytes(r)),this.date=M.readDate(await e.readBytes(4));let n=e.remainder();a(n)&&(n=await B(n)),this.setBytes(n,t)}))}writeHeader(){const e=M.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),n=M.writeDate(this.date);return M.concatUint8Array([r,t,e,n])}write(){const e=this.writeHeader(),t=this.getBytes();return M.concat([e,t])}}class ea{constructor(){this.bytes=""}read(e){return this.bytes=M.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return M.stringToUint8Array(this.bytes)}toHex(){return M.uint8ArrayToHex(M.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new ea;return t.read(M.hexToUint8Array(e)),t}static wildcard(){const e=new ea;return e.read(new Uint8Array(8)),e}}const ta=Symbol("verified"),ra="salt@notations.openpgpjs.org",na=new Set([Q.signatureSubpacket.issuerKeyID,Q.signatureSubpacket.issuerFingerprint,Q.signatureSubpacket.embeddedSignature]);class ia{static get tag(){return Q.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new ea,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[ta]=null}read(e,t=R){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const n=e.subarray(r,e.length),{read:i,signatureParams:s}=function(e,t){let r=0;switch(e){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaSign:{const e=M.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case Q.publicKey.dsa:case Q.publicKey.ecdsa:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case Q.publicKey.eddsaLegacy:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case Q.publicKey.ed25519:case Q.publicKey.ed448:{const n=2*ft(e),i=M.readExactSubarray(t,r,r+n);return r+=i.length,{read:r,signatureParams:{RS:i}}}case Q.publicKey.hmac:{const e=new _n;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case Q.publicKey.pqc_mldsa_ed25519:{const e=2*ft(Q.publicKey.ed25519),n=M.readExactSubarray(t,r,r+e);r+=n.length;const i=M.readExactSubarray(t,r,r+3309);return r+=i.length,{read:r,signatureParams:{eccSignature:n,mldsaSignature:i}}}default:throw new it("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,n);if(i<n.length)throw Error("Error reading MPIs");this.params=s}writeParams(){return this.params instanceof Promise?U((async()=>_i(this.publicKeyAlgorithm,await this.params))):_i(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),M.concat(e)}async sign(e,t,r=new Date,n=!1,i){this.version=e.version,this.created=M.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const s=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=aa(this.hashAlgorithm);if(null===this.salt)this.salt=fe(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(i.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===ra)).length)throw Error("Unexpected existing salt notation");{const e=fe(aa(this.hashAlgorithm));this.rawNotations.push({name:ra,value:e,humanReadable:!1,critical:!1})}}s.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=M.concat(s);const a=this.toHash(this.signatureType,t,n),o=await this.hash(this.signatureType,t,a,n);this.signedHashValue=I(v(o),0,2);const c=async()=>Zi(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await B(o));M.isStream(o)?this.params=c():(this.params=await c(),this[ta]=!0)}writeHashedSubPackets(){const e=Q.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(sa(e.signatureCreationTime,!0,M.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(sa(e.signatureExpirationTime,!0,M.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(sa(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(sa(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(sa(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(sa(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(sa(e.keyExpirationTime,!0,M.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(sa(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=M.concat([r,this.revocationKeyFingerprint]),t.push(sa(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(sa(e.issuerKeyID,!1,this.issuerKeyID.write())),this.rawNotations.forEach((({name:n,value:i,humanReadable:s,critical:a})=>{r=[new Uint8Array([s?128:0,0,0,0])];const o=M.encodeUTF8(n);r.push(M.writeNumber(o.length,2)),r.push(M.writeNumber(i.length,2)),r.push(o),r.push(i),r=M.concat(r),t.push(sa(e.notationData,a,r))})),null!==this.preferredHashAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(sa(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(sa(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.keyServerPreferences)),t.push(sa(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(sa(e.preferredKeyServer,!1,M.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(sa(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(sa(e.policyURI,!1,M.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.keyFlags)),t.push(sa(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(sa(e.signersUserID,!1,M.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=M.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(sa(e.reasonForRevocation,!0,r))),null!==this.features&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.features)),t.push(sa(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(M.stringToUint8Array(this.signatureTargetHash)),r=M.concat(r),t.push(sa(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(sa(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=M.concat(r),t.push(sa(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(sa(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(sa(e.preferredCipherSuites,!1,r)));const n=M.concat(t),i=M.writeNumber(n.length,6===this.version?4:2);return M.concat([i,n])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>sa(e,t,r))),t=M.concat(e),r=M.writeNumber(t.length,6===this.version?4:2);return M.concat([r,t])}readSubPacket(e,t=!0){let r=0;const n=!!(128&e[r]),i=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:i,critical:n,body:e.subarray(r,e.length)}),na.has(i)))switch(i){case Q.signatureSubpacket.signatureCreationTime:this.created=M.readDate(e.subarray(r,e.length));break;case Q.signatureSubpacket.signatureExpirationTime:{const t=M.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case Q.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case Q.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case Q.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case Q.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case Q.signatureSubpacket.keyExpirationTime:{const t=M.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case Q.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case Q.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case Q.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const i=M.readNumber(e.subarray(r,r+2));r+=2;const s=M.readNumber(e.subarray(r,r+2));r+=2;const a=M.decodeUTF8(e.subarray(r,r+i)),o=e.subarray(r+i,r+i+s);this.rawNotations.push({name:a,humanReadable:t,value:o,critical:n}),t&&(this.notations[a]=M.decodeUTF8(o));break}case Q.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=M.decodeUTF8(e.subarray(r,e.length));break;case Q.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case Q.signatureSubpacket.policyURI:this.policyURI=M.decodeUTF8(e.subarray(r,e.length));break;case Q.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.signersUserID:this.signersUserID=M.decodeUTF8(e.subarray(r,e.length));break;case Q.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=M.decodeUTF8(e.subarray(r,e.length));break;case Q.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Qe(this.signatureTargetHashAlgorithm);this.signatureTargetHash=M.uint8ArrayToString(e.subarray(r,r+t));break}case Q.signatureSubpacket.embeddedSignature:this.embeddedSignature=new ia,this.embeddedSignature.read(e.subarray(r,e.length));break;case Q.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case Q.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:i,critical:n,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const n=6===this.version?4:2,i=M.readNumber(e.subarray(0,n));let s=n;for(;s<2+i;){const n=Xe(e.subarray(s,e.length));s+=n.offset,this.readSubPacket(e.subarray(s,s+n.len),t,r),s+=n.len}return s}toSign(e,t){const r=Q.signature;switch(e){case r.binary:return null!==t.text?M.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return M.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,n;if(t.userID)n=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");n=209,e=t.userAttribute}const i=e.write();return M.concat([this.toSign(r.key,t),new Uint8Array([n]),M.writeNumber(i.length,4),i])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return M.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return b(v(this.signatureData),(e=>{r+=e.length}),(()=>{const n=[];return 5!==this.version||this.signatureType!==Q.signature.binary&&this.signatureType!==Q.signature.text||(t?n.push(new Uint8Array(6)):n.push(e.writeHeader())),n.push(new Uint8Array([this.version,255])),5===this.version&&n.push(new Uint8Array(4)),n.push(M.writeNumber(r,4)),M.concat(n)}))}toHash(e,t,r=!1){const n=this.toSign(e,t);return M.concat([this.salt||new Uint8Array,n,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,n=!1){if(6===this.version&&this.salt.length!==aa(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,n)),xe(this.hashAlgorithm,r)}async verify(e,t,r,n=new Date,i=!1,s=R){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const a=t===Q.signature.binary||t===Q.signature.text;if(!(this[ta]&&!a)){let n,s;if(this.hashed?s=await this.hashed:(n=this.toHash(t,r,i),s=await this.hash(t,r,n)),s=await B(s),this.signedHashValue[0]!==s[0]||this.signedHashValue[1]!==s[1])throw Error("Signed digest did not match");this.params=await this.params;const a=this.publicKeyAlgorithm===Q.publicKey.hmac?e.privateParams:null;if(this[ta]=await Yi(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,a,n,s),!this[ta])throw Error("Signature verification failed")}const o=M.normalizeDate(n);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(s.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+Q.read(Q.hash,this.hashAlgorithm).toUpperCase());if(s.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[Q.signature.binary,Q.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+Q.read(Q.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&s.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=M.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function sa(e,t,r){const n=[];return n.push(We(r.length+1)),n.push(new Uint8Array([(t?128:0)|e])),n.push(r),M.concat(n)}function aa(e){switch(e){case Q.hash.sha256:return 16;case Q.hash.sha384:return 24;case Q.hash.sha512:return 32;case Q.hash.sha224:case Q.hash.sha3_256:return 16;case Q.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class oa{static get tag(){return Q.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new oa;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new ea,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new ea,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),M.concatUint8Array(e)}calculateTrailer(...e){return U((async()=>ia.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==Q.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!M.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!M.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function ca(e,t){if(!t[e]){let t;try{t=Q.read(Q.packet,e)}catch(t){throw new st("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}oa.prototype.hash=ia.prototype.hash,oa.prototype.toHash=ia.prototype.toHash,oa.prototype.toSign=ia.prototype.toSign;class ua extends Array{static async fromBinary(e,t,r=R,n=null,i=!1){const s=new ua;return await s.read(e,t,r,n,i),s}async read(e,t,r=R,n=null,i=!1){let s;r.additionalAllowedPackets.length&&(s=M.constructAllowedPackets(r.additionalAllowedPackets),t={...t,...s}),this.stream=k(e,(async(e,a)=>{const o=P(e),c=D(a);try{let a=M.isStream(e);for(;;){let e,u;if(await c.ready,await nt(o,a,(async a=>{try{if(a.tag===Q.packet.marker||a.tag===Q.packet.trust||a.tag===Q.packet.padding)return;const e=ca(a.tag,t);try{n?.recordPacket(a.tag,s)}catch(e){if(r.enforceGrammar)throw e;M.printDebugError(e)}e.packets=new ua,e.fromStream=M.isStream(a.packet),u=e.fromStream;try{await e.read(a.packet,r)}catch(t){if(!(t instanceof it))throw M.wrapError(new at(`Parsing ${e.constructor.name} failed`),t);throw t}await c.write(e)}catch(t){const n=t instanceof st&&a.tag<=39,s=t instanceof it&&!(t instanceof st)&&!r.ignoreUnsupportedPackets,o=t instanceof at&&!r.ignoreMalformedPackets,u=rt(a.tag);if(n||s||o||u||!(t instanceof st||t instanceof it||t instanceof at))i?e=t:await c.abort(t);else{const e=new ot(a.tag,a.packet);await c.write(e)}M.printDebugError(t)}})),u&&(a=null),e)throw await o.readToEnd(),e;const h=await o.peekBytes(2);if(!h||!h.length){try{n?.recordEnd()}catch(e){if(r.enforceGrammar)throw e;M.printDebugError(e)}return await c.ready,void await c.close()}}}catch(e){await c.abort(e)}}));const a=P(this.stream);for(;;){const{done:e,value:t}=await a.read();if(e?this.stream=null:this.push(t),e||rt(t.constructor.tag))break}a.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof ot?this[t].tag:this[t].constructor.tag,n=this[t].write();if(M.isStream(n)&&rt(this[t].constructor.tag)){let t=[],i=0;const s=512;e.push(et(r)),e.push(b(n,(e=>{if(t.push(e),i+=e.length,i>=s){const e=Math.min(Math.log(i)/Math.LN2|0,30),r=2**e,n=M.concat([$e(e)].concat(t));return t=[n.subarray(1+r)],i=t[0].length,n.subarray(0,1+r)}}),(()=>M.concat([We(i)].concat(t)))))}else{if(M.isStream(n)){let t=0;e.push(b(v(n),(e=>{t+=e.length}),(()=>tt(r,t))))}else e.push(tt(r,n.length));e.push(n)}}return M.concat(e)}filterByTag(...e){const t=new ua,r=e=>t=>e===t;for(let n=0;n<this.length;n++)e.some(r(this[n].constructor.tag))&&t.push(this[n]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,n=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(n(r[i].constructor.tag))&&t.push(i);return t}}class ha extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,ha),this.name="GrammarError"}}var la;!function(e){e[e.EmptyMessage=0]="EmptyMessage",e[e.PlaintextOrEncryptedData=1]="PlaintextOrEncryptedData",e[e.EncryptedSessionKeys=2]="EncryptedSessionKeys",e[e.StandaloneAdditionalAllowedData=3]="StandaloneAdditionalAllowedData"}(la||(la={}));class fa{constructor(){this.state=la.EmptyMessage,this.leadingOnePassSignatureCounter=0}recordPacket(e,t){switch(this.state){case la.EmptyMessage:case la.StandaloneAdditionalAllowedData:switch(e){case Q.packet.literalData:case Q.packet.compressedData:case Q.packet.aeadEncryptedData:case Q.packet.symEncryptedIntegrityProtectedData:case Q.packet.symmetricallyEncryptedData:return void(this.state=la.PlaintextOrEncryptedData);case Q.packet.signature:if(this.state===la.StandaloneAdditionalAllowedData&&--this.leadingOnePassSignatureCounter<0)throw new ha("Trailing signature packet without OPS");return;case Q.packet.onePassSignature:if(this.state===la.StandaloneAdditionalAllowedData)throw new ha("OPS following StandaloneAdditionalAllowedData");return void this.leadingOnePassSignatureCounter++;case Q.packet.publicKeyEncryptedSessionKey:case Q.packet.symEncryptedSessionKey:return void(this.state=la.EncryptedSessionKeys);default:if(!t?.[e])throw new ha(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=la.StandaloneAdditionalAllowedData)}case la.PlaintextOrEncryptedData:if(e===Q.packet.signature){if(--this.leadingOnePassSignatureCounter<0)throw new ha("Trailing signature packet without OPS");return void(this.state=la.PlaintextOrEncryptedData)}if(!t?.[e])throw new ha(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=la.PlaintextOrEncryptedData);case la.EncryptedSessionKeys:switch(e){case Q.packet.publicKeyEncryptedSessionKey:case Q.packet.symEncryptedSessionKey:return void(this.state=la.EncryptedSessionKeys);case Q.packet.symEncryptedIntegrityProtectedData:case Q.packet.aeadEncryptedData:case Q.packet.symmetricallyEncryptedData:return void(this.state=la.PlaintextOrEncryptedData);case Q.packet.signature:if(--this.leadingOnePassSignatureCounter<0)throw new ha("Trailing signature packet without OPS");return void(this.state=la.PlaintextOrEncryptedData);default:if(!t?.[e])throw new ha(`Unexpected packet ${e} in state ${this.state}`);this.state=la.EncryptedSessionKeys}}}recordEnd(){switch(this.state){case la.EmptyMessage:case la.PlaintextOrEncryptedData:case la.EncryptedSessionKeys:case la.StandaloneAdditionalAllowedData:if(this.leadingOnePassSignatureCounter>0)throw new ha("Missing trailing signature packets")}}}const ya=/*#__PURE__*/M.constructAllowedPackets([$s,oa,ia]);class pa{static get tag(){return Q.packet.compressedData}constructor(e=R){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=R){await E(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),M.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=R){const t=Q.read(Q.compression,this.algorithm),r=ma[t];if(!r)throw Error(t+" decompression not supported");this.packets=await ua.fromBinary(await r(this.compressed),ya,e,new fa)}compress(){const e=Q.read(Q.compression,this.algorithm),t=wa[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function da(e,t){return r=>{if(!M.isStream(r)||a(r))return U((()=>B(r).then((e=>new Promise(((r,n)=>{const i=new t;i.ondata=e=>{r(e)};try{i.push(e,!0)}catch(e){n(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const n=r.getReader(),i=new t;return new ReadableStream({async start(e){for(i.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await n.read();if(e)return void i.push(new Uint8Array,!0);t.length&&i.push(t)}}})}}function ga(){return async function(e){const{decode:t}=await Promise.resolve().then((function(){return jd}));return U((async()=>t(await B(e))))}}const Aa=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),wa={zip:/*#__PURE__*/da(Aa("deflate-raw").compressor,Ys),zlib:/*#__PURE__*/da(Aa("deflate").compressor,Js)},ma={uncompressed:e=>e,zip:/*#__PURE__*/da(Aa("deflate-raw").decompressor,Zs),zlib:/*#__PURE__*/da(Aa("deflate").decompressor,Xs),bzip2:/*#__PURE__*/ga()},ba=/*#__PURE__*/M.constructAllowedPackets([$s,pa,oa,ia]);class ka{static get tag(){return Q.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new ka;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await E(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new it(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?M.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):M.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=R){const{blockSize:n,keySize:i}=Kr(e);if(t.length!==i)throw Error("Unexpected session key size");let s=this.packets.write();if(a(s)&&(s=await B(s)),2===this.version)this.cipherAlgorithm=e,this.salt=fe(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await Ea(this,"encrypt",t,s);else{const r=await Wn(e),i=new Uint8Array([211,20]),a=M.concat([r,s,i]),o=await xe(Q.hash.sha1,K(a)),c=M.concat([a,o]);this.encrypted=await $n(e,t,c,new Uint8Array(n))}return!0}async decrypt(e,t,r=R){if(t.length!==Kr(e).keySize)throw Error("Unexpected session key size");let n,i=v(this.encrypted);a(i)&&(i=await B(i));let s=!1;if(2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");n=await Ea(this,"decrypt",t,i)}else{const{blockSize:a}=Kr(e),o=await ei(e,t,i,new Uint8Array(a)),c=I(K(o),-20),u=I(o,0,-20),h=Promise.all([B(await xe(Q.hash.sha1,K(u))),B(c)]).then((([e,t])=>{if(!M.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),l=I(u,a+2);n=I(l,0,-2),n=g([n,U((()=>h))]),M.isStream(i)&&r.allowUnauthenticatedStream?s=!0:n=await B(n)}return this.packets=await ua.fromBinary(n,ba,r,new fa,s),!0}}async function Ea(e,t,r,n){const i=e instanceof ka&&2===e.version,s=!i&&e.constructor.tag===Q.packet.aeadEncryptedData;if(!i&&!s)throw Error("Unexpected packet type");const a=Li(e.aeadAlgorithm,s),o="decrypt"===t?a.tagLength:0,c="encrypt"===t?a.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=s?8:0,l=new ArrayBuffer(13+h),f=new Uint8Array(l,0,5+h),y=new Uint8Array(l),p=new DataView(l),d=new Uint8Array(l,5,8);f.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let g,w,m=0,b=Promise.resolve(),E=0,v=0;if(i){const{keySize:t}=Kr(e.cipherAlgorithm),{ivLength:n}=a,i=new Uint8Array(l,0,5),s=await Cr(Q.hash.sha256,r,e.salt,i,t+n);r=s.subarray(0,t),g=s.subarray(t),g.fill(0,g.length-8),w=new DataView(g.buffer,g.byteOffset,g.byteLength)}else g=e.iv;const K=await a(e.cipherAlgorithm,r);return k(n,(async(r,n)=>{if("array"!==M.isStream(r)){const t=new TransformStream({},{highWaterMark:M.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});A(t.readable,n),n=t.writable}const s=P(r),a=D(n);try{for(;;){let e=await s.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let n,l,A;if(e=e.subarray(0,e.length-o),i)A=g;else{A=g.slice();for(let e=0;e<8;e++)A[g.length-8+e]^=d[e]}if(!m||e.length?(s.unshift(r),n=K[t](e,A,f),n.catch((()=>{})),v+=e.length-o+c):(p.setInt32(5+h+4,E),n=K[t](r,A,y),n.catch((()=>{})),v+=c,l=!0),E+=e.length-o,b=b.then((()=>n)).then((async e=>{await a.ready,await a.write(e),v-=e.length})).catch((e=>a.abort(e))),(l||v>a.desiredSize)&&await b,l){await a.close();break}i?w.setInt32(g.length-4,++m):p.setInt32(9,++m)}}catch(e){await a.ready.catch((()=>{})),await a.abort(e)}}))}const va=/*#__PURE__*/M.constructAllowedPackets([$s,pa,oa,ia]);class Ka{static get tag(){return Q.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=Q.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await E(e,(async e=>{const t=await e.readByte();if(1!==t)throw new it(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=Li(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return M.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=R){this.packets=await ua.fromBinary(await Ea(this,"decrypt",t,v(this.encrypted)),va,r,new fa)}async encrypt(e,t,r=R){this.cipherAlgorithm=e;const{ivLength:n}=Li(this.aeadAlgorithm,!0);this.iv=fe(n),this.chunkSizeByte=r.aeadChunkSizeByte;const i=this.packets.write();this.encrypted=await Ea(this,"encrypt",t,i)}}const Sa=new Set([Q.publicKey.x25519,Q.publicKey.x448,Q.publicKey.pqc_mlkem_x25519]);class Ia{static get tag(){return Q.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new ea,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:n,sessionKeyAlgorithm:i}){const s=new Ia;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return s.version=e,6===e&&(s.publicKeyVersion=r?null:t.version,s.publicKeyFingerprint=r?null:t.getFingerprintBytes()),s.publicKeyID=r?ea.wildcard():t.getKeyID(),s.publicKeyAlgorithm=t.algorithm,s.sessionKey=n,s.sessionKeyAlgorithm=i,s}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const n=r-1;this.publicKeyFingerprint=e.subarray(t,t+n),t+=n,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=ea.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:return{c:M.readMPI(t.subarray(r))};case Q.publicKey.elgamal:{const e=M.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:M.readMPI(t.subarray(r))}}case Q.publicKey.ecdh:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=new Nn;return n.read(t.subarray(r)),{V:e,C:n}}case Q.publicKey.x25519:case Q.publicKey.x448:{const n=Vi(e),i=M.readExactSubarray(t,r,r+n);r+=i.length;const s=new Vn;return s.read(t.subarray(r)),{ephemeralPublicKey:i,C:s}}case Q.publicKey.aead:{const e=new Gn;r+=e.read(t.subarray(r));const{ivLength:n}=Li(e.getValue()),i=t.subarray(r,r+n);r+=n;const s=new _n;return r+=s.read(t.subarray(r)),{aeadMode:e,iv:i,c:s}}case Q.publicKey.pqc_mlkem_x25519:{const e=M.readExactSubarray(t,r,r+Vi(Q.publicKey.x25519));r+=e.length;const n=M.readExactSubarray(t,r,r+1088);r+=n.length;const i=new Vn;return i.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:n,C:i}}default:throw new it("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),Sa.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=Q.write(Q.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),_i(this.publicKeyAlgorithm,this.encrypted)),M.concatUint8Array(e)}async encrypt(e){const t=Q.write(Q.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=Ba(this.version,t,r,this.sessionKey),s=t===Q.publicKey.aead?e.privateParams:null;this.encrypted=await Fi(t,r,e.publicParams,s,i,n)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ba(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=await Oi(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,n,r),{sessionKey:s,sessionKeyAlgorithm:a}=function(e,t,r,n){switch(t){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.elgamal:case Q.publicKey.ecdh:case Q.publicKey.aead:{const t=r.subarray(0,r.length-2),i=r.subarray(r.length-2),s=M.writeChecksum(t.subarray(t.length%8)),a=s[0]===i[0]&s[1]===i[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(n){const t=a&o.sessionKeyAlgorithm===n.sessionKeyAlgorithm&o.sessionKey.length===n.sessionKey.length;return{sessionKey:M.selectUint8Array(t,o.sessionKey,n.sessionKey),sessionKeyAlgorithm:6===e?null:M.selectUint8(t,o.sessionKeyAlgorithm,n.sessionKeyAlgorithm)}}if(a&&(6===e||Q.read(Q.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case Q.publicKey.x25519:case Q.publicKey.x448:case Q.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);if(3===this.version){const e=!Sa.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?a:this.sessionKeyAlgorithm,s.length!==Kr(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=s}}function Ba(e,t,r,n){switch(t){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.elgamal:case Q.publicKey.ecdh:case Q.publicKey.aead:return M.concatUint8Array([new Uint8Array(6===e?[]:[r]),n,M.writeChecksum(n.subarray(n.length%8))]);case Q.publicKey.x25519:case Q.publicKey.x448:case Q.publicKey.pqc_mlkem_x25519:return n;default:throw Error("Unsupported public key algorithm")}}class Ca{static get tag(){return Q.packet.symEncryptedSessionKey}constructor(e=R){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=Q.write(Q.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const n=e[t++];if(this.s2k=ns(n),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=Li(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const n=r.length,i=3+n+this.iv.length;t=M.concatUint8Array([new Uint8Array([this.version,i,e,this.aeadAlgorithm,n]),r,this.iv,this.encrypted])}else 5===this.version?t=M.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=M.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=M.concatUint8Array([t,this.encrypted])));return t}async decrypt(e){const t=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:r,keySize:n}=Kr(t),i=await this.s2k.produceKey(e,n);if(this.version>=5){const e=Li(this.aeadAlgorithm,!0),r=new Uint8Array([192|Ca.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),s=6===this.version?await Cr(Q.hash.sha256,i,new Uint8Array,r,n):i,a=await e(t,s);this.sessionKey=await a.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await ei(t,i,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=Q.write(Q.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==Kr(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=i}async encrypt(e,t=R){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=is(t),this.s2k.generateSalt();const{blockSize:n,keySize:i}=Kr(r),s=await this.s2k.produceKey(e,i);if(null===this.sessionKey&&(this.sessionKey=qi(this.sessionKeyAlgorithm)),this.version>=5){const e=Li(this.aeadAlgorithm);this.iv=fe(e.ivLength);const t=new Uint8Array([192|Ca.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await Cr(Q.hash.sha256,s,new Uint8Array,t,i):s,a=await e(r,n);this.encrypted=await a.encrypt(this.sessionKey,this.iv,t)}else{const e=M.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await $n(r,s,e,new Uint8Array(n))}}}class Ua{static get tag(){return Q.packet.publicKey}constructor(e=new Date,t=R){this.version=t.v6Keys?6:4,this.created=M.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Ua,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}async read(e,t=R){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=M.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:n}=function(e,t){let r=0;switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{n:e,e:n}}}case Q.publicKey.dsa:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));r+=n.length+2;const i=M.readMPI(t.subarray(r));r+=i.length+2;const s=M.readMPI(t.subarray(r));return r+=s.length+2,{read:r,publicParams:{p:e,q:n,g:i,y:s}}}case Q.publicKey.elgamal:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));r+=n.length+2;const i=M.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{p:e,g:n,y:i}}}case Q.publicKey.ecdsa:{const e=new Je;r+=e.read(t),ji(e);const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{oid:e,Q:n}}}case Q.publicKey.eddsaLegacy:{const e=new Je;if(r+=e.read(t),ji(e),e.getName()!==Q.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=M.readMPI(t.subarray(r));return r+=n.length+2,n=M.leftPad(n,33),{read:r,publicParams:{oid:e,Q:n}}}case Q.publicKey.ecdh:{const e=new Je;r+=e.read(t),ji(e);const n=M.readMPI(t.subarray(r));r+=n.length+2;const i=new Hn;return r+=i.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:n,kdfParams:i}}}case Q.publicKey.ed25519:case Q.publicKey.ed448:case Q.publicKey.x25519:case Q.publicKey.x448:{const n=M.readExactSubarray(t,r,r+Vi(e));return r+=n.length,{read:r,publicParams:{A:n}}}case Q.publicKey.hmac:case Q.publicKey.aead:{const e=new qn;r+=e.read(t);const n=Qe(Q.hash.sha256),i=t.subarray(r,r+n);return r+=n,{read:r,publicParams:{cipher:e,digest:i}}}case Q.publicKey.pqc_mlkem_x25519:{const e=M.readExactSubarray(t,r,r+Vi(Q.publicKey.x25519));r+=e.length;const n=M.readExactSubarray(t,r,r+1184);return r+=n.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:n}}}case Q.publicKey.pqc_mldsa_ed25519:{const e=M.readExactSubarray(t,r,r+Vi(Q.publicKey.ed25519));r+=e.length;const n=M.readExactSubarray(t,r,r+1952);return r+=n.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:n}}}default:throw new it("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&n.oid&&(n.oid.getName()===Q.curve.curve25519Legacy||n.oid.getName()===Q.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&this.algorithm===Q.publicKey.pqc_mldsa_ed25519)throw Error("Unexpected key version: ML-DSA algorithms can only be used with v6 keys");return this.publicParams=n,r+=t,await this.computeFingerprintAndKeyID(),r}throw new it(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(M.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=_i(this.algorithm,this.publicParams);return this.version>=5&&e.push(M.writeNumber(t.length,4)),e.push(t),M.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,n=e>=5?4:2;return M.concatUint8Array([new Uint8Array([r]),M.writeNumber(t.length,n),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new ea,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await xe(Q.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await xe(Q.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return M.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&M.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=Q.read(Q.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=M.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}Ua.prototype.readPublicKey=Ua.prototype.read,Ua.prototype.writePublicKey=Ua.prototype.write;const Pa=/*#__PURE__*/M.constructAllowedPackets([$s,pa,oa,ia]);class Da{static get tag(){return Q.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=R){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:n}=Kr(e),i=await B(v(this.encrypted)),s=await ei(e,t,i.subarray(n+2),i.subarray(2,n+2));this.packets=await ua.fromBinary(s,Pa,r)}async encrypt(e,t,r=R){const n=this.packets.write(),{blockSize:i}=Kr(e),s=await Wn(e),a=await $n(e,t,s,new Uint8Array(i)),o=await $n(e,t,n,a.subarray(2));this.encrypted=M.concat([a,o])}}class xa{static get tag(){return Q.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Qa extends Ua{static get tag(){return Q.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Qa,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}}class Ra{static get tag(){return Q.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=Xe(e.subarray(t,e.length));t+=r.offset,this.attributes.push(M.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(We(this.attributes[t].length)),e.push(M.stringToUint8Array(this.attributes[t]));return M.concatUint8Array(e)}equals(e){return!!(e&&e instanceof Ra)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class Ta extends Ua{static get tag(){return Q.packet.secretKey}constructor(e=new Date,t=R){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=R){let r=await this.readPublicKey(e,t);const n=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=ns(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+Kr(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+Li(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(n),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!M.equalsUint8Array(M.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await Ni(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof it)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return M.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=_i(this.algorithm,this.privateParams)),5===this.version&&t.push(M.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(M.writeChecksum(this.keyMaterial))),M.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=R){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=ns(Q.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=Q.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=R){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=is(t),this.s2k.generateSalt();const r=_i(this.algorithm,this.privateParams);this.symmetric=Q.symmetric.aes256;const{blockSize:n}=Kr(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const i=Li(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const s=et(this.constructor.tag),a=await Ma(this.version,this.s2k,e,this.symmetric,this.aead,s,this.isLegacyAEAD),o=await i(this.symmetric,a);this.iv=this.isLegacyAEAD?fe(n):fe(i.ivLength);const c=this.isLegacyAEAD?new Uint8Array:M.concatUint8Array([s,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,i.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const t=await Ma(this.version,this.s2k,e,this.symmetric);this.iv=fe(n),this.keyMaterial=await $n(this.symmetric,t,M.concatUint8Array([r,await xe(Q.hash.sha1,r)]),this.iv)}}async decrypt(e){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let t;const r=et(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let n;if(t=await Ma(this.version,this.s2k,e,this.symmetric,this.aead,r,this.isLegacyAEAD),253===this.s2kUsage){const e=Li(this.aead,!0),i=await e(this.symmetric,t);try{const t=this.isLegacyAEAD?new Uint8Array:M.concatUint8Array([r,this.writePublicKey()]);n=await i.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),t)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await ei(this.symmetric,t,this.keyMaterial,this.iv);n=e.subarray(0,-20);const r=await xe(Q.hash.sha1,n);if(!M.equalsUint8Array(r,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await Ni(this.algorithm,n,this.publicParams);this.privateParams=e}catch(e){throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await Gi(this.algorithm,this.publicParams,this.privateParams)}catch(t){e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===Q.publicKey.ecdh&&t===Q.curve.curve25519Legacy||this.algorithm===Q.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&this.algorithm===Q.publicKey.pqc_mldsa_ed25519)throw Error(`Cannot generate v${this.version} signing keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:n,publicParams:i}=await Hi(this.algorithm,e,t,r);this.privateParams=n,this.publicParams=i,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ma(e,t,r,n,i,s,a){if("argon2"===t.type&&!i)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=Kr(n),c=await t.produceKey(r,o);if(!i||5===e||a)return c;const u=M.concatUint8Array([s,new Uint8Array([e,n,i])]);return Cr(Q.hash.sha256,c,new Uint8Array,u,o)}class La{static get tag(){return Q.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(M.isString(e)||e.name&&!M.isString(e.name)||e.email&&!M.isEmailAddress(e.email)||e.comment&&!M.isString(e.comment))throw Error("Invalid user ID format");const t=new La;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=R){const r=M.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const n=e=>/^[^\s@]+@[^\s@]+$/.test(e),i=r.indexOf("<"),s=r.lastIndexOf(">");if(-1!==i&&-1!==s&&s>i){const e=r.substring(i+1,s);if(n(e)){this.email=e;const t=r.substring(0,i).trim(),n=t.indexOf("("),s=t.lastIndexOf(")");-1!