@protontech/openpgp 6.2.1 → 6.2.2

package/dist/lightweight/openpgp.min.mjs

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v6.2.1 - 2025-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
-const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),a=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function n(e){return e&&e.getReader&&Array.isArray(e)}function s(e){if(!n(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function o(t){if(n(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function c(e){return Uint8Array.prototype.isPrototypeOf(e)}function u(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!c(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let i=0;return e.forEach((function(e){r.set(e,i),i+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[a]&&(this[a]=0),{read:async()=>(await this[t],this[a]===this.length?{value:void 0,done:!0}:{value:this[this[a]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[a]));return this.length=0,r},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[t]=this[t].then((()=>{e.push(...this)})),e},s.prototype.write=async function(e){this.stream.push(e)},s.prototype.close=async function(){this.stream[r]()},s.prototype.abort=async function(e){return this.stream[i](e),e},s.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const h=new WeakSet,l=Symbol("externalBuffer");function y(e){if(this.stream=e,e[l]&&(this[l]=e[l].slice()),n(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||h.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{h.add(e)}catch(e){}}}function p(e){return o(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(o(e))return e;const t=new ArrayStream;return(async()=>{const r=C(t);await r.write(e),await r.close()})(),t}function g(e){return e.some((e=>o(e)&&!n(e)))?function(e){e=e.map(p);const t=w((async function(e){await Promise.all(i.map((t=>U(t,e))))}));let r=Promise.resolve();const i=e.map(((i,a)=>k(i,((i,n)=>(r=r.then((()=>m(i,t.writable,{preventClose:a!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>n(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((i,a)=>(r=r.then((()=>m(i,t,{preventClose:a!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):u(e)}async function m(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:a=!1}={}){if(o(e)&&!n(e)){e=p(e);try{if(e[l]){const r=C(t);for(let t=0;t<e[l].length;t++)await r.ready,await r.write(e[l][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:i,preventCancel:a})}catch(e){}return}const s=x(e=d(e)),c=C(t);try{for(;;){await c.ready;const{done:e,value:t}=await s.read();if(e){r||await c.close();break}await c.write(t)}}catch(e){i||await c.abort(e)}finally{s.releaseLock(),c.releaseLock()}}function f(e,t){const r=new TransformStream(t);return m(e,r.writable),r.readable}function w(e){let t,r,i,a=!1,n=!1;return{readable:new ReadableStream({start(e){i=e},pull(){t?t():a=!0},async cancel(t){n=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(n)throw Error("Stream is cancelled");i.enqueue(e),a?a=!1:(await new Promise(((e,i)=>{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function b(e,t=()=>{},r=()=>{}){if(n(e)){const i=new ArrayStream;return(async()=>{const a=C(i);try{const i=await P(e),n=t(i),s=r();let o;o=void 0!==n&&void 0!==s?g([n,s]):void 0!==n?n:s,await a.write(o),await a.close()}catch(e){await a.abort(e)}})(),i}if(o(e))return f(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),a=r();return void 0!==i&&void 0!==a?g([i,a]):void 0!==i?i:a}function k(e,t){if(o(e)&&!n(e)){let r;const i=new TransformStream({start(e){r=e}}),a=m(e,i.writable),n=w((async function(e){r.error(e),await a,await new Promise(setTimeout)}));return t(i.readable,n.writable),n.readable}e=d(e);const r=new ArrayStream;return t(e,r),r}function v(e,t){let r;const i=k(e,((e,a)=>{const n=x(e);n.remainder=()=>(n.releaseLock(),m(e,a),i),r=t(n)}));return r}function K(e){if(n(e))return e.clone();if(o(e)){const t=function(e){if(n(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(o(e)){const t=p(e).tee();return t[0][l]=t[1][l]=e[l],t}return[S(e),S(e)]}(e);return E(e,t[0]),t[1]}return S(e)}function A(e){return n(e)?K(e):o(e)?new ReadableStream({start(t){const r=k(e,(async(e,r)=>{const i=x(e),a=C(r);try{for(;;){await a.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await a.close()}try{t.enqueue(r)}catch(e){}await a.write(r)}}catch(e){t.error(e),await a.abort(e)}}));E(e,r)}}):S(e)}function E(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function S(e,t=0,r=1/0){if(n(e))throw Error("Not implemented");if(o(e)){if(t>=0&&r>=0){let i=0;return f(e,{transform(e,a){i<r?(i+e.length>=t&&a.enqueue(S(e,Math.max(t-i,0),r-i)),i+=e.length):a.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return b(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>S(g(i),t,r)))}if(0===t&&r<0){let i;return b(e,(e=>{const a=i?g([i,e]):e;if(a.length>=-r)return i=S(a,r),S(a,t,r);i=a}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),D((async()=>S(await P(e),t,r)))}return e[l]&&(e=g(e[l].concat([e]))),c(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function P(e,t=g){return n(e)?e.readToEnd(t):o(e)?x(e).readToEnd(t):e}async function U(e,t){if(o(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function D(e){const t=new ArrayStream;return(async()=>{const r=C(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function x(e){return new y(e)}function C(e){return new s(e)}y.prototype.read=async function(){if(this[l]&&this[l].length){return{done:!1,value:this[l].shift()}}return this._read()},y.prototype.releaseLock=function(){this[l]&&(this.stream[l]=this[l]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?g(t):void 0;const a=i.indexOf("\n")+1;a&&(e=g(t.concat(i.substr(0,a))),t=[]),a!==i.length&&t.push(i.substr(a))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(S(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:a}=await this.read();if(i)return t.length?g(t):void 0;if(t.push(a),r+=a.length,r>=e){const r=g(t);return this.unshift(S(r,e)),S(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[l]||(this[l]=[]),1===e.length&&c(e[0])&&this[l].length&&e[0].length&&this[l][0].byteOffset>=e[0].length?this[l][0]=new Uint8Array(this[l][0].buffer,this[l][0].byteOffset-e[0].length,this[l][0].byteLength+e[0].length):this[l].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=g){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const I=Symbol("byValue");var T={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mldsa_ed25519:30,pqc_mlkem_x25519:35,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[I]||(e[I]=[],Object.entries(e).forEach((([t,r])=>{e[I][r]=t}))),void 0!==e[I][t])return e[I][t];throw Error("Invalid enum value.")}},B={preferredHashAlgorithm:T.hash.sha512,preferredSymmetricAlgorithm:T.symmetric.aes256,preferredCompressionAlgorithm:T.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:T.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:T.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([T.symmetric.aes128,T.symmetric.aes192,T.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,enforceGrammar:!0,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.2.1",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd]),rejectMessageHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd,T.hash.sha1]),rejectPublicKeyAlgorithms:new Set([T.publicKey.elgamal,T.publicKey.dsa]),rejectCurves:new Set([T.curve.secp256k1])};const M=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),F={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:c,isStream:o,getNobleCurve:async(e,t)=>{if(!B.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await import("./noble_curves.min.mjs");switch(e){case T.publicKey.ecdh:case T.