==n&&-1!==s&&s>n?(this.comment=t.substring(n+1,s).trim(),this.name=t.substring(0,n).trim()):(this.name=t,this.comment="")}}else n(r.trim())&&(this.email=r.trim(),this.name="",this.comment="");this.userID=r}write(){return M.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Fa extends Ta{static get tag(){return Q.packet.secretSubkey}constructor(e=new Date,t=R){super(e,t)}}class Oa{static get tag(){return Q.packet.trust}read(){throw new it("Trust packets are not supported")}write(){throw new it("Trust packets are not supported")}}class Na{static get tag(){return Q.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await fe(e)}}const _a=/*#__PURE__*/M.constructAllowedPackets([ia]);class Ha{constructor(e){this.packets=e||new ua}write(){return this.packets.write()}armor(e=R){const t=this.packets.some((e=>e.constructor.tag===ia.tag&&6!==e.version));return W(Q.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function za({armoredSignature:e,binarySignature:t,config:r,...n}){r={...R,...r};let i=e||t;if(!i)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!M.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!M.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:e,data:t}=await X(i);if(e!==Q.armor.signature)throw Error("Armored text not of type signature");i=t}const a=await ua.fromBinary(i,_a,r);return new Ha(a)}async function Ga(e,t){const r=new Fa(e.date,t);return r.packets=null,r.algorithm=Q.write(Q.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function qa(e,t){const r=new Ta(e.date,t);return r.packets=null,r.algorithm=Q.write(Q.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function ja(e,t,r,n,i=new Date,s){let a,o;for(let c=e.length-1;c>=0;c--)try{(!a||e[c].created>=a.created)&&(await e[c].verify(t,r,n,i,void 0,s),a=e[c])}catch(e){o=e}if(!a)throw M.wrapError(`Could not find valid ${Q.read(Q.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return a}function Va(e,t,r=new Date){const n=M.normalizeDate(r);if(null!==n){const r=$a(e,t);return!(e.created<=n&&n<r)}return!1}async function Ya(e,t,r,n){const i={};i.key=t,i.bind=e;const s={signatureType:Q.signature.subkeyBinding};r.sign?(s.keyFlags=[Q.keyFlags.signData],s.embeddedSignature=await Ja(i,[],e,{signatureType:Q.signature.keyBinding},r.date,void 0,void 0,void 0,n)):s.keyFlags=r.forwarding?[Q.keyFlags.forwardedCommunication]:[Q.keyFlags.encryptCommunication|Q.keyFlags.encryptStorage],r.keyExpirationTime>0&&(s.keyExpirationTime=r.keyExpirationTime,s.keyNeverExpires=!1);return await Ja(i,[],t,s,r.date,void 0,void 0,void 0,n)}async function Za(e,t,r=new Date,n=[],i){const s=Q.hash.sha256,a=i.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,n[t],i)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=Q.write(Q.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===s,h=()=>{if(0===c.size)return s;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Qe(e)-Qe(t)))[0];return Qe(e)>=Qe(s)?e:s},l=new Set([Q.publicKey.ecdsa,Q.publicKey.eddsaLegacy,Q.publicKey.ed25519,Q.publicKey.ed448]),f=new Set([Q.publicKey.pqc_mldsa_ed25519]);if(l.has(t.algorithm)){const e=function(e,t){switch(e){case Q.publicKey.ecdsa:case Q.publicKey.eddsaLegacy:return Yr(t);case Q.publicKey.ed25519:case Q.publicKey.ed448:return yt(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(a),n=Qe(a)>=Qe(e);if(r&&n)return a;{const t=h();return Qe(t)>=Qe(e)?t:e}}if(f.has(t.algorithm)){if(u(a)&&Fn(t.algorithm,a))return a;{const e=h();return Fn(t.algorithm,e)?e:s}}return u(a)?a:h()}async function Ja(e,t,r,n,i,s,a=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new ia;return Object.assign(u,n),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Za(t,r,i,s,c),u.rawNotations=[...a],await u.sign(r,e,i,o,c),u}async function Xa(e,t,r,n=new Date,i){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(n)||i&&!await i(e)||t[r].some((function(t){return M.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Wa(e,t,r,n,i,s,a=new Date,o){s=s||e;const c=[];return await Promise.all(n.map((async function(e){try{if(!i||e.issuerKeyID.equals(i.issuerKeyID)){const n=![Q.reasonForRevocation.keyRetired,Q.reasonForRevocation.keySuperseded,Q.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(s,t,r,n?null:a,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),i?(i.revoked=!!c.some((e=>e.equals(i.issuerKeyID)))||(i.revoked||!1),i.revoked):c.length>0}function $a(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function eo(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=M.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=Q.publicKey.pqc_mldsa_ed25519:e.algorithm=Q.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=Q.write(Q.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==Q.curve.ed25519Legacy&&e.curve!==Q.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?Q.curve.ed25519Legacy:Q.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===Q.curve.ed25519Legacy?Q.publicKey.eddsaLegacy:Q.publicKey.ecdsa:e.algorithm=Q.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?Q.publicKey.ed25519:Q.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?Q.publicKey.ed448:Q.publicKey.x448;break;case"rsa":e.algorithm=Q.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=Q.publicKey.hmac;try{e.symmetric=Q.write(Q.hash,e.symmetricHash)}catch(e){throw Error("Unknown hash algorithm")}}else{e.algorithm=Q.publicKey.aead;try{e.symmetric=Q.write(Q.symmetric,e.symmetricCipher)}catch(e){throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function to(e,t,r){switch(e.algorithm){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:case Q.publicKey.dsa:case Q.publicKey.ecdsa:case Q.publicKey.eddsaLegacy:case Q.publicKey.ed25519:case Q.publicKey.ed448:case Q.publicKey.hmac:case Q.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&Q.keyFlags.signData);default:return!1}}function ro(e,t,r){switch(e.algorithm){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.elgamal:case Q.publicKey.ecdh:case Q.publicKey.x25519:case Q.publicKey.x448:case Q.publicKey.aead:case Q.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&Q.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&Q.keyFlags.encryptStorage);default:return!1}}function no(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.elgamal:case Q.publicKey.ecdh:case Q.publicKey.x25519:case Q.publicKey.x448:case Q.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&Q.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&Q.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&Q.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&Q.keyFlags.forwardedCommunication));default:return!1}}function io(e,t){const r=Q.write(Q.publicKey,e.algorithm),n=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(n.algorithm+" keys are considered too weak.");switch(r){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:case Q.publicKey.rsaEncrypt:if(n.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case Q.publicKey.ecdsa:case Q.publicKey.eddsaLegacy:case Q.publicKey.ecdh:if(t.rejectCurves.has(n.curve))throw Error(`Support for ${n.algorithm} keys using curve ${n.curve} is disabled.`)}}class so{constructor(e,t){this.userID=e.constructor.tag===Q.packet.userID?e:null,this.userAttribute=e.constructor.tag===Q.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new ua;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new so(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n},s=new so(i.userID||i.userAttribute,this.mainKey);return s.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(n))throw Error("The user's own key can only be used for self-certifications");const s=await e.getSigningKey(void 0,t,void 0,r);return Ja(i,[e],s.keyPacket,{signatureType:Q.signature.certGeneric,keyFlags:[Q.keyFlags.certifyKeys|Q.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await s.update(this,t,r),s}async isRevoked(e,t,r=new Date,n=R){const i=this.mainKey.keyPacket;return Wa(i,Q.signature.certRevocation,{key:i,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,n)}async verifyCertificate(e,t,r=new Date,n){const i=this,s=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:s},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const s=await t.getSigningKey(o,e.created,void 0,n);if(e.revoked||await i.isRevoked(e,s.keyPacket,r,n))throw Error("User certificate is revoked");try{await e.verify(s.keyPacket,Q.signature.certGeneric,a,r,void 0,n)}catch(e){throw M.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const n=this,i=this.selfCertifications.concat(this.otherCertifications);return Promise.all(i.map((async i=>({keyID:i.issuerKeyID,valid:await n.verifyCertificate(i,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};let s;for(let a=this.selfCertifications.length-1;a>=0;a--)try{const s=this.selfCertifications[a];if(s.revoked||await r.isRevoked(s,void 0,e,t))throw Error("Self-certification is revoked");try{await s.verify(n,Q.signature.certGeneric,i,e,void 0,t)}catch(e){throw M.wrapError("Self-certification is invalid",e)}return!0}catch(e){s=e}throw s}async update(e,t,r){const n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};await Xa(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(n,Q.signature.certGeneric,i,t,!1,r),!0}catch(e){return!1}})),await Xa(e,this,"otherCertifications",t),await Xa(e,this,"revocationSignatures",t,(function(e){return Wa(n,Q.signature.certRevocation,i,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=Q.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=R){const s={userID:this.userID,userAttribute:this.userAttribute,key:e},a=new so(s.userID||s.userAttribute,this.mainKey);return a.revocationSignatures.push(await Ja(s,[],e,{signatureType:Q.signature.certRevocation,reasonForRevocationFlag:Q.write(Q.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}}class ao{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new ua;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new ao(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,n=R){const i=this.mainKey.keyPacket;return Wa(i,Q.signature.subkeyRevocation,{key:i,bind:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verify(e=new Date,t=R){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket},i=await ja(this.bindingSignatures,r,Q.signature.subkeyBinding,n,e,t);if(i.revoked||await this.isRevoked(i,null,e,t))throw Error("Subkey is revoked");if(Va(this.keyPacket,i,e))throw Error("Subkey is expired");return i}async getExpirationTime(e=new Date,t=R){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket};let i;try{i=await ja(this.bindingSignatures,r,Q.signature.subkeyBinding,n,e,t)}catch(e){return null}const s=$a(this.keyPacket,i),a=i.getExpirationTime();return s<a?s:a}async update(e,t=new Date,r=R){const n=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===Q.packet.publicSubkey&&e.keyPacket.constructor.tag===Q.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const i=this,s={key:n,bind:i.keyPacket};await Xa(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<i.bindingSignatures.length;t++)if(i.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>i.bindingSignatures[t].created&&(i.bindingSignatures[t]=e),!1;try{return await e.verify(n,Q.signature.subkeyBinding,s,t,void 0,r),!0}catch(e){return!1}})),await Xa(e,this,"revocationSignatures",t,(function(e){return Wa(n,Q.signature.subkeyRevocation,s,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=Q.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=R){const s={key:e,bind:this.keyPacket},a=new ao(this.keyPacket,this.mainKey);return a.revocationSignatures.push(await Ja(s,[],e,{signatureType:Q.signature.subkeyRevocation,reasonForRevocationFlag:Q.write(Q.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{ao.prototype[e]=function(){return this.keyPacket[e]()}}));const oo=/*#__PURE__*/M.constructAllowedPackets([ia]),co=new Set([Q.packet.publicKey,Q.packet.privateKey]),uo=new Set([Q.packet.publicKey,Q.packet.privateKey,Q.packet.publicSubkey,Q.packet.privateSubkey]);class ho{packetListToStructure(e,t=new Set){let r,n,i,s;for(const a of e){if(a instanceof ot){uo.has(a.tag)&&!s&&(s=co.has(a.tag)?co:uo);continue}const e=a.constructor.tag;if(s){if(!s.has(e))continue;s=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case Q.packet.publicKey:case Q.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=a,n=this.getKeyID(),!n)throw Error("Missing Key ID");break;case Q.packet.userID:case Q.packet.userAttribute:r=new so(a,this),this.users.push(r);break;case Q.packet.publicSubkey:case Q.packet.secretSubkey:r=null,i=new ao(a,this),this.subkeys.push(i);break;case Q.packet.signature:switch(a.signatureType){case Q.signature.certGeneric:case Q.signature.certPersona:case Q.signature.certCasual:case Q.signature.certPositive:if(!r){M.printDebug("Dropping certification signatures without preceding user packet");continue}a.issuerKeyID.equals(n)?r.selfCertifications.push(a):r.otherCertifications.push(a);break;case Q.signature.certRevocation:r?r.revocationSignatures.push(a):this.directSignatures.push(a);break;case Q.signature.key:this.directSignatures.push(a);break;case Q.signature.subkeyBinding:if(!i){M.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}i.bindingSignatures.push(a);break;case Q.signature.keyRevocation:this.revocationSignatures.push(a);break;case Q.signature.subkeyRevocation:if(!i){M.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}i.revocationSignatures.push(a)}}}}toPacketList(){const e=new ua;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},n=R){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{io(i,n)}catch(e){throw M.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await ja(r.bindingSignatures,i,Q.signature.subkeyBinding,e,t,n);if(!to(r.keyPacket,s,n))continue;if(!s.embeddedSignature)throw Error("Missing embedded signature");return await ja([s.embeddedSignature],r.keyPacket,Q.signature.keyBinding,e,t,n),io(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&to(i,s,n))return io(i,n),this}catch(e){a=e}throw M.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),a)}async getEncryptionKey(e,t=new Date,r={},n=R){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{io(i,n)}catch(e){throw M.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await ja(r.bindingSignatures,i,Q.signature.subkeyBinding,e,t,n);if(ro(r.keyPacket,s,n))return io(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&ro(i,s,n))return io(i,n),this}catch(e){a=e}throw M.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),a)}async isRevoked(e,t,r=new Date,n=R){return Wa(this.keyPacket,Q.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verifyPrimaryKey(e=new Date,t={},r=R){const n=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Va(n,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==n.version){const t=await ja(this.directSignatures,n,Q.signature.key,{key:n},e,r).catch((()=>{}));if(t&&Va(n,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=R){let r;try{const n=await this.getPrimarySelfSignature(null,e,t),i=$a(this.keyPacket,n),s=n.getExpirationTime(),a=6!==this.keyPacket.version&&await ja(this.directSignatures,this.keyPacket,Q.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(a){const e=$a(this.keyPacket,a);r=Math.min(i,s,e)}else r=i<s?i:s}catch(e){r=null}return M.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=R){const n=this.keyPacket;if(6===n.version)return ja(this.directSignatures,n,Q.signature.key,{key:n},e,r);const{selfCertification:i}=await this.getPrimaryUser(e,t,r);return i}async getPrimaryUser(e=new Date,t={},r=R){const n=this.keyPacket,i=[];let s;for(let a=0;a<this.users.length;a++)try{const s=this.users[a];if(!s.userID)continue;if(void 0!==t.name&&s.userID.name!==t.name||void 0!==t.email&&s.userID.email!==t.email||void 0!==t.comment&&s.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:s.userID,key:n},c=await ja(s.selfCertifications,n,Q.signature.certGeneric,o,e,r);i.push({index:a,user:s,selfCertification:c})}catch(e){s=e}if(!i.length)throw s||Error("Could not find primary user");await Promise.all(i.map((async function(t){return t.selfCertification.revoked||t.user.isRevoked(t.selfCertification,null,e,r)})));const a=i.sort((function(e,t){const r=e.selfCertification,n=t.selfCertification;return n.revoked-r.revoked||r.isPrimaryUserID-n.isPrimaryUserID||r.created-n.created})).pop(),{user:o,selfCertification:c}=a;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return a}async update(e,t=new Date,r=R){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const n=this.clone();return await Xa(e,n,"revocationSignatures",t,(i=>Wa(n.keyPacket,Q.signature.keyRevocation,n,[i],null,e.keyPacket,t,r))),await Xa(e,n,"directSignatures",t),await Promise.all(e.users.map((async e=>{const i=n.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const i=n.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.subkeys.push(t)}}))),n}async getRevocationCertificate(e=new Date,t=R){const r={key:this.keyPacket},n=await ja(this.revocationSignatures,this.keyPacket,Q.signature.keyRevocation,r,e,t),i=new ua;i.push(n);const s=6!==this.keyPacket.version;return W(Q.armor.publicKey,i.write(),null,null,"This is a revocation certificate",s,t)}async applyRevocationCertificate(e,t=new Date,r=R){const n=await X(e),i=(await ua.fromBinary(n.data,oo,r)).findPacket(Q.packet.signature);if(!i||i.signatureType!==Q.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!i.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await i.verify(this.keyPacket,Q.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw M.wrapError("Could not verify revocation signature",e)}const s=this.clone();return s.revocationSignatures.push(i),s}async signPrimaryUser(e,t,r,n=R){const{index:i,user:s}=await this.getPrimaryUser(t,r,n),a=await s.certify(e,t,n),o=this.clone();return o.users[i]=a,o}async signAllUsers(e,t=new Date,r=R){const n=this.clone();return n.users=await Promise.all(this.users.map((function(n){return n.certify(e,t,r)}))),n}async verifyPrimaryUser(e,t=new Date,r,n=R){const i=this.keyPacket,{user:s}=await this.getPrimaryUser(t,r,n);return e?await s.verifyAllCertifications(e,t,n):[{keyID:i.getKeyID(),valid:await s.verify(t,n).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=R){const n=this.keyPacket,i=[];return await Promise.all(this.users.map((async s=>{const a=e?await s.verifyAllCertifications(e,t,r):[{keyID:n.getKeyID(),valid:await s.verify(t,r).catch((()=>!1))}];i.push(...a.map((e=>({userID:s.userID?s.userID.userID:null,userAttribute:s.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),i}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{ho.prototype[e]=ao.prototype[e]}));class lo extends ho{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([Q.packet.secretKey,Q.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=R){const t=6!==this.keyPacket.version;return W(Q.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class fo extends lo{constructor(e){if(super(),this.packetListToStructure(e,new Set([Q.packet.publicKey,Q.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new ua,t=this.toPacketList();let r=!1;for(const n of t)if(!r||n.constructor.tag!==Q.packet.Signature)switch(r&&(r=!1),n.constructor.tag){case Q.packet.secretKey:{if(n.algorithm===Q.publicKey.aead||n.algorithm===Q.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=Ua.fromSecretKeyPacket(n);e.push(t);break}case Q.packet.secretSubkey:{if(n.algorithm===Q.publicKey.aead||n.algorithm===Q.publicKey.hmac){r=!0;break}const t=Qa.fromSecretSubkeyPacket(n);e.push(t);break}default:e.push(n)}return new lo(e)}armor(e=R){const t=6!==this.keyPacket.version;return W(Q.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},n=R){const i=this.keyPacket,s=[];let a=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){a=a||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:i,bind:this.subkeys[r].keyPacket},a=await ja(this.subkeys[r].bindingSignatures,i,Q.signature.subkeyBinding,e,t,n);no(this.subkeys[r].keyPacket,a,n)&&s.push(this.subkeys[r])}catch(e){a=e}}const o=await this.getPrimarySelfSignature(t,r,n);if(e&&!i.getKeyID().equals(e,!0)||!no(i,o,n)||(i.isDummy()?a=a||Error("Gnu-dummy key packets cannot be used for decryption"):s.push(this)),0===s.length)throw a||Error("No decryption key packets found");return s}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=R){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=Q.reasonForRevocation.noReason,string:t=""}={},r=new Date,n=R){if(!this.isPrivate())throw Error("Need private key for revoking");const i={key:this.keyPacket},s=this.clone();return s.revocationSignatures.push(await Ja(i,[],this.keyPacket,{signatureType:Q.signature.keyRevocation,reasonForRevocationFlag:Q.write(Q.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,n)),s}async addSubkey(e={}){const t={...R,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const n=r.getAlgorithmInfo();n.type=function(e){switch(Q.write(Q.publicKey,e)){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:case Q.publicKey.dsa:return"rsa";case Q.publicKey.ecdsa:case Q.publicKey.eddsaLegacy:return"ecc";case Q.publicKey.ed25519:return"curve25519";case Q.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(n.algorithm),n.rsaBits=n.bits||4096,n.curve=n.curve||"curve25519Legacy",e=eo(e,n);const i=await Ga(e,{...t,v6Keys:6===this.keyPacket.version});io(i,t);const s=await Ya(i,r,e,t),a=this.toPacketList();return a.push(i,s),new fo(a)}}const yo=/*#__PURE__*/M.constructAllowedPackets([Ua,Qa,Ta,Fa,La,Ra,ia]);function po(e){for(const t of e)switch(t.constructor.tag){case Q.packet.secretKey:return new fo(e);case Q.packet.publicKey:return new lo(e)}throw Error("No key packet found")}async function go(e,t,r,n){r.passphrase&&await e.encrypt(r.passphrase,n),await Promise.all(t.map((async function(e,t){const i=r.subkeys[t].passphrase;i&&await e.encrypt(i,n)})));const i=new ua;function s(e,t){return[t,...e.filter((e=>e!==t))]}function a(){const t={};t.keyFlags=[Q.keyFlags.certifyKeys|Q.keyFlags.signData];const i=s([Q.symmetric.aes256,Q.symmetric.aes128],n.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=i,n.aeadProtect){const e=s([Q.aead.gcm,Q.aead.eax,Q.aead.ocb],n.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>i.map((t=>[t,e]))))}return t.preferredHashAlgorithms=s([Q.hash.sha512,Q.hash.sha256,...6===e.version?[Q.hash.sha3_512,Q.hash.sha3_256]:[]],n.preferredHashAlgorithm),t.preferredCompressionAlgorithms=s([Q.compression.uncompressed,Q.compression.zlib,Q.compression.zip],n.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=Q.features.modificationDetection,n.aeadProtect&&(t.features[0]|=Q.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(i.push(e),6===e.version){const t={key:e},s=a();s.signatureType=Q.signature.key;const o=await Ja(t,[],e,s,r.date,void 0,void 0,void 0,n);i.push(o)}await Promise.all(r.userIDs.map((async function(t,i){const s=La.fromObject(t),o={userID:s,key:e},c=6!==e.version?a():{};c.signatureType=Q.signature.certPositive,0===i&&(c.isPrimaryUserID=!0);return{userIDPacket:s,signaturePacket:await Ja(o,[],e,c,r.date,void 0,void 0,void 0,n)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{i.push(e),i.push(t)}))})),await Promise.all(t.map((async function(t,i){const s=r.subkeys[i];return{secretSubkeyPacket:t,subkeySignaturePacket:await Ya(t,e,s,n)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{i.push(e),i.push(t)}))}));const o={key:e};return i.push(await Ja(o,[],e,{signatureType:Q.signature.keyRevocation,reasonForRevocationFlag:Q.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,n)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new fo(i)}async function Ao({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...R,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!M.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!M.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await X(e);if(t!==Q.armor.publicKey&&t!==Q.armor.privateKey)throw Error("Armored text not of type key");s=r}else s=t;const a=await ua.fromBinary(s,yo,r),o=a.indexOfTag(Q.packet.publicKey,Q.packet.secretKey);if(0===o.length)throw Error("No key packet found");return po(a.slice(o[0],o[1]))}async function wo({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...R,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!M.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!M.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await X(e);if(t!==Q.armor.privateKey)throw Error("Armored text not of type private key");s=r}else s=t;const a=await ua.fromBinary(s,yo,r),o=a.indexOfTag(Q.packet.publicKey,Q.packet.secretKey);for(let e=0;e<o.length;e++){if(a[o[e]].constructor.tag===Q.packet.publicKey)continue;const t=a.slice(o[e],o[e+1]);return new fo(t)}throw Error("No secret key packet found")}async function mo({armoredKeys:e,binaryKeys:t,config:r,...n}){r={...R,...r};let i=e||t;if(!i)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!M.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!M.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:t,data:r}=await X(e);if(t!==Q.armor.publicKey&&t!==Q.armor.privateKey)throw Error("Armored text not of type key");i=r}const a=[],o=await ua.fromBinary(i,yo,r),c=o.indexOfTag(Q.packet.publicKey,Q.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=po(o.slice(c[e],c[e+1]));a.push(t)}return a}async function bo({armoredKeys:e,binaryKeys:t,config:r}){r={...R,...r};let n=e||t;if(!n)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!M.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!M.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await X(e);if(t!==Q.armor.privateKey)throw Error("Armored text not of type private key");n=r}const i=[],s=await ua.fromBinary(n,yo,r),a=s.indexOfTag(Q.packet.publicKey,Q.packet.secretKey);for(let e=0;e<a.length;e++){if(s[a[e]].constructor.tag===Q.packet.publicKey)continue;const t=s.slice(a[e],a[e+1]),r=new fo(t);i.push(r)}if(0===i.length)throw Error("No secret key packet found");return i}const ko=/*#__PURE__*/M.constructAllowedPackets([$s,pa,Ka,ka,Da,Ia,Ca,oa,ia]),Eo=/*#__PURE__*/M.constructAllowedPackets([Ca]),vo=/*#__PURE__*/M.constructAllowedPackets([ia]);class Ko{constructor(e){this.packets=e||new ua}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(Q.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(Q.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(Q.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,n=new Date,i=R){const s=this.packets.filterByTag(Q.packet.symmetricallyEncryptedData,Q.packet.symEncryptedIntegrityProtectedData,Q.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const a=s[0],o=a.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,n,i);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!M.isUint8Array(t)||!a.cipherAlgorithm&&!M.isString(e))throw Error("Invalid session key for decryption.");try{const r=a.cipherAlgorithm||Q.write(Q.symmetric,e);await a.decrypt(r,t,i)}catch(e){M.printDebugError(e),u=e}})));if(C(a.encrypted),a.encrypted=null,await h,!a.packets||!a.packets.length)throw u||Error("Decryption failed.");const l=new Ko(a.packets);return a.packets=new ua,l}async decryptSessionKeys(e,t,r,n=new Date,i=R){let s,a=[];if(t){const e=this.packets.filterByTag(Q.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await ua.fromBinary(e.write(),Eo,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){M.printDebugError(e),e instanceof Ji&&(s=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(Q.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket))}catch(e){return void(s=e)}let c=[Q.symmetric.aes256,Q.symmetric.aes128,Q.symmetric.tripledes,Q.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(n,void 0,i);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===Q.publicKey.rsaEncrypt||t.publicKeyAlgorithm===Q.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===Q.publicKey.rsaSign||t.publicKeyAlgorithm===Q.publicKey.elgamal)){const n=t.write();await Promise.all((r?[r]:Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Ia;r.read(n);const i={sessionKeyAlgorithm:t,sessionKey:qi(t)};try{await r.decrypt(e,i),a.push(r)}catch(e){M.printDebugError(e),s=e}})))}else try{await t.decrypt(e);const n=r||t.sessionKeyAlgorithm;if(n&&!c.includes(Q.write(Q.symmetric,n)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){M.printDebugError(e),s=e}})))}))),C(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+M.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&Q.read(Q.symmetric,e.sessionKeyAlgorithm)})))}throw s||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(Q.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(Q.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(Q.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],n=R){const{symmetricAlgo:i,aeadAlgo:s}=await async function(e=[],t=new Date,r=[],n=R){const i=await Promise.all(e.map(((e,i)=>e.getPrimarySelfSignature(t,r[i],n))));if(e.length?!n.ignoreSEIPDv2FeatureFlag&&i.every((e=>e.features&&e.features[0]&Q.features.seipdv2)):n.aeadProtect){const e={symmetricAlgo:Q.symmetric.aes128,aeadAlgo:Q.aead.ocb},t=[{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:n.preferredAEADAlgorithm},{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:Q.aead.ocb},{symmetricAlgo:Q.symmetric.aes128,aeadAlgo:n.preferredAEADAlgorithm}];for(const e of t)if(i.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const s=Q.symmetric.aes128,a=n.preferredSymmetricAlgorithm;return{symmetricAlgo:i.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(a)))?a:s,aeadAlgo:void 0}}(e,t,r,n),a=Q.read(Q.symmetric,i),o=s?Q.read(Q.aead,s):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===Q.publicKey.x25519||e.keyPacket.algorithm===Q.publicKey.x448)&&!o&&!M.isAES(i))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:qi(i),algorithm:a,aeadAlgorithm:o}}async encrypt(e,t,r,n=!1,i=[],s=new Date,a=[],o=R){if(r){if(!M.isUint8Array(r.data)||!M.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ko.generateSessionKey(e,s,a,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ko.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await Ko.encryptSessionKey(c,u,h,e,t,n,i,s,a,o),f=ka.fromObject({version:h?2:1,aeadAlgorithm:h?Q.write(Q.aead,h):null});f.packets=this.packets;const y=Q.write(Q.symmetric,u);return await f.encrypt(y,c,o),l.packets.push(f),f.packets=new ua,l}static async encryptSessionKey(e,t,r,n,i,s=!1,a=[],o=new Date,c=[],u=R){const h=new ua,l=Q.write(Q.symmetric,t),f=r&&Q.write(Q.aead,r);if(n){const t=await Promise.all(n.map((async function(t,r){const n=await t.getEncryptionKey(a[r],o,c,u),i=Ia.fromObject({version:f?6:3,encryptionKeyPacket:n.keyPacket,anonymousRecipient:s,sessionKey:e,sessionKeyAlgorithm:l});return await i.encrypt(n.keyPacket),delete i.sessionKey,i})));h.push(...t)}if(i){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,n=async function(e,s,a,o){const c=new Ca(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=s,a&&(c.aeadAlgorithm=a),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(i.map((e=>t(c,e))))).reduce(r))return n(e,s,o)}return delete c.sessionKey,c},s=await Promise.all(i.map((t=>n(e,l,f,t))));h.push(...s)}return new Ko(h)}async sign(e=[],t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=R){const u=new ua,h=this.packets.findPacket(Q.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await So(h,e,t,r,n,i,s,a,o,!1,c),f=l.map(((e,t)=>oa.fromSignaturePacket(e,0===t))).reverse();return u.push(...f),u.push(h),u.push(...l),new Ko(u)}compress(e,t=R){if(e===Q.compression.uncompressed)return this;const r=new pa(t);r.algorithm=e,r.packets=this.packets;const n=new ua;return n.push(r),new Ko(n)}async signDetached(e=[],t=[],r=null,n=[],i=[],s=new Date,a=[],o=[],c=R){const u=this.packets.findPacket(Q.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new Ha(await So(u,e,t,r,n,i,s,a,o,!0,c))}async verify(e,t=new Date,r=R){const n=this.unwrapCompressed(),i=n.packets.filterByTag(Q.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");let s=n.packets;a(s.stream)&&(s=s.concat(await B(s.stream,(e=>e||[]))));const o=s.filterByTag(Q.packet.onePassSignature).reverse(),c=s.filterByTag(Q.packet.signature);return o.length&&!c.length&&M.isStream(s.stream)&&!a(s.stream)?(await Promise.all(o.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=U((async()=>(await e.correspondingSig).signatureData)),e.hashed=B(await e.hash(e.signatureType,i[0],void 0,!1)),e.hashed.catch((()=>{}))}))),s.stream=k(s.stream,(async(e,t)=>{const r=P(e),n=D(t);try{for(let e=0;e<o.length;e++){const{value:t}=await r.read();o[e].correspondingSigResolve(t)}await r.readToEnd(),await n.ready,await n.close()}catch(e){o.forEach((t=>{t.correspondingSigReject(e)})),await n.abort(e)}})),Io(o,i,e,t,!1,r)):Io(c,i,e,t,!1,r)}verifyDetached(e,t,r=new Date,n=R){const i=this.unwrapCompressed().packets.filterByTag(Q.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");return Io(e.packets.filterByTag(Q.packet.signature),i,t,r,!0,n)}unwrapCompressed(){const e=this.packets.filterByTag(Q.packet.compressedData);return e.length?new Ko(e[0].packets):this}async appendSignature(e,t=R){await this.packets.read(M.isUint8Array(e)?e:(await X(e)).data,vo,t)}write(){return this.packets.write()}armor(e=R){const t=this.packets[this.packets.length-1],r=t.constructor.tag===ka.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===ia.tag&&6!==e.version));return W(Q.armor.message,this.write(),null,null,null,r,e)}}async function So(e,t,r=[],n=null,i=[],s=new Date,a=[],o=[],c=[],u=!1,h=R){const l=new ua,f=null===e.text?Q.signature.binary:Q.signature.text;if(await Promise.all(t.map((async(t,n)=>{const l=a[n];if(!t.isPrivate())throw Error("Need private key for signing");const y=await t.getSigningKey(i[n],s,l,h);return Ja(e,r.length?r:[t],y.keyPacket,{signatureType:f},s,o,c,u,h)}))).then((e=>{l.push(...e)})),n){const e=n.packets.filterByTag(Q.packet.signature);l.push(...e)}return l}async function Io(e,t,r,n=new Date,i=!1,s=R){return Promise.all(e.filter((function(e){return["text","binary"].includes(Q.read(Q.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,n=new Date,i=!1,s=R){let a,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){a=t,o=r[0];break}}const c=e instanceof oa?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],n,i,s);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await a.getSigningKey(o.getKeyID(),r.created,void 0,s)}catch(e){if(!s.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await a.getSigningKey(o.getKeyID(),n,void 0,s)}return!0})(),signature:(async()=>{const e=await c,t=new ua;return e&&t.push(e),new Ha(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,n,i,s)})))}async function Bo({armoredMessage:e,binaryMessage:t,config:r,...n}){r={...R,...r};let i=e||t;if(!i)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!M.isString(e)&&!M.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!M.isUint8Array(t)&&!M.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));const a=M.isStream(i);if(e){const{type:e,data:t}=await X(i);if(e!==Q.armor.message)throw Error("Armored text not of type message");i=t}const o=await ua.fromBinary(i,ko,r,new fa),c=new Ko(o);return c.fromStream=a,c}async function Co({text:e,binary:t,filename:r,date:n=new Date,format:i=(void 0!==e?"utf8":"binary"),...s}){const a=void 0!==e?e:t;if(void 0===a)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!M.isString(e)&&!M.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!M.isUint8Array(t)&&!M.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=M.isStream(a),u=new $s(n);void 0!==e?u.setText(a,Q.write(Q.literal,i)):u.setBytes(a,Q.write(Q.literal,i)),void 0!==r&&u.setFilename(r);const h=new ua;h.push(u);const l=new Ko(h);return l.fromStream=c,l}const Uo=/*#__PURE__*/M.constructAllowedPackets([ia]);class Po{constructor(e,t){if(this.text=M.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof Ha))throw Error("Invalid signature input");this.signature=t||new Ha(new ua)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=R){const u=new $s;u.setText(this.text);const h=new Ha(await So(u,e,t,r,n,i,s,a,o,!0,c));return new Po(this.text,h)}verify(e,t=new Date,r=R){const n=this.signature.packets.filterByTag(Q.packet.signature),i=new $s;return i.setText(this.text),Io(n,[i],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=R){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>Q.read(Q.