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case T.publicKey.x448:return r.get("x448");case T.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let i=0;i<t;i++)r[i]=e>>8*(t-i-1)&255;return r},readDate:function(e){const t=F.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return F.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return F.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=F.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return F.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+F.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return b(e,(e=>{if(!F.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,i=(e=new Uint8Array(e)).length;for(let a=0;a<i;a+=r)t.push(String.fromCharCode.apply(String,e.subarray(a,a+r<i?a+r:i)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return b(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return b(e,r,(()=>r(new Uint8Array,!0)))},concat:g,concatUint8Array:u,equalsUint8Array:function(e,t){if(!F.isUint8Array(e)||!F.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},findLastIndex:function(e,t){for(let r=e.length;r>=0;r--)if(t(e[r],r,e))return r;return-1},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return F.writeNumber(t,2)},printDebug:function(e){M&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){M&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i<r;i++)t[i]=e[i]<<1^e[i+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!F.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return b(e,(e=>{let r;t&&(e=F.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const a=new Uint8Array(e.length+i.length);let n=0;for(let t=0;t<i.length;t++){const r=e.subarray(i[t-1]||0,i[t]);a.set(r,n),n+=r.length,a[n-1]=13,a[n]=10,n++}return a.set(e.subarray(i[i.length-1]||0),n),a}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return b(e,(e=>{let r;13===(e=t&&10!==e[0]?F.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const a=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,a),i+=a-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return e instanceof Error?e:Error(e);if(e instanceof Error){try{e.message+=": "+t.message,e.cause=t}catch(e){}return e}return Error(e+": "+t.message,{cause:t})},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),a=new Uint8Array(i);let n=0;for(let i=0;i<a.length;i++)a[i]=t[i]&256-e|r[i]&255+e,n+=e&i<t.length|1-e&i<r.length;return a.subarray(0,n)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===T.symmetric.aes128||e===T.symmetric.aes192||e===T.symmetric.aes256}},L=F.getNodeBuffer();let _,N;function R(e){let t=new Uint8Array;return b(e,(e=>{t=F.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),a=45*i,n=_(t.subarray(0,a));for(let e=0;e<i;e++)r.push(n.substr(60*e,60)),r.push("\n");return t=t.subarray(a),r.join("")}),(()=>t.length?_(t)+"\n":""))}function z(e){let t="";return b(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e<i.length;e++){const a=i[e];for(let e=t.indexOf(a);-1!==e;e=t.indexOf(a,e+1))r++}let a=t.length;for(;a>0&&(a-r)%4!=0;a--)i.includes(t[a])&&r--;const n=N(t.substr(0,a));return t=t.substr(a),n}),(()=>N(t)))}function O(e){return z(e.replace(/-/g,"+").replace(/_/g,"/"))}function j(e,t){let r=R(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function q(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?T.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?T.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?T.armor.signed:/MESSAGE/.test(t[1])?T.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?T.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?T.armor.privateKey:/SIGNATURE/.test(t[1])?T.armor.signature:void 0}function H(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function G(e){const t=function(e){let t=13501623;return b(e,(e=>{const r=W?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=i[e],t=V[0][t>>24&255]^V[1][t>>16&255]^V[2][t>>8&255]^V[3][255&t];for(let i=4*r;i<e.length;i++)t=t>>8^V[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return R(t)}L?(_=e=>L.from(e).toString("base64"),N=e=>{const t=L.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(_=e=>btoa(F.uint8ArrayToString(e)),N=e=>F.stringToUint8Array(atob(e)));const V=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);V[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)V[1][e]=V[0][e]>>8^V[0][255&V[0][e]];for(let e=0;e<=255;e++)V[2][e]=V[1][e]>>8^V[0][255&V[1][e]];for(let e=0;e<=255;e++)V[3][e]=V[2][e]>>8^V[0][255&V[2][e]];const W=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function $(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||F.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||F.printDebugError(Error("Unknown header: "+e[t]))}function Q(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function X(e){return new Promise((async(t,r)=>{try{const i=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let n;const s=[];let o,c,u=s,h=[];const l=z(k(e,(async(e,y)=>{const p=x(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=F.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),n)if(o)c||n!==T.armor.signed||(i.test(e)?(h=h.join("\r\n"),c=!0,$(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(i.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if($(u),o=!0,c||n!==T.armor.signed){t({text:h,data:l,headers:s,type:n});break}}else u.push(e);else i.test(e)&&(n=q(e))}}catch(e){return void r(e)}const d=C(y);try{for(;;){await d.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=F.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const a=Q(t[0].slice(0,-1));await d.write(a);break}await d.write(r)}await d.ready,await d.close()}catch(e){await d.abort(e)}})))}catch(e){r(e)}})).then((async e=>(n(e.data)&&(e.data=await P(e.data)),e)))}function Y(e,t,r,i,a,n=!1,s=B){let o,c;e===T.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=n&&A(t),h=[];switch(e){case T.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case T.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case T.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n");break;case T.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE-----\n");break;case T.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case T.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case T.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n")}return F.concat(h)}const Z=BigInt(0),J=BigInt(1);function ee(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function te(e,t){const r=e%t;return r<Z?r+t:r}function re(e,t,r){if(r===Z)throw Error("Modulo cannot be zero");if(r===J)return BigInt(0);if(t<Z)throw Error("Unsopported negative exponent");let i=t,a=e;a%=r;let n=BigInt(1);for(;i>Z;){const e=i&J;i>>=J;n=e?n*a%r:n,a=a*a%r}return n}function ie(e){return e>=Z?e:-e}function ae(e,t){const{gcd:r,x:i}=function(e,t){let r=BigInt(0),i=BigInt(1),a=BigInt(1),n=BigInt(0),s=ie(e),o=ie(t);const c=e<Z,u=t<Z;for(;o!==Z;){const e=s/o;let t=r;r=a-e*r,a=t,t=i,i=n-e*i,n=t,t=o,o=s%o,s=t}return{x:c?-a:a,y:u?-n:n,gcd:s}}(e,t);if(r!==J)throw Error("Inverse does not exist");return te(i+t,t)}function ne(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function se(e,t){return(e>>BigInt(t)&J)===Z?0:1}function oe(e){const t=e<Z?BigInt(-1):Z;let r=1,i=e;for(;(i>>=J)!==t;)r++;return r}function ce(e){const t=e<Z?BigInt(-1):Z,r=BigInt(8);let i=1,a=e;for(;(a>>=r)!==t;)i++;return i}function ue(e,t="be",r){let i=e.toString(16);i.length%2==1&&(i="0"+i);const a=i.length/2,n=new Uint8Array(r||a),s=r?r-a:0;let o=0;for(;o<a;)n[o+s]=parseInt(i.slice(2*o,2*o+2),16),o++;return"be"!==t&&n.reverse(),n}const he=F.getNodeCrypto();function le(e){const t="undefined"!=typeof crypto?crypto:he?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function ye(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return te(ee(le(ce(r)+8)),r)+e}const pe=BigInt(1);function de(e,t,r){const i=BigInt(30),a=pe<<BigInt(e-1),n=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let s=ye(a,a<<pe),o=ne(te(s,i));do{s+=BigInt(n[o]),o=(o+n[o])%n.length,oe(s)>e&&(s=te(s,a<<pe),s+=a,o=ne(te(s,i)))}while(!ge(s,t,r));return s}function ge(e,t,r){return(!t||function(e,t){let r=e,i=t;for(;i!==Z;){const e=i;i=r%i,r=e}return r}(e-pe,t)===pe)&&(!!function(e){const t=BigInt(0);return me.every((r=>te(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return re(t,e-pe,e)===pe}(e)&&!!function(e,t){const r=oe(e);t||(t=Math.max(1,r/48|0));const i=e-pe;let a=0;for(;!se(i,a);)a++;const n=e>>BigInt(a);for(;t>0;t--){let t,r=re(ye(BigInt(2),i),n,e);if(r!==pe&&r!==i){for(t=1;t<a;t++){if(r=te(r*r,e),r===pe)return!1;if(r===i)break}if(t===a)return!1}}return!0}(e,r)))}const me=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const fe=F.getWebCrypto(),we=F.getNodeCrypto(),be=we&&we.getHashes();function ke(e){if(we&&be.includes(e))return async function(t){const r=we.createHash(e);return b(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function ve(e,t){const r=async()=>{const{nobleHashes:t}=await import("./noble_hashes.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(n(e)&&(e=await P(e)),F.isStream(e)){const t=(await r()).create();return b(e,(e=>{t.update(e)}),(()=>t.digest()))}if(fe&&t)return new Uint8Array(await fe.digest(t,e));return(await r())(e)}}const Ke=ke("md5")||ve("md5"),Ae=ke("sha1")||ve("sha1","SHA-1"),Ee=ke("sha224")||ve("sha224"),Se=ke("sha256")||ve("sha256","SHA-256"),Pe=ke("sha384")||ve("sha384","SHA-384"),Ue=ke("sha512")||ve("sha512","SHA-512"),De=ke("ripemd160")||ve("ripemd160"),xe=ke("sha3-256")||ve("sha3_256"),Ce=ke("sha3-512")||ve("sha3_512");function Ie(e,t){switch(e){case T.hash.md5:return Ke(t);case T.hash.sha1:return Ae(t);case T.hash.ripemd:return De(t);case T.hash.sha256:return Se(t);case T.hash.sha384:return Pe(t);case T.hash.sha512:return Ue(t);case T.hash.sha224:return Ee(t);case T.hash.sha3_256:return xe(t);case T.hash.sha3_512:return Ce(t);default:throw Error("Unsupported hash function")}}function Te(e){switch(e){case T.hash.md5:return 16;case T.hash.sha1:case T.hash.ripemd:return 20;case T.hash.sha256:return 32;case T.hash.sha384:return 48;case T.hash.sha512:return 64;case T.hash.sha224:return 28;case T.hash.sha3_256:return 32;case T.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Be=[];function Me(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const i=le(e-r);for(let e=0;e<i.length;e++)0!==i[e]&&(t[r++]=i[e])}return t}(t-r-3),a=new Uint8Array(t);return a[1]=2,a.set(i,2),a.set(e,t-r),a}function Fe(e,t){let r=2,i=1;for(let t=r;t<e.length;t++)i&=0!==e[t],r+=i;const a=r-2,n=e.subarray(r+1),s=0===e[0]&2===e[1]&a>=8&!i;if(t)return F.selectUint8Array(s,n,t);if(s)return n;throw Error("Decryption error")}function Le(e,t,r){let i;if(t.length!==Te(e))throw Error("Invalid hash length");const a=new Uint8Array(Be[e].length);for(i=0;i<Be[e].length;i++)a[i]=Be[e][i];const n=a.length+t.length;if(r<n+11)throw Error("Intended encoded message length too short");const s=new Uint8Array(r-n-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(s,2),o.set(a,r-n),o.set(t,r-t.length),o}Be[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Be[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Be[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Be[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Be[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Be[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Be[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const _e=F.getWebCrypto(),Ne=F.getNodeCrypto(),Re=BigInt(1);async function ze(e,t,r,i,a,n,s,o,c){if(Te(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a,n,s,o){const c=await He(r,i,a,n,s,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await _e.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await _e.sign("RSASSA-PKCS1-v1_5",h,t))}(T.read(T.webHash,e),t,r,i,a,n,s,o)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,a,n,s,o){const c=Ne.createSign(T.read(T.hash,e));c.write(t),c.end();const u=await He(r,i,a,n,s,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,i,a,n,s,o);return async function(e,t,r,i){t=ee(t);const a=ee(Le(e,i,ce(t)));return r=ee(r),ue(re(a,r,t),"be",ce(t))}(e,r,a,c)}async function Oe(e,t,r,i,a,n){if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a){const n=Ge(i,a),s=await _e.importKey("jwk",n,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return _e.verify("RSASSA-PKCS1-v1_5",s,r,t)}(T.read(T.webHash,e),t,r,i,a)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,a){const n=Ge(i,a),s={key:n,format:"jwk",type:"pkcs1"},o=Ne.createVerify(T.read(T.hash,e));o.write(t),o.end();try{return o.verify(s,r)}catch(e){return!1}}(e,t,r,i,a);return async function(e,t,r,i,a){if(r=ee(r),t=ee(t),i=ee(i),t>=r)throw Error("Signature size cannot exceed modulus size");const n=ue(re(t,i,r),"be",ce(r)),s=Le(e,a,ce(r));return F.equalsUint8Array(n,s)}(e,r,i,a,n)}async function je(e,t,r){return F.getNodeCrypto()?async function(e,t,r){const i=Ge(t,r),a={key:i,format:"jwk",type:"pkcs1",padding:Ne.constants.RSA_PKCS1_PADDING};return new Uint8Array(Ne.publicEncrypt(a,e))}(e,t,r):async function(e,t,r){if(t=ee(t),e=ee(Me(e,ce(t))),r=ee(r),e>=t)throw Error("Message size cannot exceed modulus size");return ue(re(e,r,t),"be",ce(t))}(e,t,r)}async function qe(e,t,r,i,a,n,s,o){if(F.getNodeCrypto()&&!o)try{return await async function(e,t,r,i,a,n,s){const o=await He(t,r,i,a,n,s),c={key:o,format:"jwk",type:"pkcs1",padding:Ne.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Ne.privateDecrypt(c,e))}catch(e){throw Error("Decryption error")}}(e,t,r,i,a,n,s)}catch(e){F.printDebugError(e)}return async function(e,t,r,i,a,n,s,o){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),a=ee(a),n=ee(n),s=ee(s),e>=t)throw Error("Data too large.");const c=te(i,n-Re),u=te(i,a-Re),h=ye(BigInt(2),t),l=re(ae(h,t),r,t);e=te(e*l,t);const y=re(e,u,a),p=re(e,c,n),d=te(s*(p-y),n);let g=d*a+y;return g=te(g*h,t),Fe(ue(g,"be",ce(t)),o)}(e,t,r,i,a,n,s,o)}async function He(e,t,r,i,a,n){const s=ee(i),o=ee(a),c=ee(r);let u=te(c,o-Re),h=te(c,s-Re);return h=ue(h),u=ue(u),{kty:"RSA",n:j(e),e:j(t),d:j(r),p:j(a),q:j(i),dp:j(u),dq:j(h),qi:j(n),ext:!0}}function Ge(e,t){return{kty:"RSA",n:j(e),e:j(t),ext:!0}}function Ve(e,t){return{n:O(e.n),e:ue(t),d:O(e.d),p:O(e.q),q:O(e.p),u:O(e.qi)}}const We=BigInt(1);const $e={"2a8648ce3d030107":T.curve.nistP256,"2b81040022":T.curve.nistP384,"2b81040023":T.curve.nistP521,"2b8104000a":T.curve.secp256k1,"2b06010401da470f01":T.curve.ed25519Legacy,"2b060104019755010501":T.curve.curve25519Legacy,"2b2403030208010107":T.curve.brainpoolP256r1,"2b240303020801010b":T.curve.brainpoolP384r1,"2b240303020801010d":T.curve.brainpoolP512r1};class Qe{constructor(e){if(e instanceof Qe)this.oid=e.oid;else if(F.isArray(e)||F.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return F.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return F.uint8ArrayToHex(this.oid)}getName(){const e=$e[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Xe(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=F.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Ye(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):F.concatUint8Array([new Uint8Array([255]),F.writeNumber(e,4)])}function Ze(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function Je(e){return new Uint8Array([192|e])}function et(e,t){return F.concatUint8Array([Je(e),Ye(t)])}function tt(e){return[T.packet.literalData,T.packet.compressedData,T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData].includes(e)}async function rt(e,t,r){let i,a;try{const n=await e.peekBytes(2);if(!n||n.length<2||!