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return W(Q.armor.signed,r,void 0,void 0,void 0,t,e)}}async function Do({cleartextMessage:e,config:t,...r}){if(t={...R,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!M.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const n=Object.keys(r);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const i=await X(e);if(i.type!==Q.armor.signed)throw Error("No cleartext signed message.");const s=await ua.fromBinary(i.data,Uo,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let n=0;n<t.length;n++)if(t[n].constructor.tag===Q.packet.signature&&!e.some(r(t[n])))return!1;return!0},n=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return Q.write(Q.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));n.push(...e)}})),n.length&&!r(n))throw Error("Hash algorithm mismatch in armor header and signature")}(i.headers,s);const a=new Ha(s);return new Po(i.text,a)}async function xo({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!M.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Po(e)}async function Qo({userIDs:e=[],passphrase:t,type:r,curve:n,rsaBits:i=4096,symmetricHash:s="sha256",symmetricCipher:a="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...f}){Zo(l={...R,...l}),r||n?(r=r||"ecc",n=n||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",n="curve25519Legacy"),e=Jo(e);const y=Object.keys(f);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&i<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${i}`);const p={userIDs:e,passphrase:t,type:r,rsaBits:i,curve:n,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:s,symmetricCipher:a};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=eo(e)).subkeys=e.subkeys.map(((t,r)=>eo(e.subkeys[r],e)));let r=[qa(e,t)];r=r.concat(e.subkeys.map((e=>Ga(e,t))));const n=await Promise.all(r),i=await go(n[0],n.slice(1),e,t),s=await i.getRevocationCertificate(e.date,t);return i.revocationSignatures=[],{key:i,revocationCertificate:s}}(p,l);return e.getKeys().forEach((({keyPacket:e})=>io(e,l))),{privateKey:$o(e,h,l),publicKey:"symmetric"!==r?$o(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw M.wrapError("Error generating keypair",e)}}async function Ro({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:n=0,date:i,format:s="armored",config:a,...o}){Zo(a={...R,...a}),t=Jo(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:n,date:i};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const n=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,i={key:n,bind:r},s=await ja(e.bindingSignatures,n,Q.signature.subkeyBinding,i,null,t).catch((()=>({})));return{sign:s.keyFlags&&s.keyFlags[0]&Q.keyFlags.signData,forwarding:s.keyFlags&&s.keyFlags[0]&Q.keyFlags.forwardedCommunication}}))));const i=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==i.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const s=await go(n,i,e,t),a=await s.getRevocationCertificate(e.date,t);return s.revocationSignatures=[],{key:s,revocationCertificate:a};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=M.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,a);return{privateKey:$o(e,s,a),publicKey:$o(e.toPublic(),s,a),revocationCertificate:t}}catch(e){throw M.wrapError("Error reformatting keypair",e)}}async function To({key:e,revocationCertificate:t,reasonForRevocation:r,date:n=new Date,format:i="armored",config:s,...a}){Zo(s={...R,...s});const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const a=t?await e.applyRevocationCertificate(t,n,s):await e.revoke(r,n,s);return a.isPrivate()?{privateKey:$o(a,i,s),publicKey:$o(a.toPublic(),i,s)}:{privateKey:null,publicKey:$o(a,i,s)}}catch(e){throw M.wrapError("Error revoking key",e)}}async function Mo({privateKey:e,passphrase:t,config:r,...n}){Zo(r={...R,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const s=e.clone(!0),a=M.isArray(t)?t:[t];try{return await Promise.all(s.getKeys().map((e=>M.anyPromise(a.map((t=>e.keyPacket.decrypt(t))))))),await s.validate(r),s}catch(e){throw s.clearPrivateParams(),M.wrapError("Error decrypting private key",e)}}async function Lo({privateKey:e,passphrase:t,config:r,...n}){Zo(r={...R,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const s=e.clone(!0),a=s.getKeys(),o=M.isArray(t)?t:Array(a.length).fill(t);if(o.length!==a.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(a.map((async(e,t)=>{const{keyPacket:n}=e;await n.encrypt(o[t],r),n.clearPrivateParams()}))),s}catch(e){throw s.clearPrivateParams(),M.wrapError("Error encrypting private key",e)}}async function Fo({message:e,encryptionKeys:t,signingKeys:r,passwords:n,sessionKey:i,format:s="armored",signature:a=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:f=[],signatureNotations:y=[],config:p,...d}){if(Zo(p={...R,...p}),qo(e),Vo(s),t=Jo(t),r=Jo(r),n=Jo(n),c=Jo(c),u=Jo(u),l=Jo(l),f=Jo(f),y=Jo(y),d.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(d.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(d.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==d.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const g=Object.keys(d);if(g.length>0)throw Error("Unknown option: "+g.join(", "));r||(r=[]);try{if((r.length||a)&&(e=await e.sign(r,t,a,c,h,l,u,y,p)),e=e.compress(await async function(e=[],t=new Date,r=[],n=R){const i=Q.compression.uncompressed,s=n.preferredCompressionAlgorithm,a=await Promise.all(e.map((async function(e,i){const a=(await e.getPrimarySelfSignature(t,r[i],n)).preferredCompressionAlgorithms;return!!a&&a.indexOf(s)>=0})));return a.every(Boolean)?s:i}(t,h,f,p),p),e=await e.encrypt(t,n,i,o,u,h,f,p),"object"===s)return e;const d="armored"===s?e.armor(p):e.write();return await Xo(d)}catch(e){throw M.wrapError("Error encrypting message",e)}}async function Oo({message:e,decryptionKeys:t,passwords:r,sessionKeys:n,verificationKeys:i,expectSigned:s=!1,format:a="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Zo(u={...R,...u}),qo(e),i=Jo(i),t=Jo(t),r=Jo(r),n=Jo(n),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,n,c,u);i||(i=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,i,c,u):await h.verify(i,c,u),l.data="binary"===a?h.getLiteralData():h.getText(),l.filename=h.getFilename(),Wo(l,e,...new Set([h,h.unwrapCompressed()])),s){if(0===i.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=g([l.data,U((async()=>(await M.anyPromise(l.signatures.map((e=>e.verified))),"binary"===a?new Uint8Array:"")))])}return l.data=await Xo(l.data),l}catch(e){throw M.wrapError("Error decrypting message",e)}}async function No({message:e,signingKeys:t,recipientKeys:r=[],format:n="armored",detached:i=!1,signingKeyIDs:s=[],date:a=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if(Zo(h={...R,...h}),jo(e),Vo(n),t=Jo(t),s=Jo(s),o=Jo(o),r=Jo(r),c=Jo(c),u=Jo(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const f=Object.keys(l);if(f.length>0)throw Error("Unknown option: "+f.join(", "));if(e instanceof Po&&"binary"===n)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Po&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=i?await e.signDetached(t,r,void 0,s,a,o,c,u,h):await e.sign(t,r,void 0,s,a,o,c,u,h),"object"===n)return l;return l="armored"===n?l.armor(h):l.write(),i&&(l=k(e.packets.write(),(async(e,t)=>{await Promise.all([A(l,t),B(e).catch((()=>{}))])}))),await Xo(l)}catch(e){throw M.wrapError("Error signing message",e)}}async function _o({message:e,verificationKeys:t,expectSigned:r=!1,format:n="utf8",signature:i=null,date:s=new Date,config:a,...o}){if(Zo(a={...R,...a}),jo(e),t=Jo(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Po&&"binary"===n)throw Error("Can't return cleartext message data as binary");if(e instanceof Po&&i)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=i?await e.verifyDetached(i,t,s,a):await e.verify(t,s,a),o.data="binary"===n?e.getLiteralData():e.getText(),e.fromStream&&!i&&Wo(o,...new Set([e,e.unwrapCompressed()])),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=g([o.data,U((async()=>(await M.anyPromise(o.signatures.map((e=>e.verified))),"binary"===n?new Uint8Array:"")))])}return o.data=await Xo(o.data),o}catch(e){throw M.wrapError("Error verifying signed message",e)}}async function Ho({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:n,...i}){if(Zo(n={...R,...n}),e=Jo(e),r=Jo(r),i.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const s=Object.keys(i);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await Ko.generateSessionKey(e,t,r,n)}catch(e){throw M.wrapError("Error generating session key",e)}}async function zo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:n,passwords:i,format:s="armored",wildcard:a=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if(Zo(h={...R,...h}),function(e){if(!M.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!M.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Vo(s),n=Jo(n),i=Jo(i),o=Jo(o),u=Jo(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const f=Object.keys(l);if(f.length>0)throw Error("Unknown option: "+f.join(", "));if(!(n&&0!==n.length||i&&0!==i.length))throw Error("No encryption keys or passwords provided.");try{return $o(await Ko.encryptSessionKey(e,t,r,n,i,a,o,c,u,h),s,h)}catch(e){throw M.wrapError("Error encrypting session key",e)}}async function Go({message:e,decryptionKeys:t,passwords:r,date:n=new Date,config:i,...s}){if(Zo(i={...R,...i}),qo(e),t=Jo(t),r=Jo(r),s.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const a=Object.keys(s);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,n,i)}catch(e){throw M.wrapError("Error decrypting session keys",e)}}function qo(e){if(!(e instanceof Ko))throw Error("Parameter [message] needs to be of type Message")}function jo(e){if(!(e instanceof Po||e instanceof Ko))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Vo(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Yo=Object.keys(R).length;function Zo(e){const t=Object.keys(e);if(t.length!==Yo)for(const e of t)if(void 0===R[e])throw Error("Unknown config property: "+e)}function Jo(e){return e&&!M.isArray(e)&&(e=[e]),e}async function Xo(e){return"array"===M.isStream(e)?B(e):e}function Wo(e,t,...r){e.data=k(t.packets.stream,(async(t,n)=>{await A(e.data,n,{preventClose:!0});const i=D(n);try{await B(t,(e=>e)),await Promise.all(r.map((e=>B(e.packets.stream,(e=>e))))),await i.close()}catch(e){await i.abort(e)}}))}function $o(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}const ec="object"==typeof e&&"crypto"in e?e.crypto:void 0;
+/*! OpenPGP.js v6.2.2 - 2025-09-02 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function t(e,t){return t.forEach((function(t){t&&"string"!=typeof t&&!Array.isArray(t)&&Object.keys(t).forEach((function(r){if("default"!==r&&!(r in e)){var n=Object.getOwnPropertyDescriptor(t,r);Object.defineProperty(e,r,n.get?n:{enumerable:!0,get:function(){return t[r]}})}}))})),Object.freeze(e)}const r=Symbol("doneWritingPromise"),n=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),s=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[r]=new Promise(((e,t)=>{this[n]=e,this[i]=t})),this[r].catch((()=>{}))}}function a(e){return e&&e.getReader&&Array.isArray(e)}function o(e){if(!a(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function c(t){if(a(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function u(e){return Uint8Array.prototype.isPrototypeOf(e)}function h(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!u(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let n=0;return e.forEach((function(e){r.set(e,n),n+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[s]&&(this[s]=0),{read:async()=>(await this[r],this[s]===this.length?{value:void 0,done:!0}:{value:this[this[s]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[r];const t=e(this.slice(this[s]));return this.length=0,t},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[r]=this[r].then((()=>{e.push(...this)})),e},o.prototype.write=async function(e){this.stream.push(e)},o.prototype.close=async function(){this.stream[n]()},o.prototype.abort=async function(e){return this.stream[i](e),e},o.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const l=new WeakSet,f=Symbol("externalBuffer");function y(e){if(this.stream=e,e[f]&&(this[f]=e[f].slice()),a(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(c(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||l.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{l.add(e)}catch(e){}}}function p(e){return c(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(c(e))return e;const t=new ArrayStream;return(async()=>{const r=D(t);await r.write(e),await r.close()})(),t}function g(e){return e.some((e=>c(e)&&!a(e)))?function(e){e=e.map(p);const t=m((async function(e){await Promise.all(n.map((t=>C(t,e))))}));let r=Promise.resolve();const n=e.map(((n,i)=>k(n,((n,s)=>(r=r.then((()=>A(n,t.writable,{preventClose:i!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>a(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((n,i)=>(r=r.then((()=>A(n,t,{preventClose:i!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):h(e)}async function A(e,t,{preventClose:r=!1,preventAbort:n=!1,preventCancel:i=!1}={}){if(c(e)&&!a(e)){e=p(e);try{if(e[f]){const r=D(t);for(let t=0;t<e[f].length;t++)await r.ready,await r.write(e[f][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:n,preventCancel:i})}catch(e){}return}const s=P(e=d(e)),o=D(t);try{for(;;){await o.ready;const{done:e,value:t}=await s.read();if(e){r||await o.close();break}await o.write(t)}}catch(e){n||await o.abort(e)}finally{s.releaseLock(),o.releaseLock()}}function w(e,t){const r=new TransformStream(t);return A(e,r.writable),r.readable}function m(e){let t,r,n,i=!1,s=!1;return{readable:new ReadableStream({start(e){n=e},pull(){t?t():i=!0},async cancel(t){s=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(s)throw Error("Stream is cancelled");n.enqueue(e),i?i=!1:(await new Promise(((e,n)=>{t=e,r=n})),t=null,r=null)},close:n.close.bind(n),abort:n.error.bind(n)})}}function b(e,t=()=>{},r=()=>{}){if(a(e)){const n=new ArrayStream;return(async()=>{const i=D(n);try{const n=await B(e),s=t(n),a=r();let o;o=void 0!==s&&void 0!==a?g([s,a]):void 0!==s?s:a,await i.write(o),await i.close()}catch(e){await i.abort(e)}})(),n}if(c(e))return w(e,{async transform(e,r){try{const n=await t(e);void 0!==n&&r.enqueue(n)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const n=t(e),i=r();return void 0!==n&&void 0!==i?g([n,i]):void 0!==n?n:i}function k(e,t){if(c(e)&&!a(e)){let r;const n=new TransformStream({start(e){r=e}}),i=A(e,n.writable),s=m((async function(e){r.error(e),await i,await new Promise(setTimeout)}));return t(n.readable,s.writable),s.readable}e=d(e);const r=new ArrayStream;return t(e,r),r}function E(e,t){let r;const n=k(e,((e,i)=>{const s=P(e);s.remainder=()=>(s.releaseLock(),A(e,i),n),r=t(s)}));return r}function v(e){if(a(e))return e.clone();if(c(e)){const t=function(e){if(a(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(c(e)){const t=p(e).tee();return t[0][f]=t[1][f]=e[f],t}return[I(e),I(e)]}(e);return S(e,t[0]),t[1]}return I(e)}function K(e){return a(e)?v(e):c(e)?new ReadableStream({start(t){const r=k(e,(async(e,r)=>{const n=P(e),i=D(r);try{for(;;){await i.ready;const{done:e,value:r}=await n.read();if(e){try{t.close()}catch(e){}return void await i.close()}try{t.enqueue(r)}catch(e){}await i.write(r)}}catch(e){t.error(e),await i.abort(e)}}));S(e,r)}}):I(e)}function S(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,n])=>{"constructor"!==r&&(n.value?n.value=n.value.bind(t):n.get=n.get.bind(t),Object.defineProperty(e,r,n))}))}function I(e,t=0,r=1/0){if(a(e))throw Error("Not implemented");if(c(e)){if(t>=0&&r>=0){let n=0;return w(e,{transform(e,i){n<r?(n+e.length>=t&&i.enqueue(I(e,Math.max(t-n,0),r-n)),n+=e.length):i.terminate()}})}if(t<0&&(r<0||r===1/0)){let n=[];return b(e,(e=>{e.length>=-t?n=[e]:n.push(e)}),(()=>I(g(n),t,r)))}if(0===t&&r<0){let n;return b(e,(e=>{const i=n?g([n,e]):e;if(i.length>=-r)return n=I(i,r),I(i,t,r);n=i}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),U((async()=>I(await B(e),t,r)))}return e[f]&&(e=g(e[f].concat([e]))),u(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function B(e,t=g){return a(e)?e.readToEnd(t):c(e)?P(e).readToEnd(t):e}async function C(e,t){if(c(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function U(e){const t=new ArrayStream;return(async()=>{const r=D(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function P(e){return new y(e)}function D(e){return new o(e)}y.prototype.read=async function(){if(this[f]&&this[f].length){return{done:!1,value:this[f].shift()}}return this._read()},y.prototype.releaseLock=function(){this[f]&&(this.stream[f]=this[f]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:n}=await this.read();if(n+="",r)return t.length?g(t):void 0;const i=n.indexOf("\n")+1;i&&(e=g(t.concat(n.substr(0,i))),t=[]),i!==n.length&&t.push(n.substr(i))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(I(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:n,value:i}=await this.read();if(n)return t.length?g(t):void 0;if(t.push(i),r+=i.length,r>=e){const r=g(t);return this.unshift(I(r,e)),I(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[f]||(this[f]=[]),1===e.length&&u(e[0])&&this[f].length&&e[0].length&&this[f][0].byteOffset>=e[0].length?this[f][0]=new Uint8Array(this[f][0].buffer,this[f][0].byteOffset-e[0].length,this[f][0].byteLength+e[0].length):this[f].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=g){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const x=Symbol("byValue");var Q={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mldsa_ed25519:30,pqc_mlkem_x25519:35,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[x]||(e[x]=[],Object.entries(e).forEach((([t,r])=>{e[x][r]=t}))),void 0!==e[x][t])return e[x][t];throw Error("Invalid enum value.")}},R={preferredHashAlgorithm:Q.hash.sha512,preferredSymmetricAlgorithm:Q.symmetric.aes256,preferredCompressionAlgorithm:Q.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:Q.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:Q.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([Q.symmetric.aes128,Q.symmetric.aes192,Q.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,enforceGrammar:!0,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.2.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([Q.hash.md5,Q.hash.ripemd]),rejectMessageHashAlgorithms:new Set([Q.hash.md5,Q.hash.ripemd,Q.hash.sha1]),rejectPublicKeyAlgorithms:new Set([Q.publicKey.elgamal,Q.publicKey.dsa]),rejectCurves:new Set([Q.curve.secp256k1])};const T=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),M={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:u,isStream:c,getNobleCurve:async(e,t)=>{if(!R.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await Promise.resolve().then((function(){return sf}));switch(e){case Q.publicKey.ecdh:case Q.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case Q.publicKey.x448:return r.get("x448");case Q.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let n=0;n<t;n++)r[n]=e>>8*(t-n-1)&255;return r},readDate:function(e){const t=M.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return M.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return M.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),n=t-e.length;return r.set(e,n),r},uint8ArrayToMPI:function(e){const t=M.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),n=new Uint8Array([(65280&t)>>8,255&t]);return M.concatUint8Array([n,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+M.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return b(e,(e=>{if(!M.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,n=(e=new Uint8Array(e)).length;for(let i=0;i<n;i+=r)t.push(String.fromCharCode.apply(String,e.subarray(i,i+r<n?i+r:n)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return b(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return b(e,r,(()=>r(new Uint8Array,!0)))},concat:g,concatUint8Array:h,equalsUint8Array:function(e,t){if(!M.isUint8Array(e)||!M.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},findLastIndex:function(e,t){for(let r=e.length;r>=0;r--)if(t(e[r],r,e))return r;return-1},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return M.writeNumber(t,2)},printDebug:function(e){T&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){T&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let n=0;n<r;n++)t[n]=e[n]<<1^e[n+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!M.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return b(e,(e=>{let r;t&&(e=M.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const n=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&n.push(r);if(!n.length)return e;const i=new Uint8Array(e.length+n.length);let s=0;for(let t=0;t<n.length;t++){const r=e.subarray(n[t-1]||0,n[t]);i.set(r,s),s+=r.length,i[s-1]=13,i[s]=10,s++}return i.set(e.subarray(n[n.length-1]||0),s),i}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return b(e,(e=>{let r;13===(e=t&&10!==e[0]?M.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let n=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const i=r-(10===e[r]?1:0);t&&e.copyWithin(n,t,i),n+=i-t}return e.subarray(0,n)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return e instanceof Error?e:Error(e);if(e instanceof Error){try{e.message+=": "+t.message,e.cause=t}catch(e){}return e}return Error(e+": "+t.message,{cause:t})},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let n;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){n=e}}))),r(n)}))},selectUint8Array:function(e,t,r){const n=Math.max(t.length,r.length),i=new Uint8Array(n);let s=0;for(let n=0;n<i.length;n++)i[n]=t[n]&256-e|r[n]&255+e,s+=e&n<t.length|1-e&n<r.length;return i.subarray(0,s)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===Q.symmetric.aes128||e===Q.symmetric.aes192||e===Q.symmetric.aes256}},L=M.getNodeBuffer();let F,O;function N(e){let t=new Uint8Array;return b(e,(e=>{t=M.concatUint8Array([t,e]);const r=[],n=Math.floor(t.length/45),i=45*n,s=F(t.subarray(0,i));for(let e=0;e<n;e++)r.push(s.substr(60*e,60)),r.push("\n");return t=t.subarray(i),r.join("")}),(()=>t.length?F(t)+"\n":""))}function _(e){let t="";return b(e,(e=>{t+=e;let r=0;const n=[" ","\t","\r","\n"];for(let e=0;e<n.length;e++){const i=n[e];for(let e=t.indexOf(i);-1!==e;e=t.indexOf(i,e+1))r++}let i=t.length;for(;i>0&&(i-r)%4!=0;i--)n.includes(t[i])&&r--;const s=O(t.substr(0,i));return t=t.substr(i),s}),(()=>O(t)))}function H(e){return _(e.replace(/-/g,"+").replace(/_/g,"/"))}function z(e,t){let r=N(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function G(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?Q.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?Q.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?Q.armor.signed:/MESSAGE/.test(t[1])?Q.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?Q.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?Q.armor.privateKey:/SIGNATURE/.test(t[1])?Q.armor.signature:void 0}function q(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function j(e){const t=function(e){let t=13501623;return b(e,(e=>{const r=Y?Math.floor(e.length/4):0,n=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=n[e],t=V[0][t>>24&255]^V[1][t>>16&255]^V[2][t>>8&255]^V[3][255&t];for(let n=4*r;n<e.length;n++)t=t>>8^V[0][255&t^e[n]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return N(t)}L?(F=e=>L.from(e).toString("base64"),O=e=>{const t=L.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(F=e=>btoa(M.uint8ArrayToString(e)),O=e=>M.stringToUint8Array(atob(e)));const V=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);V[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)V[1][e]=V[0][e]>>8^V[0][255&V[0][e]];for(let e=0;e<=255;e++)V[2][e]=V[1][e]>>8^V[0][255&V[1][e]];for(let e=0;e<=255;e++)V[3][e]=V[2][e]>>8^V[0][255&V[2][e]];const Y=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function Z(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||M.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||M.printDebugError(Error("Unknown header: "+e[t]))}function J(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function X(e){return new Promise((async(t,r)=>{try{const n=/^-----[^-]+-----$/m,i=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let s;const a=[];let o,c,u=a,h=[];const l=_(k(e,(async(e,f)=>{const y=P(e);try{for(;;){let e=await y.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=M.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),s)if(o)c||s!==Q.armor.signed||(n.test(e)?(h=h.join("\r\n"),c=!0,Z(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(n.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),i.test(e)){if(Z(u),o=!0,c||s!==Q.armor.signed){t({text:h,data:l,headers:a,type:s});break}}else u.push(e);else n.test(e)&&(s=G(e))}}catch(e){return void r(e)}const p=D(f);try{for(;;){await p.ready;const{done:e,value:t}=await y.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await y.readToEnd();e.length||(e=""),e=r+e,e=M.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(n);if(1===t.length)throw Error("Misformed armored text");const i=J(t[0].slice(0,-1));await p.write(i);break}await p.write(r)}await p.ready,await p.close()}catch(e){await p.abort(e)}})))}catch(e){r(e)}})).then((async e=>(a(e.data)&&(e.data=await B(e.data)),e)))}function W(e,t,r,n,i,s=!1,a=R){let o,c;e===Q.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=s&&K(t),h=[];switch(e){case Q.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+n+"-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+n+"-----\n");break;case Q.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case Q.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP SIGNATURE-----\n");break;case Q.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP MESSAGE-----\n");break;case Q.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case Q.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case Q.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(q(i,a)),h.push(N(t)),u&&h.push("=",j(u)),h.push("-----END PGP SIGNATURE-----\n")}return M.concat(h)}const $=BigInt(0),ee=BigInt(1);function te(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function re(e,t){const r=e%t;return r<$?r+t:r}function ne(e,t,r){if(r===$)throw Error("Modulo cannot be zero");if(r===ee)return BigInt(0);if(t<$)throw Error("Unsopported negative exponent");let n=t,i=e;i%=r;let s=BigInt(1);for(;n>$;){const e=n&ee;n>>=ee;s=e?s*i%r:s,i=i*i%r}return s}function ie(e){return e>=$?e:-e}function se(e,t){const{gcd:r,x:n}=function(e,t){let r=BigInt(0),n=BigInt(1),i=BigInt(1),s=BigInt(0),a=ie(e),o=ie(t);const c=e<$,u=t<$;for(;o!==$;){const e=a/o;let t=r;r=i-e*r,i=t,t=n,n=s-e*n,s=t,t=o,o=a%o,a=t}return{x:c?-i:i,y:u?-s:s,gcd:a}}(e,t);if(r!==ee)throw Error("Inverse does not exist");return re(n+t,t)}function ae(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function oe(e,t){return(e>>BigInt(t)&ee)===$?0:1}function ce(e){const t=e<$?BigInt(-1):$;let r=1,n=e;for(;(n>>=ee)!==t;)r++;return r}function ue(e){const t=e<$?BigInt(-1):$,r=BigInt(8);let n=1,i=e;for(;(i>>=r)!==t;)n++;return n}function he(e,t="be",r){let n=e.toString(16);n.length%2==1&&(n="0"+n);const i=n.length/2,s=new Uint8Array(r||i),a=r?r-i:0;let o=0;for(;o<i;)s[o+a]=parseInt(n.slice(2*o,2*o+2),16),o++;return"be"!==t&&s.reverse(),s}const le=M.getNodeCrypto();function fe(e){const t="undefined"!=typeof crypto?crypto:le?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function ye(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return re(te(fe(ue(r)+8)),r)+e}const pe=BigInt(1);function de(e,t,r){const n=BigInt(30),i=pe<<BigInt(e-1),s=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let a=ye(i,i<<pe),o=ae(re(a,n));do{a+=BigInt(s[o]),o=(o+s[o])%s.length,ce(a)>e&&(a=re(a,i<<pe),a+=i,o=ae(re(a,n)))}while(!ge(a,t,r));return a}function ge(e,t,r){return(!t||function(e,t){let r=e,n=t;for(;n!==$;){const e=n;n=r%n,r=e}return r}(e-pe,t)===pe)&&(!!function(e){const t=BigInt(0);return Ae.every((r=>re(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return ne(t,e-pe,e)===pe}(e)&&!!function(e,t){const r=ce(e);t||(t=Math.max(1,r/48|0));const n=e-pe;let i=0;for(;!oe(n,i);)i++;const s=e>>BigInt(i);for(;t>0;t--){let t,r=ne(ye(BigInt(2),n),s,e);if(r!==pe&&r!==n){for(t=1;t<i;t++){if(r=re(r*r,e),r===pe)return!1;if(r===n)break}if(t===i)return!1}}return!0}(e,r)))}const Ae=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const we=M.getWebCrypto(),me=M.getNodeCrypto(),be=me&&me.getHashes();function ke(e){if(me&&be.includes(e))return async function(t){const r=me.createHash(e);return b(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function Ee(e,t){const r=async()=>{const{nobleHashes:t}=await Promise.resolve().then((function(){return xf})),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(a(e)&&(e=await B(e)),M.isStream(e)){const t=(await r()).create();return b(e,(e=>{t.update(e)}),(()=>t.digest()))}if(we&&t)return new Uint8Array(await we.digest(t,e));return(await r())(e)}}const ve=ke("md5")||Ee("md5"),Ke=ke("sha1")||Ee("sha1","SHA-1"),Se=ke("sha224")||Ee("sha224"),Ie=ke("sha256")||Ee("sha256","SHA-256"),Be=ke("sha384")||Ee("sha384","SHA-384"),Ce=ke("sha512")||Ee("sha512","SHA-512"),Ue=ke("ripemd160")||Ee("ripemd160"),Pe=ke("sha3-256")||Ee("sha3_256"),De=ke("sha3-512")||Ee("sha3_512");function xe(e,t){switch(e){case Q.hash.md5:return ve(t);case Q.hash.sha1:return Ke(t);case Q.hash.ripemd:return Ue(t);case Q.hash.sha256:return Ie(t);case Q.hash.sha384:return Be(t);case Q.hash.sha512:return Ce(t);case Q.hash.sha224:return Se(t);case Q.hash.sha3_256:return Pe(t);case Q.hash.sha3_512:return De(t);default:throw Error("Unsupported hash function")}}function Qe(e){switch(e){case Q.hash.md5:return 16;case Q.hash.sha1:case Q.hash.ripemd:return 20;case Q.hash.sha256:return 32;case Q.hash.sha384:return 48;case Q.hash.sha512:return 64;case Q.hash.sha224:return 28;case Q.hash.sha3_256:return 32;case Q.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Re=[];function Te(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const n=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const n=fe(e-r);for(let e=0;e<n.length;e++)0!==n[e]&&(t[r++]=n[e])}return t}(t-r-3),i=new Uint8Array(t);return i[1]=2,i.set(n,2),i.set(e,t-r),i}function Me(e,t){let r=2,n=1;for(let t=r;t<e.length;t++)n&=0!==e[t],r+=n;const i=r-2,s=e.subarray(r+1),a=0===e[0]&2===e[1]&i>=8&!n;if(t)return M.selectUint8Array(a,s,t);if(a)return s;throw Error("Decryption error")}function Le(e,t,r){let n;if(t.length!==Qe(e))throw Error("Invalid hash length");const i=new Uint8Array(Re[e].length);for(n=0;n<Re[e].length;n++)i[n]=Re[e][n];const s=i.length+t.length;if(r<s+11)throw Error("Intended encoded message length too short");const a=new Uint8Array(r-s-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(a,2),o.set(i,r-s),o.set(t,r-t.length),o}Re[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Re[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Re[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Re[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Re[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Re[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Re[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const Fe=M.getWebCrypto(),Oe=M.getNodeCrypto(),Ne=BigInt(1);async function _e(e,t,r,n,i,s,a,o,c){if(Qe(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!M.isStream(t))if(M.getWebCrypto())try{return await async function(e,t,r,n,i,s,a,o){const c=await qe(r,n,i,s,a,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await Fe.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await Fe.sign("RSASSA-PKCS1-v1_5",h,t))}(Q.read(Q.webHash,e),t,r,n,i,s,a,o)}catch(e){M.printDebugError(e)}else if(M.getNodeCrypto())return async function(e,t,r,n,i,s,a,o){const c=Oe.createSign(Q.read(Q.hash,e));c.write(t),c.end();const u=await qe(r,n,i,s,a,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,n,i,s,a,o);return async function(e,t,r,n){t=te(t);const i=te(Le(e,n,ue(t)));return r=te(r),he(ne(i,r,t),"be",ue(t))}(e,r,i,c)}async function He(e,t,r,n,i,s){if(t&&!M.isStream(t))if(M.getWebCrypto())try{return await async function(e,t,r,n,i){const s=je(n,i),a=await Fe.importKey("jwk",s,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return Fe.verify("RSASSA-PKCS1-v1_5",a,r,t)}(Q.read(Q.webHash,e),t,r,n,i)}catch(e){M.printDebugError(e)}else if(M.getNodeCrypto())return async function(e,t,r,n,i){const s=je(n,i),a={key:s,format:"jwk",type:"pkcs1"},o=Oe.createVerify(Q.read(Q.hash,e));o.write(t),o.end();try{return o.verify(a,r)}catch(e){return!1}}(e,t,r,n,i);return async function(e,t,r,n,i){if(r=te(r),t=te(t),n=te(n),t>=r)throw Error("Signature size cannot exceed modulus size");const s=he(ne(t,n,r),"be",ue(r)),a=Le(e,i,ue(r));return M.equalsUint8Array(s,a)}(e,r,n,i,s)}async function ze(e,t,r){return M.getNodeCrypto()?async function(e,t,r){const n=je(t,r),i={key:n,format:"jwk",type:"pkcs1",padding:Oe.constants.RSA_PKCS1_PADDING};return new Uint8Array(Oe.publicEncrypt(i,e))}(e,t,r):async function(e,t,r){if(t=te(t),e=te(Te(e,ue(t))),r=te(r),e>=t)throw Error("Message size cannot exceed modulus size");return he(ne(e,r,t),"be",ue(t))}(e,t,r)}async function Ge(e,t,r,n,i,s,a,o){if(M.getNodeCrypto()&&!o)try{return await async function(e,t,r,n,i,s,a){const o=await qe(t,r,n,i,s,a),c={key:o,format:"jwk",type:"pkcs1",padding:Oe.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Oe.privateDecrypt(c,e))}catch(e){throw Error("Decryption error")}}(e,t,r,n,i,s,a)}catch(e){M.printDebugError(e)}return async function(e,t,r,n,i,s,a,o){if(e=te(e),t=te(t),r=te(r),n=te(n),i=te(i),s=te(s),a=te(a),e>=t)throw Error("Data too large.");const c=re(n,s-Ne),u=re(n,i-Ne),h=ye(BigInt(2),t),l=ne(se(h,t),r,t);e=re(e*l,t);const f=ne(e,u,i),y=ne(e,c,s),p=re(a*(y-f),s);let d=p*i+f;return d=re(d*h,t),Me(he(d,"be",ue(t)),o)}(e,t,r,n,i,s,a,o)}async function qe(e,t,r,n,i,s){const a=te(n),o=te(i),c=te(r);let u=re(c,o-Ne),h=re(c,a-Ne);return h=he(h),u=he(u),{kty:"RSA",n:z(e),e:z(t),d:z(r),p:z(i),q:z(n),dp:z(u),dq:z(h),qi:z(s),ext:!0}}function je(e,t){return{kty:"RSA",n:z(e),e:z(t),ext:!0}}function Ve(e,t){return{n:H(e.n),e:he(t),d:H(e.d),p:H(e.q),q:H(e.p),u:H(e.qi)}}const Ye=BigInt(1);const Ze={"2a8648ce3d030107":Q.curve.nistP256,"2b81040022":Q.curve.nistP384,"2b81040023":Q.curve.nistP521,"2b8104000a":Q.curve.secp256k1,"2b06010401da470f01":Q.curve.ed25519Legacy,"2b060104019755010501":Q.curve.curve25519Legacy,"2b2403030208010107":Q.curve.brainpoolP256r1,"2b240303020801010b":Q.curve.brainpoolP384r1,"2b240303020801010d":Q.curve.brainpoolP512r1};class Je{constructor(e){if(e instanceof Je)this.oid=e.oid;else if(M.isArray(e)||M.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return M.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return M.uint8ArrayToHex(this.oid)}getName(){const e=Ze[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Xe(e){let t,r=0;const n=e[0];return n<192?([r]=e,t=1):n<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===n&&(r=M.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function We(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):M.concatUint8Array([new Uint8Array([255]),M.writeNumber(e,4)])}function $e(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function et(e){return new Uint8Array([192|e])}function tt(e,t){return M.concatUint8Array([et(e),We(t)])}function rt(e){return[Q.packet.literalData,Q.packet.compressedData,Q.packet.symmetricallyEncryptedData,Q.packet.symEncryptedIntegrityProtectedData,Q.packet.aeadEncryptedData].includes(e)}async function nt(e,t,r){let n,i;try{const s=await e.peekBytes(2);if(!s||s.length<2||!(128&s[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const a=await e.readByte();let o,c,u=-1,h=-1;h=0,64&a&&(h=1),h?u=63&a:(u=(63&a)>>2,c=3&a);const l=rt(u);let f,y=null;if(t&&l){if("array"===t){const e=new ArrayStream;n=D(e),y=e}else{const e=new TransformStream;n=D(e.writable),y=e.readable}i=r({tag:u,packet:y})}else y=[];do{if(h){const t=await e.readByte();if(f=!1,t<192)o=t;else if(t>=192&&t<224)o=(t-192<<8)+await e.readByte()+192;else if(t>223&&t<255){if(o=1<<(31&t),f=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte()}else switch(c){case 0:o=await e.readByte();break;case 1:o=await e.readByte()<<8|await e.readByte();break;case 2:o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte();break;default:o=1/0}if(o>0){let t=0;for(;;){n&&await n.ready;const{done:r,value:i}=await e.read();if(r){if(o===1/0)break;throw Error("Unexpected end of packet")}const s=o===1/0?i:i.subarray(0,o-t);if(n?await n.write(s):y.push(s),t+=i.length,t>=o){e.unshift(i.subarray(o-t+i.length));break}}}}while(f);n?(await n.ready,await n.close()):(y=M.concatUint8Array(y),await r({tag:u,packet:y}))}catch(e){if(n)return await n.abort(e),!0;throw e}finally{n&&await i}}class it extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnsupportedError"}}class st extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnknownPacketError"}}class at extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="MalformedPacketError"}}class ot{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function ct(e){switch(e){case Q.publicKey.ed25519:try{const e=M.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),n=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(H(n.x)),seed:H(r.d)}}catch(t){if("NotSupportedError"!==t.name)throw t;const{default:r}=await Promise.resolve().then((function(){return vy})),n=fe(ft(e)),{publicKey:i}=r.sign.keyPair.fromSeed(n);return{A:i,seed:n}}case Q.publicKey.ed448:{const e=await M.getNobleCurve(Q.publicKey.ed448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function ut(e,t,r,n,i,s){switch(e){case Q.publicKey.ed25519:try{const t=M.getWebCrypto(),r=dt(e,n,i),a=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",a,s))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await Promise.resolve().then((function(){return vy})),r=M.concatUint8Array([i,n]);return{RS:t.sign.detached(s,r)}}case Q.publicKey.ed448:return{RS:(await M.getNobleCurve(Q.publicKey.ed448)).sign(s,i)};default:throw Error("Unsupported EdDSA algorithm")}}async function ht(e,t,{RS:r},n,i,s){switch(e){case Q.publicKey.ed25519:try{const t=M.getWebCrypto(),n=pt(e,i),a=await t.importKey("jwk",n,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",a,r,s)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await Promise.resolve().then((function(){return vy}));return t.sign.detached.verify(s,r,i)}case Q.publicKey.ed448:return(await M.getNobleCurve(Q.publicKey.ed448)).verify(r,s,i);default:throw Error("Unsupported EdDSA algorithm")}}async function lt(e,t,r){switch(e){case Q.publicKey.ed25519:try{const n=M.getWebCrypto(),i=dt(e,t,r),s=pt(e,t),a=await n.importKey("jwk",i,"Ed25519",!1,["sign"]),o=await n.importKey("jwk",s,"Ed25519",!1,["verify"]),c=fe(8),u=new Uint8Array(await n.sign("Ed25519",a,c));return await n.verify("Ed25519",o,u,c)}catch(e){if("NotSupportedError"!==e.name)return!1;const{default:n}=await Promise.resolve().then((function(){return vy})),{publicKey:i}=n.sign.keyPair.fromSeed(r);return M.equalsUint8Array(t,i)}case Q.publicKey.ed448:{const e=(await M.getNobleCurve(Q.publicKey.ed448)).getPublicKey(r);return M.equalsUint8Array(t,e)}default:return!1}}function ft(e){switch(e){case Q.publicKey.ed25519:return 32;case Q.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function yt(e){switch(e){case Q.publicKey.ed25519:return Q.hash.sha256;case Q.publicKey.ed448:return Q.hash.sha512;default:throw Error("Unknown EdDSA algo")}}const pt=(e,t)=>{if(e===Q.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:z(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},dt=(e,t,r)=>{if(e===Q.publicKey.ed25519){const n=pt(e,t);return n.d=z(r),n}throw Error("Unsupported EdDSA algorithm")};var gt=/*#__PURE__*/Object.freeze({__proto__:null,generate:ct,getPayloadSize:ft,getPreferredHashAlgo:yt,sign:ut,validateParams:lt,verify:ht});