(128&n[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await e.readByte();let o,c,u=-1,h=-1;h=0,64&s&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const l=tt(u);let y,p=null;if(t&&l){if("array"===t){const e=new ArrayStream;i=C(e),p=e}else{const e=new TransformStream;i=C(e.writable),p=e.readable}a=r({tag:u,packet:p})}else p=[];do{if(h){const t=await e.readByte();if(y=!1,t<192)o=t;else if(t>=192&&t<224)o=(t-192<<8)+await e.readByte()+192;else if(t>223&&t<255){if(o=1<<(31&t),y=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte()}else switch(c){case 0:o=await e.readByte();break;case 1:o=await e.readByte()<<8|await e.readByte();break;case 2:o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte();break;default:o=1/0}if(o>0){let t=0;for(;;){i&&await i.ready;const{done:r,value:a}=await e.read();if(r){if(o===1/0)break;throw Error("Unexpected end of packet")}const n=o===1/0?a:a.subarray(0,o-t);if(i?await i.write(n):p.push(n),t+=a.length,t>=o){e.unshift(a.subarray(o-t+a.length));break}}}}while(y);i?(await i.ready,await i.close()):(p=F.concatUint8Array(p),await r({tag:u,packet:p}))}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await a}}class it extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnsupportedError"}}class at extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnknownPacketError"}}class nt extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="MalformedPacketError"}}class st{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function ot(e){switch(e){case T.publicKey.ed25519:try{const e=F.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(O(i.x)),seed:O(r.d)}}catch(t){if("NotSupportedError"!==t.name)throw t;const{default:r}=await import("./nacl-fast.min.mjs"),i=le(lt(e)),{publicKey:a}=r.sign.keyPair.fromSeed(i);return{A:a,seed:i}}case T.publicKey.ed448:{const e=await F.getNobleCurve(T.publicKey.ed448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function ct(e,t,r,i,a,n){switch(e){case T.publicKey.ed25519:try{const t=F.getWebCrypto(),r=dt(e,i,a),s=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",s,n))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),r=F.concatUint8Array([a,i]);return{RS:t.sign.detached(n,r)}}case T.publicKey.ed448:return{RS:(await F.getNobleCurve(T.publicKey.ed448)).sign(n,a)};default:throw Error("Unsupported EdDSA algorithm")}}async function ut(e,t,{RS:r},i,a,n){switch(e){case T.publicKey.ed25519:try{const t=F.getWebCrypto(),i=pt(e,a),s=await t.importKey("jwk",i,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",s,r,n)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs");return t.sign.detached.verify(n,r,a)}case T.publicKey.ed448:return(await F.getNobleCurve(T.publicKey.ed448)).verify(r,n,a);default:throw Error("Unsupported EdDSA algorithm")}}async function ht(e,t,r){switch(e){case T.publicKey.ed25519:try{const i=F.getWebCrypto(),a=dt(e,t,r),n=pt(e,t),s=await i.importKey("jwk",a,"Ed25519",!1,["sign"]),o=await i.importKey("jwk",n,"Ed25519",!1,["verify"]),c=le(8),u=new Uint8Array(await i.sign("Ed25519",s,c));return await i.verify("Ed25519",o,u,c)}catch(e){if("NotSupportedError"!==e.name)return!1;const{default:i}=await import("./nacl-fast.min.mjs"),{publicKey:a}=i.sign.keyPair.fromSeed(r);return F.equalsUint8Array(t,a)}case T.publicKey.ed448:{const e=(await F.getNobleCurve(T.publicKey.ed448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}function lt(e){switch(e){case T.publicKey.ed25519:return 32;case T.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function yt(e){switch(e){case T.publicKey.ed25519:return T.hash.sha256;case T.publicKey.ed448:return T.hash.sha512;default:throw Error("Unknown EdDSA algo")}}const pt=(e,t)=>{if(e===T.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:j(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},dt=(e,t,r)=>{if(e===T.publicKey.ed25519){const i=pt(e,t);return i.d=j(r),i}throw Error("Unsupported EdDSA algorithm")};var gt=/*#__PURE__*/Object.freeze({__proto__:null,generate:ot,getPayloadSize:lt,getPreferredHashAlgo:yt,sign:ct,validateParams:ht,verify:ut});
-/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */function mt(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&"Uint8Array"===e.constructor.name}function ft(e,...t){if(!mt(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error("Uint8Array expected of length "+t+", got length="+e.length)}function wt(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function bt(e,t){ft(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}function kt(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function vt(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Kt(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function At(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}const Et=/* @__PURE__ */(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])();function St(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected");return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!mt(e))throw Error("Uint8Array expected, got "+typeof e);e=Bt(e)}return e}function Pt(e,t){return e.buffer===t.buffer&&e.byteOffset<t.byteOffset+t.byteLength&&t.byteOffset<e.byteOffset+e.byteLength}function Ut(e,t){if(Pt(e,t)&&e.byteOffset<t.byteOffset)throw Error("complex overlap of input and output is not supported")}function Dt(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i<e.length;i++)r|=e[i]^t[i];return 0===r}const xt=(e,t)=>{function r(r,...i){if(ft(r),!Et)throw Error("Non little-endian hardware is not yet supported");if(void 0!==e.nonceLength){const t=i[0];if(!t)throw Error("nonce / iv required");e.varSizeNonce?ft(t):ft(t,e.nonceLength)}const a=e.tagLength;a&&void 0!==i[1]&&ft(i[1]);const n=t(r,...i),s=(e,t)=>{if(void 0!==t){if(2!==e)throw Error("cipher output not supported");ft(t)}};let o=!1;return{encrypt(e,t){if(o)throw Error("cannot encrypt() twice with same key + nonce");return o=!0,ft(e),s(n.encrypt.length,t),n.encrypt(e,t)},decrypt(e,t){if(ft(e),a&&e.length<a)throw Error("invalid ciphertext length: smaller than tagLength="+a);return s(n.decrypt.length,t),n.decrypt(e,t)}}}return Object.assign(r,e),r};function Ct(e,t,r=!0){if(void 0===t)return new Uint8Array(e);if(t.length!==e)throw Error("invalid output length, expected "+e+", got: "+t.length);if(r&&!Tt(t))throw Error("invalid output, must be aligned");return t}function It(e,t,r,i){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,i);const a=BigInt(32),n=BigInt(4294967295),s=Number(r>>a&n),o=Number(r&n);e.setUint32(t+0,s,i),e.setUint32(t+4,o,i)}function Tt(e){return e.byteOffset%4==0}function Bt(e){return Uint8Array.from(e)}const Mt=16,Ft=/* @__PURE__ */new Uint8Array(16),Lt=vt(Ft),_t=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Nt{constructor(e,t){this.blockLen=Mt,this.outputLen=Mt,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,ft(e=St(e),16);const r=At(e);let i=r.getUint32(0,!1),a=r.getUint32(4,!1),n=r.getUint32(8,!1),s=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:_t(i),s1:_t(a),s2:_t(n),s3:_t(s)}),({s0:i,s1:a,s2:n,s3:s}={s3:(h=n)<<31|(l=s)>>>1,s2:(u=a)<<31|h>>>1,s1:(c=i)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const y=(p=t||1024)>65536?8:p>1024?4:2;var p;if(![1,2,4,8].includes(y))throw Error("ghash: invalid window size, expected 2, 4 or 8");this.W=y;const d=128/y,g=this.windowSize=2**y,m=[];for(let e=0;e<d;e++)for(let t=0;t<g;t++){let r=0,i=0,a=0,n=0;for(let s=0;s<y;s++){if(!(t>>>y-s-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[y*e+s];r^=c,i^=u,a^=h,n^=l}m.push({s0:r,s1:i,s2:a,s3:n})}this.t=m}_updateBlock(e,t,r,i){e^=this.s0,t^=this.s1,r^=this.s2,i^=this.s3;const{W:a,t:n,windowSize:s}=this;let o=0,c=0,u=0,h=0;const l=(1<<a)-1;let y=0;for(const p of[e,t,r,i])for(let e=0;e<4;e++){const t=p>>>8*e&255;for(let e=8/a-1;e>=0;e--){const r=t>>>a*e&l,{s0:i,s1:p,s2:d,s3:g}=n[y*s+r];o^=i,c^=p,u^=d,h^=g,y+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){wt(this),ft(e=St(e));const t=vt(e),r=Math.floor(e.length/Mt),i=e.length%Mt;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return i&&(Ft.set(e.subarray(r*Mt)),this._updateBlock(Lt[0],Lt[1],Lt[2],Lt[3]),Kt(Lt)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){wt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=vt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e}digest(){const e=new Uint8Array(Mt);return this.digestInto(e),this.destroy(),e}}class Rt extends Nt{constructor(e,t){ft(e=St(e));const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const i=e[t];e[t]=i>>>1|r,r=(1&i)<<7}return e[0]^=225&-t,e}(Bt(e));super(r,t),Kt(r)}update(e){e=St(e),wt(this);const t=vt(e),r=e.length%Mt,i=Math.floor(e.length/Mt);for(let e=0;e<i;e++)this._updateBlock(_t(t[4*e+3]),_t(t[4*e+2]),_t(t[4*e+1]),_t(t[4*e+0]));return r&&(Ft.set(e.subarray(i*Mt)),this._updateBlock(_t(Lt[3]),_t(Lt[2]),_t(Lt[1]),_t(Lt[0])),Kt(Lt)),this}digestInto(e){wt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=vt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e.reverse()}}function zt(e){const t=(t,r)=>e(r,t.length).update(St(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const Ot=zt(((e,t)=>new Nt(e,t)));zt(((e,t)=>new Rt(e,t)));const jt=16,qt=/* @__PURE__ */new Uint8Array(jt);function Ht(e){return e<<1^283&-(e>>7)}function Gt(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=Ht(e);return r}const Vt=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=Ht(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let i=e[255-r];i|=i<<8,t[e[r]]=255&(i^i>>4^i>>5^i>>6^i>>7^99)}return Kt(e),t})(),Wt=/* @__PURE__ */Vt.map(((e,t)=>Vt.indexOf(t))),$t=e=>e<<8|e>>>24,Qt=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Xt(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,i)=>t(e[i]))),i=r.map($t),a=i.map($t),n=a.map($t),s=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;s[h]=r[t]^i[u],o[h]=a[t]^n[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:i,T2:a,T3:n,T01:s,T23:o}}const Yt=/* @__PURE__ */Xt(Vt,(e=>Gt(e,3)<<24|e<<16|e<<8|Gt(e,2))),Zt=/* @__PURE__ */Xt(Wt,(e=>Gt(e,11)<<24|Gt(e,13)<<16|Gt(e,9)<<8|Gt(e,14))),Jt=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=Ht(r))e[t]=r;return e})();function er(e){ft(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: invalid key size, should be 16, 24 or 32, got "+t);const{sbox2:r}=Yt,i=[];Tt(e)||i.push(e=Bt(e));const a=vt(e),n=a.length,s=e=>ir(r,e,e,e,e),o=new Uint32Array(t+28);o.set(a);for(let e=n;e<o.length;e++){let t=o[e-1];e%n==0?t=s((c=t)<<24|c>>>8)^Jt[e/n-1]:n>6&&e%n==4&&(t=s(t)),o[e]=o[e-n]^t}var c;return Kt(...i),o}function tr(e){const t=er(e),r=t.slice(),i=t.length,{sbox2:a}=Yt,{T0:n,T1:s,T2:o,T3:c}=Zt;for(let e=0;e<i;e+=4)for(let a=0;a<4;a++)r[e+a]=t[i-e-4+a];Kt(t);for(let e=4;e<i-4;e++){const t=r[e],i=ir(a,t,t,t,t);r[e]=n[255&i]^s[i>>>8&255]^o[i>>>16&255]^c[i>>>24]}return r}function rr(e,t,r,i,a,n){return e[r<<8&65280|i>>>8&255]^t[a>>>8&65280|n>>>24&255]}function ir(e,t,r,i,a){return e[255&t|65280&r]|e[i>>>16&255|a>>>16&65280]<<16}function ar(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Yt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^rr(s,o,t,r,i,a),u=e[c++]^rr(s,o,r,i,a,t),h=e[c++]^rr(s,o,i,a,t,r),l=e[c++]^rr(s,o,a,t,r,i);t=n,r=u,i=h,a=l}return{s0:e[c++]^ir(n,t,r,i,a),s1:e[c++]^ir(n,r,i,a,t),s2:e[c++]^ir(n,i,a,t,r),s3:e[c++]^ir(n,a,t,r,i)}}function nr(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Zt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^rr(s,o,t,a,i,r),u=e[c++]^rr(s,o,r,t,a,i),h=e[c++]^rr(s,o,i,r,t,a),l=e[c++]^rr(s,o,a,i,r,t);t=n,r=u,i=h,a=l}return{s0:e[c++]^ir(n,t,a,i,r),s1:e[c++]^ir(n,r,t,a,i),s2:e[c++]^ir(n,i,r,t,a),s3:e[c++]^ir(n,a,i,r,t)}}function sr(e,t,r,i){ft(t,jt),ft(r);const a=r.length;Ut(r,i=Ct(a,i));const n=t,s=vt(n);let{s0:o,s1:c,s2:u,s3:h}=ar(e,s[0],s[1],s[2],s[3]);const l=vt(r),y=vt(i);for(let t=0;t+4<=l.length;t+=4){y[t+0]=l[t+0]^o,y[t+1]=l[t+1]^c,y[t+2]=l[t+2]^u,y[t+3]=l[t+3]^h;let r=1;for(let e=n.length-1;e>=0;e--)r=r+(255&n[e])|0,n[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=ar(e,s[0],s[1],s[2],s[3]))}const p=jt*Math.floor(l.length/4);if(p<a){const e=new Uint32Array([o,c,u,h]),t=kt(e);for(let e=p,n=0;e<a;e++,n++)i[e]=r[e]^t[n];Kt(e)}return i}function or(e,t,r,i,a){ft(r,jt),ft(i),a=Ct(i.length,a);const n=r,s=vt(n),o=At(n),c=vt(i),u=vt(a),h=t?0:12,l=i.length;let y=o.getUint32(h,t),{s0:p,s1:d,s2:g,s3:m}=ar(e,s[0],s[1],s[2],s[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^p,u[r+1]=c[r+1]^d,u[r+2]=c[r+2]^g,u[r+3]=c[r+3]^m,y=y+1>>>0,o.setUint32(h,y,t),({s0:p,s1:d,s2:g,s3:m}=ar(e,s[0],s[1],s[2],s[3]));const f=jt*Math.floor(c.length/4);if(f<l){const e=new Uint32Array([p,d,g,m]),t=kt(e);for(let e=f,r=0;e<l;e++,r++)a[e]=i[e]^t[r];Kt(e)}return a}const cr=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t){function r(r,i){if(ft(r),void 0!==i&&(ft(i),!Tt(i)))throw Error("unaligned destination");const a=er(e),n=Bt(t),s=[a,n];Tt(r)||s.push(r=Bt(r));const o=sr(a,n,r,i);return Kt(...s),o}return{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const ur=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t,r={}){const i=!r.disablePadding;return{encrypt(r,a){const n=er(e),{b:s,o,out:c}=function(e,t,r){ft(e);let i=e.length;const a=i%jt;if(!t&&0!==a)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Tt(e)||(e=Bt(e));const n=vt(e);if(t){let e=jt-a;e||(e=jt),i+=e}return Ut(e,r=Ct(i,r)),{b:n,o:vt(r),out:r}}(r,i,a);let u=t;const h=[n];Tt(u)||h.push(u=Bt(u));const l=vt(u);let y=l[0],p=l[1],d=l[2],g=l[3],m=0;for(;m+4<=s.length;)y^=s[m+0],p^=s[m+1],d^=s[m+2],g^=s[m+3],({s0:y,s1:p,s2:d,s3:g}=ar(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g;if(i){const e=function(e){const t=new Uint8Array(16),r=vt(t);t.set(e);const i=jt-e.length;for(let e=jt-i;e<jt;e++)t[e]=i;return r}(r.subarray(4*m));y^=e[0],p^=e[1],d^=e[2],g^=e[3],({s0:y,s1:p,s2:d,s3:g}=ar(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g}return Kt(...h),c},decrypt(r,a){!function(e){if(ft(e),e.length%jt!=0)throw Error("aes-(cbc/ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const n=tr(e);let s=t;const o=[n];Tt(s)||o.push(s=Bt(s));const c=vt(s);a=Ct(r.length,a),Tt(r)||o.push(r=Bt(r)),Ut(r,a);const u=vt(r),h=vt(a);let l=c[0],y=c[1],p=c[2],d=c[3];for(let e=0;e+4<=u.length;){const t=l,r=y,i=p,a=d;l=u[e+0],y=u[e+1],p=u[e+2],d=u[e+3];const{s0:s,s1:o,s2:c,s3:g}=nr(n,l,y,p,d);h[e++]=s^t,h[e++]=o^r,h[e++]=c^i,h[e++]=g^a}return Kt(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const i=e[r-1];if(i<=0||i>16)throw Error("aes/pcks5: wrong padding");const a=e.subarray(0,-i);for(let t=0;t<i;t++)if(e[r-t-1]!