+/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */function At(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&"Uint8Array"===e.constructor.name}function wt(e,...t){if(!At(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error("Uint8Array expected of length "+t+", got length="+e.length)}function mt(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function bt(e,t){wt(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}function kt(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function Et(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function vt(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function Kt(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}const St=/* @__PURE__ */(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])();function It(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected");return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!At(e))throw Error("Uint8Array expected, got "+typeof e);e=Rt(e)}return e}function Bt(e,t){return e.buffer===t.buffer&&e.byteOffset<t.byteOffset+t.byteLength&&t.byteOffset<e.byteOffset+e.byteLength}function Ct(e,t){if(Bt(e,t)&&e.byteOffset<t.byteOffset)throw Error("complex overlap of input and output is not supported")}function Ut(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return 0===r}const Pt=(e,t)=>{function r(r,...n){if(wt(r),!St)throw Error("Non little-endian hardware is not yet supported");if(void 0!==e.nonceLength){const t=n[0];if(!t)throw Error("nonce / iv required");e.varSizeNonce?wt(t):wt(t,e.nonceLength)}const i=e.tagLength;i&&void 0!==n[1]&&wt(n[1]);const s=t(r,...n),a=(e,t)=>{if(void 0!==t){if(2!==e)throw Error("cipher output not supported");wt(t)}};let o=!1;return{encrypt(e,t){if(o)throw Error("cannot encrypt() twice with same key + nonce");return o=!0,wt(e),a(s.encrypt.length,t),s.encrypt(e,t)},decrypt(e,t){if(wt(e),i&&e.length<i)throw Error("invalid ciphertext length: smaller than tagLength="+i);return a(s.decrypt.length,t),s.decrypt(e,t)}}}return Object.assign(r,e),r};function Dt(e,t,r=!0){if(void 0===t)return new Uint8Array(e);if(t.length!==e)throw Error("invalid output length, expected "+e+", got: "+t.length);if(r&&!Qt(t))throw Error("invalid output, must be aligned");return t}function xt(e,t,r,n){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,n);const i=BigInt(32),s=BigInt(4294967295),a=Number(r>>i&s),o=Number(r&s);e.setUint32(t+0,a,n),e.setUint32(t+4,o,n)}function Qt(e){return e.byteOffset%4==0}function Rt(e){return Uint8Array.from(e)}const Tt=16,Mt=/* @__PURE__ */new Uint8Array(16),Lt=Et(Mt),Ft=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Ot{constructor(e,t){this.blockLen=Tt,this.outputLen=Tt,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,wt(e=It(e),16);const r=Kt(e);let n=r.getUint32(0,!1),i=r.getUint32(4,!1),s=r.getUint32(8,!1),a=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:Ft(n),s1:Ft(i),s2:Ft(s),s3:Ft(a)}),({s0:n,s1:i,s2:s,s3:a}={s3:(h=s)<<31|(l=a)>>>1,s2:(u=i)<<31|h>>>1,s1:(c=n)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const f=(y=t||1024)>65536?8:y>1024?4:2;var y;if(![1,2,4,8].includes(f))throw Error("ghash: invalid window size, expected 2, 4 or 8");this.W=f;const p=128/f,d=this.windowSize=2**f,g=[];for(let e=0;e<p;e++)for(let t=0;t<d;t++){let r=0,n=0,i=0,s=0;for(let a=0;a<f;a++){if(!(t>>>f-a-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[f*e+a];r^=c,n^=u,i^=h,s^=l}g.push({s0:r,s1:n,s2:i,s3:s})}this.t=g}_updateBlock(e,t,r,n){e^=this.s0,t^=this.s1,r^=this.s2,n^=this.s3;const{W:i,t:s,windowSize:a}=this;let o=0,c=0,u=0,h=0;const l=(1<<i)-1;let f=0;for(const y of[e,t,r,n])for(let e=0;e<4;e++){const t=y>>>8*e&255;for(let e=8/i-1;e>=0;e--){const r=t>>>i*e&l,{s0:n,s1:y,s2:p,s3:d}=s[f*a+r];o^=n,c^=y,u^=p,h^=d,f+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){mt(this),wt(e=It(e));const t=Et(e),r=Math.floor(e.length/Tt),n=e.length%Tt;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return n&&(Mt.set(e.subarray(r*Tt)),this._updateBlock(Lt[0],Lt[1],Lt[2],Lt[3]),vt(Lt)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){mt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:n,s3:i}=this,s=Et(e);return s[0]=t,s[1]=r,s[2]=n,s[3]=i,e}digest(){const e=new Uint8Array(Tt);return this.digestInto(e),this.destroy(),e}}class Nt extends Ot{constructor(e,t){wt(e=It(e));const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const n=e[t];e[t]=n>>>1|r,r=(1&n)<<7}return e[0]^=225&-t,e}(Rt(e));super(r,t),vt(r)}update(e){e=It(e),mt(this);const t=Et(e),r=e.length%Tt,n=Math.floor(e.length/Tt);for(let e=0;e<n;e++)this._updateBlock(Ft(t[4*e+3]),Ft(t[4*e+2]),Ft(t[4*e+1]),Ft(t[4*e+0]));return r&&(Mt.set(e.subarray(n*Tt)),this._updateBlock(Ft(Lt[3]),Ft(Lt[2]),Ft(Lt[1]),Ft(Lt[0])),vt(Lt)),this}digestInto(e){mt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:n,s3:i}=this,s=Et(e);return s[0]=t,s[1]=r,s[2]=n,s[3]=i,e.reverse()}}function _t(e){const t=(t,r)=>e(r,t.length).update(It(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const Ht=_t(((e,t)=>new Ot(e,t)));_t(((e,t)=>new Nt(e,t)));const zt=16,Gt=/* @__PURE__ */new Uint8Array(zt);function qt(e){return e<<1^283&-(e>>7)}function jt(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=qt(e);return r}const Vt=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=qt(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let n=e[255-r];n|=n<<8,t[e[r]]=255&(n^n>>4^n>>5^n>>6^n>>7^99)}return vt(e),t})(),Yt=/* @__PURE__ */Vt.map(((e,t)=>Vt.indexOf(t))),Zt=e=>e<<8|e>>>24,Jt=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Xt(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,n)=>t(e[n]))),n=r.map(Zt),i=n.map(Zt),s=i.map(Zt),a=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;a[h]=r[t]^n[u],o[h]=i[t]^s[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:n,T2:i,T3:s,T01:a,T23:o}}const Wt=/* @__PURE__ */Xt(Vt,(e=>jt(e,3)<<24|e<<16|e<<8|jt(e,2))),$t=/* @__PURE__ */Xt(Yt,(e=>jt(e,11)<<24|jt(e,13)<<16|jt(e,9)<<8|jt(e,14))),er=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=qt(r))e[t]=r;return e})();function tr(e){wt(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: invalid key size, should be 16, 24 or 32, got "+t);const{sbox2:r}=Wt,n=[];Qt(e)||n.push(e=Rt(e));const i=Et(e),s=i.length,a=e=>ir(r,e,e,e,e),o=new Uint32Array(t+28);o.set(i);for(let e=s;e<o.length;e++){let t=o[e-1];e%s==0?t=a((c=t)<<24|c>>>8)^er[e/s-1]:s>6&&e%s==4&&(t=a(t)),o[e]=o[e-s]^t}var c;return vt(...n),o}function rr(e){const t=tr(e),r=t.slice(),n=t.length,{sbox2:i}=Wt,{T0:s,T1:a,T2:o,T3:c}=$t;for(let e=0;e<n;e+=4)for(let i=0;i<4;i++)r[e+i]=t[n-e-4+i];vt(t);for(let e=4;e<n-4;e++){const t=r[e],n=ir(i,t,t,t,t);r[e]=s[255&n]^a[n>>>8&255]^o[n>>>16&255]^c[n>>>24]}return r}function nr(e,t,r,n,i,s){return e[r<<8&65280|n>>>8&255]^t[i>>>8&65280|s>>>24&255]}function ir(e,t,r,n,i){return e[255&t|65280&r]|e[n>>>16&255|i>>>16&65280]<<16}function sr(e,t,r,n,i){const{sbox2:s,T01:a,T23:o}=Wt;let c=0;t^=e[c++],r^=e[c++],n^=e[c++],i^=e[c++];const u=e.length/4-2;for(let s=0;s<u;s++){const s=e[c++]^nr(a,o,t,r,n,i),u=e[c++]^nr(a,o,r,n,i,t),h=e[c++]^nr(a,o,n,i,t,r),l=e[c++]^nr(a,o,i,t,r,n);t=s,r=u,n=h,i=l}return{s0:e[c++]^ir(s,t,r,n,i),s1:e[c++]^ir(s,r,n,i,t),s2:e[c++]^ir(s,n,i,t,r),s3:e[c++]^ir(s,i,t,r,n)}}function ar(e,t,r,n,i){const{sbox2:s,T01:a,T23:o}=$t;let c=0;t^=e[c++],r^=e[c++],n^=e[c++],i^=e[c++];const u=e.length/4-2;for(let s=0;s<u;s++){const s=e[c++]^nr(a,o,t,i,n,r),u=e[c++]^nr(a,o,r,t,i,n),h=e[c++]^nr(a,o,n,r,t,i),l=e[c++]^nr(a,o,i,n,r,t);t=s,r=u,n=h,i=l}return{s0:e[c++]^ir(s,t,i,n,r),s1:e[c++]^ir(s,r,t,i,n),s2:e[c++]^ir(s,n,r,t,i),s3:e[c++]^ir(s,i,n,r,t)}}function or(e,t,r,n){wt(t,zt),wt(r);const i=r.length;Ct(r,n=Dt(i,n));const s=t,a=Et(s);let{s0:o,s1:c,s2:u,s3:h}=sr(e,a[0],a[1],a[2],a[3]);const l=Et(r),f=Et(n);for(let t=0;t+4<=l.length;t+=4){f[t+0]=l[t+0]^o,f[t+1]=l[t+1]^c,f[t+2]=l[t+2]^u,f[t+3]=l[t+3]^h;let r=1;for(let e=s.length-1;e>=0;e--)r=r+(255&s[e])|0,s[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=sr(e,a[0],a[1],a[2],a[3]))}const y=zt*Math.floor(l.length/4);if(y<i){const e=new Uint32Array([o,c,u,h]),t=kt(e);for(let e=y,s=0;e<i;e++,s++)n[e]=r[e]^t[s];vt(e)}return n}function cr(e,t,r,n,i){wt(r,zt),wt(n),i=Dt(n.length,i);const s=r,a=Et(s),o=Kt(s),c=Et(n),u=Et(i),h=t?0:12,l=n.length;let f=o.getUint32(h,t),{s0:y,s1:p,s2:d,s3:g}=sr(e,a[0],a[1],a[2],a[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^y,u[r+1]=c[r+1]^p,u[r+2]=c[r+2]^d,u[r+3]=c[r+3]^g,f=f+1>>>0,o.setUint32(h,f,t),({s0:y,s1:p,s2:d,s3:g}=sr(e,a[0],a[1],a[2],a[3]));const A=zt*Math.floor(c.length/4);if(A<l){const e=new Uint32Array([y,p,d,g]),t=kt(e);for(let e=A,r=0;e<l;e++,r++)i[e]=n[e]^t[r];vt(e)}return i}const ur=/* @__PURE__ */Pt({blockSize:16,nonceLength:16},(function(e,t){function r(r,n){if(wt(r),void 0!==n&&(wt(n),!Qt(n)))throw Error("unaligned destination");const i=tr(e),s=Rt(t),a=[i,s];Qt(r)||a.push(r=Rt(r));const o=or(i,s,r,n);return vt(...a),o}return{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const hr=/* @__PURE__ */Pt({blockSize:16,nonceLength:16},(function(e,t,r={}){const n=!r.disablePadding;return{encrypt(r,i){const s=tr(e),{b:a,o,out:c}=function(e,t,r){wt(e);let n=e.length;const i=n%zt;if(!t&&0!==i)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Qt(e)||(e=Rt(e));const s=Et(e);if(t){let e=zt-i;e||(e=zt),n+=e}return Ct(e,r=Dt(n,r)),{b:s,o:Et(r),out:r}}(r,n,i);let u=t;const h=[s];Qt(u)||h.push(u=Rt(u));const l=Et(u);let f=l[0],y=l[1],p=l[2],d=l[3],g=0;for(;g+4<=a.length;)f^=a[g+0],y^=a[g+1],p^=a[g+2],d^=a[g+3],({s0:f,s1:y,s2:p,s3:d}=sr(s,f,y,p,d)),o[g++]=f,o[g++]=y,o[g++]=p,o[g++]=d;if(n){const e=function(e){const t=new Uint8Array(16),r=Et(t);t.set(e);const n=zt-e.length;for(let e=zt-n;e<zt;e++)t[e]=n;return r}(r.subarray(4*g));f^=e[0],y^=e[1],p^=e[2],d^=e[3],({s0:f,s1:y,s2:p,s3:d}=sr(s,f,y,p,d)),o[g++]=f,o[g++]=y,o[g++]=p,o[g++]=d}return vt(...h),c},decrypt(r,i){!function(e){if(wt(e),e.length%zt!=0)throw Error("aes-(cbc/ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const s=rr(e);let a=t;const o=[s];Qt(a)||o.push(a=Rt(a));const c=Et(a);i=Dt(r.length,i),Qt(r)||o.push(r=Rt(r)),Ct(r,i);const u=Et(r),h=Et(i);let l=c[0],f=c[1],y=c[2],p=c[3];for(let e=0;e+4<=u.length;){const t=l,r=f,n=y,i=p;l=u[e+0],f=u[e+1],y=u[e+2],p=u[e+3];const{s0:a,s1:o,s2:c,s3:d}=ar(s,l,f,y,p);h[e++]=a^t,h[e++]=o^r,h[e++]=c^n,h[e++]=d^i}return vt(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const n=e[r-1];if(n<=0||n>16)throw Error("aes/pcks5: wrong padding");const i=e.subarray(0,-n);for(let t=0;t<n;t++)if(e[r-t-1]!==n)throw Error("aes/pcks5: wrong padding");return i}(i,n)}}})),lr=/* @__PURE__ */Pt({blockSize:16,nonceLength:16},(function(e,t){function r(r,n,i){wt(r);const s=r.length;if(Bt(r,i=Dt(s,i)))throw Error("overlapping src and dst not supported.");const a=tr(e);let o=t;const c=[a];Qt(o)||c.push(o=Rt(o)),Qt(r)||c.push(r=Rt(r));const u=Et(r),h=Et(i),l=n?h:u,f=Et(o);let y=f[0],p=f[1],d=f[2],g=f[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:n,s3:i}=sr(a,y,p,d,g);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^n,h[e+3]=u[e+3]^i,y=l[e++],p=l[e++],d=l[e++],g=l[e++]}const A=zt*Math.floor(u.length/4);if(A<s){({s0:y,s1:p,s2:d,s3:g}=sr(a,y,p,d,g));const e=kt(new Uint32Array([y,p,d,g]));for(let t=A,n=0;t<s;t++,n++)i[t]=r[t]^e[n];vt(e)}return vt(...c),i}return{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));function fr(e,t,r,n,i){const s=i?i.length:0,a=e.create(r,n.length+s);i&&a.update(i);const o=function(e,t,r){const n=new Uint8Array(16),i=Kt(n);return xt(i,0,BigInt(t),r),xt(i,8,BigInt(e),r),n}(8*n.length,8*s,t);a.update(n),a.update(o);const c=a.digest();return vt(o),c}const yr=/* @__PURE__ */Pt({blockSize:16,nonceLength:12,tagLength:16,varSizeNonce:!0},(function(e,t,r){if(t.length<8)throw Error("aes/gcm: invalid nonce length");function n(e,t,n){const i=fr(Ht,!1,e,n,r);for(let e=0;e<t.length;e++)i[e]^=t[e];return i}function i(){const r=tr(e),n=Gt.slice(),i=Gt.slice();if(cr(r,!1,i,i,n),12===t.length)i.set(t);else{const e=Gt.slice();xt(Kt(e),8,BigInt(8*t.length),!1);const r=Ht.create(n).update(t).update(e);r.digestInto(i),r.destroy()}return{xk:r,authKey:n,counter:i,tagMask:cr(r,!1,i,Gt)}}return{encrypt(e){const{xk:t,authKey:r,counter:s,tagMask:a}=i(),o=new Uint8Array(e.length+16),c=[t,r,s,a];Qt(e)||c.push(e=Rt(e)),cr(t,!1,s,e,o.subarray(0,e.length));const u=n(r,a,o.subarray(0,o.length-16));return c.push(u),o.set(u,e.length),vt(...c),o},decrypt(e){const{xk:t,authKey:r,counter:s,tagMask:a}=i(),o=[t,r,a,s];Qt(e)||o.push(e=Rt(e));const c=e.subarray(0,-16),u=e.subarray(-16),h=n(r,a,c);if(o.push(h),!Ut(h,u))throw Error("aes/gcm: invalid ghash tag");const l=cr(t,!1,s,c);return vt(...o),l}}}));function pr(e){return e instanceof Uint32Array||ArrayBuffer.isView(e)&&"Uint32Array"===e.constructor.name}function dr(e,t){if(wt(t,16),!pr(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=Et(t);let{s0:n,s1:i,s2:s,s3:a}=sr(e,r[0],r[1],r[2],r[3]);return r[0]=n,r[1]=i,r[2]=s,r[3]=a,t}function gr(e,t){if(wt(t,16),!pr(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=Et(t);let{s0:n,s1:i,s2:s,s3:a}=ar(e,r[0],r[1],r[2],r[3]);return r[0]=n,r[1]=i,r[2]=s,r[3]=a,t}const Ar={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=tr(e);if(16===t.length)dr(r,t);else{const e=Et(t);let n=e[0],i=e[1];for(let t=0,s=1;t<6;t++)for(let t=2;t<e.length;t+=2,s++){const{s0:a,s1:o,s2:c,s3:u}=sr(r,n,i,e[t],e[t+1]);n=a,i=o^Jt(s),e[t]=c,e[t+1]=u}e[0]=n,e[1]=i}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=rr(e),n=t.length/8-1;if(1===n)gr(r,t);else{const e=Et(t);let i=e[0],s=e[1];for(let t=0,a=6*n;t<6;t++)for(let t=2*n;t>=1;t-=2,a--){s^=Jt(a);const{s0:n,s1:o,s2:c,s3:u}=ar(r,i,s,e[t],e[t+1]);i=n,s=o,e[t]=c,e[t+1]=u}e[0]=i,e[1]=s}r.fill(0)}},wr=/* @__PURE__ */new Uint8Array(8).fill(166),mr=/* @__PURE__ */Pt({blockSize:8},(e=>({encrypt(t){if(!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const n=e[r];wt(n),t+=n.length}const r=new Uint8Array(t);for(let t=0,n=0;t<e.length;t++){const i=e[t];r.set(i,n),n+=i.length}return r}(wr,t);return Ar.encrypt(e,r),r},decrypt(t){if(t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=Rt(t);if(Ar.decrypt(e,r),!Ut(r.subarray(0,8),wr))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),br={expandKeyLE:tr,expandKeyDecLE:rr,encrypt:sr,decrypt:ar,encryptBlock:dr,decryptBlock:gr,ctrCounter:or,ctr32:cr};async function kr(e){switch(e){case Q.symmetric.aes128:case Q.symmetric.aes192:case Q.symmetric.aes256:throw Error("Not a legacy cipher");case Q.symmetric.cast5:case Q.symmetric.blowfish:case Q.symmetric.twofish:case Q.symmetric.tripledes:{const{legacyCiphers:t}=await Promise.resolve().then((function(){return Fy})),r=Q.read(Q.symmetric,e),n=t.get(r);if(!n)throw Error("Unsupported cipher algorithm");return n}default:throw Error("Unsupported cipher algorithm")}}function Er(e){switch(e){case Q.symmetric.aes128:case Q.symmetric.aes192:case Q.symmetric.aes256:case Q.symmetric.twofish:return 16;case Q.symmetric.blowfish:case Q.symmetric.cast5:case Q.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function vr(e){switch(e){case Q.symmetric.aes128:case Q.symmetric.blowfish:case Q.symmetric.cast5:return 16;case Q.symmetric.aes192:case Q.symmetric.tripledes:return 24;case Q.symmetric.aes256:case Q.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function Kr(e){return{keySize:vr(e),blockSize:Er(e)}}const Sr=M.getWebCrypto();async function Ir(e,t,r){const{keySize:n}=Kr(e);if(!M.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");try{const e=await Sr.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),n=await Sr.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),i=await Sr.wrapKey("raw",n,e,{name:"AES-KW"});return new Uint8Array(i)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;M.printDebugError("Browser did not support operation: "+e.message)}return mr(t).encrypt(r)}async function Br(e,t,r){const{keySize:n}=Kr(e);if(!M.isAES(e)||t.length!==n)throw Error("Unexpected algorithm or key size");let i;try{i=await Sr.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return M.printDebugError("Browser did not support operation: "+e.message),mr(t).decrypt(r)}try{const e=await Sr.unwrapKey("raw",r,i,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await Sr.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}async function Cr(e,t,r,n,i){const s=M.getWebCrypto(),a=Q.read(Q.webHash,e);if(!a)throw Error("Hash algo not supported with HKDF");const o=await s.importKey("raw",t,"HKDF",!1,["deriveBits"]),c=await s.deriveBits({name:"HKDF",hash:a,salt:r,info:n},o,8*i);return new Uint8Array(c)}const Ur={x25519:M.encodeUTF8("OpenPGP X25519"),x448:M.encodeUTF8("OpenPGP X448")};async function Pr(e){switch(e){case Q.publicKey.x25519:try{const e=M.getWebCrypto(),t=await e.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),n=await e.exportKey("jwk",t.publicKey);if(r.x!==n.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}return{A:new Uint8Array(H(n.x)),k:H(r.d)}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await Promise.resolve().then((function(){return vy})),{secretKey:r,publicKey:n}=t.box.keyPair();return{A:n,k:r}}case Q.publicKey.x448:{const e=await M.getNobleCurve(Q.publicKey.x448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function Dr(e,t,r){switch(e){case Q.publicKey.x25519:try{const{ephemeralPublicKey:n,sharedSecret:i}=await Tr(e,t),s=await Mr(e,n,t,r);return M.equalsUint8Array(i,s)}catch(e){return!1}case Q.publicKey.x448:{const e=(await M.getNobleCurve(Q.publicKey.x448)).getPublicKey(r);return M.equalsUint8Array(t,e)}default:return!1}}async function xr(e,t,r){const{ephemeralPublicKey:n,sharedSecret:i}=await Tr(e,r),s=M.concatUint8Array([n,r,i]);switch(e){case Q.publicKey.x25519:{const e=Q.symmetric.aes128,{keySize:r}=Kr(e),i=await Cr(Q.hash.sha256,s,new Uint8Array,Ur.x25519,r);return{ephemeralPublicKey:n,wrappedKey:await Ir(e,i,t)}}case Q.publicKey.x448:{const e=Q.symmetric.aes256,{keySize:r}=Kr(Q.symmetric.aes256),i=await Cr(Q.hash.sha512,s,new Uint8Array,Ur.x448,r);return{ephemeralPublicKey:n,wrappedKey:await Ir(e,i,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function Qr(e,t,r,n,i){const s=await Mr(e,t,n,i),a=M.concatUint8Array([t,n,s]);switch(e){case Q.publicKey.x25519:{const e=Q.symmetric.aes128,{keySize:t}=Kr(e);return Br(e,await Cr(Q.hash.sha256,a,new Uint8Array,Ur.x25519,t),r)}case Q.publicKey.x448:{const e=Q.symmetric.aes256,{keySize:t}=Kr(Q.symmetric.aes256);return Br(e,await Cr(Q.hash.sha512,a,new Uint8Array,Ur.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function Rr(e){switch(e){case Q.publicKey.x25519:return 32;case Q.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function Tr(e,t){switch(e){case Q.publicKey.x25519:try{const r=M.getWebCrypto(),n=await r.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),i=await r.exportKey("jwk",n.publicKey);if((await r.exportKey("jwk",n.privateKey)).x!==i.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}const s=Fr(e,t),a=await r.importKey("jwk",s,"X25519",!1,[]),o=await r.deriveBits({name:"X25519",public:a},n.privateKey,8*Rr(e));return{sharedSecret:new Uint8Array(o),ephemeralPublicKey:new Uint8Array(H(i.x))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await Promise.resolve().then((function(){return vy})),{secretKey:n,publicKey:i}=r.box.keyPair(),s=r.scalarMult(n,t);return Lr(s),{ephemeralPublicKey:i,sharedSecret:s}}case Q.publicKey.x448:{const e=await M.getNobleCurve(Q.publicKey.x448),{secretKey:r,publicKey:n}=e.keygen(),i=e.getSharedSecret(r,t);return Lr(i),{ephemeralPublicKey:n,sharedSecret:i}}default:throw Error("Unsupported ECDH algorithm")}}async function Mr(e,t,r,n){switch(e){case Q.publicKey.x25519:try{const i=M.getWebCrypto(),s=function(e,t,r){if(e===Q.publicKey.x25519){const n=Fr(e,t);return n.d=z(r),n}throw Error("Unsupported ECDH algorithm")}(e,r,n),a=Fr(e,t),o=await i.importKey("jwk",s,"X25519",!1,["deriveKey","deriveBits"]),c=await i.importKey("jwk",a,"X25519",!1,[]),u=await i.deriveBits({name:"X25519",public:c},o,8*Rr(e));return new Uint8Array(u)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await Promise.resolve().then((function(){return vy})),i=r.scalarMult(n,t);return Lr(i),i}case Q.publicKey.x448:{const e=(await M.getNobleCurve(Q.publicKey.x448)).getSharedSecret(n,t);return Lr(e),e}default:throw Error("Unsupported ECDH algorithm")}}function Lr(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}function Fr(e,t){if(e===Q.publicKey.x25519){return{kty:"OKP",crv:"X25519",x:z(t),ext:!0}}throw Error("Unsupported ECDH algorithm")}var Or=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Qr,encrypt:xr,generate:Pr,generateEphemeralEncryptionMaterial:Tr,getPayloadSize:Rr,recomputeSharedSecret:Mr,validateParams:Dr});const Nr=M.getWebCrypto(),_r=M.getNodeCrypto(),Hr={[Q.curve.nistP256]:"P-256",[Q.curve.nistP384]:"P-384",[Q.curve.nistP521]:"P-521"},zr=_r?_r.getCurves():[],Gr=_r?{[Q.curve.secp256k1]:zr.includes("secp256k1")?"secp256k1":void 0,[Q.curve.nistP256]:zr.includes("prime256v1")?"prime256v1":void 0,[Q.curve.nistP384]:zr.includes("secp384r1")?"secp384r1":void 0,[Q.curve.nistP521]:zr.includes("secp521r1")?"secp521r1":void 0,[Q.curve.ed25519Legacy]:zr.includes("ED25519")?"ED25519":void 0,[Q.curve.curve25519Legacy]:zr.includes("X25519")?"X25519":void 0,[Q.curve.brainpoolP256r1]:zr.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[Q.curve.brainpoolP384r1]:zr.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[Q.curve.brainpoolP512r1]:zr.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},qr={[Q.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha256,cipher:Q.symmetric.aes128,node:Gr[Q.curve.nistP256],web:Hr[Q.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[Q.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha384,cipher:Q.symmetric.aes192,node:Gr[Q.curve.nistP384],web:Hr[Q.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[Q.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha512,cipher:Q.symmetric.aes256,node:Gr[Q.curve.nistP521],web:Hr[Q.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[Q.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha256,cipher:Q.symmetric.aes128,node:Gr[Q.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[Q.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:Q.publicKey.eddsaLegacy,hash:Q.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[Q.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:Q.publicKey.ecdh,hash:Q.hash.sha256,cipher:Q.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[Q.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha256,cipher:Q.symmetric.aes128,node:Gr[Q.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[Q.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha384,cipher:Q.symmetric.aes192,node:Gr[Q.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[Q.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:Q.publicKey.ecdsa,hash:Q.hash.sha512,cipher:Q.symmetric.aes256,node:Gr[Q.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class jr{constructor(e){try{this.name=e instanceof Je?e.getName():Q.write(Q.curve,e)}catch(e){throw new it("Unknown curve")}const t=qr[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&M.getWebCrypto()?this.type="web":this.node&&M.getNodeCrypto()?this.type="node":this.name===Q.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===Q.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await Nr.generateKey({name:"ECDSA",namedCurve:Hr[e]},!0,["sign","verify"]),n=await Nr.exportKey("jwk",r.privateKey);return{publicKey:Wr(await Nr.exportKey("jwk",r.publicKey),t),privateKey:H(n.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return M.printDebugError("Browser did not support generating ec key "+e.message),Xr(this.name)}case"node":return async function(e){const t=_r.createECDH(Gr[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await Pr(Q.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:M.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await ct(Q.publicKey.ed25519);return{publicKey:M.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return Xr(this.name)}}}async function Vr(e){const t=new jr(e),{oid:r,hash:n,cipher:i}=t,s=await t.genKeyPair();return{oid:r,Q:s.publicKey,secret:M.leftPad(s.privateKey,t.payloadSize),hash:n,cipher:i}}function Yr(e){return qr[e.getName()].hash}async function Zr(e,t,r,n){const i={[Q.curve.nistP256]:!0,[Q.curve.nistP384]:!0,[Q.curve.nistP521]:!0,[Q.curve.secp256k1]:!0,[Q.curve.curve25519Legacy]:e===Q.publicKey.ecdh,[Q.curve.brainpoolP256r1]:!0,[Q.curve.brainpoolP384r1]:!0,[Q.curve.brainpoolP512r1]:!0},s=t.getName();if(!i[s])return!1;if(s===Q.curve.curve25519Legacy){const e=n.slice().reverse();return!(r.length<1||64!==r[0])&&Dr(Q.publicKey.x25519,r.subarray(1),e)}const a=(await M.getNobleCurve(Q.publicKey.ecdsa,s)).getPublicKey(n,!1);return!!M.equalsUint8Array(a,r)}function Jr(e,t){const{payloadSize:r,wireFormatLeadingByte:n,name:i}=e,s=i===Q.curve.curve25519Legacy||i===Q.curve.ed25519Legacy?r:2*r;if(t[0]!==n||t.length!==s+1)throw Error("Invalid point encoding")}async function Xr(e){const t=await M.getNobleCurve(Q.publicKey.ecdsa,e),{secretKey:r}=t.keygen();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function Wr(e,t){const r=H(e.x),n=H(e.y),i=new Uint8Array(r.length+n.length+1);return i[0]=t,i.set(r,1),i.set(n,r.length+1),i}function $r(e,t,r){const n=e,i=r.slice(1,n+1),s=r.slice(n+1,2*n+1);return{kty:"EC",crv:t,x:z(i),y:z(s),ext:!0}}function en(e,t,r,n){const i=$r(e,t,r);return i.d=z(n),i}const tn=M.getWebCrypto(),rn=M.getNodeCrypto();async function nn(e,t,r,n,i,s){const a=new jr(e);if(Jr(a,n),r&&!M.isStream(r)){const e={publicKey:n,privateKey:i};switch(a.type){case"web":try{return await async function(e,t,r,n){const i=e.payloadSize,s=en(e.payloadSize,Hr[e.name],n.publicKey,n.privateKey),a=await tn.importKey("jwk",s,{name:"ECDSA",namedCurve:Hr[e.name],hash:{name:Q.read(Q.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await tn.sign({name:"ECDSA",namedCurve:Hr[e.name],hash:{name:Q.read(Q.webHash,t)}},a,r));return{r:o.slice(0,i),s:o.slice(i,i<<1)}}(a,t,r,e)}catch(e){if("nistP521"!==a.name&&("DataError"===e.name||"OperationError"===e.name))throw e;M.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return async function(e,t,r,n){const i=M.nodeRequire("eckey-utils"),s=M.getNodeBuffer(),{privateKey:a}=i.generateDer({curveName:Gr[e.name],privateKey:s.from(n)}),o=rn.createSign(Q.read(Q.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:a,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(a,t,r,i)}}const o=(await M.getNobleCurve(Q.publicKey.ecdsa,a.name)).sign(s,i,{lowS:!1});return{r:he(o.r,"be",a.payloadSize),s:he(o.s,"be",a.payloadSize)}}async function sn(e,t,r,n,i,s){const a=new jr(e);Jr(a,i);const o=async()=>0===s[0]&&an(a,r,s.subarray(1),i);if(n&&!M.isStream(n))switch(a.type){case"web":try{const e=await async function(e,t,{r,s:n},i,s){const a=$r(e.payloadSize,Hr[e.name],s),o=await tn.importKey("jwk",a,{name:"ECDSA",namedCurve:Hr[e.name],hash:{name:Q.read(Q.webHash,e.hash)}},!1,["verify"]),c=M.concatUint8Array([r,n]).buffer;return tn.verify({name:"ECDSA",namedCurve:Hr[e.name],hash:{name:Q.read(Q.webHash,t)}},o,c,i)}(a,t,r,n,i);return e||o()}catch(e){if("nistP521"!==a.name&&("DataError"===e.name||"OperationError"===e.name))throw e;M.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:n},i,s){const a=M.nodeRequire("eckey-utils"),o=M.getNodeBuffer(),{publicKey:c}=a.generateDer({curveName:Gr[e.name],publicKey:o.from(s)}),u=rn.createVerify(Q.read(Q.hash,t));u.write(i),u.end();const h=M.concatUint8Array([r,n]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(a,t,r,n,i);return e||o()}}return await an(a,r,s,i)||o()}async function an(e,t,r,n){return(await M.getNobleCurve(Q.publicKey.ecdsa,e.name)).verify(M.concatUint8Array([t.r,t.s]),r,n,{lowS:!1})}var on=/*#__PURE__*/Object.freeze({__proto__:null,sign:nn,validateParams:async function(e,t,r){const n=new jr(e);if(n.keyType!==Q.publicKey.ecdsa)return!1;switch(n.type){case"web":case"node":{const n=fe(8),i=Q.hash.sha256,s=await xe(i,n);try{const a=await nn(e,i,n,t,r,s);return await sn(e,i,a,n,t,s)}catch(e){return!1}}default:return Zr(Q.publicKey.ecdsa,e,t,r)}},verify:sn});async function cn(e,t,r,n,i,s){Jr(new jr(e),n);const{RS:a}=await ut(Q.publicKey.ed25519,0,0,n.subarray(1),i,s);return{r:a.subarray(0,32),s:a.subarray(32)}}async function un(e,t,{r,s:n},i,s,a){Jr(new jr(e),s);const o=M.concatUint8Array([r,n]);return ht(Q.publicKey.ed25519,0,{RS:o},0,s.subarray(1),a)}async function hn(e,t,r){return e.getName()===Q.curve.ed25519Legacy&&(!(t.length<1||64!==t[0])&&lt(Q.publicKey.ed25519,t.subarray(1),r))}var ln=/*#__PURE__*/Object.freeze({__proto__:null,sign:cn,validateParams:hn,verify:un});function fn(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const n=e.subarray(t-r),i=new Uint8Array(r).fill(r);if(M.equalsUint8Array(n,i))return e.subarray(0,t-r)}}throw Error("Invalid padding")}function yn(e,t,r,n){return M.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),M.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||n])}async function pn(e,t,r,n,i=!1,s=!1){let a;if(i){for(a=0;a<t.length&&0===t[a];a++);t=t.subarray(a)}if(s){for(a=t.length-1;a>=0&&0===t[a];a--);t=t.subarray(0,a+1)}return(await xe(e,M.concatUint8Array([new Uint8Array([0,0,0,1]),t,n]))).subarray(0,r)}async function dn(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:n}=await Tr(Q.publicKey.x25519,t.subarray(1));return{publicKey:M.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),n]),sharedKey:r}}case"web":if(e.web&&M.getWebCrypto())try{return await async function(e,t){const r=M.getWebCrypto(),n=$r(e.payloadSize,e.web,t);let i=r.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),s=r.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!1,[]);[i,s]=await Promise.all([i,s]);let a=r.deriveBits({name:"ECDH",namedCurve:e.web,public:s},i.privateKey,e.sharedSize),o=r.exportKey("jwk",i.publicKey);[a,o]=await Promise.all([a,o]);const c=new Uint8Array(a),u=new Uint8Array(Wr(o,e.wireFormatLeadingByte));return{publicKey:u,sharedKey:c}}(e,t)}catch(r){return M.printDebugError(r),bn(e,t)}break;case"node":return async function(e,t){const r=M.getNodeCrypto(),n=r.createECDH(e.node);n.generateKeys();const i=new Uint8Array(n.computeSecret(t));return{publicKey:new Uint8Array(n.getPublicKey()),sharedKey:i}}(e,t);default:return bn(e,t)}}async function gn(e,t,r,n,i){const s=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),a=new jr(e);Jr(a,n);const{publicKey:o,sharedKey:c}=await dn(a,n),u=yn(Q.publicKey.ecdh,e,t,i),{keySize:h}=Kr(t.cipher),l=await pn(t.hash,c,h,u);return{publicKey:o,wrappedKey:await Ir(t.cipher,l,s)}}async function An(e,t,r,n){if(n.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(n,e.payloadSize-n.length),n=t}switch(e.type){case"curve25519Legacy":{const e=n.slice().reverse();return{secretKey:e,sharedKey:await Mr(Q.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&M.getWebCrypto())try{return await async function(e,t,r,n){const i=M.getWebCrypto(),s=en(e.payloadSize,e.web,r,n);let a=i.importKey("jwk",s,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const o=$r(e.payloadSize,e.web,t);let c=i.importKey("jwk",o,{name:"ECDH",namedCurve:e.web},!0,[]);[a,c]=await Promise.all([a,c]);let u=i.deriveBits({name:"ECDH",namedCurve:e.web,public:c},a,e.sharedSize),h=i.exportKey("jwk",a);[u,h]=await Promise.all([u,h]);const l=new Uint8Array(u);return{secretKey:H(h.d),sharedKey:l}}(e,t,r,n)}catch(r){return M.printDebugError(r),mn(e,t,n)}break;case"node":return async function(e,t,r){const n=M.getNodeCrypto(),i=n.createECDH(e.node);i.setPrivateKey(r);const s=new Uint8Array(i.computeSecret(t));return{secretKey:new Uint8Array(i.getPrivateKey()),sharedKey:s}}(e,t,n);default:return mn(e,t,n)}}async function wn(e,t,r,n,i,s,a){const o=new jr(e);Jr(o,i),Jr(o,r);const{sharedKey:c}=await An(o,r,i,s),u=yn(Q.publicKey.ecdh,e,t,a),{keySize:h}=Kr(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await pn(t.hash,c,h,u,1===e,2===e);return fn(await Br(t.cipher,r,n))}catch(e){l=e}throw l}async function mn(e,t,r){return{secretKey:r,sharedKey:(await M.getNobleCurve(Q.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function bn(e,t){const r=await M.getNobleCurve(Q.publicKey.ecdh,e.name),{publicKey:n,privateKey:i}=await e.genKeyPair();return{publicKey:n,sharedKey:r.getSharedSecret(i,t).subarray(1)}}var kn=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:wn,encrypt:gn,validateParams:async function(e,t,r){return Zr(Q.publicKey.ecdh,e,t,r)}}),En=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:jr,ecdh:kn,ecdhX:Or,ecdsa:on,eddsa:gt,eddsaLegacy:ln,generate:Vr,getPreferredHashAlgo:Yr});const vn=BigInt(0),Kn=BigInt(1);const Sn=new Set([Q.hash.sha1,Q.hash.sha256,Q.hash.sha512]),In=M.getWebCrypto(),Bn=M.getNodeCrypto();async function Cn(e,t){if(e===Q.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await Promise.resolve().then((function(){return ld})),{publicKey:r,secretKey:n}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:n}}throw Error("Unsupported KEM algorithm")}async function Un(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===Q.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await Pr(Q.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:n,mlkemSeed:i,mlkemSecretKey:s}=await async function(e){if(e===Q.publicKey.pqc_mlkem_x25519){const t=fe(64),{mlkemSecretKey:r,mlkemPublicKey:n}=await Cn(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:n}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:n,mlkemSeed:i,mlkemSecretKey:s}}async function Pn(e,t,r,n){const{eccKeyShare:i,eccCipherText:s}=await async function(e,t){if(e===Q.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await Tr(Q.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:a,mlkemCipherText:o}=await async function(e,t){if(e===Q.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await Promise.resolve().then((function(){return ld})),{cipherText:r,sharedSecret:n}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:n}}throw Error("Unsupported KEM algorithm")}(e,r),c=await xn(e,a,i,s,t);return{eccCipherText:s,mlkemCipherText:o,wrappedKey:await Ir(Q.symmetric.aes256,c,n)}}async function Dn(e,t,r,n,i,s,a,o){const c=await async function(e,t,r,n){if(e===Q.publicKey.pqc_mlkem_x25519)return await Mr(Q.publicKey.x25519,t,n,r);throw Error("Unsupported KEM algorithm")}(e,t,n,i),u=await async function(e,t,r){if(e===Q.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await Promise.resolve().then((function(){return ld}));return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,s),h=await xn(e,u,c,t,i);return await Br(Q.symmetric.aes256,h,o)}async function xn(e,t,r,n,i){const s=M.encodeUTF8("OpenPGPCompositeKDFv1"),a=M.concatUint8Array([t,r,n,i,new Uint8Array([e]),s,new Uint8Array([s.length])]);return await xe(Q.hash.sha3_256,a)}async function Qn(e,t,r,n,i){const s=async function(e,t,r){if(e===Q.publicKey.pqc_mlkem_x25519)return Dr(Q.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),a=async function(e,t,r){if(e===Q.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:n}=await Cn(e,r);return M.equalsUint8Array(t,n)}throw Error("Unsupported KEM algorithm")}(e,n,i);return await s&&await a}async function Rn(e,t){if(e===Q.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await Promise.resolve().then((function(){return ld})),{secretKey:r,publicKey:n}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:n}}throw Error("Unsupported signature algorithm")}async function Tn(e){if(e===Q.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===Q.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await ct(Q.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:n,mldsaSecretKey:i,mldsaPublicKey:s}=await async function(e){if(e===Q.publicKey.pqc_mldsa_ed25519){const t=fe(32),{mldsaSecretKey:r,mldsaPublicKey:n}=await Rn(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:n}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:n,mldsaSecretKey:i,mldsaPublicKey:s}}throw Error("Unsupported signature algorithm")}async function Mn(e,t,r,n,i,s){if(e===Q.publicKey.pqc_mldsa_ed25519){const{eccSignature:t}=await async function(e,t,r,n,i){if(e===Q.publicKey.pqc_mldsa_ed25519){const{RS:e}=await ut(Q.publicKey.ed25519,0,0,n,r,i);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,0,r,n,s),{mldsaSignature:a}=await async function(e,t,r){if(e===Q.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await Promise.resolve().then((function(){return ld}));return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,i,s);return{eccSignature:t,mldsaSignature:a}}throw Error("Unsupported signature algorithm")}async function Ln(e,t,r,n,i,{eccSignature:s,mldsaSignature:a}){if(e===Q.publicKey.pqc_mldsa_ed25519){const t=async function(e,t,r,n,i){if(e===Q.publicKey.pqc_mldsa_ed25519)return ht(Q.publicKey.ed25519,0,{RS:i},0,r,n);throw Error("Unsupported signature algorithm")}(e,0,r,i,s),o=async function(e,t,r,n){if(e===Q.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await Promise.resolve().then((function(){return ld}));return e.verify(t,r,n)}throw Error("Unsupported signature algorithm")}(e,n,i,a);return await t&&await o}throw Error("Unsupported signature algorithm")}function Fn(e,t){if(e===Q.publicKey.pqc_mldsa_ed25519)return Qe(t)>=32;throw Error("Unsupported signature algorithm")}async function On(e,t,r,n,i){const s=async function(e,t,r){if(e===Q.publicKey.pqc_mldsa_ed25519)return lt(Q.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),a=async function(e,t,r){if(e===Q.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:n}=await Rn(e,r);return M.equalsUint8Array(t,n)}throw Error("Unsupported signature algorithm")}(e,n,i);return await s&&await a}class Nn{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return M.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class _n{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!M.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return M.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class Hn{constructor(e){if(e){const{version:t,hash:r,cipher:n,replacementFingerprint:i}=e;this.version=t||1,this.hash=r,this.cipher=n,this.replacementFingerprint=i}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new it("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const n=t-r+1;this.replacementFingerprint=e.slice(r,r+n),r+=n}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return M.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const zn=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=Q.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return Q.read(e,this.data)}getValue(){return this.data}},Gn=zn(Q.aead),qn=zn(Q.symmetric),jn=zn(Q.hash);class Vn{static fromObject({wrappedKey:e,algorithm:t}){const r=new Vn;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=M.readExactSubarray(e,t,t+r),t+=r}write(){return M.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Yn=M.getWebCrypto(),Zn=M.getNodeCrypto(),Jn=Zn?Zn.getCiphers():[],Xn={idea:Jn.includes("idea-cfb")?"idea-cfb":void 0,tripledes:Jn.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:Jn.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:Jn.includes("bf-cfb")?"bf-cfb":void 0,aes128:Jn.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:Jn.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:Jn.includes("aes-256-cfb")?"aes-256-cfb":void 0};async function Wn(e){const{blockSize:t}=Kr(e),r=await fe(t),n=new Uint8Array([r[r.length-2],r[r.length-1]]);return M.concat([r,n])}async function $n(e,t,r,n,i){const s=Q.read(Q.symmetric,e);if(M.getNodeCrypto()&&Xn[s])return function(e,t,r,n){const i=Q.read(Q.symmetric,e),s=new Zn.createCipheriv(Xn[i],t,n);return b(r,(e=>new Uint8Array(s.update(e))))}(e,t,r,n);if(M.isAES(e))return async function(e,t,r,n){if(Yn&&await ti.isSupported(e)){const i=new ti(e,t,n);return M.isStream(r)?b(r,(e=>i.encryptChunk(e)),(()=>i.finish())):i.encrypt(r)}if(M.isStream(r)){const i=new ri(!0,e,t,n);return b(r,(e=>i.processChunk(e)),(()=>i.finish()))}return lr(t,n).encrypt(r)}(e,t,r,n);const a=new(await kr(e))(t),o=a.blockSize,c=n.slice();let u=new Uint8Array;const h=e=>{e&&(u=M.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,n=0;for(;e?u.length>=o:u.length;){const e=a.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[n++]=c[r];u=u.subarray(o)}return t.subarray(0,n)};return b(r,h,h)}async function ei(e,t,r,n){const i=Q.read(Q.symmetric,e);if(Zn&&Xn[i])return function(e,t,r,n){const i=Q.read(Q.symmetric,e),s=new Zn.createDecipheriv(Xn[i],t,n);return b(r,(e=>new Uint8Array(s.update(e))))}(e,t,r,n);if(M.isAES(e))return async function(e,t,r,n){if(M.isStream(r)){const i=new ri(!1,e,t,n);return b(r,(e=>i.processChunk(e)),(()=>i.finish()))}return lr(t,n).decrypt(r)}(e,t,r,n);const s=new(await kr(e))(t),a=s.blockSize;let o=n,c=new Uint8Array;const u=e=>{e&&(c=M.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,n=0;for(;e?c.length>=a:c.length;){const e=s.encrypt(o);for(o=c.subarray(0,a),r=0;r<a;r++)t[n++]=o[r]^e[r];c=c.subarray(a)}return t.subarray(0,n)};return b(r,u,u)}class ti{constructor(e,t,r){const{blockSize:n}=Kr(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(n),this.i=0,this.blockSize=n,this.zeroBlock=new Uint8Array(this.blockSize)}static async isSupported(e){const{keySize:t}=Kr(e);return Yn.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Yn.importKey("raw",this.key,r,!1,["encrypt"]);const n=await Yn.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(n).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=M.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=M.concatUint8Array([this.prevBlock,n.subarray(0,n.length-this.blockSize)]),s=await this._runCBC(i);return ni(s,n),this.prevBlock=s.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,s}let n;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;n=await this._runCBC(this.prevBlock),ni(n,t),this.prevBlock=n.slice(),this.i=0;const i=e.subarray(r.length);this.nextBlock.set(i,this.i),this.i+=i.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);ni(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(M.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return ni(t,e),this.clearSensitiveData(),t}}class ri{constructor(e,t,r,n){this.forEncryption=e;const{blockSize:i}=Kr(t);this.key=br.expandKeyLE(r),n.byteOffset%4!=0&&(n=n.slice()),this.prevBlock=ii(n),this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i}_runCFB(e){const t=ii(e),r=new Uint8Array(e.length),n=ii(r);for(let e=0;e+4<=n.length;e+=4){const{s0:r,s1:i,s2:s,s3:a}=br.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);n[e+0]=t[e+0]^r,n[e+1]=t[e+1]^i,n[e+2]=t[e+2]^s,n[e+3]=t[e+3]^a,this.prevBlock=(this.forEncryption?n:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,n=M.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),i=this._runCFB(n);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,i}let n;if(this.i+=r.length,this.i===this.nextBlock.length){n=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else n=new Uint8Array;return n}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function ni(e,t){const r=Math.min(e.length,t.length);for(let n=0;n<r;n++)e[n]=e[n]^t[n]}const ii=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const si=M.getWebCrypto(),ai=M.getNodeCrypto(),oi=16;function ci(e,t){const r=e.length-oi;for(let n=0;n<oi;n++)e[n+r]^=t[n];return e}const ui=new Uint8Array(oi);async function hi(e){const t=await li(e),r=M.double(await t(ui)),n=M.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%oi==0)return ci(e,t);const n=new Uint8Array(e.length+(oi-e.length%oi));return n.set(e),n[e.length]=128,ci(n,r)}(e,r,n))).subarray(-16)}}async function li(e){if(M.getNodeCrypto())return async function(t){const r=new ai.createCipheriv("aes-"+8*e.length+"-cbc",e,ui).update(t);return new Uint8Array(r)};if(M.getWebCrypto())try{return e=await si.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await si.encrypt({name:"AES-CBC",iv:ui,length:128},e,t);return new Uint8Array(r).subarray(0,r.byteLength-oi)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;M.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return hr(e,ui,{disablePadding:!0}).encrypt(t)}}const fi=M.getWebCrypto(),yi=M.getNodeCrypto(),pi=M.getNodeBuffer(),di=16,gi=di,Ai=new Uint8Array(di),wi=new Uint8Array(di);wi[15]=1;const mi=new Uint8Array(di);async function bi(e){const t=await hi(e);return function(e,r){return t(M.concatUint8Array([e,r]))}}async function ki(e){if(M.getNodeCrypto())return async function(t,r){const n=new yi.createCipheriv("aes-"+8*e.length+"-ctr",e,r),i=pi.concat([n.update(t),n.final()]);return new Uint8Array(i)};if(M.getWebCrypto())try{const t=await fi.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const n=await fi.encrypt({name:"AES-CTR",counter:r,length:128},t,e);return new Uint8Array(n)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;M.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return ur(e,r).encrypt(t)}}async function Ei(e,t){if(e!==Q.symmetric.aes128&&e!==Q.symmetric.aes192&&e!==Q.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,n]=await Promise.all([bi(t),ki(t)]);return{encrypt:async function(e,t,i){const[s,a]=await Promise.all([r(Ai,t),r(wi,i)]),o=await n(e,s),c=await r(mi,o);for(let e=0;e<gi;e++)c[e]^=a[e]^s[e];return M.concatUint8Array([o,c])},decrypt:async function(e,t,i){if(e.length<gi)throw Error("Invalid EAX ciphertext");const s=e.subarray(0,-16),a=e.subarray(-16),[o,c,u]=await Promise.all([r(Ai,t),r(wi,i),r(mi,s)]),h=u;for(let e=0;e<gi;e++)h[e]^=c[e]^o[e];if(!M.equalsUint8Array(a,h))throw Error("Authentication tag mismatch");return await n(s,o)}}}mi[15]=2,Ei.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},Ei.blockLength=di,Ei.ivLength=16,Ei.tagLength=gi;const vi=16,Ki=16;function Si(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function Ii(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function Bi(e,t){return Ii(e.slice(),t)}const Ci=new Uint8Array(vi),Ui=new Uint8Array([1]);async function Pi(e,t){const{keySize:r}=Kr(e);if(!M.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let n=0;const i=e=>hr(t,Ci,{disablePadding:!0}).encrypt(e),s=e=>hr(t,Ci,{disablePadding:!0}).decrypt(e);let a;function o(e,t,r,s){const o=t.length/vi|0;!function(e,t){const r=M.nbits(Math.max(e.length,t.length)/vi|0)-1;for(let e=n+1;e<=r;e++)a[e]=M.double(a[e-1]);n=r}(t,s);const c=M.concatUint8Array([Ci.subarray(0,15-r.length),Ui,r]),u=63&c[15];c[15]&=192;const h=i(c),l=M.concatUint8Array([h,Bi(h.subarray(0,8),h.subarray(1,9))]),f=M.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),y=new Uint8Array(vi),p=new Uint8Array(t.length+Ki);let d,g=0;for(d=0;d<o;d++)Ii(f,a[Si(d+1)]),p.set(Ii(e(Bi(f,t)),f),g),Ii(y,e===i?t:p.subarray(g)),t=t.subarray(vi),g+=vi;if(t.length){Ii(f,a.x);const r=i(f);p.set(Bi(t,r),g);const n=new Uint8Array(vi);n.set(e===i?t:p.subarray(g,-16),0),n[t.length]=128,Ii(y,n),g+=t.length}const A=Ii(i(Ii(Ii(y,f),a.$)),function(e){if(!e.length)return Ci;const t=e.length/vi|0,r=new Uint8Array(vi),n=new Uint8Array(vi);for(let s=0;s<t;s++)Ii(r,a[Si(s+1)]),Ii(n,i(Bi(r,e))),e=e.subarray(vi);if(e.length){Ii(r,a.x);const t=new Uint8Array(vi);t.set(e,0),t[e.length]=128,Ii(t,r),Ii(n,i(t))}return n}(s));return p.set(A,g),p}return function(){const e=i(Ci),t=M.double(e);a=[],a[0]=M.double(t),a.x=e,a.$=t}(),{encrypt:async function(e,t,r){return o(i,e,t,r)},decrypt:async function(e,t,r){if(e.length<Ki)throw Error("Invalid OCB ciphertext");const n=e.subarray(-16);e=e.subarray(0,-16);const i=o(s,e,t,r);if(M.equalsUint8Array(n,i.subarray(-16)))return i.subarray(0,-16);throw Error("Authentication tag mismatch")}}}Pi.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},Pi.blockLength=vi,Pi.ivLength=15,Pi.tagLength=Ki;const Di=M.getWebCrypto(),xi=M.getNodeCrypto(),Qi=M.getNodeBuffer(),Ri=16,Ti="AES-GCM";async function Mi(e,t){if(e!==Q.symmetric.aes128&&e!==Q.symmetric.aes192&&e!==Q.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(M.getNodeCrypto())return{encrypt:async function(e,r,n=new Uint8Array){const i=new xi.createCipheriv("aes-"+8*t.length+"-gcm",t,r);i.setAAD(n);const s=Qi.concat([i.update(e),i.final(),i.getAuthTag()]);return new Uint8Array(s)},decrypt:async function(e,r,n=new Uint8Array){const i=new xi.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);i.setAAD(n),i.setAuthTag(e.slice(e.length-Ri,e.length));const s=Qi.concat([i.update(e.slice(0,e.length-Ri)),i.final()]);return new Uint8Array(s)}};if(M.getWebCrypto())try{const e=await Di.importKey("raw",t,{name:Ti},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(n,i,s=new Uint8Array){if(r&&!n.length)return yr(t,i,s).encrypt(n);const a=await Di.encrypt({name:Ti,iv:i,additionalData:s,tagLength:128},e,n);return new Uint8Array(a)},decrypt:async function(n,i,s=new Uint8Array){if(r&&n.length===Ri)return yr(t,i,s).decrypt(n);try{const t=await Di.decrypt({name:Ti,iv:i,additionalData:s,tagLength:128},e,n);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;M.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,n){return yr(t,r,n).encrypt(e)},decrypt:async function(e,r,n){return yr(t,r,n).decrypt(e)}}}function Li(e,t=!1){switch(e){case Q.aead.eax:return Ei;case Q.aead.ocb:return Pi;case Q.aead.gcm:return Mi;case Q.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return Mi;default:throw Error("Unsupported AEAD mode")}}async function Fi(e,t,r,n,i,s){switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await ze(i,e,t)}}case Q.publicKey.elgamal:{const{p:e,g:t,y:n}=r;return async function(e,t,r,n){t=te(t),r=te(r),n=te(n);const i=te(Te(e,ue(t))),s=ye(Ye,t-Ye);return{c1:he(ne(r,s,t)),c2:he(re(ne(n,s,t)*i,t))}}(i,e,t,n)}case Q.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:n}=r,{publicKey:a,wrappedKey:o}=await gn(e,n,i,t,s);return{V:a,C:new Nn(o)}}case Q.publicKey.x25519:case Q.publicKey.x448:{if(t&&!M.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:n}=r,{ephemeralPublicKey:s,wrappedKey:a}=await xr(e,i,n);return{ephemeralPublicKey:s,C:Vn.fromObject({algorithm:t,wrappedKey:a})}}case Q.publicKey.aead:{if(!n)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:s}=n,a=R.preferredAEADAlgorithm,o=Li(R.preferredAEADAlgorithm),{ivLength:c}=o,u=fe(c),h=await o(t,s),l=await h.encrypt(i,u,new Uint8Array);return{aeadMode:new Gn(a),iv:u,c:new _n(l)}}case Q.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:n,mlkemPublicKey:s}=r,{eccCipherText:a,mlkemCipherText:o,wrappedKey:c}=await Pn(e,n,s,i);return{eccCipherText:a,mlkemCipherText:o,C:Vn.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function Oi(e,t,r,n,i,s){switch(e){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:{const{c:e}=n,{n:i,e:a}=t,{d:o,p:c,q:u,u:h}=r;return Ge(e,i,a,o,c,u,h,s)}case Q.publicKey.elgamal:{const{c1:e,c2:i}=n;return async function(e,t,r,n,i){return e=te(e),t=te(t),r=te(r),Me(he(re(se(ne(e,n=te(n),r),r)*t,r),"be",ue(r)),i)}(e,i,t.p,r.x,s)}case Q.publicKey.ecdh:{const{oid:e,Q:s,kdfParams:a}=t,{d:o}=r,{V:c,C:u}=n;return wn(e,a,c,u.data,s,o,i)}case Q.publicKey.x25519:case Q.publicKey.x448:{const{A:i}=t,{k:s}=r,{ephemeralPublicKey:a,C:o}=n;if(null!==o.algorithm&&!M.isAES(o.algorithm))throw Error("AES session key expected");return Qr(e,a,o.wrappedKey,i,s)}case Q.publicKey.aead:{const{cipher:e}=t,i=e.getValue(),{keyMaterial:s}=r,{aeadMode:a,iv:o,c}=n,u=Li(a.getValue());return(await u(i,s)).decrypt(c.data,o,new Uint8Array)}case Q.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSecretKey:s}=r,{eccPublicKey:a,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=n;return Dn(e,c,u,i,a,s,0,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function Ni(e,t,r){let n=0;switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:{const e=M.readMPI(t.subarray(n));n+=e.length+2;const r=M.readMPI(t.subarray(n));n+=r.length+2;const i=M.readMPI(t.subarray(n));n+=i.length+2;const s=M.readMPI(t.subarray(n));return n+=s.length+2,{read:n,privateParams:{d:e,p:r,q:i,u:s}}}case Q.publicKey.dsa:case Q.publicKey.elgamal:{const e=M.readMPI(t.subarray(n));return n+=e.length+2,{read:n,privateParams:{x:e}}}case Q.publicKey.ecdsa:case Q.publicKey.ecdh:{const i=Vi(e,r.oid);let s=M.readMPI(t.subarray(n));return n+=s.length+2,s=M.leftPad(s,i),{read:n,privateParams:{d:s}}}case Q.publicKey.eddsaLegacy:{const i=Vi(e,r.oid);if(r.oid.getName()!==Q.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let s=M.readMPI(t.subarray(n));return n+=s.length+2,s=M.leftPad(s,i),{read:n,privateParams:{seed:s}}}case Q.publicKey.ed25519:case Q.publicKey.ed448:{const r=Vi(e),i=M.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{seed:i}}}case Q.publicKey.x25519:case Q.publicKey.x448:{const r=Vi(e),i=M.readExactSubarray(t,n,n+r);return n+=i.length,{read:n,privateParams:{k:i}}}case Q.publicKey.hmac:{const{cipher:e}=r,i=Qe(e.getValue()),s=t.subarray(n,n+32);n+=32;const a=t.subarray(n,n+i);return n+=i,{read:n,privateParams:{hashSeed:s,keyMaterial:a}}}case Q.publicKey.aead:{const{cipher:e}=r,i=t.subarray(n,n+32);n+=32;const{keySize:s}=Kr(e.getValue()),a=t.subarray(n,n+s);return n+=s,{read:n,privateParams:{hashSeed:i,keyMaterial:a}}}case Q.publicKey.pqc_mlkem_x25519:{const r=M.readExactSubarray(t,n,n+Vi(Q.publicKey.x25519));n+=r.length;const i=M.readExactSubarray(t,n,n+64);n+=i.length;const{mlkemSecretKey:s}=await Cn(e,i);return{read:n,privateParams:{eccSecretKey:r,mlkemSecretKey:s,mlkemSeed:i}}}case Q.publicKey.pqc_mldsa_ed25519:{const r=M.readExactSubarray(t,n,n+Vi(Q.publicKey.ed25519));n+=r.length;const i=M.readExactSubarray(t,n,n+32);n+=i.length;const{mldsaSecretKey:s}=await Rn(e,i);return{read:n,privateParams:{eccSecretKey:r,mldsaSecretKey:s,mldsaSeed:i}}}default:throw new it("Unknown public key encryption algorithm.")}}function _i(e,t){const r=new Set([Q.publicKey.ed25519,Q.publicKey.x25519,Q.publicKey.ed448,Q.publicKey.x448,Q.publicKey.aead,Q.publicKey.hmac,Q.publicKey.pqc_mlkem_x25519,Q.publicKey.pqc_mldsa_ed25519]),n={[Q.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[Q.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},i=Object.keys(t).map((i=>{if(n[e]?.has(i))return new Uint8Array;const s=t[i];return M.isUint8Array(s)?r.has(e)?s:M.uint8ArrayToMPI(s):s.write()}));return M.concatUint8Array(i)}async function Hi(e,t,r,n){switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),M.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:he(t),hash:{name:"SHA-1"}},n=await Fe.generateKey(r,!0,["sign","verify"]);return Ve(await Fe.exportKey("jwk",n.privateKey),t)}if(M.getNodeCrypto()){const r={modulusLength:e,publicExponent:ae(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},n=await new Promise(((e,t)=>{Oe.generateKeyPair("rsa",r,((r,n,i)=>{r?t(r):e(i)}))}));return Ve(n,t)}let r,n,i;do{n=de(e-(e>>1),t,40),r=de(e>>1,t,40),i=r*n}while(ce(i)!==e);const s=(r-Ne)*(n-Ne);return n<r&&([r,n]=[n,r]),{n:he(i),e:he(t),d:he(se(t,s)),p:he(r),q:he(n),u:he(se(r,n))}}(t,65537).then((({n:e,e:t,d:r,p:n,q:i,u:s})=>({privateParams:{d:r,p:n,q:i,u:s},publicParams:{n:e,e:t}})));case Q.publicKey.ecdsa:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Je(e),Q:t}})));case Q.publicKey.eddsaLegacy:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Je(e),Q:t}})));case Q.publicKey.ecdh:return Vr(r).then((({oid:e,Q:t,secret:r,hash:n,cipher:i})=>({privateParams:{d:r},publicParams:{oid:new Je(e),Q:t,kdfParams:new Hn({hash:n,cipher:i})}})));case Q.publicKey.ed25519:case Q.publicKey.ed448:return ct(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case Q.publicKey.x25519:case Q.publicKey.x448:return Pr(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case Q.publicKey.hmac:return zi(await async function(e){if(!Sn.has(e))throw Error("Unsupported hash algorithm.");const t=Q.read(Q.webHash,e),r=In||Bn.webcrypto.subtle,n=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),i=await r.exportKey("raw",n);return new Uint8Array(i)}(n),new jn(n));case Q.publicKey.aead:return zi(qi(n),new qn(n));case Q.publicKey.pqc_mlkem_x25519:return Un(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:n,mlkemPublicKey:i})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:n},publicParams:{eccPublicKey:t,mlkemPublicKey:i}})));case Q.publicKey.pqc_mldsa_ed25519:return Tn(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:n,mldsaPublicKey:i})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:n},publicParams:{eccPublicKey:t,mldsaPublicKey:i}})));case Q.publicKey.dsa:case Q.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function zi(e,t){const r=fe(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await xe(Q.hash.sha256,r)}}}async function Gi(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:{const{n:e,e:n}=t,{d:i,p:s,q:a,u:o}=r;return async function(e,t,r,n,i,s){if(e=te(e),(n=te(n))*(i=te(i))!==e)return!1;const a=BigInt(2);if(re(n*(s=te(s)),i)!==BigInt(1))return!1;t=te(t),r=te(r);const o=ye(a,a<<BigInt(Math.floor(ce(e)/3))),c=o*r*t;return!(re(c,n-Ne)!==o||re(c,i-Ne)!==o)}(e,n,i,s,a,o)}case Q.publicKey.dsa:{const{p:e,q:n,g:i,y:s}=t,{x:a}=r;return async function(e,t,r,n,i){if(e=te(e),t=te(t),r=te(r),n=te(n),r<=Kn||r>=e)return!1;if(re(e-Kn,t)!==vn)return!1;if(ne(r,t,e)!==Kn)return!1;const s=BigInt(ce(t));if(s<BigInt(150)||!ge(t,null,32))return!1;i=te(i);const a=BigInt(2);return n===ne(r,t*ye(a<<s-Kn,a<<s)+i,e)}(e,n,i,s,a)}case Q.publicKey.elgamal:{const{p:e,g:n,y:i}=t,{x:s}=r;return async function(e,t,r,n){if(e=te(e),t=te(t),r=te(r),t<=Ye||t>=e)return!1;const i=BigInt(ce(e));if(i<BigInt(1023))return!1;if(ne(t,e-Ye,e)!==Ye)return!1;let s=t,a=BigInt(1);const o=BigInt(2),c=o<<BigInt(17);for(;a<c;){if(s=re(s*t,e),s===Ye)return!1;a++}n=te(n);const u=ye(o<<i-Ye,o<<i);return r===ne(t,(e-Ye)*u+n,e)}(e,n,i,s)}case Q.publicKey.ecdsa:case Q.publicKey.ecdh:{const n=En[Q.read(Q.publicKey,e)],{oid:i,Q:s}=t,{d:a}=r;return n.validateParams(i,s,a)}case Q.publicKey.eddsaLegacy:{const{Q:e,oid:n}=t,{seed:i}=r;return hn(n,e,i)}case Q.publicKey.ed25519:case Q.publicKey.ed448:{const{A:n}=t,{seed:i}=r;return lt(e,n,i)}case Q.publicKey.x25519:case Q.publicKey.x448:{const{A:n}=t,{k:i}=r;return Dr(e,n,i)}case Q.publicKey.hmac:{const{cipher:e,digest:n}=t,{hashSeed:i,keyMaterial:s}=r;return Qe(e.getValue())===s.length&&M.equalsUint8Array(n,await xe(Q.hash.sha256,i))}case Q.publicKey.aead:{const{cipher:e,digest:n}=t,{hashSeed:i,keyMaterial:s}=r,{keySize:a}=Kr(e.getValue());return a===s.length&&M.equalsUint8Array(n,await xe(Q.hash.sha256,i))}case Q.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:n,mlkemSeed:i}=r,{eccPublicKey:s,mlkemPublicKey:a}=t;return Qn(e,s,n,a,i)}case Q.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:n,mldsaSeed:i}=r,{eccPublicKey:s,mldsaPublicKey:a}=t;return On(e,s,n,a,i)}default:throw Error("Unknown public key algorithm.")}}function qi(e){const{keySize:t}=Kr(e);return fe(t)}function ji(e){try{e.getName()}catch(e){throw new it("Unknown curve OID")}}function Vi(e,t){switch(e){case Q.publicKey.ecdsa:case Q.publicKey.ecdh:case Q.publicKey.eddsaLegacy:return new jr(t).payloadSize;case Q.publicKey.ed25519:case Q.publicKey.ed448:return ft(e);case Q.publicKey.x25519:case Q.publicKey.x448:return Rr(e);default:throw Error("Unknown elliptic algo")}}async function Yi(e,t,r,n,i,s,a){switch(e){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaSign:{const{n:e,e:i}=n;return He(t,s,M.leftPad(r.s,e.length),e,i,a)}case Q.publicKey.dsa:{const{g:e,p:t,q:i,y:s}=n,{r:o,s:c}=r;return async function(e,t,r,n,i,s,a,o){if(t=te(t),r=te(r),s=te(s),a=te(a),i=te(i),o=te(o),t<=vn||t>=a||r<=vn||r>=a)return M.printDebug("invalid DSA Signature"),!1;const c=re(te(n.subarray(0,ue(a))),a),u=se(r,a);if(u===vn)return M.printDebug("invalid DSA Signature"),!1;i=re(i,s),o=re(o,s);const h=re(c*u,a),l=re(t*u,a);return re(re(ne(i,h,s)*ne(o,l,s),s),a)===t}(0,o,c,a,e,t,i,s)}case Q.publicKey.ecdsa:{const{oid:e,Q:i}=n,o=new jr(e).payloadSize;return sn(e,t,{r:M.leftPad(r.r,o),s:M.leftPad(r.s,o)},s,i,a)}case Q.publicKey.eddsaLegacy:{if(Qe(t)<Qe(Q.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:i}=n,s=new jr(e).payloadSize;return un(e,0,{r:M.leftPad(r.r,s),s:M.leftPad(r.s,s)},0,i,a)}case Q.publicKey.ed25519:case Q.publicKey.ed448:{if(Qe(t)<Qe(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:i}=n;return ht(e,0,r,0,i,a)}case Q.publicKey.hmac:{if(!i)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=n,{keyMaterial:t}=i;return async function(e,t,r,n){if(!Sn.has(e))throw Error("Unsupported hash algorithm.");const i=Q.read(Q.webHash,e),s=In||Bn.webcrypto.subtle,a=await s.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["verify"]);return s.verify("HMAC",a,r,n)}(e.getValue(),t,r.mac.data,a)}case Q.publicKey.pqc_mldsa_ed25519:{if(!Fn(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:i,mldsaPublicKey:s}=n;return Ln(e,0,i,s,a,r)}default:throw Error("Unknown signature algorithm.")}}async function Zi(e,t,r,n,i,s){if(!r||!n)throw Error("Missing key parameters");switch(e){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaSign:{const{n:e,e:a}=r,{d:o,p:c,q:u,u:h}=n;return{s:await _e(t,i,e,a,o,c,u,h,s)}}case Q.publicKey.dsa:{const{g:e,p:t,q:i}=r,{x:a}=n;return async function(e,t,r,n,i,s){const a=BigInt(0);let o,c,u,h;n=te(n),i=te(i),r=te(r),s=te(s),r=re(r,n),s=re(s,i);const l=re(te(t.subarray(0,ue(i))),i);for(;;){if(o=ye(Kn,i),c=re(ne(r,o,n),i),c===a)continue;const e=re(s*c,i);if(h=re(l+e,i),u=re(se(o,i)*h,i),u!==a)break}return{r:he(c,"be",ue(n)),s:he(u,"be",ue(n))}}(0,s,e,t,i,a)}case Q.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case Q.publicKey.ecdsa:{const{oid:e,Q:a}=r,{d:o}=n;return nn(e,t,i,a,o,s)}case Q.publicKey.eddsaLegacy:{if(Qe(t)<Qe(Q.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:i}=r,{seed:a}=n;return cn(e,0,0,i,a,s)}case Q.publicKey.ed25519:case Q.publicKey.ed448:{if(Qe(t)<Qe(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:i}=r,{seed:a}=n;return ut(e,0,0,i,a,s)}case Q.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=n,i=await async function(e,t,r){if(!Sn.has(e))throw Error("Unsupported hash algorithm.");const n=Q.read(Q.webHash,e),i=In||Bn.webcrypto.subtle,s=await i.importKey("raw",t,{name:"HMAC",hash:{name:n}},!1,["sign"]),a=await i.sign("HMAC",s,r);return new Uint8Array(a)}(e.getValue(),t,s);return{mac:new _n(i)}}case Q.publicKey.pqc_mldsa_ed25519:{if(!Fn(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:i}=r,{eccSecretKey:a,mldsaSecretKey:o}=n;return Mn(e,0,a,i,o,s)}default:throw Error("Unknown signature algorithm.")}}Mi.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},Mi.blockLength=16,Mi.ivLength=12,Mi.tagLength=Ri;class Ji extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Ji),this.name="Argon2OutOfMemoryError"}}let Xi,Wi,$i=2<<19;class es{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return $i}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){$i=e}static reloadWasmModule(){Xi&&(Wi=Xi(),Wi.catch((()=>{})))}constructor(e=R){const{passes:t,parallelism:r,memoryExponent:n}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=n}generateSalt(){this.salt=fe(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([Q.write(Q.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return M.concatUint8Array(e)}async produceKey(e,t){const r=2<<this.encodedM-1;try{Xi=Xi||(await Promise.resolve().then((function(){return zd}))).default,Wi=Wi||Xi();const n=await Wi,i=n({version:19,type:2,password:M.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:r,parallelism:this.p,passes:this.t});return r>es.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&es.reloadWasmModule(),i}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new Ji("Could not allocate required memory for Argon2"):e}}}class ts{constructor(e,t=R){this.algorithm=Q.hash.sha256,this.type=Q.read(Q.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=fe(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==M.uint8ArrayToString(e.subarray(t,t+3)))throw new it("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new it("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new it("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...M.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([Q.write(Q.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return M.concatUint8Array(e)}async produceKey(e,t){e=M.encodeUTF8(e);const r=[];let n=0,i=0;for(;n<t;){let t;switch(this.type){case"simple":t=M.concatUint8Array([new Uint8Array(i),e]);break;case"salted":t=M.concatUint8Array([new Uint8Array(i),this.salt,e]);break;case"iterated":{const r=M.concatUint8Array([this.salt,e]);let n=r.length;const s=Math.max(this.getCount(),n);t=new Uint8Array(i+s),t.set(r,i);for(let e=i+n;e<s;e+=n,n*=2)t.copyWithin(e,i,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const s=await xe(this.algorithm,t);r.push(s),n+=s.length,i++}return M.concatUint8Array(r).subarray(0,t)}}const rs=new Set([Q.s2k.argon2,Q.s2k.iterated]);function ns(e,t=R){switch(e){case Q.s2k.argon2:return new es(t);case Q.s2k.iterated:case Q.s2k.gnu:case Q.s2k.salted:case Q.s2k.simple:return new ts(e,t);default:throw new it("Unsupported S2K type")}}function is(e){const{s2kType:t}=e;if(!rs.has(t))throw Error("The provided `config.s2kType` value is not allowed");return ns(t,e)}var ss=Uint8Array,as=Uint16Array,os=Int32Array,cs=new ss([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),us=new ss([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),hs=new ss([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),ls=function(e,t){for(var r=new as(31),n=0;n<31;++n)r[n]=t+=1<<e[n-1];var i=new os(r[30]);for(n=1;n<30;++n)for(var s=r[n];s<r[n+1];++s)i[s]=s-r[n]<<5|n;return{b:r,r:i}},fs=ls(cs,2),ys=fs.b,ps=fs.r;ys[28]=258,ps[258]=28;for(var ds=ls(us,0),gs=ds.b,As=ds.r,ws=new as(32768),ms=0;ms<32768;++ms){var bs=(43690&ms)>>1|(21845&ms)<<1;bs=(61680&(bs=(52428&bs)>>2|(13107&bs)<<2))>>4|(3855&bs)<<4,ws[ms]=((65280&bs)>>8|(255&bs)<<8)>>1}var ks=function(e,t,r){for(var n=e.length,i=0,s=new as(t);i<n;++i)e[i]&&++s[e[i]-1];var a,o=new as(t);for(i=1;i<t;++i)o[i]=o[i-1]+s[i-1]<<1;if(r){a=new as(1<<t);var c=15-t;for(i=0;i<n;++i)if(e[i])for(var u=i<<4|e[i],h=t-e[i],l=o[e[i]-1]++<<h,f=l|(1<<h)-1;l<=f;++l)a[ws[l]>>c]=u}else for(a=new as(n),i=0;i<n;++i)e[i]&&(a[i]=ws[o[e[i]-1]++]>>15-e[i]);return a},Es=new ss(288);for(ms=0;ms<144;++ms)Es[ms]=8;for(ms=144;ms<256;++ms)Es[ms]=9;for(ms=256;ms<280;++ms)Es[ms]=7;for(ms=280;ms<288;++ms)Es[ms]=8;var vs=new ss(32);for(ms=0;ms<32;++ms)vs[ms]=5;var Ks=/*#__PURE__*/ks(Es,9,0),Ss=/*#__PURE__*/ks(Es,9,1),Is=/*#__PURE__*/ks(vs,5,0),Bs=/*#__PURE__*/ks(vs,5,1),Cs=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},Us=function(e,t,r){var n=t/8|0;return(e[n]|e[n+1]<<8)>>(7&t)&r},Ps=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},Ds=function(e){return(e+7)/8|0},xs=function(e,t,r){return(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length),new ss(e.subarray(t,r))},Qs=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Rs=function(e,t,r){var n=Error(t||Qs[e]);if(n.code=e,Error.captureStackTrace&&Error.captureStackTrace(n,Rs),!r)throw n;return n},Ts=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>8},Ms=function(e,t,r){r<<=7&t;var n=t/8|0;e[n]|=r,e[n+1]|=r>>8,e[n+2]|=r>>16},Ls=function(e,t){for(var r=[],n=0;n<e.length;++n)e[n]&&r.push({s:n,f:e[n]});var i=r.length,s=r.slice();if(!i)return{t:Gs,l:0};if(1==i){var a=new ss(r[0].s+1);return a[r[0].s]=1,{t:a,l:1}}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=i-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var f=s[0].s;for(n=1;n<i;++n)s[n].s>f&&(f=s[n].s);var y=new as(f+1),p=Fs(r[h-1],y,0);if(p>t){n=0;var d=0,g=p-t,A=1<<g;for(s.sort((function(e,t){return y[t.s]-y[e.s]||e.f-t.f}));n<i;++n){var w=s[n].s;if(!(y[w]>t))break;d+=A-(1<<p-y[w]),y[w]=t}for(d>>=g;d>0;){var m=s[n].s;y[m]<t?d-=1<<t-y[m]++-1:++n}for(;n>=0&&d;--n){var b=s[n].s;y[b]==t&&(--y[b],++d)}p=t}return{t:new ss(y),l:p}},Fs=function(e,t,r){return-1==e.s?Math.max(Fs(e.l,t,r+1),Fs(e.r,t,r+1)):t[e.s]=r},Os=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new as(++t),n=0,i=e[0],s=1,a=function(e){r[n++]=e},o=1;o<=t;++o)if(e[o]==i&&o!=t)++s;else{if(!i&&s>2){for(;s>138;s-=138)a(32754);s>2&&(a(s>10?s-11<<5|28690:s-3<<5|12305),s=0)}else if(s>3){for(a(i),--s;s>6;s-=6)a(8304);s>2&&(a(s-3<<5|8208),s=0)}for(;s--;)a(i);s=1,i=e[o]}return{c:r.subarray(0,n),n:t}},Ns=function(e,t){for(var r=0,n=0;n<t.length;++n)r+=e[n]*t[n];return r},_s=function(e,t,r){var n=r.length,i=Ds(t+2);e[i]=255&n,e[i+1]=n>>8,e[i+2]=255^e[i],e[i+3]=255^e[i+1];for(var s=0;s<n;++s)e[i+s+4]=r[s];return 8*(i+4+n)},Hs=function(e,t,r,n,i,s,a,o,c,u,h){Ts(t,h++,r),++i[256];for(var l=Ls(i,15),f=l.t,y=l.l,p=Ls(s,15),d=p.t,g=p.l,A=Os(f),w=A.c,m=A.n,b=Os(d),k=b.c,E=b.n,v=new as(19),K=0;K<w.length;++K)++v[31&w[K]];for(K=0;K<k.length;++K)++v[31&k[K]];for(var S=Ls(v,7),I=S.t,B=S.l,C=19;C>4&&!I[hs[C-1]];--C);var U,P,D,x,Q=u+5<<3,R=Ns(i,Es)+Ns(s,vs)+a,T=Ns(i,f)+Ns(s,d)+a+14+3*C+Ns(v,I)+2*v[16]+3*v[17]+7*v[18];if(c>=0&&Q<=R&&Q<=T)return _s(t,h,e.subarray(c,c+u));if(Ts(t,h,1+(T<R)),h+=2,T<R){U=ks(f,y,0),P=f,D=ks(d,g,0),x=d;var M=ks(I,B,0);Ts(t,h,m-257),Ts(t,h+5,E-1),Ts(t,h+10,C-4),h+=14;for(K=0;K<C;++K)Ts(t,h+3*K,I[hs[K]]);h+=3*C;for(var L=[w,k],F=0;F<2;++F){var O=L[F];for(K=0;K<O.length;++K){var N=31&O[K];Ts(t,h,M[N]),h+=I[N],N>15&&(Ts(t,h,O[K]>>5&127),h+=O[K]>>12)}}}else U=Ks,P=Es,D=Is,x=vs;for(K=0;K<o;++K){var _=n[K];if(_>255){Ms(t,h,U[(N=_>>18&31)+257]),h+=P[N+257],N>7&&(Ts(t,h,_>>23&31),h+=cs[N]);var H=31&_;Ms(t,h,D[H]),h+=x[H],H>3&&(Ms(t,h,_>>5&8191),h+=us[H])}else Ms(t,h,U[_]),h+=P[_]}return Ms(t,h,U[256]),h+P[256]},zs=/*#__PURE__*/new os([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),Gs=/*#__PURE__*/new ss(0),qs=function(){var e=1,t=0;return{p:function(r){for(var n=e,i=t,s=0|r.length,a=0;a!