==i)throw Error("aes/pcks5: wrong padding");return a}(a,i)}}})),hr=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t){function r(r,i,a){ft(r);const n=r.length;if(Pt(r,a=Ct(n,a)))throw Error("overlapping src and dst not supported.");const s=er(e);let o=t;const c=[s];Tt(o)||c.push(o=Bt(o)),Tt(r)||c.push(r=Bt(r));const u=vt(r),h=vt(a),l=i?h:u,y=vt(o);let p=y[0],d=y[1],g=y[2],m=y[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:i,s3:a}=ar(s,p,d,g,m);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^i,h[e+3]=u[e+3]^a,p=l[e++],d=l[e++],g=l[e++],m=l[e++]}const f=jt*Math.floor(u.length/4);if(f<n){({s0:p,s1:d,s2:g,s3:m}=ar(s,p,d,g,m));const e=kt(new Uint32Array([p,d,g,m]));for(let t=f,i=0;t<n;t++,i++)a[t]=r[t]^e[i];Kt(e)}return Kt(...c),a}return{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));function lr(e,t,r,i,a){const n=a?a.length:0,s=e.create(r,i.length+n);a&&s.update(a);const o=function(e,t,r){const i=new Uint8Array(16),a=At(i);return It(a,0,BigInt(t),r),It(a,8,BigInt(e),r),i}(8*i.length,8*n,t);s.update(i),s.update(o);const c=s.digest();return Kt(o),c}const yr=/* @__PURE__ */xt({blockSize:16,nonceLength:12,tagLength:16,varSizeNonce:!0},(function(e,t,r){if(t.length<8)throw Error("aes/gcm: invalid nonce length");function i(e,t,i){const a=lr(Ot,!1,e,i,r);for(let e=0;e<t.length;e++)a[e]^=t[e];return a}function a(){const r=er(e),i=qt.slice(),a=qt.slice();if(or(r,!1,a,a,i),12===t.length)a.set(t);else{const e=qt.slice();It(At(e),8,BigInt(8*t.length),!1);const r=Ot.create(i).update(t).update(e);r.digestInto(a),r.destroy()}return{xk:r,authKey:i,counter:a,tagMask:or(r,!1,a,qt)}}return{encrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=new Uint8Array(e.length+16),c=[t,r,n,s];Tt(e)||c.push(e=Bt(e)),or(t,!1,n,e,o.subarray(0,e.length));const u=i(r,s,o.subarray(0,o.length-16));return c.push(u),o.set(u,e.length),Kt(...c),o},decrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=[t,r,s,n];Tt(e)||o.push(e=Bt(e));const c=e.subarray(0,-16),u=e.subarray(-16),h=i(r,s,c);if(o.push(h),!Dt(h,u))throw Error("aes/gcm: invalid ghash tag");const l=or(t,!1,n,c);return Kt(...o),l}}}));function pr(e){return e instanceof Uint32Array||ArrayBuffer.isView(e)&&"Uint32Array"===e.constructor.name}function dr(e,t){if(ft(t,16),!pr(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=vt(t);let{s0:i,s1:a,s2:n,s3:s}=ar(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}function gr(e,t){if(ft(t,16),!pr(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=vt(t);let{s0:i,s1:a,s2:n,s3:s}=nr(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}const mr={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=er(e);if(16===t.length)dr(r,t);else{const e=vt(t);let i=e[0],a=e[1];for(let t=0,n=1;t<6;t++)for(let t=2;t<e.length;t+=2,n++){const{s0:s,s1:o,s2:c,s3:u}=ar(r,i,a,e[t],e[t+1]);i=s,a=o^Qt(n),e[t]=c,e[t+1]=u}e[0]=i,e[1]=a}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=tr(e),i=t.length/8-1;if(1===i)gr(r,t);else{const e=vt(t);let a=e[0],n=e[1];for(let t=0,s=6*i;t<6;t++)for(let t=2*i;t>=1;t-=2,s--){n^=Qt(s);const{s0:i,s1:o,s2:c,s3:u}=nr(r,a,n,e[t],e[t+1]);a=i,n=o,e[t]=c,e[t+1]=u}e[0]=a,e[1]=n}r.fill(0)}},fr=/* @__PURE__ */new Uint8Array(8).fill(166),wr=/* @__PURE__ */xt({blockSize:8},(e=>({encrypt(t){if(!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const i=e[r];ft(i),t+=i.length}const r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const a=e[t];r.set(a,i),i+=a.length}return r}(fr,t);return mr.encrypt(e,r),r},decrypt(t){if(t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=Bt(t);if(mr.decrypt(e,r),!Dt(r.subarray(0,8),fr))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),br={expandKeyLE:er,expandKeyDecLE:tr,encrypt:ar,decrypt:nr,encryptBlock:dr,decryptBlock:gr,ctrCounter:sr,ctr32:or};async function kr(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:throw Error("Not a legacy cipher");case T.symmetric.cast5:case T.symmetric.blowfish:case T.symmetric.twofish:case T.symmetric.tripledes:{const{legacyCiphers:t}=await import("./legacy_ciphers.min.mjs"),r=T.read(T.symmetric,e),i=t.get(r);if(!i)throw Error("Unsupported cipher algorithm");return i}default:throw Error("Unsupported cipher algorithm")}}function vr(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:case T.symmetric.twofish:return 16;case T.symmetric.blowfish:case T.symmetric.cast5:case T.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function Kr(e){switch(e){case T.symmetric.aes128:case T.symmetric.blowfish:case T.symmetric.cast5:return 16;case T.symmetric.aes192:case T.symmetric.tripledes:return 24;case T.symmetric.aes256:case T.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function Ar(e){return{keySize:Kr(e),blockSize:vr(e)}}const Er=F.getWebCrypto();async function Sr(e,t,r){const{keySize:i}=Ar(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");try{const e=await Er.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),i=await Er.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),a=await Er.wrapKey("raw",i,e,{name:"AES-KW"});return new Uint8Array(a)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return wr(t).encrypt(r)}async function Pr(e,t,r){const{keySize:i}=Ar(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");let a;try{a=await Er.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return F.printDebugError("Browser did not support operation: "+e.message),wr(t).decrypt(r)}try{const e=await Er.unwrapKey("raw",r,a,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await Er.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}async function Ur(e,t,r,i,a){const n=F.getWebCrypto(),s=T.read(T.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const o=await n.importKey("raw",t,"HKDF",!1,["deriveBits"]),c=await n.deriveBits({name:"HKDF",hash:s,salt:r,info:i},o,8*a);return new Uint8Array(c)}const Dr={x25519:F.encodeUTF8("OpenPGP X25519"),x448:F.encodeUTF8("OpenPGP X448")};async function xr(e){switch(e){case T.publicKey.x25519:try{const e=F.getWebCrypto(),t=await e.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);if(r.x!==i.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}return{A:new Uint8Array(O(i.x)),k:O(r.d)}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),{secretKey:r,publicKey:i}=t.box.keyPair();return{A:i,k:r}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function Cr(e,t,r){switch(e){case T.publicKey.x25519:try{const{ephemeralPublicKey:i,sharedSecret:a}=await Mr(e,t),n=await Fr(e,i,t,r);return F.equalsUint8Array(a,n)}catch(e){return!1}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}async function Ir(e,t,r){const{ephemeralPublicKey:i,sharedSecret:a}=await Mr(e,r),n=F.concatUint8Array([i,r,a]);switch(e){case T.publicKey.x25519:{const e=T.symmetric.aes128,{keySize:r}=Ar(e),a=await Ur(T.hash.sha256,n,new Uint8Array,Dr.x25519,r);return{ephemeralPublicKey:i,wrappedKey:await Sr(e,a,t)}}case T.publicKey.x448:{const e=T.symmetric.aes256,{keySize:r}=Ar(T.symmetric.aes256),a=await Ur(T.hash.sha512,n,new Uint8Array,Dr.x448,r);return{ephemeralPublicKey:i,wrappedKey:await Sr(e,a,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function Tr(e,t,r,i,a){const n=await Fr(e,t,i,a),s=F.concatUint8Array([t,i,n]);switch(e){case T.publicKey.x25519:{const e=T.symmetric.aes128,{keySize:t}=Ar(e);return Pr(e,await Ur(T.hash.sha256,s,new Uint8Array,Dr.x25519,t),r)}case T.publicKey.x448:{const e=T.symmetric.aes256,{keySize:t}=Ar(T.symmetric.aes256);return Pr(e,await Ur(T.hash.sha512,s,new Uint8Array,Dr.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function Br(e){switch(e){case T.publicKey.x25519:return 32;case T.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function Mr(e,t){switch(e){case T.publicKey.x25519:try{const r=F.getWebCrypto(),i=await r.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),a=await r.exportKey("jwk",i.publicKey);if((await r.exportKey("jwk",i.privateKey)).x!==a.