=s;){for(var o=Math.min(a+2655,s);a<o;++a)i+=n+=r[a];n=(65535&n)+15*(n>>16),i=(65535&i)+15*(i>>16)}e=n,t=i},d:function(){return(255&(e%=65521))<<24|(65280&e)<<8|(255&(t%=65521))<<8|t>>8}}},js=function(e,t,r,n,i){if(!i&&(i={l:1},t.dictionary)){var s=t.dictionary.subarray(-32768),a=new ss(s.length+e.length);a.set(s),a.set(e,s.length),e=a,i.w=s.length}return function(e,t,r,n,i,s){var a=s.z||e.length,o=new ss(n+a+5*(1+Math.ceil(a/7e3))+i),c=o.subarray(n,o.length-i),u=s.l,h=7&(s.r||0);if(t){h&&(c[0]=s.r>>3);for(var l=zs[t-1],f=l>>13,y=8191&l,p=(1<<r)-1,d=s.p||new as(32768),g=s.h||new as(p+1),A=Math.ceil(r/3),w=2*A,m=function(t){return(e[t]^e[t+1]<<A^e[t+2]<<w)&p},b=new os(25e3),k=new as(288),E=new as(32),v=0,K=0,S=s.i||0,I=0,B=s.w||0,C=0;S+2<a;++S){var U=m(S),P=32767&S,D=g[U];if(d[P]=D,g[U]=P,B<=S){var x=a-S;if((v>7e3||I>24576)&&(x>423||!u)){h=Hs(e,c,0,b,k,E,K,I,C,S-C,h),I=v=K=0,C=S;for(var Q=0;Q<286;++Q)k[Q]=0;for(Q=0;Q<30;++Q)E[Q]=0}var R=2,T=0,M=y,L=P-D&32767;if(x>2&&U==m(S-L))for(var F=Math.min(f,x)-1,O=Math.min(32767,S),N=Math.min(258,x);L<=O&&--M&&P!=D;){if(e[S+R]==e[S+R-L]){for(var _=0;_<N&&e[S+_]==e[S+_-L];++_);if(_>R){if(R=_,T=L,_>F)break;var H=Math.min(L,_-2),z=0;for(Q=0;Q<H;++Q){var G=S-L+Q&32767,q=G-d[G]&32767;q>z&&(z=q,D=G)}}}L+=(P=D)-(D=d[P])&32767}if(T){b[I++]=268435456|ps[R]<<18|As[T];var j=31&ps[R],V=31&As[T];K+=cs[j]+us[V],++k[257+j],++E[V],B=S+R,++v}else b[I++]=e[S],++k[e[S]]}}for(S=Math.max(S,B);S<a;++S)b[I++]=e[S],++k[e[S]];h=Hs(e,c,u,b,k,E,K,I,C,S-C,h),u||(s.r=7&h|c[h/8|0]<<3,h-=7,s.h=g,s.p=d,s.i=S,s.w=B)}else{for(S=s.w||0;S<a+u;S+=65535){var Y=S+65535;Y>=a&&(c[h/8|0]=u,Y=a),h=_s(c,h+1,e.subarray(S,Y))}s.i=a}return xs(o,0,n+Ds(h)+i)}(e,null==t.level?6:t.level,null==t.mem?i.l?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):20:12+t.mem,r,n,i)},Vs=function(e,t,r){for(;r;++t)e[t]=r,r>>>=8},Ys=/*#__PURE__*/function(){function e(e,t){if("function"==typeof e&&(t=e,e={}),this.ondata=t,this.o=e||{},this.s={l:0,i:32768,w:32768,z:32768},this.b=new ss(98304),this.o.dictionary){var r=this.o.dictionary.subarray(-32768);this.b.set(r,32768-r.length),this.s.i=32768-r.length}}return e.prototype.p=function(e,t){this.ondata(js(e,this.o,0,0,this.s),t)},e.prototype.push=function(e,t){this.ondata||Rs(5),this.s.l&&Rs(4);var r=e.length+this.s.z;if(r>this.b.length){if(r>2*this.b.length-32768){var n=new ss(-32768&r);n.set(this.b.subarray(0,this.s.z)),this.b=n}var i=this.b.length-this.s.z;this.b.set(e.subarray(0,i),this.s.z),this.s.z=this.b.length,this.p(this.b,!1),this.b.set(this.b.subarray(-32768)),this.b.set(e.subarray(i),32768),this.s.z=e.length-i+32768,this.s.i=32766,this.s.w=32768}else this.b.set(e,this.s.z),this.s.z+=e.length;this.s.l=1&t,(this.s.z>this.s.w+8191||t)&&(this.p(this.b,t||!1),this.s.w=this.s.i,this.s.i-=2)},e.prototype.flush=function(){this.ondata||Rs(5),this.s.l&&Rs(4),this.p(this.b,!1),this.s.w=this.s.i,this.s.i-=2},e}(),Zs=/*#__PURE__*/function(){function e(e,t){"function"==typeof e&&(t=e,e={}),this.ondata=t;var r=e&&e.dictionary&&e.dictionary.subarray(-32768);this.s={i:0,b:r?r.length:0},this.o=new ss(32768),this.p=new ss(0),r&&this.o.set(r)}return e.prototype.e=function(e){if(this.ondata||Rs(5),this.d&&Rs(4),this.p.length){if(e.length){var t=new ss(this.p.length+e.length);t.set(this.p),t.set(e,this.p.length),this.p=t}}else this.p=e},e.prototype.c=function(e){this.s.i=+(this.d=e||!1);var t=this.s.b,r=function(e,t,r,n){var i=e.length;if(!i||t.f&&!t.l)return r||new ss(0);var s=!r,a=s||2!=t.i,o=t.i;s&&(r=new ss(3*i));var c=function(e){var t=r.length;if(e>t){var n=new ss(Math.max(2*t,e));n.set(r),r=n}},u=t.f||0,h=t.p||0,l=t.b||0,f=t.l,y=t.d,p=t.m,d=t.n,g=8*i;do{if(!f){u=Us(e,h,1);var A=Us(e,h+1,3);if(h+=3,!A){var w=e[(U=Ds(h)+4)-4]|e[U-3]<<8,m=U+w;if(m>i){o&&Rs(0);break}a&&c(l+w),r.set(e.subarray(U,m),l),t.b=l+=w,t.p=h=8*m,t.f=u;continue}if(1==A)f=Ss,y=Bs,p=9,d=5;else if(2==A){var b=Us(e,h,31)+257,k=Us(e,h+10,15)+4,E=b+Us(e,h+5,31)+1;h+=14;for(var v=new ss(E),K=new ss(19),S=0;S<k;++S)K[hs[S]]=Us(e,h+3*S,7);h+=3*k;var I=Cs(K),B=(1<<I)-1,C=ks(K,I,1);for(S=0;S<E;){var U,P=C[Us(e,h,B)];if(h+=15&P,(U=P>>4)<16)v[S++]=U;else{var D=0,x=0;for(16==U?(x=3+Us(e,h,3),h+=2,D=v[S-1]):17==U?(x=3+Us(e,h,7),h+=3):18==U&&(x=11+Us(e,h,127),h+=7);x--;)v[S++]=D}}var Q=v.subarray(0,b),R=v.subarray(b);p=Cs(Q),d=Cs(R),f=ks(Q,p,1),y=ks(R,d,1)}else Rs(1);if(h>g){o&&Rs(0);break}}a&&c(l+131072);for(var T=(1<<p)-1,M=(1<<d)-1,L=h;;L=h){var F=(D=f[Ps(e,h)&T])>>4;if((h+=15&D)>g){o&&Rs(0);break}if(D||Rs(2),F<256)r[l++]=F;else{if(256==F){L=h,f=null;break}var O=F-254;if(F>264){var N=cs[S=F-257];O=Us(e,h,(1<<N)-1)+ys[S],h+=N}var _=y[Ps(e,h)&M],H=_>>4;if(_||Rs(3),h+=15&_,R=gs[H],H>3&&(N=us[H],R+=Ps(e,h)&(1<<N)-1,h+=N),h>g){o&&Rs(0);break}a&&c(l+131072);var z=l+O;if(l<R){var G=0-R,q=Math.min(R,z);for(G+l<0&&Rs(3);l<q;++l)r[l]=n[G+l]}for(;l<z;++l)r[l]=r[l-R]}}t.l=f,t.p=L,t.b=l,t.f=u,f&&(u=1,t.m=p,t.d=y,t.n=d)}while(!u);return l!=r.length&&s?xs(r,0,l):r.subarray(0,l)}(this.p,this.s,this.o);this.ondata(xs(r,t,this.s.b),this.d),this.o=xs(r,this.s.b-32768),this.s.b=this.o.length,this.p=xs(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),Js=/*#__PURE__*/function(){function e(e,t){this.c=qs(),this.v=1,Ys.call(this,e,t)}return e.prototype.push=function(e,t){this.c.p(e),Ys.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){var r=js(e,this.o,this.v&&(this.o.dictionary?6:2),t&&4,this.s);this.v&&(function(e,t){var r=t.level,n=0==r?0:r<6?1:9==r?3:2;if(e[0]=120,e[1]=n<<6|(t.dictionary&&32),e[1]|=31-(e[0]<<8|e[1])%31,t.dictionary){var i=qs();i.p(t.dictionary),Vs(e,2,i.d())}}(r,this.o),this.v=0),t&&Vs(r,r.length-4,this.c.d()),this.ondata(r,t)},e.prototype.flush=function(){Ys.prototype.flush.call(this)},e}(),Xs=/*#__PURE__*/function(){function e(e,t){Zs.call(this,e,t),this.v=e&&e.dictionary?2:1}return e.prototype.push=function(e,t){if(Zs.prototype.e.call(this,e),this.v){if(this.p.length<6&&!t)return;this.p=this.p.subarray((r=this.p,n=this.v-1,(8!=(15&r[0])||r[0]>>4>7||(r[0]<<8|r[1])%31)&&Rs(6,"invalid zlib data"),(r[1]>>5&1)==+!n&&Rs(6,"invalid zlib data: "+(32&r[1]?"need":"unexpected")+" dictionary"),2+(r[1]>>3&4))),this.v=0}var r,n;t&&(this.p.length<4&&Rs(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),Zs.prototype.c.call(this,t)},e}(),Ws="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Ws.decode(Gs,{stream:!0})}catch(e){}class $s{static get tag(){return Q.packet.literalData}constructor(e=new Date){this.format=Q.literal.utf8,this.date=M.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=Q.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||M.isStream(this.text))&&(this.text=M.decodeUTF8(M.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=M.canonicalizeEOL(M.encodeUTF8(this.text))),e?K(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await E(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=M.decodeUTF8(await e.readBytes(r)),this.date=M.readDate(await e.readBytes(4));let n=e.remainder();a(n)&&(n=await B(n)),this.setBytes(n,t)}))}writeHeader(){const e=M.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),n=M.writeDate(this.date);return M.concatUint8Array([r,t,e,n])}write(){const e=this.writeHeader(),t=this.getBytes();return M.concat([e,t])}}class ea{constructor(){this.bytes=""}read(e){return this.bytes=M.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return M.stringToUint8Array(this.bytes)}toHex(){return M.uint8ArrayToHex(M.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new ea;return t.read(M.hexToUint8Array(e)),t}static wildcard(){const e=new ea;return e.read(new Uint8Array(8)),e}}const ta=Symbol("verified"),ra="salt@notations.openpgpjs.org",na=new Set([Q.signatureSubpacket.issuerKeyID,Q.signatureSubpacket.issuerFingerprint,Q.signatureSubpacket.embeddedSignature]);class ia{static get tag(){return Q.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new ea,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[ta]=null}read(e,t=R){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const n=e.subarray(r,e.length),{read:i,signatureParams:s}=function(e,t){let r=0;switch(e){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaSign:{const e=M.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case Q.publicKey.dsa:case Q.publicKey.ecdsa:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case Q.publicKey.eddsaLegacy:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,signatureParams:{r:e,s:n}}}case Q.publicKey.ed25519:case Q.publicKey.ed448:{const n=2*ft(e),i=M.readExactSubarray(t,r,r+n);return r+=i.length,{read:r,signatureParams:{RS:i}}}case Q.publicKey.hmac:{const e=new _n;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case Q.publicKey.pqc_mldsa_ed25519:{const e=2*ft(Q.publicKey.ed25519),n=M.readExactSubarray(t,r,r+e);r+=n.length;const i=M.readExactSubarray(t,r,r+3309);return r+=i.length,{read:r,signatureParams:{eccSignature:n,mldsaSignature:i}}}default:throw new it("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,n);if(i<n.length)throw Error("Error reading MPIs");this.params=s}writeParams(){return this.params instanceof Promise?U((async()=>_i(this.publicKeyAlgorithm,await this.params))):_i(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),M.concat(e)}async sign(e,t,r=new Date,n=!1,i){this.version=e.version,this.created=M.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const s=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=aa(this.hashAlgorithm);if(null===this.salt)this.salt=fe(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(i.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===ra)).length)throw Error("Unexpected existing salt notation");{const e=fe(aa(this.hashAlgorithm));this.rawNotations.push({name:ra,value:e,humanReadable:!1,critical:!1})}}s.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=M.concat(s);const a=this.toHash(this.signatureType,t,n),o=await this.hash(this.signatureType,t,a,n);this.signedHashValue=I(v(o),0,2);const c=async()=>Zi(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,a,await B(o));M.isStream(o)?this.params=c():(this.params=await c(),this[ta]=!0)}writeHashedSubPackets(){const e=Q.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(sa(e.signatureCreationTime,!0,M.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(sa(e.signatureExpirationTime,!0,M.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(sa(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(sa(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(sa(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(sa(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(sa(e.keyExpirationTime,!0,M.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(sa(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=M.concat([r,this.revocationKeyFingerprint]),t.push(sa(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(sa(e.issuerKeyID,!1,this.issuerKeyID.write())),this.rawNotations.forEach((({name:n,value:i,humanReadable:s,critical:a})=>{r=[new Uint8Array([s?128:0,0,0,0])];const o=M.encodeUTF8(n);r.push(M.writeNumber(o.length,2)),r.push(M.writeNumber(i.length,2)),r.push(o),r.push(i),r=M.concat(r),t.push(sa(e.notationData,a,r))})),null!==this.preferredHashAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(sa(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(sa(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.keyServerPreferences)),t.push(sa(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(sa(e.preferredKeyServer,!1,M.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(sa(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(sa(e.policyURI,!1,M.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.keyFlags)),t.push(sa(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(sa(e.signersUserID,!1,M.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=M.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(sa(e.reasonForRevocation,!0,r))),null!==this.features&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.features)),t.push(sa(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(M.stringToUint8Array(this.signatureTargetHash)),r=M.concat(r),t.push(sa(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(sa(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=M.concat(r),t.push(sa(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=M.stringToUint8Array(M.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(sa(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(sa(e.preferredCipherSuites,!1,r)));const n=M.concat(t),i=M.writeNumber(n.length,6===this.version?4:2);return M.concat([i,n])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>sa(e,t,r))),t=M.concat(e),r=M.writeNumber(t.length,6===this.version?4:2);return M.concat([r,t])}readSubPacket(e,t=!0){let r=0;const n=!!(128&e[r]),i=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:i,critical:n,body:e.subarray(r,e.length)}),na.has(i)))switch(i){case Q.signatureSubpacket.signatureCreationTime:this.created=M.readDate(e.subarray(r,e.length));break;case Q.signatureSubpacket.signatureExpirationTime:{const t=M.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case Q.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case Q.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case Q.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case Q.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case Q.signatureSubpacket.keyExpirationTime:{const t=M.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case Q.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case Q.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case Q.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const i=M.readNumber(e.subarray(r,r+2));r+=2;const s=M.readNumber(e.subarray(r,r+2));r+=2;const a=M.decodeUTF8(e.subarray(r,r+i)),o=e.subarray(r+i,r+i+s);this.rawNotations.push({name:a,humanReadable:t,value:o,critical:n}),t&&(this.notations[a]=M.decodeUTF8(o));break}case Q.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=M.decodeUTF8(e.subarray(r,e.length));break;case Q.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case Q.signatureSubpacket.policyURI:this.policyURI=M.decodeUTF8(e.subarray(r,e.length));break;case Q.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.signersUserID:this.signersUserID=M.decodeUTF8(e.subarray(r,e.length));break;case Q.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=M.decodeUTF8(e.subarray(r,e.length));break;case Q.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Qe(this.signatureTargetHashAlgorithm);this.signatureTargetHash=M.uint8ArrayToString(e.subarray(r,r+t));break}case Q.signatureSubpacket.embeddedSignature:this.embeddedSignature=new ia,this.embeddedSignature.read(e.subarray(r,e.length));break;case Q.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case Q.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case Q.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:i,critical:n,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const n=6===this.version?4:2,i=M.readNumber(e.subarray(0,n));let s=n;for(;s<2+i;){const n=Xe(e.subarray(s,e.length));s+=n.offset,this.readSubPacket(e.subarray(s,s+n.len),t,r),s+=n.len}return s}toSign(e,t){const r=Q.signature;switch(e){case r.binary:return null!==t.text?M.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return M.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,n;if(t.userID)n=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");n=209,e=t.userAttribute}const i=e.write();return M.concat([this.toSign(r.key,t),new Uint8Array([n]),M.writeNumber(i.length,4),i])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return M.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return b(v(this.signatureData),(e=>{r+=e.length}),(()=>{const n=[];return 5!==this.version||this.signatureType!==Q.signature.binary&&this.signatureType!==Q.signature.text||(t?n.push(new Uint8Array(6)):n.push(e.writeHeader())),n.push(new Uint8Array([this.version,255])),5===this.version&&n.push(new Uint8Array(4)),n.push(M.writeNumber(r,4)),M.concat(n)}))}toHash(e,t,r=!1){const n=this.toSign(e,t);return M.concat([this.salt||new Uint8Array,n,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,n=!1){if(6===this.version&&this.salt.length!==aa(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,n)),xe(this.hashAlgorithm,r)}async verify(e,t,r,n=new Date,i=!1,s=R){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const a=t===Q.signature.binary||t===Q.signature.text;if(!(this[ta]&&!a)){let n,s;if(this.hashed?s=await this.hashed:(n=this.toHash(t,r,i),s=await this.hash(t,r,n)),s=await B(s),this.signedHashValue[0]!==s[0]||this.signedHashValue[1]!==s[1])throw Error("Signed digest did not match");this.params=await this.params;const a=this.publicKeyAlgorithm===Q.publicKey.hmac?e.privateParams:null;if(this[ta]=await Yi(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,a,n,s),!this[ta])throw Error("Signature verification failed")}const o=M.normalizeDate(n);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(s.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+Q.read(Q.hash,this.hashAlgorithm).toUpperCase());if(s.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[Q.signature.binary,Q.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+Q.read(Q.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&s.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=M.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function sa(e,t,r){const n=[];return n.push(We(r.length+1)),n.push(new Uint8Array([(t?128:0)|e])),n.push(r),M.concat(n)}function aa(e){switch(e){case Q.hash.sha256:return 16;case Q.hash.sha384:return 24;case Q.hash.sha512:return 32;case Q.hash.sha224:case Q.hash.sha3_256:return 16;case Q.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class oa{static get tag(){return Q.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new oa;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new ea,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new ea,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),M.concatUint8Array(e)}calculateTrailer(...e){return U((async()=>ia.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==Q.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!M.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!M.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function ca(e,t){if(!t[e]){let t;try{t=Q.read(Q.packet,e)}catch(t){throw new st("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}oa.prototype.hash=ia.prototype.hash,oa.prototype.toHash=ia.prototype.toHash,oa.prototype.toSign=ia.prototype.toSign;class ua extends Array{static async fromBinary(e,t,r=R,n=null,i=!1){const s=new ua;return await s.read(e,t,r,n,i),s}async read(e,t,r=R,n=null,i=!1){let s;r.additionalAllowedPackets.length&&(s=M.constructAllowedPackets(r.additionalAllowedPackets),t={...t,...s}),this.stream=k(e,(async(e,a)=>{const o=P(e),c=D(a);try{let a=M.isStream(e);for(;;){let e,u;if(await c.ready,await nt(o,a,(async a=>{try{if(a.tag===Q.packet.marker||a.tag===Q.packet.trust||a.tag===Q.packet.padding)return;const e=ca(a.tag,t);try{n?.recordPacket(a.tag,s)}catch(e){if(r.enforceGrammar)throw e;M.printDebugError(e)}e.packets=new ua,e.fromStream=M.isStream(a.packet),u=e.fromStream;try{await e.read(a.packet,r)}catch(t){if(!(t instanceof it))throw M.wrapError(new at(`Parsing ${e.constructor.name} failed`),t);throw t}await c.write(e)}catch(t){const n=t instanceof st&&a.tag<=39,s=t instanceof it&&!(t instanceof st)&&!r.ignoreUnsupportedPackets,o=t instanceof at&&!r.ignoreMalformedPackets,u=rt(a.tag);if(n||s||o||u||!(t instanceof st||t instanceof it||t instanceof at))i?e=t:await c.abort(t);else{const e=new ot(a.tag,a.packet);await c.write(e)}M.printDebugError(t)}})),u&&(a=null),e)throw await o.readToEnd(),e;const h=await o.peekBytes(2);if(!h||!h.length){try{n?.recordEnd()}catch(e){if(r.enforceGrammar)throw e;M.printDebugError(e)}return await c.ready,void await c.close()}}}catch(e){await c.abort(e)}}));const a=P(this.stream);for(;;){const{done:e,value:t}=await a.read();if(e?this.stream=null:this.push(t),e||rt(t.constructor.tag))break}a.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof ot?this[t].tag:this[t].constructor.tag,n=this[t].write();if(M.isStream(n)&&rt(this[t].constructor.tag)){let t=[],i=0;const s=512;e.push(et(r)),e.push(b(n,(e=>{if(t.push(e),i+=e.length,i>=s){const e=Math.min(Math.log(i)/Math.LN2|0,30),r=2**e,n=M.concat([$e(e)].concat(t));return t=[n.subarray(1+r)],i=t[0].length,n.subarray(0,1+r)}}),(()=>M.concat([We(i)].concat(t)))))}else{if(M.isStream(n)){let t=0;e.push(b(v(n),(e=>{t+=e.length}),(()=>tt(r,t))))}else e.push(tt(r,n.length));e.push(n)}}return M.concat(e)}filterByTag(...e){const t=new ua,r=e=>t=>e===t;for(let n=0;n<this.length;n++)e.some(r(this[n].constructor.tag))&&t.push(this[n]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,n=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(n(r[i].constructor.tag))&&t.push(i);return t}}class ha extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,ha),this.name="GrammarError"}}var la;!function(e){e[e.EmptyMessage=0]="EmptyMessage",e[e.PlaintextOrEncryptedData=1]="PlaintextOrEncryptedData",e[e.EncryptedSessionKeys=2]="EncryptedSessionKeys",e[e.StandaloneAdditionalAllowedData=3]="StandaloneAdditionalAllowedData"}(la||(la={}));class fa{constructor(){this.state=la.EmptyMessage,this.leadingOnePassSignatureCounter=0}recordPacket(e,t){switch(this.state){case la.EmptyMessage:case la.StandaloneAdditionalAllowedData:switch(e){case Q.packet.literalData:case Q.packet.compressedData:case Q.packet.aeadEncryptedData:case Q.packet.symEncryptedIntegrityProtectedData:case Q.packet.symmetricallyEncryptedData:return void(this.state=la.PlaintextOrEncryptedData);case Q.packet.signature:if(this.state===la.StandaloneAdditionalAllowedData&&--this.leadingOnePassSignatureCounter<0)throw new ha("Trailing signature packet without OPS");return;case Q.packet.onePassSignature:if(this.state===la.StandaloneAdditionalAllowedData)throw new ha("OPS following StandaloneAdditionalAllowedData");return void this.leadingOnePassSignatureCounter++;case Q.packet.publicKeyEncryptedSessionKey:case Q.packet.symEncryptedSessionKey:return void(this.state=la.EncryptedSessionKeys);default:if(!t?.[e])throw new ha(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=la.StandaloneAdditionalAllowedData)}case la.PlaintextOrEncryptedData:if(e===Q.packet.signature){if(--this.leadingOnePassSignatureCounter<0)throw new ha("Trailing signature packet without OPS");return void(this.state=la.PlaintextOrEncryptedData)}if(!t?.[e])throw new ha(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=la.PlaintextOrEncryptedData);case la.EncryptedSessionKeys:switch(e){case Q.packet.publicKeyEncryptedSessionKey:case Q.packet.symEncryptedSessionKey:return void(this.state=la.EncryptedSessionKeys);case Q.packet.symEncryptedIntegrityProtectedData:case Q.packet.aeadEncryptedData:case Q.packet.symmetricallyEncryptedData:return void(this.state=la.PlaintextOrEncryptedData);case Q.packet.signature:if(--this.leadingOnePassSignatureCounter<0)throw new ha("Trailing signature packet without OPS");return void(this.state=la.PlaintextOrEncryptedData);default:if(!t?.[e])throw new ha(`Unexpected packet ${e} in state ${this.state}`);this.state=la.EncryptedSessionKeys}}}recordEnd(){switch(this.state){case la.EmptyMessage:case la.PlaintextOrEncryptedData:case la.EncryptedSessionKeys:case la.StandaloneAdditionalAllowedData:if(this.leadingOnePassSignatureCounter>0)throw new ha("Missing trailing signature packets")}}}const ya=/*#__PURE__*/M.constructAllowedPackets([$s,oa,ia]);class pa{static get tag(){return Q.packet.compressedData}constructor(e=R){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=R){await E(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),M.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=R){const t=Q.read(Q.compression,this.algorithm),r=ma[t];if(!r)throw Error(t+" decompression not supported");this.packets=await ua.fromBinary(await r(this.compressed),ya,e,new fa)}compress(){const e=Q.read(Q.compression,this.algorithm),t=wa[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function da(e,t){return r=>{if(!M.isStream(r)||a(r))return U((()=>B(r).then((e=>new Promise(((r,n)=>{const i=new t,s=[];i.ondata=(e,t)=>{s.push(e),t&&r(M.concatUint8Array(s))};try{i.push(e,!0)}catch(e){n(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const n=r.getReader(),i=new t;return new ReadableStream({async start(e){for(i.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await n.read();if(e)return void i.push(new Uint8Array,!0);t.length&&i.push(t)}}})}}function ga(){return async function(e){const{decode:t}=await Promise.resolve().then((function(){return jd}));return U((async()=>t(await B(e))))}}const Aa=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),wa={zip:/*#__PURE__*/da(Aa("deflate-raw").compressor,Ys),zlib:/*#__PURE__*/da(Aa("deflate").compressor,Js)},ma={uncompressed:e=>e,zip:/*#__PURE__*/da(Aa("deflate-raw").decompressor,Zs),zlib:/*#__PURE__*/da(Aa("deflate").decompressor,Xs),bzip2:/*#__PURE__*/ga()},ba=/*#__PURE__*/M.constructAllowedPackets([$s,pa,oa,ia]);class ka{static get tag(){return Q.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new ka;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await E(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new it(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?M.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):M.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=R){const{blockSize:n,keySize:i}=Kr(e);if(t.length!==i)throw Error("Unexpected session key size");let s=this.packets.write();if(a(s)&&(s=await B(s)),2===this.version)this.cipherAlgorithm=e,this.salt=fe(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await Ea(this,"encrypt",t,s);else{const r=await Wn(e),i=new Uint8Array([211,20]),a=M.concat([r,s,i]),o=await xe(Q.hash.sha1,K(a)),c=M.concat([a,o]);this.encrypted=await $n(e,t,c,new Uint8Array(n))}return!0}async decrypt(e,t,r=R){if(t.length!==Kr(e).keySize)throw Error("Unexpected session key size");let n,i=v(this.encrypted);a(i)&&(i=await B(i));let s=!1;if(2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");n=await Ea(this,"decrypt",t,i)}else{const{blockSize:a}=Kr(e),o=await ei(e,t,i,new Uint8Array(a)),c=I(K(o),-20),u=I(o,0,-20),h=Promise.all([B(await xe(Q.hash.sha1,K(u))),B(c)]).then((([e,t])=>{if(!M.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),l=I(u,a+2);n=I(l,0,-2),n=g([n,U((()=>h))]),M.isStream(i)&&r.allowUnauthenticatedStream?s=!0:n=await B(n)}return this.packets=await ua.fromBinary(n,ba,r,new fa,s),!0}}async function Ea(e,t,r,n){const i=e instanceof ka&&2===e.version,s=!i&&e.constructor.tag===Q.packet.aeadEncryptedData;if(!i&&!s)throw Error("Unexpected packet type");const a=Li(e.aeadAlgorithm,s),o="decrypt"===t?a.tagLength:0,c="encrypt"===t?a.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=s?8:0,l=new ArrayBuffer(13+h),f=new Uint8Array(l,0,5+h),y=new Uint8Array(l),p=new DataView(l),d=new Uint8Array(l,5,8);f.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let g,w,m=0,b=Promise.resolve(),E=0,v=0;if(i){const{keySize:t}=Kr(e.cipherAlgorithm),{ivLength:n}=a,i=new Uint8Array(l,0,5),s=await Cr(Q.hash.sha256,r,e.salt,i,t+n);r=s.subarray(0,t),g=s.subarray(t),g.fill(0,g.length-8),w=new DataView(g.buffer,g.byteOffset,g.byteLength)}else g=e.iv;const K=await a(e.cipherAlgorithm,r);return k(n,(async(r,n)=>{if("array"!==M.isStream(r)){const t=new TransformStream({},{highWaterMark:M.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});A(t.readable,n),n=t.writable}const s=P(r),a=D(n);try{for(;;){let e=await s.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let n,l,A;if(e=e.subarray(0,e.length-o),i)A=g;else{A=g.slice();for(let e=0;e<8;e++)A[g.length-8+e]^=d[e]}if(!m||e.length?(s.unshift(r),n=K[t](e,A,f),n.catch((()=>{})),v+=e.length-o+c):(p.setInt32(5+h+4,E),n=K[t](r,A,y),n.catch((()=>{})),v+=c,l=!0),E+=e.length-o,b=b.then((()=>n)).then((async e=>{await a.ready,await a.write(e),v-=e.length})).catch((e=>a.abort(e))),(l||v>a.desiredSize)&&await b,l){await a.close();break}i?w.setInt32(g.length-4,++m):p.setInt32(9,++m)}}catch(e){await a.ready.catch((()=>{})),await a.abort(e)}}))}const va=/*#__PURE__*/M.constructAllowedPackets([$s,pa,oa,ia]);class Ka{static get tag(){return Q.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=Q.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await E(e,(async e=>{const t=await e.readByte();if(1!==t)throw new it(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=Li(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return M.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=R){this.packets=await ua.fromBinary(await Ea(this,"decrypt",t,v(this.encrypted)),va,r,new fa)}async encrypt(e,t,r=R){this.cipherAlgorithm=e;const{ivLength:n}=Li(this.aeadAlgorithm,!0);this.iv=fe(n),this.chunkSizeByte=r.aeadChunkSizeByte;const i=this.packets.write();this.encrypted=await Ea(this,"encrypt",t,i)}}const Sa=new Set([Q.publicKey.x25519,Q.publicKey.x448,Q.publicKey.pqc_mlkem_x25519]);class Ia{static get tag(){return Q.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new ea,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:n,sessionKeyAlgorithm:i}){const s=new Ia;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return s.version=e,6===e&&(s.publicKeyVersion=r?null:t.version,s.publicKeyFingerprint=r?null:t.getFingerprintBytes()),s.publicKeyID=r?ea.wildcard():t.getKeyID(),s.publicKeyAlgorithm=t.algorithm,s.sessionKey=n,s.sessionKeyAlgorithm=i,s}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const n=r-1;this.publicKeyFingerprint=e.subarray(t,t+n),t+=n,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=ea.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:return{c:M.readMPI(t.subarray(r))};case Q.publicKey.elgamal:{const e=M.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:M.readMPI(t.subarray(r))}}case Q.publicKey.ecdh:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=new Nn;return n.read(t.subarray(r)),{V:e,C:n}}case Q.publicKey.x25519:case Q.publicKey.x448:{const n=Vi(e),i=M.readExactSubarray(t,r,r+n);r+=i.length;const s=new Vn;return s.read(t.subarray(r)),{ephemeralPublicKey:i,C:s}}case Q.publicKey.aead:{const e=new Gn;r+=e.read(t.subarray(r));const{ivLength:n}=Li(e.getValue()),i=t.subarray(r,r+n);r+=n;const s=new _n;return r+=s.read(t.subarray(r)),{aeadMode:e,iv:i,c:s}}case Q.publicKey.pqc_mlkem_x25519:{const e=M.readExactSubarray(t,r,r+Vi(Q.publicKey.x25519));r+=e.length;const n=M.readExactSubarray(t,r,r+1088);r+=n.length;const i=new Vn;return i.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:n,C:i}}default:throw new it("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),Sa.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=Q.write(Q.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),_i(this.publicKeyAlgorithm,this.encrypted)),M.concatUint8Array(e)}async encrypt(e){const t=Q.write(Q.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=Ba(this.version,t,r,this.sessionKey),s=t===Q.publicKey.aead?e.privateParams:null;this.encrypted=await Fi(t,r,e.publicParams,s,i,n)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ba(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,n=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),i=await Oi(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,n,r),{sessionKey:s,sessionKeyAlgorithm:a}=function(e,t,r,n){switch(t){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.elgamal:case Q.publicKey.ecdh:case Q.publicKey.aead:{const t=r.subarray(0,r.length-2),i=r.subarray(r.length-2),s=M.writeChecksum(t.subarray(t.length%8)),a=s[0]===i[0]&s[1]===i[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(n){const t=a&o.sessionKeyAlgorithm===n.sessionKeyAlgorithm&o.sessionKey.length===n.sessionKey.length;return{sessionKey:M.selectUint8Array(t,o.sessionKey,n.sessionKey),sessionKeyAlgorithm:6===e?null:M.selectUint8(t,o.sessionKeyAlgorithm,n.sessionKeyAlgorithm)}}if(a&&(6===e||Q.read(Q.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case Q.publicKey.x25519:case Q.publicKey.x448:case Q.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,i,t);if(3===this.version){const e=!Sa.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?a:this.sessionKeyAlgorithm,s.length!==Kr(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=s}}function Ba(e,t,r,n){switch(t){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.elgamal:case Q.publicKey.ecdh:case Q.publicKey.aead:return M.concatUint8Array([new Uint8Array(6===e?[]:[r]),n,M.writeChecksum(n.subarray(n.length%8))]);case Q.publicKey.x25519:case Q.publicKey.x448:case Q.publicKey.pqc_mlkem_x25519:return n;default:throw Error("Unsupported public key algorithm")}}class Ca{static get tag(){return Q.packet.symEncryptedSessionKey}constructor(e=R){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=Q.write(Q.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const n=e[t++];if(this.s2k=ns(n),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=Li(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const n=r.length,i=3+n+this.iv.length;t=M.concatUint8Array([new Uint8Array([this.version,i,e,this.aeadAlgorithm,n]),r,this.iv,this.encrypted])}else 5===this.version?t=M.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=M.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=M.concatUint8Array([t,this.encrypted])));return t}async decrypt(e){const t=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:r,keySize:n}=Kr(t),i=await this.s2k.produceKey(e,n);if(this.version>=5){const e=Li(this.aeadAlgorithm,!0),r=new Uint8Array([192|Ca.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),s=6===this.version?await Cr(Q.hash.sha256,i,new Uint8Array,r,n):i,a=await e(t,s);this.sessionKey=await a.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await ei(t,i,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=Q.write(Q.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==Kr(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=i}async encrypt(e,t=R){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=is(t),this.s2k.generateSalt();const{blockSize:n,keySize:i}=Kr(r),s=await this.s2k.produceKey(e,i);if(null===this.sessionKey&&(this.sessionKey=qi(this.sessionKeyAlgorithm)),this.version>=5){const e=Li(this.aeadAlgorithm);this.iv=fe(e.ivLength);const t=new Uint8Array([192|Ca.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await Cr(Q.hash.sha256,s,new Uint8Array,t,i):s,a=await e(r,n);this.encrypted=await a.encrypt(this.sessionKey,this.iv,t)}else{const e=M.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await $n(r,s,e,new Uint8Array(n))}}}class Ua{static get tag(){return Q.packet.publicKey}constructor(e=new Date,t=R){this.version=t.v6Keys?6:4,this.created=M.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Ua,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}async read(e,t=R){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=M.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:n}=function(e,t){let r=0;switch(e){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{n:e,e:n}}}case Q.publicKey.dsa:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));r+=n.length+2;const i=M.readMPI(t.subarray(r));r+=i.length+2;const s=M.readMPI(t.subarray(r));return r+=s.length+2,{read:r,publicParams:{p:e,q:n,g:i,y:s}}}case Q.publicKey.elgamal:{const e=M.readMPI(t.subarray(r));r+=e.length+2;const n=M.readMPI(t.subarray(r));r+=n.length+2;const i=M.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{p:e,g:n,y:i}}}case Q.publicKey.ecdsa:{const e=new Je;r+=e.read(t),ji(e);const n=M.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{oid:e,Q:n}}}case Q.publicKey.eddsaLegacy:{const e=new Je;if(r+=e.read(t),ji(e),e.getName()!==Q.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=M.readMPI(t.subarray(r));return r+=n.length+2,n=M.leftPad(n,33),{read:r,publicParams:{oid:e,Q:n}}}case Q.publicKey.ecdh:{const e=new Je;r+=e.read(t),ji(e);const n=M.readMPI(t.subarray(r));r+=n.length+2;const i=new Hn;return r+=i.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:n,kdfParams:i}}}case Q.publicKey.ed25519:case Q.publicKey.ed448:case Q.publicKey.x25519:case Q.publicKey.x448:{const n=M.readExactSubarray(t,r,r+Vi(e));return r+=n.length,{read:r,publicParams:{A:n}}}case Q.publicKey.hmac:case Q.publicKey.aead:{const e=new qn;r+=e.read(t);const n=Qe(Q.hash.sha256),i=t.subarray(r,r+n);return r+=n,{read:r,publicParams:{cipher:e,digest:i}}}case Q.publicKey.pqc_mlkem_x25519:{const e=M.readExactSubarray(t,r,r+Vi(Q.publicKey.x25519));r+=e.length;const n=M.readExactSubarray(t,r,r+1184);return r+=n.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:n}}}case Q.publicKey.pqc_mldsa_ed25519:{const e=M.readExactSubarray(t,r,r+Vi(Q.publicKey.ed25519));r+=e.length;const n=M.readExactSubarray(t,r,r+1952);return r+=n.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:n}}}default:throw new it("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&n.oid&&(n.oid.getName()===Q.curve.curve25519Legacy||n.oid.getName()===Q.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&this.algorithm===Q.publicKey.pqc_mldsa_ed25519)throw Error("Unexpected key version: ML-DSA algorithms can only be used with v6 keys");return this.publicParams=n,r+=t,await this.computeFingerprintAndKeyID(),r}throw new it(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(M.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=_i(this.algorithm,this.publicParams);return this.version>=5&&e.push(M.writeNumber(t.length,4)),e.push(t),M.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,n=e>=5?4:2;return M.concatUint8Array([new Uint8Array([r]),M.writeNumber(t.length,n),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new ea,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await xe(Q.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await xe(Q.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return M.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&M.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=Q.read(Q.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=M.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}Ua.prototype.readPublicKey=Ua.prototype.read,Ua.prototype.writePublicKey=Ua.prototype.write;const Pa=/*#__PURE__*/M.constructAllowedPackets([$s,pa,oa,ia]);class Da{static get tag(){return Q.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=R){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:n}=Kr(e),i=await B(v(this.encrypted)),s=await ei(e,t,i.subarray(n+2),i.subarray(2,n+2));this.packets=await ua.fromBinary(s,Pa,r)}async encrypt(e,t,r=R){const n=this.packets.write(),{blockSize:i}=Kr(e),s=await Wn(e),a=await $n(e,t,s,new Uint8Array(i)),o=await $n(e,t,n,a.subarray(2));this.encrypted=M.concat([a,o])}}class xa{static get tag(){return Q.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Qa extends Ua{static get tag(){return Q.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Qa,{version:r,created:n,algorithm:i,publicParams:s,keyID:a,fingerprint:o}=e;return t.version=r,t.created=n,t.algorithm=i,t.publicParams=s,t.keyID=a,t.fingerprint=o,t}}class Ra{static get tag(){return Q.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=Xe(e.subarray(t,e.length));t+=r.offset,this.attributes.push(M.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(We(this.attributes[t].length)),e.push(M.stringToUint8Array(this.attributes[t]));return M.concatUint8Array(e)}equals(e){return!!(e&&e instanceof Ra)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class Ta extends Ua{static get tag(){return Q.packet.secretKey}constructor(e=new Date,t=R){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=R){let r=await this.readPublicKey(e,t);const n=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=ns(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+Kr(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+Li(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(n),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!M.equalsUint8Array(M.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await Ni(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof it)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return M.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=_i(this.algorithm,this.privateParams)),5===this.version&&t.push(M.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(M.writeChecksum(this.keyMaterial))),M.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=R){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=ns(Q.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=Q.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=R){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=is(t),this.s2k.generateSalt();const r=_i(this.algorithm,this.privateParams);this.symmetric=Q.symmetric.aes256;const{blockSize:n}=Kr(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const i=Li(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const s=et(this.constructor.tag),a=await Ma(this.version,this.s2k,e,this.symmetric,this.aead,s,this.isLegacyAEAD),o=await i(this.symmetric,a);this.iv=this.isLegacyAEAD?fe(n):fe(i.ivLength);const c=this.isLegacyAEAD?new Uint8Array:M.concatUint8Array([s,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,i.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const t=await Ma(this.version,this.s2k,e,this.symmetric);this.iv=fe(n),this.keyMaterial=await $n(this.symmetric,t,M.concatUint8Array([r,await xe(Q.hash.sha1,r)]),this.iv)}}async decrypt(e){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let t;const r=et(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let n;if(t=await Ma(this.version,this.s2k,e,this.symmetric,this.aead,r,this.isLegacyAEAD),253===this.s2kUsage){const e=Li(this.aead,!0),i=await e(this.symmetric,t);try{const t=this.isLegacyAEAD?new Uint8Array:M.concatUint8Array([r,this.writePublicKey()]);n=await i.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),t)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await ei(this.symmetric,t,this.keyMaterial,this.iv);n=e.subarray(0,-20);const r=await xe(Q.hash.sha1,n);if(!M.equalsUint8Array(r,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await Ni(this.algorithm,n,this.publicParams);this.privateParams=e}catch(e){throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await Gi(this.algorithm,this.publicParams,this.privateParams)}catch(t){e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===Q.publicKey.ecdh&&t===Q.curve.curve25519Legacy||this.algorithm===Q.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&this.algorithm===Q.publicKey.pqc_mldsa_ed25519)throw Error(`Cannot generate v${this.version} signing keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:n,publicParams:i}=await Hi(this.algorithm,e,t,r);this.privateParams=n,this.publicParams=i,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ma(e,t,r,n,i,s,a){if("argon2"===t.type&&!i)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=Kr(n),c=await t.produceKey(r,o);if(!i||5===e||a)return c;const u=M.concatUint8Array([s,new Uint8Array([e,n,i])]);return Cr(Q.hash.sha256,c,new Uint8Array,u,o)}class La{static get tag(){return Q.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(M.isString(e)||e.name&&!M.isString(e.name)||e.email&&!M.isEmailAddress(e.email)||e.comment&&!M.isString(e.comment))throw Error("Invalid user ID format");const t=new La;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=R){const r=M.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const n=e=>/^[^\s@]+@[^\s@]+$/.test(e),i=r.indexOf("<"),s=r.lastIndexOf(">");if(-1!==i&&-1!==s&&s>i){const e=r.substring(i+1,s);if(n(e)){this.email=e;const t=r.substring(0,i).trim(),n=t.indexOf("("),s=t.lastIndexOf(")");-1!==n&&-1!==s&&s>n?(this.comment=t.substring(n+1,s).trim(),this.name=t.substring(0,n).trim()):(this.name=t,this.comment="")}}else n(r.trim())&&(this.email=r.trim(),this.name="",this.comment="");this.userID=r}write(){return M.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Fa extends Ta{static get tag(){return Q.packet.secretSubkey}constructor(e=new Date,t=R){super(e,t)}}class Oa{static get tag(){return Q.packet.trust}read(){throw new it("Trust packets are not supported")}write(){throw new it("Trust packets are not supported")}}class Na{static get tag(){return Q.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await fe(e)}}const _a=/*#__PURE__*/M.constructAllowedPackets([ia]);class Ha{constructor(e){this.packets=e||new ua}write(){return this.packets.write()}armor(e=R){const t=this.packets.some((e=>e.constructor.tag===ia.tag&&6!==e.version));return W(Q.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function za({armoredSignature:e,binarySignature:t,config:r,...n}){r={...R,...r};let i=e||t;if(!i)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!M.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!M.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:e,data:t}=await X(i);if(e!==Q.armor.signature)throw Error("Armored text not of type signature");i=t}const a=await ua.fromBinary(i,_a,r);return new Ha(a)}async function Ga(e,t){const r=new Fa(e.date,t);return r.packets=null,r.algorithm=Q.write(Q.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function qa(e,t){const r=new Ta(e.date,t);return r.packets=null,r.algorithm=Q.write(Q.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function ja(e,t,r,n,i=new Date,s){let a,o;for(let c=e.length-1;c>=0;c--)try{(!a||e[c].created>=a.created)&&(await e[c].verify(t,r,n,i,void 0,s),a=e[c])}catch(e){o=e}if(!a)throw M.wrapError(`Could not find valid ${Q.read(Q.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return a}function Va(e,t,r=new Date){const n=M.normalizeDate(r);if(null!==n){const r=$a(e,t);return!(e.created<=n&&n<r)}return!1}async function Ya(e,t,r,n){const i={};i.key=t,i.bind=e;const s={signatureType:Q.signature.subkeyBinding};r.sign?(s.keyFlags=[Q.keyFlags.signData],s.embeddedSignature=await Ja(i,[],e,{signatureType:Q.signature.keyBinding},r.date,void 0,void 0,void 0,n)):s.keyFlags=r.forwarding?[Q.keyFlags.forwardedCommunication]:[Q.keyFlags.encryptCommunication|Q.keyFlags.encryptStorage],r.keyExpirationTime>0&&(s.keyExpirationTime=r.keyExpirationTime,s.keyNeverExpires=!1);return await Ja(i,[],t,s,r.date,void 0,void 0,void 0,n)}async function Za(e,t,r=new Date,n=[],i){const s=Q.hash.sha256,a=i.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,n[t],i)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=Q.write(Q.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===s,h=()=>{if(0===c.size)return s;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Qe(e)-Qe(t)))[0];return Qe(e)>=Qe(s)?e:s},l=new Set([Q.publicKey.ecdsa,Q.publicKey.eddsaLegacy,Q.publicKey.ed25519,Q.publicKey.ed448]),f=new Set([Q.publicKey.pqc_mldsa_ed25519]);if(l.has(t.algorithm)){const e=function(e,t){switch(e){case Q.publicKey.ecdsa:case Q.publicKey.eddsaLegacy:return Yr(t);case Q.publicKey.ed25519:case Q.publicKey.ed448:return yt(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(a),n=Qe(a)>=Qe(e);if(r&&n)return a;{const t=h();return Qe(t)>=Qe(e)?t:e}}if(f.has(t.algorithm)){if(u(a)&&Fn(t.algorithm,a))return a;{const e=h();return Fn(t.algorithm,e)?e:s}}return u(a)?a:h()}async function Ja(e,t,r,n,i,s,a=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new ia;return Object.assign(u,n),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Za(t,r,i,s,c),u.rawNotations=[...a],await u.sign(r,e,i,o,c),u}async function Xa(e,t,r,n=new Date,i){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(n)||i&&!await i(e)||t[r].some((function(t){return M.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Wa(e,t,r,n,i,s,a=new Date,o){s=s||e;const c=[];return await Promise.all(n.map((async function(e){try{if(!i||e.issuerKeyID.equals(i.issuerKeyID)){const n=![Q.reasonForRevocation.keyRetired,Q.reasonForRevocation.keySuperseded,Q.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(s,t,r,n?null:a,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),i?(i.revoked=!!c.some((e=>e.equals(i.issuerKeyID)))||(i.revoked||!1),i.revoked):c.length>0}function $a(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function eo(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=M.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=Q.publicKey.pqc_mldsa_ed25519:e.algorithm=Q.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=Q.write(Q.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==Q.curve.ed25519Legacy&&e.curve!==Q.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?Q.curve.ed25519Legacy:Q.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===Q.curve.ed25519Legacy?Q.publicKey.eddsaLegacy:Q.publicKey.ecdsa:e.algorithm=Q.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?Q.publicKey.ed25519:Q.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?Q.publicKey.ed448:Q.publicKey.x448;break;case"rsa":e.algorithm=Q.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=Q.publicKey.hmac;try{e.symmetric=Q.write(Q.hash,e.symmetricHash)}catch(e){throw Error("Unknown hash algorithm")}}else{e.algorithm=Q.publicKey.aead;try{e.symmetric=Q.write(Q.symmetric,e.symmetricCipher)}catch(e){throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function to(e,t,r){switch(e.algorithm){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:case Q.publicKey.dsa:case Q.publicKey.ecdsa:case Q.publicKey.eddsaLegacy:case Q.publicKey.ed25519:case Q.publicKey.ed448:case Q.publicKey.hmac:case Q.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&Q.keyFlags.signData);default:return!1}}function ro(e,t,r){switch(e.algorithm){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.elgamal:case Q.publicKey.ecdh:case Q.publicKey.x25519:case Q.publicKey.x448:case Q.publicKey.aead:case Q.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&Q.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&Q.keyFlags.encryptStorage);default:return!1}}function no(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaEncrypt:case Q.publicKey.elgamal:case Q.publicKey.ecdh:case Q.publicKey.x25519:case Q.publicKey.x448:case Q.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&Q.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&Q.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&Q.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&Q.keyFlags.forwardedCommunication));default:return!1}}function io(e,t){const r=Q.write(Q.publicKey,e.algorithm),n=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(n.algorithm+" keys are considered too weak.");switch(r){case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:case Q.publicKey.rsaEncrypt:if(n.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case Q.publicKey.ecdsa:case Q.publicKey.eddsaLegacy:case Q.publicKey.ecdh:if(t.rejectCurves.has(n.curve))throw Error(`Support for ${n.algorithm} keys using curve ${n.curve} is disabled.`)}}class so{constructor(e,t){this.userID=e.constructor.tag===Q.packet.userID?e:null,this.userAttribute=e.constructor.tag===Q.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new ua;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new so(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n},s=new so(i.userID||i.userAttribute,this.mainKey);return s.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(n))throw Error("The user's own key can only be used for self-certifications");const s=await e.getSigningKey(void 0,t,void 0,r);return Ja(i,[e],s.keyPacket,{signatureType:Q.signature.certGeneric,keyFlags:[Q.keyFlags.certifyKeys|Q.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await s.update(this,t,r),s}async isRevoked(e,t,r=new Date,n=R){const i=this.mainKey.keyPacket;return Wa(i,Q.signature.certRevocation,{key:i,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,n)}async verifyCertificate(e,t,r=new Date,n){const i=this,s=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:s},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const s=await t.getSigningKey(o,e.created,void 0,n);if(e.revoked||await i.isRevoked(e,s.keyPacket,r,n))throw Error("User certificate is revoked");try{await e.verify(s.keyPacket,Q.signature.certGeneric,a,r,void 0,n)}catch(e){throw M.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const n=this,i=this.selfCertifications.concat(this.otherCertifications);return Promise.all(i.map((async i=>({keyID:i.issuerKeyID,valid:await n.verifyCertificate(i,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};let s;for(let a=this.selfCertifications.length-1;a>=0;a--)try{const s=this.selfCertifications[a];if(s.revoked||await r.isRevoked(s,void 0,e,t))throw Error("Self-certification is revoked");try{await s.verify(n,Q.signature.certGeneric,i,e,void 0,t)}catch(e){throw M.wrapError("Self-certification is invalid",e)}return!0}catch(e){s=e}throw s}async update(e,t,r){const n=this.mainKey.keyPacket,i={userID:this.userID,userAttribute:this.userAttribute,key:n};await Xa(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(n,Q.signature.certGeneric,i,t,!1,r),!0}catch(e){return!1}})),await Xa(e,this,"otherCertifications",t),await Xa(e,this,"revocationSignatures",t,(function(e){return Wa(n,Q.signature.certRevocation,i,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=Q.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=R){const s={userID:this.userID,userAttribute:this.userAttribute,key:e},a=new so(s.userID||s.userAttribute,this.mainKey);return a.revocationSignatures.push(await Ja(s,[],e,{signatureType:Q.signature.certRevocation,reasonForRevocationFlag:Q.write(Q.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}}class ao{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new ua;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new ao(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,n=R){const i=this.mainKey.keyPacket;return Wa(i,Q.signature.subkeyRevocation,{key:i,bind:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verify(e=new Date,t=R){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket},i=await ja(this.bindingSignatures,r,Q.signature.subkeyBinding,n,e,t);if(i.revoked||await this.isRevoked(i,null,e,t))throw Error("Subkey is revoked");if(Va(this.keyPacket,i,e))throw Error("Subkey is expired");return i}async getExpirationTime(e=new Date,t=R){const r=this.mainKey.keyPacket,n={key:r,bind:this.keyPacket};let i;try{i=await ja(this.bindingSignatures,r,Q.signature.subkeyBinding,n,e,t)}catch(e){return null}const s=$a(this.keyPacket,i),a=i.getExpirationTime();return s<a?s:a}async update(e,t=new Date,r=R){const n=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===Q.packet.publicSubkey&&e.keyPacket.constructor.tag===Q.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const i=this,s={key:n,bind:i.keyPacket};await Xa(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<i.bindingSignatures.length;t++)if(i.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>i.bindingSignatures[t].created&&(i.bindingSignatures[t]=e),!1;try{return await e.verify(n,Q.signature.subkeyBinding,s,t,void 0,r),!0}catch(e){return!1}})),await Xa(e,this,"revocationSignatures",t,(function(e){return Wa(n,Q.signature.subkeyRevocation,s,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=Q.reasonForRevocation.noReason,string:r=""}={},n=new Date,i=R){const s={key:e,bind:this.keyPacket},a=new ao(this.keyPacket,this.mainKey);return a.revocationSignatures.push(await Ja(s,[],e,{signatureType:Q.signature.subkeyRevocation,reasonForRevocationFlag:Q.write(Q.reasonForRevocation,t),reasonForRevocationString:r},n,void 0,void 0,!1,i)),await a.update(this),a}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{ao.prototype[e]=function(){return this.keyPacket[e]()}}));const oo=/*#__PURE__*/M.constructAllowedPackets([ia]),co=new Set([Q.packet.publicKey,Q.packet.privateKey]),uo=new Set([Q.packet.publicKey,Q.packet.privateKey,Q.packet.publicSubkey,Q.packet.privateSubkey]);class ho{packetListToStructure(e,t=new Set){let r,n,i,s;for(const a of e){if(a instanceof ot){uo.has(a.tag)&&!s&&(s=co.has(a.tag)?co:uo);continue}const e=a.constructor.tag;if(s){if(!s.has(e))continue;s=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case Q.packet.publicKey:case Q.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=a,n=this.getKeyID(),!n)throw Error("Missing Key ID");break;case Q.packet.userID:case Q.packet.userAttribute:r=new so(a,this),this.users.push(r);break;case Q.packet.publicSubkey:case Q.packet.secretSubkey:r=null,i=new ao(a,this),this.subkeys.push(i);break;case Q.packet.signature:switch(a.signatureType){case Q.signature.certGeneric:case Q.signature.certPersona:case Q.signature.certCasual:case Q.signature.certPositive:if(!r){M.printDebug("Dropping certification signatures without preceding user packet");continue}a.issuerKeyID.equals(n)?r.selfCertifications.push(a):r.otherCertifications.push(a);break;case Q.signature.certRevocation:r?r.revocationSignatures.push(a):this.directSignatures.push(a);break;case Q.signature.key:this.directSignatures.push(a);break;case Q.signature.subkeyBinding:if(!i){M.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}i.bindingSignatures.push(a);break;case Q.signature.keyRevocation:this.revocationSignatures.push(a);break;case Q.signature.subkeyRevocation:if(!i){M.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}i.revocationSignatures.push(a)}}}}toPacketList(){const e=new ua;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},n=R){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{io(i,n)}catch(e){throw M.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await ja(r.bindingSignatures,i,Q.signature.subkeyBinding,e,t,n);if(!to(r.keyPacket,s,n))continue;if(!s.embeddedSignature)throw Error("Missing embedded signature");return await ja([s.embeddedSignature],r.keyPacket,Q.signature.keyBinding,e,t,n),io(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&to(i,s,n))return io(i,n),this}catch(e){a=e}throw M.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),a)}async getEncryptionKey(e,t=new Date,r={},n=R){await this.verifyPrimaryKey(t,r,n);const i=this.keyPacket;try{io(i,n)}catch(e){throw M.wrapError("Could not verify primary key",e)}const s=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let a;for(const r of s)if(!e||r.getKeyID().equals(e))try{await r.verify(t,n);const e={key:i,bind:r.keyPacket},s=await ja(r.bindingSignatures,i,Q.signature.subkeyBinding,e,t,n);if(ro(r.keyPacket,s,n))return io(r.keyPacket,n),r}catch(e){a=e}try{const s=await this.getPrimarySelfSignature(t,r,n);if((!e||i.getKeyID().equals(e))&&ro(i,s,n))return io(i,n),this}catch(e){a=e}throw M.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),a)}async isRevoked(e,t,r=new Date,n=R){return Wa(this.keyPacket,Q.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,n)}async verifyPrimaryKey(e=new Date,t={},r=R){const n=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Va(n,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==n.version){const t=await ja(this.directSignatures,n,Q.signature.key,{key:n},e,r).catch((()=>{}));if(t&&Va(n,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=R){let r;try{const n=await this.getPrimarySelfSignature(null,e,t),i=$a(this.keyPacket,n),s=n.getExpirationTime(),a=6!==this.keyPacket.version&&await ja(this.directSignatures,this.keyPacket,Q.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(a){const e=$a(this.keyPacket,a);r=Math.min(i,s,e)}else r=i<s?i:s}catch(e){r=null}return M.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=R){const n=this.keyPacket;if(6===n.version)return ja(this.directSignatures,n,Q.signature.key,{key:n},e,r);const{selfCertification:i}=await this.getPrimaryUser(e,t,r);return i}async getPrimaryUser(e=new Date,t={},r=R){const n=this.keyPacket,i=[];let s;for(let a=0;a<this.users.length;a++)try{const s=this.users[a];if(!s.userID)continue;if(void 0!==t.name&&s.userID.name!==t.name||void 0!==t.email&&s.userID.email!==t.email||void 0!==t.comment&&s.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:s.userID,key:n},c=await ja(s.selfCertifications,n,Q.signature.certGeneric,o,e,r);i.push({index:a,user:s,selfCertification:c})}catch(e){s=e}if(!i.length)throw s||Error("Could not find primary user");await Promise.all(i.map((async function(t){return t.selfCertification.revoked||t.user.isRevoked(t.selfCertification,null,e,r)})));const a=i.sort((function(e,t){const r=e.selfCertification,n=t.selfCertification;return n.revoked-r.revoked||r.isPrimaryUserID-n.isPrimaryUserID||r.created-n.created})).pop(),{user:o,selfCertification:c}=a;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return a}async update(e,t=new Date,r=R){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const n=this.clone();return await Xa(e,n,"revocationSignatures",t,(i=>Wa(n.keyPacket,Q.signature.keyRevocation,n,[i],null,e.keyPacket,t,r))),await Xa(e,n,"directSignatures",t),await Promise.all(e.users.map((async e=>{const i=n.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const i=n.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(i.length>0)await Promise.all(i.map((n=>n.update(e,t,r))));else{const t=e.clone();t.mainKey=n,n.subkeys.push(t)}}))),n}async getRevocationCertificate(e=new Date,t=R){const r={key:this.keyPacket},n=await ja(this.revocationSignatures,this.keyPacket,Q.signature.keyRevocation,r,e,t),i=new ua;i.push(n);const s=6!==this.keyPacket.version;return W(Q.armor.publicKey,i.write(),null,null,"This is a revocation certificate",s,t)}async applyRevocationCertificate(e,t=new Date,r=R){const n=await X(e),i=(await ua.fromBinary(n.data,oo,r)).findPacket(Q.packet.signature);if(!i||i.signatureType!==Q.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!i.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await i.verify(this.keyPacket,Q.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw M.wrapError("Could not verify revocation signature",e)}const s=this.clone();return s.revocationSignatures.push(i),s}async signPrimaryUser(e,t,r,n=R){const{index:i,user:s}=await this.getPrimaryUser(t,r,n),a=await s.certify(e,t,n),o=this.clone();return o.users[i]=a,o}async signAllUsers(e,t=new Date,r=R){const n=this.clone();return n.users=await Promise.all(this.users.map((function(n){return n.certify(e,t,r)}))),n}async verifyPrimaryUser(e,t=new Date,r,n=R){const i=this.keyPacket,{user:s}=await this.getPrimaryUser(t,r,n);return e?await s.verifyAllCertifications(e,t,n):[{keyID:i.getKeyID(),valid:await s.verify(t,n).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=R){const n=this.keyPacket,i=[];return await Promise.all(this.users.map((async s=>{const a=e?await s.verifyAllCertifications(e,t,r):[{keyID:n.getKeyID(),valid:await s.verify(t,r).catch((()=>!1))}];i.push(...a.map((e=>({userID:s.userID?s.userID.userID:null,userAttribute:s.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),i}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{ho.prototype[e]=ao.prototype[e]}));class lo extends ho{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([Q.packet.secretKey,Q.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=R){const t=6!==this.keyPacket.version;return W(Q.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class fo extends lo{constructor(e){if(super(),this.packetListToStructure(e,new Set([Q.packet.publicKey,Q.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new ua,t=this.toPacketList();let r=!1;for(const n of t)if(!r||n.constructor.tag!==Q.packet.Signature)switch(r&&(r=!1),n.constructor.tag){case Q.packet.secretKey:{if(n.algorithm===Q.publicKey.aead||n.algorithm===Q.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=Ua.fromSecretKeyPacket(n);e.push(t);break}case Q.packet.secretSubkey:{if(n.algorithm===Q.publicKey.aead||n.algorithm===Q.publicKey.hmac){r=!0;break}const t=Qa.fromSecretSubkeyPacket(n);e.push(t);break}default:e.push(n)}return new lo(e)}armor(e=R){const t=6!==this.keyPacket.version;return W(Q.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},n=R){const i=this.keyPacket,s=[];let a=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){a=a||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:i,bind:this.subkeys[r].keyPacket},a=await ja(this.subkeys[r].bindingSignatures,i,Q.signature.subkeyBinding,e,t,n);no(this.subkeys[r].keyPacket,a,n)&&s.push(this.subkeys[r])}catch(e){a=e}}const o=await this.getPrimarySelfSignature(t,r,n);if(e&&!i.getKeyID().equals(e,!0)||!no(i,o,n)||(i.isDummy()?a=a||Error("Gnu-dummy key packets cannot be used for decryption"):s.push(this)),0===s.length)throw a||Error("No decryption key packets found");return s}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=R){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=Q.reasonForRevocation.noReason,string:t=""}={},r=new Date,n=R){if(!this.isPrivate())throw Error("Need private key for revoking");const i={key:this.keyPacket},s=this.clone();return s.revocationSignatures.push(await Ja(i,[],this.keyPacket,{signatureType:Q.signature.keyRevocation,reasonForRevocationFlag:Q.write(Q.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,n)),s}async addSubkey(e={}){const t={...R,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const n=r.getAlgorithmInfo();n.type=function(e){switch(Q.write(Q.publicKey,e)){case Q.publicKey.rsaEncrypt:case Q.publicKey.rsaEncryptSign:case Q.publicKey.rsaSign:case Q.publicKey.dsa:return"rsa";case Q.publicKey.ecdsa:case Q.publicKey.eddsaLegacy:return"ecc";case Q.publicKey.ed25519:return"curve25519";case Q.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(n.algorithm),n.rsaBits=n.bits||4096,n.curve=n.curve||"curve25519Legacy",e=eo(e,n);const i=await Ga(e,{...t,v6Keys:6===this.keyPacket.version});io(i,t);const s=await Ya(i,r,e,t),a=this.toPacketList();return a.push(i,s),new fo(a)}}const yo=/*#__PURE__*/M.constructAllowedPackets([Ua,Qa,Ta,Fa,La,Ra,ia]);function po(e){for(const t of e)switch(t.constructor.tag){case Q.packet.secretKey:return new fo(e);case Q.packet.publicKey:return new lo(e)}throw Error("No key packet found")}async function go(e,t,r,n){r.passphrase&&await e.encrypt(r.passphrase,n),await Promise.all(t.map((async function(e,t){const i=r.subkeys[t].passphrase;i&&await e.encrypt(i,n)})));const i=new ua;function s(e,t){return[t,...e.filter((e=>e!==t))]}function a(){const t={};t.keyFlags=[Q.keyFlags.certifyKeys|Q.keyFlags.signData];const i=s([Q.symmetric.aes256,Q.symmetric.aes128],n.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=i,n.aeadProtect){const e=s([Q.aead.gcm,Q.aead.eax,Q.aead.ocb],n.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>i.map((t=>[t,e]))))}return t.preferredHashAlgorithms=s([Q.hash.sha512,Q.hash.sha256,...6===e.version?[Q.hash.sha3_512,Q.hash.sha3_256]:[]],n.preferredHashAlgorithm),t.preferredCompressionAlgorithms=s([Q.compression.uncompressed,Q.compression.zlib,Q.compression.zip],n.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=Q.features.modificationDetection,n.aeadProtect&&(t.features[0]|=Q.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(i.push(e),6===e.version){const t={key:e},s=a();s.signatureType=Q.signature.key;const o=await Ja(t,[],e,s,r.date,void 0,void 0,void 0,n);i.push(o)}await Promise.all(r.userIDs.map((async function(t,i){const s=La.fromObject(t),o={userID:s,key:e},c=6!==e.version?a():{};c.signatureType=Q.signature.certPositive,0===i&&(c.isPrimaryUserID=!0);return{userIDPacket:s,signaturePacket:await Ja(o,[],e,c,r.date,void 0,void 0,void 0,n)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{i.push(e),i.push(t)}))})),await Promise.all(t.map((async function(t,i){const s=r.subkeys[i];return{secretSubkeyPacket:t,subkeySignaturePacket:await Ya(t,e,s,n)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{i.push(e),i.push(t)}))}));const o={key:e};return i.push(await Ja(o,[],e,{signatureType:Q.signature.keyRevocation,reasonForRevocationFlag:Q.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,n)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new fo(i)}async function Ao({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...R,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!M.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!M.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await X(e);if(t!==Q.armor.publicKey&&t!==Q.armor.privateKey)throw Error("Armored text not of type key");s=r}else s=t;const a=await ua.fromBinary(s,yo,r),o=a.indexOfTag(Q.packet.publicKey,Q.packet.secretKey);if(0===o.length)throw Error("No key packet found");return po(a.slice(o[0],o[1]))}async function wo({armoredKey:e,binaryKey:t,config:r,...n}){if(r={...R,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!M.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!M.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));let s;if(e){const{type:t,data:r}=await X(e);if(t!==Q.armor.privateKey)throw Error("Armored text not of type private key");s=r}else s=t;const a=await ua.fromBinary(s,yo,r),o=a.indexOfTag(Q.packet.publicKey,Q.packet.secretKey);for(let e=0;e<o.length;e++){if(a[o[e]].constructor.tag===Q.packet.publicKey)continue;const t=a.slice(o[e],o[e+1]);return new fo(t)}throw Error("No secret key packet found")}async function mo({armoredKeys:e,binaryKeys:t,config:r,...n}){r={...R,...r};let i=e||t;if(!i)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!M.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!M.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));if(e){const{type:t,data:r}=await X(e);if(t!==Q.armor.publicKey&&t!==Q.armor.privateKey)throw Error("Armored text not of type key");i=r}const a=[],o=await ua.fromBinary(i,yo,r),c=o.indexOfTag(Q.packet.publicKey,Q.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=po(o.slice(c[e],c[e+1]));a.push(t)}return a}async function bo({armoredKeys:e,binaryKeys:t,config:r}){r={...R,...r};let n=e||t;if(!n)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!M.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!M.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await X(e);if(t!==Q.armor.privateKey)throw Error("Armored text not of type private key");n=r}const i=[],s=await ua.fromBinary(n,yo,r),a=s.indexOfTag(Q.packet.publicKey,Q.packet.secretKey);for(let e=0;e<a.length;e++){if(s[a[e]].constructor.tag===Q.packet.publicKey)continue;const t=s.slice(a[e],a[e+1]),r=new fo(t);i.push(r)}if(0===i.length)throw Error("No secret key packet found");return i}const ko=/*#__PURE__*/M.constructAllowedPackets([$s,pa,Ka,ka,Da,Ia,Ca,oa,ia]),Eo=/*#__PURE__*/M.constructAllowedPackets([Ca]),vo=/*#__PURE__*/M.constructAllowedPackets([ia]);class Ko{constructor(e){this.packets=e||new ua}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(Q.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(Q.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(Q.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,n=new Date,i=R){const s=this.packets.filterByTag(Q.packet.symmetricallyEncryptedData,Q.packet.symEncryptedIntegrityProtectedData,Q.packet.aeadEncryptedData);if(0===s.length)throw Error("No encrypted data found");const a=s[0],o=a.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,n,i);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!M.isUint8Array(t)||!a.cipherAlgorithm&&!M.isString(e))throw Error("Invalid session key for decryption.");try{const r=a.cipherAlgorithm||Q.write(Q.symmetric,e);await a.decrypt(r,t,i)}catch(e){M.printDebugError(e),u=e}})));if(C(a.encrypted),a.encrypted=null,await h,!a.packets||!a.packets.length)throw u||Error("Decryption failed.");const l=new Ko(a.packets);return a.packets=new ua,l}async decryptSessionKeys(e,t,r,n=new Date,i=R){let s,a=[];if(t){const e=this.packets.filterByTag(Q.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let n;n=r?await ua.fromBinary(e.write(),Eo,i):e,await Promise.all(n.map((async function(e){try{await e.decrypt(t),a.push(e)}catch(e){M.printDebugError(e),e instanceof Ji&&(s=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(Q.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,i)).map((e=>e.keyPacket))}catch(e){return void(s=e)}let c=[Q.symmetric.aes256,Q.symmetric.aes128,Q.symmetric.tripledes,Q.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(n,void 0,i);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(i.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===Q.publicKey.rsaEncrypt||t.publicKeyAlgorithm===Q.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===Q.publicKey.rsaSign||t.publicKeyAlgorithm===Q.publicKey.elgamal)){const n=t.write();await Promise.all((r?[r]:Array.from(i.