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}const n=_r(e,t),s=await r.importKey("jwk",n,"X25519",!1,[]),o=await r.deriveBits({name:"X25519",public:s},i.privateKey,8*Br(e));return{sharedSecret:new Uint8Array(o),ephemeralPublicKey:new Uint8Array(O(a.x))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),{secretKey:i,publicKey:a}=r.box.keyPair(),n=r.scalarMult(i,t);return Lr(n),{ephemeralPublicKey:a,sharedSecret:n}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),{secretKey:r,publicKey:i}=e.keygen(),a=e.getSharedSecret(r,t);return Lr(a),{ephemeralPublicKey:i,sharedSecret:a}}default:throw Error("Unsupported ECDH algorithm")}}async function Fr(e,t,r,i){switch(e){case T.publicKey.x25519:try{const a=F.getWebCrypto(),n=function(e,t,r){if(e===T.publicKey.x25519){const i=_r(e,t);return i.d=j(r),i}throw Error("Unsupported ECDH algorithm")}(e,r,i),s=_r(e,t),o=await a.importKey("jwk",n,"X25519",!1,["deriveKey","deriveBits"]),c=await a.importKey("jwk",s,"X25519",!1,[]),u=await a.deriveBits({name:"X25519",public:c},o,8*Br(e));return new Uint8Array(u)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),a=r.scalarMult(i,t);return Lr(a),a}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getSharedSecret(i,t);return Lr(e),e}default:throw Error("Unsupported ECDH algorithm")}}function Lr(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}function _r(e,t){if(e===T.publicKey.x25519){return{kty:"OKP",crv:"X25519",x:j(t),ext:!0}}throw Error("Unsupported ECDH algorithm")}var Nr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Tr,encrypt:Ir,generate:xr,generateEphemeralEncryptionMaterial:Mr,getPayloadSize:Br,recomputeSharedSecret:Fr,validateParams:Cr});const Rr=F.getWebCrypto(),zr=F.getNodeCrypto(),Or={[T.curve.nistP256]:"P-256",[T.curve.nistP384]:"P-384",[T.curve.nistP521]:"P-521"},jr=zr?zr.getCurves():[],qr=zr?{[T.curve.secp256k1]:jr.includes("secp256k1")?"secp256k1":void 0,[T.curve.nistP256]:jr.includes("prime256v1")?"prime256v1":void 0,[T.curve.nistP384]:jr.includes("secp384r1")?"secp384r1":void 0,[T.curve.nistP521]:jr.includes("secp521r1")?"secp521r1":void 0,[T.curve.ed25519Legacy]:jr.includes("ED25519")?"ED25519":void 0,[T.curve.curve25519Legacy]:jr.includes("X25519")?"X25519":void 0,[T.curve.brainpoolP256r1]:jr.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[T.curve.brainpoolP384r1]:jr.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[T.curve.brainpoolP512r1]:jr.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Hr={[T.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.nistP256],web:Or[T.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[T.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:T.publicKey.ecdsa,hash:T.hash.sha384,cipher:T.symmetric.aes192,node:qr[T.curve.nistP384],web:Or[T.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[T.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:T.publicKey.ecdsa,hash:T.hash.sha512,cipher:T.symmetric.aes256,node:qr[T.curve.nistP521],web:Or[T.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[T.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[T.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:T.publicKey.eddsaLegacy,hash:T.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[T.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:T.publicKey.ecdh,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[T.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[T.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:T.publicKey.ecdsa,hash:T.hash.sha384,cipher:T.symmetric.aes192,node:qr[T.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[T.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:T.publicKey.ecdsa,hash:T.hash.sha512,cipher:T.symmetric.aes256,node:qr[T.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class Gr{constructor(e){try{this.name=e instanceof Qe?e.getName():T.write(T.curve,e)}catch(e){throw new it("Unknown curve")}const t=Hr[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&F.getWebCrypto()?this.type="web":this.node&&F.getNodeCrypto()?this.type="node":this.name===T.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===T.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await Rr.generateKey({name:"ECDSA",namedCurve:Or[e]},!0,["sign","verify"]),i=await Rr.exportKey("jwk",r.privateKey);return{publicKey:Yr(await Rr.exportKey("jwk",r.publicKey),t),privateKey:O(i.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return F.printDebugError("Browser did not support generating ec key "+e.message),Xr(this.name)}case"node":return async function(e){const t=zr.createECDH(qr[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await xr(T.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await ot(T.publicKey.ed25519);return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return Xr(this.name)}}}async function Vr(e){const t=new Gr(e),{oid:r,hash:i,cipher:a}=t,n=await t.genKeyPair();return{oid:r,Q:n.publicKey,secret:F.leftPad(n.privateKey,t.payloadSize),hash:i,cipher:a}}function Wr(e){return Hr[e.getName()].hash}async function $r(e,t,r,i){const a={[T.curve.nistP256]:!0,[T.curve.nistP384]:!0,[T.curve.nistP521]:!0,[T.curve.secp256k1]:!0,[T.curve.curve25519Legacy]:e===T.publicKey.ecdh,[T.curve.brainpoolP256r1]:!0,[T.curve.brainpoolP384r1]:!0,[T.curve.brainpoolP512r1]:!0},n=t.getName();if(!a[n])return!1;if(n===T.curve.curve25519Legacy){const e=i.slice().reverse();return!(r.length<1||64!==r[0])&&Cr(T.publicKey.x25519,r.subarray(1),e)}const s=(await F.getNobleCurve(T.publicKey.ecdsa,n)).getPublicKey(i,!1);return!!F.equalsUint8Array(s,r)}function Qr(e,t){const{payloadSize:r,wireFormatLeadingByte:i,name:a}=e,n=a===T.curve.curve25519Legacy||a===T.curve.ed25519Legacy?r:2*r;if(t[0]!==i||t.length!==n+1)throw Error("Invalid point encoding")}async function Xr(e){const t=await F.getNobleCurve(T.publicKey.ecdsa,e),{secretKey:r}=t.keygen();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function Yr(e,t){const r=O(e.x),i=O(e.y),a=new Uint8Array(r.length+i.length+1);return a[0]=t,a.set(r,1),a.set(i,r.length+1),a}function Zr(e,t,r){const i=e,a=r.slice(1,i+1),n=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:j(a),y:j(n),ext:!0}}function Jr(e,t,r,i){const a=Zr(e,t,r);return a.d=j(i),a}const ei=F.getWebCrypto(),ti=F.getNodeCrypto();async function ri(e,t,r,i,a,n){const s=new Gr(e);if(Qr(s,i),r&&!F.isStream(r)){const e={publicKey:i,privateKey:a};switch(s.type){case"web":try{return await async function(e,t,r,i){const a=e.payloadSize,n=Jr(e.payloadSize,Or[e.name],i.publicKey,i.privateKey),s=await ei.importKey("jwk",n,{name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await ei.sign({name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,t)}},s,r));return{r:o.slice(0,a),s:o.slice(a,a<<1)}}(s,t,r,e)}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return async function(e,t,r,i){const a=F.nodeRequire("eckey-utils"),n=F.getNodeBuffer(),{privateKey:s}=a.generateDer({curveName:qr[e.name],privateKey:n.from(i)}),o=ti.createSign(T.read(T.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:s,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(s,t,r,a)}}const o=(await F.getNobleCurve(T.publicKey.ecdsa,s.name)).sign(n,a,{lowS:!1});return{r:ue(o.r,"be",s.payloadSize),s:ue(o.s,"be",s.payloadSize)}}async function ii(e,t,r,i,a,n){const s=new Gr(e);Qr(s,a);const o=async()=>0===n[0]&&ai(s,r,n.subarray(1),a);if(i&&!F.isStream(i))switch(s.type){case"web":try{const e=await async function(e,t,{r,s:i},a,n){const s=Zr(e.payloadSize,Or[e.name],n),o=await ei.importKey("jwk",s,{name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["verify"]),c=F.concatUint8Array([r,i]).buffer;return ei.verify({name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,t)}},o,c,a)}(s,t,r,i,a);return e||o()}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:i},a,n){const s=F.nodeRequire("eckey-utils"),o=F.getNodeBuffer(),{publicKey:c}=s.generateDer({curveName:qr[e.name],publicKey:o.from(n)}),u=ti.createVerify(T.read(T.hash,t));u.write(a),u.end();const h=F.concatUint8Array([r,i]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(s,t,r,i,a);return e||o()}}return await ai(s,r,n,a)||o()}async function ai(e,t,r,i){return(await F.getNobleCurve(T.publicKey.ecdsa,e.name)).verify(F.concatUint8Array([t.r,t.s]),r,i,{lowS:!1})}var ni=/*#__PURE__*/Object.freeze({__proto__:null,sign:ri,validateParams:async function(e,t,r){const i=new Gr(e);if(i.keyType!