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Ia;r.read(n);const i={sessionKeyAlgorithm:t,sessionKey:qi(t)};try{await r.decrypt(e,i),a.push(r)}catch(e){M.printDebugError(e),s=e}})))}else try{await t.decrypt(e);const n=r||t.sessionKeyAlgorithm;if(n&&!c.includes(Q.write(Q.symmetric,n)))throw Error("A non-preferred symmetric algorithm was used.");a.push(t)}catch(e){M.printDebugError(e),s=e}})))}))),C(t.encrypted),t.encrypted=null})))}}if(a.length>0){if(a.length>1){const e=new Set;a=a.filter((t=>{const r=t.sessionKeyAlgorithm+M.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return a.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&Q.read(Q.symmetric,e.sessionKeyAlgorithm)})))}throw s||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(Q.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(Q.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(Q.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],n=R){const{symmetricAlgo:i,aeadAlgo:s}=await async function(e=[],t=new Date,r=[],n=R){const i=await Promise.all(e.map(((e,i)=>e.getPrimarySelfSignature(t,r[i],n))));if(e.length?!n.ignoreSEIPDv2FeatureFlag&&i.every((e=>e.features&&e.features[0]&Q.features.seipdv2)):n.aeadProtect){const e={symmetricAlgo:Q.symmetric.aes128,aeadAlgo:Q.aead.ocb},t=[{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:n.preferredAEADAlgorithm},{symmetricAlgo:n.preferredSymmetricAlgorithm,aeadAlgo:Q.aead.ocb},{symmetricAlgo:Q.symmetric.aes128,aeadAlgo:n.preferredAEADAlgorithm}];for(const e of t)if(i.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const s=Q.symmetric.aes128,a=n.preferredSymmetricAlgorithm;return{symmetricAlgo:i.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(a)))?a:s,aeadAlgo:void 0}}(e,t,r,n),a=Q.read(Q.symmetric,i),o=s?Q.read(Q.aead,s):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===Q.publicKey.x25519||e.keyPacket.algorithm===Q.publicKey.x448)&&!o&&!M.isAES(i))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:qi(i),algorithm:a,aeadAlgorithm:o}}async encrypt(e,t,r,n=!1,i=[],s=new Date,a=[],o=R){if(r){if(!M.isUint8Array(r.data)||!M.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ko.generateSessionKey(e,s,a,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ko.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await Ko.encryptSessionKey(c,u,h,e,t,n,i,s,a,o),f=ka.fromObject({version:h?2:1,aeadAlgorithm:h?Q.write(Q.aead,h):null});f.packets=this.packets;const y=Q.write(Q.symmetric,u);return await f.encrypt(y,c,o),l.packets.push(f),f.packets=new ua,l}static async encryptSessionKey(e,t,r,n,i,s=!1,a=[],o=new Date,c=[],u=R){const h=new ua,l=Q.write(Q.symmetric,t),f=r&&Q.write(Q.aead,r);if(n){const t=await Promise.all(n.map((async function(t,r){const n=await t.getEncryptionKey(a[r],o,c,u),i=Ia.fromObject({version:f?6:3,encryptionKeyPacket:n.keyPacket,anonymousRecipient:s,sessionKey:e,sessionKeyAlgorithm:l});return await i.encrypt(n.keyPacket),delete i.sessionKey,i})));h.push(...t)}if(i){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,n=async function(e,s,a,o){const c=new Ca(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=s,a&&(c.aeadAlgorithm=a),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(i.map((e=>t(c,e))))).reduce(r))return n(e,s,o)}return delete c.sessionKey,c},s=await Promise.all(i.map((t=>n(e,l,f,t))));h.push(...s)}return new Ko(h)}async sign(e=[],t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=R){const u=new ua,h=this.packets.findPacket(Q.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await So(h,e,t,r,n,i,s,a,o,!1,c),f=l.map(((e,t)=>oa.fromSignaturePacket(e,0===t))).reverse();return u.push(...f),u.push(h),u.push(...l),new Ko(u)}compress(e,t=R){if(e===Q.compression.uncompressed)return this;const r=new pa(t);r.algorithm=e,r.packets=this.packets;const n=new ua;return n.push(r),new Ko(n)}async signDetached(e=[],t=[],r=null,n=[],i=[],s=new Date,a=[],o=[],c=R){const u=this.packets.findPacket(Q.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new Ha(await So(u,e,t,r,n,i,s,a,o,!0,c))}async verify(e,t=new Date,r=R){const n=this.unwrapCompressed(),i=n.packets.filterByTag(Q.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");let s=n.packets;a(s.stream)&&(s=s.concat(await B(s.stream,(e=>e||[]))));const o=s.filterByTag(Q.packet.onePassSignature).reverse(),c=s.filterByTag(Q.packet.signature);return o.length&&!c.length&&M.isStream(s.stream)&&!a(s.stream)?(await Promise.all(o.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=U((async()=>(await e.correspondingSig).signatureData)),e.hashed=B(await e.hash(e.signatureType,i[0],void 0,!1)),e.hashed.catch((()=>{}))}))),s.stream=k(s.stream,(async(e,t)=>{const r=P(e),n=D(t);try{for(let e=0;e<o.length;e++){const{value:t}=await r.read();o[e].correspondingSigResolve(t)}await r.readToEnd(),await n.ready,await n.close()}catch(e){o.forEach((t=>{t.correspondingSigReject(e)})),await n.abort(e)}})),Io(o,i,e,t,!1,r)):Io(c,i,e,t,!1,r)}verifyDetached(e,t,r=new Date,n=R){const i=this.unwrapCompressed().packets.filterByTag(Q.packet.literalData);if(1!==i.length)throw Error("Can only verify message with one literal data packet.");return Io(e.packets.filterByTag(Q.packet.signature),i,t,r,!0,n)}unwrapCompressed(){const e=this.packets.filterByTag(Q.packet.compressedData);return e.length?new Ko(e[0].packets):this}async appendSignature(e,t=R){await this.packets.read(M.isUint8Array(e)?e:(await X(e)).data,vo,t)}write(){return this.packets.write()}armor(e=R){const t=this.packets[this.packets.length-1],r=t.constructor.tag===ka.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===ia.tag&&6!==e.version));return W(Q.armor.message,this.write(),null,null,null,r,e)}}async function So(e,t,r=[],n=null,i=[],s=new Date,a=[],o=[],c=[],u=!1,h=R){const l=new ua,f=null===e.text?Q.signature.binary:Q.signature.text;if(await Promise.all(t.map((async(t,n)=>{const l=a[n];if(!t.isPrivate())throw Error("Need private key for signing");const y=await t.getSigningKey(i[n],s,l,h);return Ja(e,r.length?r:[t],y.keyPacket,{signatureType:f},s,o,c,u,h)}))).then((e=>{l.push(...e)})),n){const e=n.packets.filterByTag(Q.packet.signature);l.push(...e)}return l}async function Io(e,t,r,n=new Date,i=!1,s=R){return Promise.all(e.filter((function(e){return["text","binary"].includes(Q.read(Q.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,n=new Date,i=!1,s=R){let a,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){a=t,o=r[0];break}}const c=e instanceof oa?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],n,i,s);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await a.getSigningKey(o.getKeyID(),r.created,void 0,s)}catch(e){if(!s.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await a.getSigningKey(o.getKeyID(),n,void 0,s)}return!0})(),signature:(async()=>{const e=await c,t=new ua;return e&&t.push(e),new Ha(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,n,i,s)})))}async function Bo({armoredMessage:e,binaryMessage:t,config:r,...n}){r={...R,...r};let i=e||t;if(!i)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!M.isString(e)&&!M.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!M.isUint8Array(t)&&!M.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));const a=M.isStream(i);if(e){const{type:e,data:t}=await X(i);if(e!==Q.armor.message)throw Error("Armored text not of type message");i=t}const o=await ua.fromBinary(i,ko,r,new fa),c=new Ko(o);return c.fromStream=a,c}async function Co({text:e,binary:t,filename:r,date:n=new Date,format:i=(void 0!==e?"utf8":"binary"),...s}){const a=void 0!==e?e:t;if(void 0===a)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!M.isString(e)&&!M.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!M.isUint8Array(t)&&!M.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=M.isStream(a),u=new $s(n);void 0!==e?u.setText(a,Q.write(Q.literal,i)):u.setBytes(a,Q.write(Q.literal,i)),void 0!==r&&u.setFilename(r);const h=new ua;h.push(u);const l=new Ko(h);return l.fromStream=c,l}const Uo=/*#__PURE__*/M.constructAllowedPackets([ia]);class Po{constructor(e,t){if(this.text=M.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof Ha))throw Error("Invalid signature input");this.signature=t||new Ha(new ua)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,n=[],i=new Date,s=[],a=[],o=[],c=R){const u=new $s;u.setText(this.text);const h=new Ha(await So(u,e,t,r,n,i,s,a,o,!0,c));return new Po(this.text,h)}verify(e,t=new Date,r=R){const n=this.signature.packets.filterByTag(Q.packet.signature),i=new $s;return i.setText(this.text),Io(n,[i],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=R){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>Q.read(Q.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return W(Q.armor.signed,r,void 0,void 0,void 0,t,e)}}async function Do({cleartextMessage:e,config:t,...r}){if(t={...R,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!M.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const n=Object.keys(r);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const i=await X(e);if(i.type!==Q.armor.signed)throw Error("No cleartext signed message.");const s=await ua.fromBinary(i.data,Uo,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let n=0;n<t.length;n++)if(t[n].constructor.tag===Q.packet.signature&&!e.some(r(t[n])))return!1;return!0},n=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return Q.write(Q.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));n.push(...e)}})),n.length&&!r(n))throw Error("Hash algorithm mismatch in armor header and signature")}(i.headers,s);const a=new Ha(s);return new Po(i.text,a)}async function xo({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!M.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Po(e)}async function Qo({userIDs:e=[],passphrase:t,type:r,curve:n,rsaBits:i=4096,symmetricHash:s="sha256",symmetricCipher:a="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...f}){Zo(l={...R,...l}),r||n?(r=r||"ecc",n=n||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",n="curve25519Legacy"),e=Jo(e);const y=Object.keys(f);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&i<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${i}`);const p={userIDs:e,passphrase:t,type:r,rsaBits:i,curve:n,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:s,symmetricCipher:a};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=eo(e)).subkeys=e.subkeys.map(((t,r)=>eo(e.subkeys[r],e)));let r=[qa(e,t)];r=r.concat(e.subkeys.map((e=>Ga(e,t))));const n=await Promise.all(r),i=await go(n[0],n.slice(1),e,t),s=await i.getRevocationCertificate(e.date,t);return i.revocationSignatures=[],{key:i,revocationCertificate:s}}(p,l);return e.getKeys().forEach((({keyPacket:e})=>io(e,l))),{privateKey:$o(e,h,l),publicKey:"symmetric"!==r?$o(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw M.wrapError("Error generating keypair",e)}}async function Ro({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:n=0,date:i,format:s="armored",config:a,...o}){Zo(a={...R,...a}),t=Jo(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:n,date:i};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const n=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,i={key:n,bind:r},s=await ja(e.bindingSignatures,n,Q.signature.subkeyBinding,i,null,t).catch((()=>({})));return{sign:s.keyFlags&&s.keyFlags[0]&Q.keyFlags.signData,forwarding:s.keyFlags&&s.keyFlags[0]&Q.keyFlags.forwardedCommunication}}))));const i=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==i.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const s=await go(n,i,e,t),a=await s.getRevocationCertificate(e.date,t);return s.revocationSignatures=[],{key:s,revocationCertificate:a};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=M.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,a);return{privateKey:$o(e,s,a),publicKey:$o(e.toPublic(),s,a),revocationCertificate:t}}catch(e){throw M.wrapError("Error reformatting keypair",e)}}async function To({key:e,revocationCertificate:t,reasonForRevocation:r,date:n=new Date,format:i="armored",config:s,...a}){Zo(s={...R,...s});const o=Object.keys(a);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const a=t?await e.applyRevocationCertificate(t,n,s):await e.revoke(r,n,s);return a.isPrivate()?{privateKey:$o(a,i,s),publicKey:$o(a.toPublic(),i,s)}:{privateKey:null,publicKey:$o(a,i,s)}}catch(e){throw M.wrapError("Error revoking key",e)}}async function Mo({privateKey:e,passphrase:t,config:r,...n}){Zo(r={...R,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const s=e.clone(!0),a=M.isArray(t)?t:[t];try{return await Promise.all(s.getKeys().map((e=>M.anyPromise(a.map((t=>e.keyPacket.decrypt(t))))))),await s.validate(r),s}catch(e){throw s.clearPrivateParams(),M.wrapError("Error decrypting private key",e)}}async function Lo({privateKey:e,passphrase:t,config:r,...n}){Zo(r={...R,...r});const i=Object.keys(n);if(i.length>0)throw Error("Unknown option: "+i.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const s=e.clone(!0),a=s.getKeys(),o=M.isArray(t)?t:Array(a.length).fill(t);if(o.length!==a.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(a.map((async(e,t)=>{const{keyPacket:n}=e;await n.encrypt(o[t],r),n.clearPrivateParams()}))),s}catch(e){throw s.clearPrivateParams(),M.wrapError("Error encrypting private key",e)}}async function Fo({message:e,encryptionKeys:t,signingKeys:r,passwords:n,sessionKey:i,format:s="armored",signature:a=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:f=[],signatureNotations:y=[],config:p,...d}){if(Zo(p={...R,...p}),qo(e),Vo(s),t=Jo(t),r=Jo(r),n=Jo(n),c=Jo(c),u=Jo(u),l=Jo(l),f=Jo(f),y=Jo(y),d.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(d.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(d.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==d.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const g=Object.keys(d);if(g.length>0)throw Error("Unknown option: "+g.join(", "));r||(r=[]);try{if((r.length||a)&&(e=await e.sign(r,t,a,c,h,l,u,y,p)),e=e.compress(await async function(e=[],t=new Date,r=[],n=R){const i=Q.compression.uncompressed,s=n.preferredCompressionAlgorithm,a=await Promise.all(e.map((async function(e,i){const a=(await e.getPrimarySelfSignature(t,r[i],n)).preferredCompressionAlgorithms;return!!a&&a.indexOf(s)>=0})));return a.every(Boolean)?s:i}(t,h,f,p),p),e=await e.encrypt(t,n,i,o,u,h,f,p),"object"===s)return e;const d="armored"===s?e.armor(p):e.write();return await Xo(d)}catch(e){throw M.wrapError("Error encrypting message",e)}}async function Oo({message:e,decryptionKeys:t,passwords:r,sessionKeys:n,verificationKeys:i,expectSigned:s=!1,format:a="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Zo(u={...R,...u}),qo(e),i=Jo(i),t=Jo(t),r=Jo(r),n=Jo(n),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,n,c,u);i||(i=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,i,c,u):await h.verify(i,c,u),l.data="binary"===a?h.getLiteralData():h.getText(),l.filename=h.getFilename(),Wo(l,e,...new Set([h,h.unwrapCompressed()])),s){if(0===i.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=g([l.data,U((async()=>(await M.anyPromise(l.signatures.map((e=>e.verified))),"binary"===a?new Uint8Array:"")))])}return l.data=await Xo(l.data),l}catch(e){throw M.wrapError("Error decrypting message",e)}}async function No({message:e,signingKeys:t,recipientKeys:r=[],format:n="armored",detached:i=!1,signingKeyIDs:s=[],date:a=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if(Zo(h={...R,...h}),jo(e),Vo(n),t=Jo(t),s=Jo(s),o=Jo(o),r=Jo(r),c=Jo(c),u=Jo(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const f=Object.keys(l);if(f.length>0)throw Error("Unknown option: "+f.join(", "));if(e instanceof Po&&"binary"===n)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Po&&i)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=i?await e.signDetached(t,r,void 0,s,a,o,c,u,h):await e.sign(t,r,void 0,s,a,o,c,u,h),"object"===n)return l;return l="armored"===n?l.armor(h):l.write(),i&&(l=k(e.packets.write(),(async(e,t)=>{await Promise.all([A(l,t),B(e).catch((()=>{}))])}))),await Xo(l)}catch(e){throw M.wrapError("Error signing message",e)}}async function _o({message:e,verificationKeys:t,expectSigned:r=!1,format:n="utf8",signature:i=null,date:s=new Date,config:a,...o}){if(Zo(a={...R,...a}),jo(e),t=Jo(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Po&&"binary"===n)throw Error("Can't return cleartext message data as binary");if(e instanceof Po&&i)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=i?await e.verifyDetached(i,t,s,a):await e.verify(t,s,a),o.data="binary"===n?e.getLiteralData():e.getText(),e.fromStream&&!i&&Wo(o,...new Set([e,e.unwrapCompressed()])),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=g([o.data,U((async()=>(await M.anyPromise(o.signatures.map((e=>e.verified))),"binary"===n?new Uint8Array:"")))])}return o.data=await Xo(o.data),o}catch(e){throw M.wrapError("Error verifying signed message",e)}}async function Ho({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:n,...i}){if(Zo(n={...R,...n}),e=Jo(e),r=Jo(r),i.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const s=Object.keys(i);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await Ko.generateSessionKey(e,t,r,n)}catch(e){throw M.wrapError("Error generating session key",e)}}async function zo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:n,passwords:i,format:s="armored",wildcard:a=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if(Zo(h={...R,...h}),function(e){if(!M.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!M.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Vo(s),n=Jo(n),i=Jo(i),o=Jo(o),u=Jo(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const f=Object.keys(l);if(f.length>0)throw Error("Unknown option: "+f.join(", "));if(!(n&&0!==n.length||i&&0!==i.length))throw Error("No encryption keys or passwords provided.");try{return $o(await Ko.encryptSessionKey(e,t,r,n,i,a,o,c,u,h),s,h)}catch(e){throw M.wrapError("Error encrypting session key",e)}}async function Go({message:e,decryptionKeys:t,passwords:r,date:n=new Date,config:i,...s}){if(Zo(i={...R,...i}),qo(e),t=Jo(t),r=Jo(r),s.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const a=Object.keys(s);if(a.length>0)throw Error("Unknown option: "+a.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,n,i)}catch(e){throw M.wrapError("Error decrypting session keys",e)}}function qo(e){if(!(e instanceof Ko))throw Error("Parameter [message] needs to be of type Message")}function jo(e){if(!(e instanceof Po||e instanceof Ko))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Vo(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Yo=Object.keys(R).length;function Zo(e){const t=Object.keys(e);if(t.length!==Yo)for(const e of t)if(void 0===R[e])throw Error("Unknown config property: "+e)}function Jo(e){return e&&!M.isArray(e)&&(e=[e]),e}async function Xo(e){return"array"===M.isStream(e)?B(e):e}function Wo(e,t,...r){e.data=k(t.packets.stream,(async(t,n)=>{await A(e.data,n,{preventClose:!0});const i=D(n);try{await B(t,(e=>e)),await Promise.all(r.map((e=>B(e.packets.stream,(e=>e))))),await i.close()}catch(e){await i.abort(e)}}))}function $o(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}const ec="object"==typeof e&&"crypto"in e?e.crypto:void 0;
 /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */function tc(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&"Uint8Array"===e.constructor.name}function rc(e){if(!Number.isSafeInteger(e)||e<0)throw Error("positive integer expected, got "+e)}function nc(e,...t){if(!tc(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error("Uint8Array expected of length "+t+", got length="+e.length)}function ic(e){if("function"!=typeof e||"function"!=typeof e.create)throw Error("Hash should be wrapped by utils.createHasher");rc(e.outputLen),rc(e.blockLen)}function sc(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function ac(e,t){nc(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}function oc(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function cc(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function uc(e,t){return e<<32-t|e>>>t}function hc(e,t){return e<<t|e>>>32-t>>>0}const lc=/* @__PURE__ */(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])()?e=>e:function(e){for(let r=0;r<e.length;r++)e[r]=(t=e[r])<<24&4278190080|t<<8&16711680|t>>>8&65280|t>>>24&255;var t;return e},fc=/* @__PURE__ */(()=>"function"==typeof Uint8Array.from([]).toHex&&"function"==typeof Uint8Array.fromHex)(),yc=/* @__PURE__ */Array.from({length:256},((e,t)=>t.toString(16).padStart(2,"0")));function pc(e){if(nc(e),fc)return e.toHex();let t="";for(let r=0;r<e.length;r++)t+=yc[e[r]];return t}const dc=48,gc=57,Ac=65,wc=70,mc=97,bc=102;function kc(e){return e>=dc&&e<=gc?e-dc:e>=Ac&&e<=wc?e-(Ac-10):e>=mc&&e<=bc?e-(mc-10):void 0}function Ec(e){if("string"!=typeof e)throw Error("hex string expected, got "+typeof e);if(fc)return Uint8Array.fromHex(e);const t=e.length,r=t/2;if(t%2)throw Error("hex string expected, got unpadded hex of length "+t);const n=new Uint8Array(r);for(let t=0,i=0;t<r;t++,i+=2){const r=kc(e.charCodeAt(i)),s=kc(e.charCodeAt(i+1));if(void 0===r||void 0===s){const t=e[i]+e[i+1];throw Error('hex string expected, got non-hex character "'+t+'" at index '+i)}n[t]=16*r+s}return n}function vc(e){return"string"==typeof e&&(e=function(e){if("string"!=typeof e)throw Error("string expected");return new Uint8Array((new TextEncoder).encode(e))}(e)),nc(e),e}function Kc(...e){let t=0;for(let r=0;r<e.length;r++){const n=e[r];nc(n),t+=n.length}const r=new Uint8Array(t);for(let t=0,n=0;t<e.length;t++){const i=e[t];r.set(i,n),n+=i.length}return r}let Sc=class{};function Ic(e){const t=t=>e().update(vc(t)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}const Bc=Ic;function Cc(e=32){if(ec&&"function"==typeof ec.getRandomValues)return ec.getRandomValues(new Uint8Array(e));if(ec&&"function"==typeof ec.randomBytes)return Uint8Array.from(ec.randomBytes(e));throw Error("crypto.getRandomValues must be defined")}
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Uc=/* @__PURE__ */BigInt(0),Pc=/* @__PURE__ */BigInt(1);function Dc(e,t=""){if("boolean"!=typeof e){throw Error((t&&`"${t}"`)+"expected boolean, got type="+typeof e)}return e}function xc(e,t,r=""){const n=tc(e),i=e?.length,s=void 0!==t;if(!n||s&&i!==t){throw Error((r&&`"${r}" `)+"expected Uint8Array"+(s?" of length "+t:"")+", got "+(n?"length="+i:"type="+typeof e))}return e}function Qc(e){const t=e.toString(16);return 1&t.length?"0"+t:t}function Rc(e){if("string"!=typeof e)throw Error("hex string expected, got "+typeof e);return""===e?Uc:BigInt("0x"+e)}function Tc(e){return Rc(pc(e))}function Mc(e){return nc(e),Rc(pc(Uint8Array.from(e).reverse()))}function Lc(e,t){return Ec(e.toString(16).padStart(2*t,"0"))}function Fc(e,t){return Lc(e,t).reverse()}function Oc(e,t,r){let n;if("string"==typeof t)try{n=Ec(t)}catch(t){throw Error(e+" must be hex string or Uint8Array, cause: "+t)}else{if(!tc(t))throw Error(e+" must be hex string or Uint8Array");n=Uint8Array.from(t)}const i=n.length;if("number"==typeof r&&i!==r)throw Error(e+" of length "+r+" expected, got "+i);return n}function Nc(e){return Uint8Array.from(e)}const _c=e=>"bigint"==typeof e&&Uc<=e;function Hc(e,t,r,n){if(!function(e,t,r){return _c(e)&&_c(t)&&_c(r)&&t<=e&&e<r}(t,r,n))throw Error("expected valid "+e+": "+r+" <= n < "+n+", got "+t)}function zc(e){let t;for(t=0;e>Uc;e>>=Pc,t+=1);return t}const Gc=e=>(Pc<<BigInt(e))-Pc;function qc(e,t,r={}){if(!e||"object"!=typeof e)throw Error("expected valid options object");function n(t,r,n){const i=e[t];if(n&&void 0===i)return;const s=typeof i;if(s!==r||null===i)throw Error(`param "${t}" is invalid: expected ${r}, got ${s}`)}Object.entries(t).forEach((([e,t])=>n(e,t,!1))),Object.entries(r).forEach((([e,t])=>n(e,t,!0)))}function jc(e){const t=new WeakMap;return(r,...n)=>{const i=t.get(r);if(void 0!==i)return i;const s=e(r,...n);return t.set(r,s),s}}
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Vc=BigInt(0),Yc=BigInt(1),Zc=/* @__PURE__ */BigInt(2),Jc=/* @__PURE__ */BigInt(3),Xc=/* @__PURE__ */BigInt(4),Wc=/* @__PURE__ */BigInt(5),$c=/* @__PURE__ */BigInt(7),eu=/* @__PURE__ */BigInt(8),tu=/* @__PURE__ */BigInt(9),ru=/* @__PURE__ */BigInt(16);function nu(e,t){const r=e%t;return r>=Vc?r:t+r}function iu(e,t,r){let n=e;for(;t-- >Vc;)n*=n,n%=r;return n}function su(e,t){if(e===Vc)throw Error("invert: expected non-zero number");if(t<=Vc)throw Error("invert: expected positive modulus, got "+t);let r=nu(e,t),n=t,i=Vc,s=Yc;for(;r!==Vc;){const e=n%r,t=i-s*(n/r);n=r,r=e,i=s,s=t}if(n!==Yc)throw Error("invert: does not exist");return nu(i,t)}function au(e,t,r){if(!e.eql(e.sqr(t),r))throw Error("Cannot find square root")}function ou(e,t){const r=(e.ORDER+Yc)/Xc,n=e.pow(t,r);return au(e,n,t),n}function cu(e,t){const r=(e.ORDER-Wc)/eu,n=e.mul(t,Zc),i=e.pow(n,r),s=e.mul(t,i),a=e.mul(e.mul(s,Zc),i),o=e.mul(s,e.sub(a,e.ONE));return au(e,o,t),o}function uu(e){if(e<Jc)throw Error("sqrt is not defined for small field");let t=e-Yc,r=0;for(;t%Zc===Vc;)t/=Zc,r++;let n=Zc;const i=du(e);for(;1===yu(i,n);)if(n++>1e3)throw Error("Cannot find square root: probably non-prime P");if(1===r)return ou;let s=i.pow(n,t);const a=(t+Yc)/Zc;return function(e,n){if(e.is0(n))return n;if(1!==yu(e,n))throw Error("Cannot find square root");let i=r,o=e.mul(e.ONE,s),c=e.pow(n,t),u=e.pow(n,a);for(;!e.eql(c,e.ONE);){if(e.is0(c))return e.ZERO;let t=1,r=e.sqr(c);for(;!e.eql(r,e.ONE);)if(t++,r=e.sqr(r),t===i)throw Error("Cannot find square root");const n=Yc<<BigInt(i-t-1),s=e.pow(o,n);i=t,o=e.sqr(s),c=e.mul(c,o),u=e.mul(u,s)}return u}}function hu(e){return e%Xc===Jc?ou:e%eu===Wc?cu:e%ru===tu?function(e){const t=du(e),r=uu(e),n=r(t,t.neg(t.ONE)),i=r(t,n),s=r(t,t.neg(n)),a=(e+$c)/ru;return(e,t)=>{let r=e.pow(t,a),o=e.mul(r,n);const c=e.mul(r,i),u=e.mul(r,s),h=e.eql(e.sqr(o),t),l=e.eql(e.sqr(c),t);r=e.cmov(r,o,h),o=e.cmov(u,c,l);const f=e.eql(e.sqr(o),t),y=e.cmov(r,o,f);return au(e,y,t),y}}(e):uu(e)}const lu=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function fu(e,t,r=!1){const n=Array(t.length).fill(r?e.ZERO:void 0),i=t.reduce(((t,r,i)=>e.is0(r)?t:(n[i]=t,e.mul(t,r))),e.ONE),s=e.inv(i);return t.reduceRight(((t,r,i)=>e.is0(r)?t:(n[i]=e.mul(t,n[i]),e.mul(t,r))),s),n}function yu(e,t){const r=(e.ORDER-Yc)/Zc,n=e.pow(t,r),i=e.eql(n,e.ONE),s=e.eql(n,e.ZERO),a=e.eql(n,e.neg(e.ONE));if(!i&&!s&&!a)throw Error("invalid Legendre symbol result");return i?1:s?0:-1}function pu(e,t){void 0!==t&&rc(t);const r=void 0!==t?t:e.toString(2).length;return{nBitLength:r,nByteLength:Math.ceil(r/8)}}function du(e,t,r=!1,n={}){if(e<=Vc)throw Error("invalid field: expected ORDER > 0, got "+e);let i,s,a,o=!1;if("object"==typeof t&&null!=t){if(n.sqrt||r)throw Error("cannot specify opts in two arguments");const e=t;e.BITS&&(i=e.BITS),e.sqrt&&(s=e.sqrt),"boolean"==typeof e.isLE&&(r=e.isLE),"boolean"==typeof e.modFromBytes&&(o=e.modFromBytes),a=e.allowedLengths}else"number"==typeof t&&(i=t),n.sqrt&&(s=n.sqrt);const{nBitLength:c,nByteLength:u}=pu(e,i);if(u>2048)throw Error("invalid field: expected ORDER of <= 2048 bytes");let h;const l=Object.freeze({ORDER:e,isLE:r,BITS:c,BYTES:u,MASK:Gc(c),ZERO:Vc,ONE:Yc,allowedLengths:a,create:t=>nu(t,e),isValid:t=>{if("bigint"!=typeof t)throw Error("invalid field element: expected bigint, got "+typeof t);return Vc<=t&&t<e},is0:e=>e===Vc,isValidNot0:e=>!l.is0(e)&&l.isValid(e),isOdd:e=>(e&Yc)===Yc,neg:t=>nu(-t,e),eql:(e,t)=>e===t,sqr:t=>nu(t*t,e),add:(t,r)=>nu(t+r,e),sub:(t,r)=>nu(t-r,e),mul:(t,r)=>nu(t*r,e),pow:(e,t)=>function(e,t,r){if(r<Vc)throw Error("invalid exponent, negatives unsupported");if(r===Vc)return e.ONE;if(r===Yc)return t;let n=e.ONE,i=t;for(;r>Vc;)r&Yc&&(n=e.mul(n,i)),i=e.sqr(i),r>>=Yc;return n}(l,e,t),div:(t,r)=>nu(t*su(r,e),e),sqrN:e=>e*e,addN:(e,t)=>e+t,subN:(e,t)=>e-t,mulN:(e,t)=>e*t,inv:t=>su(t,e),sqrt:s||(t=>(h||(h=hu(e)),h(l,t))),toBytes:e=>r?Fc(e,u):Lc(e,u),fromBytes:(t,n=!0)=>{if(a){if(!a.includes(t.length)||t.length>u)throw Error("Field.fromBytes: expected "+a+" bytes, got "+t.length);const e=new Uint8Array(u);e.set(t,r?0:e.length-t.length),t=e}if(t.length!==u)throw Error("Field.fromBytes: expected "+u+" bytes, got "+t.length);let i=r?Mc(t):Tc(t);if(o&&(i=nu(i,e)),!n&&!l.isValid(i))throw Error("invalid field element: outside of range 0..ORDER");return i},invertBatch:e=>fu(l,e),cmov:(e,t,r)=>r?t:e});return Object.freeze(l)}function gu(e){if("bigint"!=typeof e)throw Error("field order must be bigint");const t=e.toString(2).length;return Math.ceil(t/8)}function Au(e){const t=gu(e);return t+Math.ceil(t/2)}function wu(e,t,r){return e&t^~e&r}function mu(e,t,r){return e&t^e&r^t&r}class bu extends Sc{constructor(e,t,r,n){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=e,this.outputLen=t,this.padOffset=r,this.isLE=n,this.buffer=new Uint8Array(e),this.view=cc(this.buffer)}update(e){sc(this),nc(e=vc(e));const{view:t,buffer:r,blockLen:n}=this,i=e.length;for(let s=0;s<i;){const a=Math.min(n-this.pos,i-s);if(a!==n)r.set(e.subarray(s,s+a),this.pos),this.pos+=a,s+=a,this.pos===n&&(this.process(t,0),this.pos=0);else{const t=cc(e);for(;n<=i-s;s+=n)this.process(t,s)}}return this.length+=e.length,this.roundClean(),this}digestInto(e){sc(this),ac(e,this),this.finished=!0;const{buffer:t,view:r,blockLen:n,isLE:i}=this;let{pos:s}=this;t[s++]=128,oc(this.buffer.subarray(s)),this.padOffset>n-s&&(this.process(r,0),s=0);for(let e=s;e<n;e++)t[e]=0;!function(e,t,r,n){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,n);const i=BigInt(32),s=BigInt(4294967295),a=Number(r>>i&s),o=Number(r&s),c=n?4:0,u=n?0:4;e.setUint32(t+c,a,n),e.setUint32(t+u,o,n)}(r,n-8,BigInt(8*this.length),i),this.process(r,0);const a=cc(e),o=this.outputLen;if(o%4)throw Error("_sha2: outputLen should be aligned to 32bit");const c=o/4,u=this.get();if(c>u.length)throw Error("_sha2: outputLen bigger than state");for(let e=0;e<c;e++)a.setUint32(4*e,u[e],i)}digest(){const{buffer:e,outputLen:t}=this;this.digestInto(e);const r=e.slice(0,t);return this.destroy(),r}_cloneInto(e){e||(e=new this.constructor),e.set(...this.get());const{blockLen:t,buffer:r,length:n,finished:i,destroyed:s,pos:a}=this;return e.destroyed=s,e.finished=i,e.length=n,e.pos=a,n%t&&e.buffer.set(r),e}clone(){return this._cloneInto()}}const ku=/* @__PURE__ */Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),Eu=/* @__PURE__ */Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]),vu=/* @__PURE__ */Uint32Array.from([3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]),Ku=/* @__PURE__ */Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209]),Su=/* @__PURE__ */BigInt(2**32-1),Iu=/* @__PURE__ */BigInt(32);function Bu(e,t=!1){return t?{h:Number(e&Su),l:Number(e>>Iu&Su)}:{h:0|Number(e>>Iu&Su),l:0|Number(e&Su)}}function Cu(e,t=!1){const r=e.length;let n=new Uint32Array(r),i=new Uint32Array(r);for(let s=0;s<r;s++){const{h:r,l:a}=Bu(e[s],t);[n[s],i[s]]=[r,a]}return[n,i]}const Uu=(e,t,r)=>e>>>r,Pu=(e,t,r)=>e<<32-r|t>>>r,Du=(e,t,r)=>e>>>r|t<<32-r,xu=(e,t,r)=>e<<32-r|t>>>r,Qu=(e,t,r)=>e<<64-r|t>>>r-32,Ru=(e,t,r)=>e>>>r-32|t<<64-r;function Tu(e,t,r,n){const i=(t>>>0)+(n>>>0);return{h:e+r+(i/2**32|0)|0,l:0|i}}const Mu=(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0),Lu=(e,t,r,n)=>t+r+n+(e/2**32|0)|0,Fu=(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0),Ou=(e,t,r,n,i)=>t+r+n+i+(e/2**32|0)|0,Nu=(e,t,r,n,i)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(i>>>0),_u=(e,t,r,n,i,s)=>t+r+n+i+s+(e/2**32|0)|0,Hu=/* @__PURE__ */Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),zu=/* @__PURE__ */new Uint32Array(64);class Gu extends bu{constructor(e=32){super(64,e,8,!1),this.A=0|ku[0],this.B=0|ku[1],this.C=0|ku[2],this.D=0|ku[3],this.E=0|ku[4],this.F=0|ku[5],this.G=0|ku[6],this.H=0|ku[7]}get(){const{A:e,B:t,C:r,D:n,E:i,F:s,G:a,H:o}=this;return[e,t,r,n,i,s,a,o]}set(e,t,r,n,i,s,a,o){this.A=0|e,this.B=0|t,this.C=0|r,this.D=0|n,this.E=0|i,this.F=0|s,this.G=0|a,this.H=0|o}process(e,t){for(let r=0;r<16;r++,t+=4)zu[r]=e.getUint32(t,!1);for(let e=16;e<64;e++){const t=zu[e-15],r=zu[e-2],n=uc(t,7)^uc(t,18)^t>>>3,i=uc(r,17)^uc(r,19)^r>>>10;zu[e]=i+zu[e-7]+n+zu[e-16]|0}let{A:r,B:n,C:i,D:s,E:a,F:o,G:c,H:u}=this;for(let e=0;e<64;e++){const t=u+(uc(a,6)^uc(a,11)^uc(a,25))+wu(a,o,c)+Hu[e]+zu[e]|0,h=(uc(r,2)^uc(r,13)^uc(r,22))+mu(r,n,i)|0;u=c,c=o,o=a,a=s+t|0,s=i,i=n,n=r,r=t+h|0}r=r+this.A|0,n=n+this.B|0,i=i+this.C|0,s=s+this.D|0,a=a+this.E|0,o=o+this.F|0,c=c+this.G|0,u=u+this.H|0,this.set(r,n,i,s,a,o,c,u)}roundClean(){oc(zu)}destroy(){this.set(0,0,0,0,0,0,0,0),oc(this.buffer)}}class qu extends Gu{constructor(){super(28),this.A=0|Eu[0],this.B=0|Eu[1],this.C=0|Eu[2],this.D=0|Eu[3],this.E=0|Eu[4],this.F=0|Eu[5],this.G=0|Eu[6],this.H=0|Eu[7]}}const ju=/* @__PURE__ */(()=>Cu(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map((e=>BigInt(e)))))(),Vu=/* @__PURE__ */(()=>ju[0])(),Yu=/* @__PURE__ */(()=>ju[1])(),Zu=/* @__PURE__ */new Uint32Array(80),Ju=/* @__PURE__ */new Uint32Array(80);class Xu extends bu{constructor(e=64){super(128,e,16,!1),this.Ah=0|Ku[0],this.Al=0|Ku[1],this.Bh=0|Ku[2],this.Bl=0|Ku[3],this.Ch=0|Ku[4],this.Cl=0|Ku[5],this.Dh=0|Ku[6],this.Dl=0|Ku[7],this.Eh=0|Ku[8],this.El=0|Ku[9],this.Fh=0|Ku[10],this.Fl=0|Ku[11],this.Gh=0|Ku[12],this.Gl=0|Ku[13],this.Hh=0|Ku[14],this.Hl=0|Ku[15]}get(){const{Ah:e,Al:t,Bh:r,Bl:n,Ch:i,Cl:s,Dh:a,Dl:o,Eh:c,El:u,Fh:h,Fl:l,Gh:f,Gl:y,Hh:p,Hl:d}=this;return[e,t,r,n,i,s,a,o,c,u,h,l,f,y,p,d]}set(e,t,r,n,i,s,a,o,c,u,h,l,f,y,p,d){this.Ah=0|e,this.Al=0|t,this.Bh=0|r,this.Bl=0|n,this.Ch=0|i,this.Cl=0|s,this.Dh=0|a,this.Dl=0|o,this.Eh=0|c,this.El=0|u,this.Fh=0|h,this.Fl=0|l,this.Gh=0|f,this.Gl=0|y,this.Hh=0|p,this.Hl=0|d}process(e,t){for(let r=0;r<16;r++,t+=4)Zu[r]=e.getUint32(t),Ju[r]=e.getUint32(t+=4);for(let e=16;e<80;e++){const t=0|Zu[e-15],r=0|Ju[e-15],n=Du(t,r,1)^Du(t,r,8)^Uu(t,0,7),i=xu(t,r,1)^xu(t,r,8)^Pu(t,r,7),s=0|Zu[e-2],a=0|Ju[e-2],o=Du(s,a,19)^Qu(s,a,61)^Uu(s,0,6),c=xu(s,a,19)^Ru(s,a,61)^Pu(s,a,6),u=Fu(i,c,Ju[e-7],Ju[e-16]),h=Ou(u,n,o,Zu[e-7],Zu[e-16]);Zu[e]=0|h,Ju[e]=0|u}let{Ah:r,Al:n,Bh:i,Bl:s,Ch:a,Cl:o,Dh:c,Dl:u,Eh:h,El:l,Fh:f,Fl:y,Gh:p,Gl:d,Hh:g,Hl:A}=this;for(let e=0;e<80;e++){const t=Du(h,l,14)^Du(h,l,18)^Qu(h,l,41),w=xu(h,l,14)^xu(h,l,18)^Ru(h,l,41),m=h&f^~h&p,b=Nu(A,w,l&y^~l&d,Yu[e],Ju[e]),k=_u(b,g,t,m,Vu[e],Zu[e]),E=0|b,v=Du(r,n,28)^Qu(r,n,34)^Qu(r,n,39),K=xu(r,n,28)^Ru(r,n,34)^Ru(r,n,39),S=r&i^r&a^i&a,I=n&s^n&o^s&o;g=0|p,A=0|d,p=0|f,d=0|y,f=0|h,y=0|l,({h,l}=Tu(0|c,0|u,0|k,0|E)),c=0|a,u=0|o,a=0|i,o=0|s,i=0|r,s=0|n;const B=Mu(E,K,I);r=Lu(B,k,v,S),n=0|B}({h:r,l:n}=Tu(0|this.Ah,0|this.Al,0|r,0|n)),({h:i,l:s}=Tu(0|this.Bh,0|this.Bl,0|i,0|s)),({h:a,l:o}=Tu(0|this.Ch,0|this.Cl,0|a,0|o)),({h:c,l:u}=Tu(0|this.Dh,0|this.Dl,0|c,0|u)),({h,l}=Tu(0|this.Eh,0|this.El,0|h,0|l)),({h:f,l:y}=Tu(0|this.Fh,0|this.Fl,0|f,0|y)),({h:p,l:d}=Tu(0|this.Gh,0|this.Gl,0|p,0|d)),({h:g,l:A}=Tu(0|this.Hh,0|this.Hl,0|g,0|A)),this.set(r,n,i,s,a,o,c,u,h,l,f,y,p,d,g,A)}roundClean(){oc(Zu,Ju)}destroy(){oc(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}}class Wu extends Xu{constructor(){super(48),this.Ah=0|vu[0],this.Al=0|vu[1],this.Bh=0|vu[2],this.Bl=0|vu[3],this.Ch=0|vu[4],this.Cl=0|vu[5],this.Dh=0|vu[6],this.Dl=0|vu[7],this.Eh=0|vu[8],this.El=0|vu[9],this.Fh=0|vu[10],this.Fl=0|vu[11],this.Gh=0|vu[12],this.Gl=0|vu[13],this.Hh=0|vu[14],this.Hl=0|vu[15]}}const $u=/* @__PURE__ */Ic((()=>new Gu)),eh=/* @__PURE__ */Ic((()=>new qu)),th=/* @__PURE__ */Ic((()=>new Xu)),rh=/* @__PURE__ */Ic((()=>new Wu));class nh extends Sc{constructor(e,t){super(),this.finished=!1,this.destroyed=!1,ic(e);const r=vc(t);if(this.iHash=e.create(),"function"!=typeof this.iHash.update)throw Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const n=this.blockLen,i=new Uint8Array(n);i.set(r.length>n?e.create().update(r).digest():r);for(let e=0;e<i.length;e++)i[e]^=54;this.iHash.update(i),this.oHash=e.create();for(let e=0;e<i.length;e++)i[e]^=106;this.oHash.update(i),oc(i)}update(e){return sc(this),this.iHash.update(e),this}digestInto(e){sc(this),nc(e,this.outputLen),this.finished=!0,this.iHash.digestInto(e),this.oHash.update(e),this.oHash.digestInto(e),this.destroy()}digest(){const e=new Uint8Array(this.oHash.outputLen);return this.digestInto(e),e}_cloneInto(e){e||(e=Object.create(Object.getPrototypeOf(this),{}));const{oHash:t,iHash:r,finished:n,destroyed:i,blockLen:s,outputLen:a}=this;return e.finished=n,e.destroyed=i,e.blockLen=s,e.outputLen=a,e.oHash=t._cloneInto(e.oHash),e.iHash=r._cloneInto(e.iHash),e}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}}const ih=(e,t,r)=>new nh(e,t).update(r).digest();ih.create=(e,t)=>new nh(e,t)