==T.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=le(8),a=T.hash.sha256,n=await Ie(a,i);try{const s=await ri(e,a,i,t,r,n);return await ii(e,a,s,i,t,n)}catch(e){return!1}}default:return $r(T.publicKey.ecdsa,e,t,r)}},verify:ii});async function si(e,t,r,i,a,n){Qr(new Gr(e),i);const{RS:s}=await ct(T.publicKey.ed25519,0,0,i.subarray(1),a,n);return{r:s.subarray(0,32),s:s.subarray(32)}}async function oi(e,t,{r,s:i},a,n,s){Qr(new Gr(e),n);const o=F.concatUint8Array([r,i]);return ut(T.publicKey.ed25519,0,{RS:o},0,n.subarray(1),s)}async function ci(e,t,r){return e.getName()===T.curve.ed25519Legacy&&(!(t.length<1||64!==t[0])&&ht(T.publicKey.ed25519,t.subarray(1),r))}var ui=/*#__PURE__*/Object.freeze({__proto__:null,sign:si,validateParams:ci,verify:oi});function hi(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),a=new Uint8Array(r).fill(r);if(F.equalsUint8Array(i,a))return e.subarray(0,t-r)}}throw Error("Invalid padding")}function li(e,t,r,i){return F.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),F.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||i])}async function yi(e,t,r,i,a=!1,n=!1){let s;if(a){for(s=0;s<t.length&&0===t[s];s++);t=t.subarray(s)}if(n){for(s=t.length-1;s>=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Ie(e,F.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function pi(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:i}=await Mr(T.publicKey.x25519,t.subarray(1));return{publicKey:F.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),i]),sharedKey:r}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t){const r=F.getWebCrypto(),i=Zr(e.payloadSize,e.web,t);let a=r.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),n=r.importKey("jwk",i,{name:"ECDH",namedCurve:e.web},!1,[]);[a,n]=await Promise.all([a,n]);let s=r.deriveBits({name:"ECDH",namedCurve:e.web,public:n},a.privateKey,e.sharedSize),o=r.exportKey("jwk",a.publicKey);[s,o]=await Promise.all([s,o]);const c=new Uint8Array(s),u=new Uint8Array(Yr(o,e.wireFormatLeadingByte));return{publicKey:u,sharedKey:c}}(e,t)}catch(r){return F.printDebugError(r),wi(e,t)}break;case"node":return async function(e,t){const r=F.getNodeCrypto(),i=r.createECDH(e.node);i.generateKeys();const a=new Uint8Array(i.computeSecret(t));return{publicKey:new Uint8Array(i.getPublicKey()),sharedKey:a}}(e,t);default:return wi(e,t)}}async function di(e,t,r,i,a){const n=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),s=new Gr(e);Qr(s,i);const{publicKey:o,sharedKey:c}=await pi(s,i),u=li(T.publicKey.ecdh,e,t,a),{keySize:h}=Ar(t.cipher),l=await yi(t.hash,c,h,u);return{publicKey:o,wrappedKey:await Sr(t.cipher,l,n)}}async function gi(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519Legacy":{const e=i.slice().reverse();return{secretKey:e,sharedKey:await Fr(T.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t,r,i){const a=F.getWebCrypto(),n=Jr(e.payloadSize,e.web,r,i);let s=a.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const o=Zr(e.payloadSize,e.web,t);let c=a.importKey("jwk",o,{name:"ECDH",namedCurve:e.web},!0,[]);[s,c]=await Promise.all([s,c]);let u=a.deriveBits({name:"ECDH",namedCurve:e.web,public:c},s,e.sharedSize),h=a.exportKey("jwk",s);[u,h]=await Promise.all([u,h]);const l=new Uint8Array(u);return{secretKey:O(h.d),sharedKey:l}}(e,t,r,i)}catch(r){return F.printDebugError(r),fi(e,t,i)}break;case"node":return async function(e,t,r){const i=F.getNodeCrypto(),a=i.createECDH(e.node);a.setPrivateKey(r);const n=new Uint8Array(a.computeSecret(t));return{secretKey:new Uint8Array(a.getPrivateKey()),sharedKey:n}}(e,t,i);default:return fi(e,t,i)}}async function mi(e,t,r,i,a,n,s){const o=new Gr(e);Qr(o,a),Qr(o,r);const{sharedKey:c}=await gi(o,r,a,n),u=li(T.publicKey.ecdh,e,t,s),{keySize:h}=Ar(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await yi(t.hash,c,h,u,1===e,2===e);return hi(await Pr(t.cipher,r,i))}catch(e){l=e}throw l}async function fi(e,t,r){return{secretKey:r,sharedKey:(await F.getNobleCurve(T.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function wi(e,t){const r=await F.getNobleCurve(T.publicKey.ecdh,e.name),{publicKey:i,privateKey:a}=await e.genKeyPair();return{publicKey:i,sharedKey:r.getSharedSecret(a,t).subarray(1)}}var bi=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Gr,ecdh:/*#__PURE__*/Object.freeze({__proto__:null,decrypt:mi,encrypt:di,validateParams:async function(e,t,r){return $r(T.publicKey.ecdh,e,t,r)}}),ecdhX:Nr,ecdsa:ni,eddsa:gt,eddsaLegacy:ui,generate:Vr,getPreferredHashAlgo:Wr});const ki=BigInt(0),vi=BigInt(1);const Ki=new Set([T.hash.sha1,T.hash.sha256,T.hash.sha512]),Ai=F.getWebCrypto(),Ei=F.getNodeCrypto();async function Si(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{publicKey:r,secretKey:i}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:i}}throw Error("Unsupported KEM algorithm")}async function Pi(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===T.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await xr(T.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}=await async function(e){if(e===T.publicKey.pqc_mlkem_x25519){const t=le(64),{mlkemSecretKey:r,mlkemPublicKey:i}=await Si(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:i}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}}async function Ui(e,t,r,i){const{eccKeyShare:a,eccCipherText:n}=await async function(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await Mr(T.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:s,mlkemCipherText:o}=await async function(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{cipherText:r,sharedSecret:i}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:i}}throw Error("Unsupported KEM algorithm")}(e,r),c=await xi(e,s,a,n,t);return{eccCipherText:n,mlkemCipherText:o,wrappedKey:await Sr(T.symmetric.aes256,c,i)}}async function Di(e,t,r,i,a,n,s,o){const c=await async function(e,t,r,i){if(e===T.publicKey.pqc_mlkem_x25519)return await Fr(T.publicKey.x25519,t,i,r);throw Error("Unsupported KEM algorithm")}(e,t,i,a),u=await async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs");return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,n),h=await xi(e,u,c,t,a);return await Pr(T.symmetric.aes256,h,o)}async function xi(e,t,r,i,a){const n=F.encodeUTF8("OpenPGPCompositeKDFv1"),s=F.concatUint8Array([t,r,i,a,new Uint8Array([e]),n,new Uint8Array([n.length])]);return await Ie(T.hash.sha3_256,s)}async function Ci(e,t,r,i,a){const n=async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519)return Cr(T.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),s=async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:i}=await Si(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported KEM algorithm")}(e,i,a);return await n&&await s}async function Ii(e,t){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs"),{secretKey:r,publicKey:i}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}async function Ti(e){if(e===T.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===T.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await ot(T.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}=await async function(e){if(e===T.publicKey.pqc_mldsa_ed25519){const t=le(32),{mldsaSecretKey:r,mldsaPublicKey:i}=await Ii(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}}throw Error("Unsupported signature algorithm")}async function Bi(e,t,r,i,a,n){if(e===T.publicKey.pqc_mldsa_ed25519){const{eccSignature:t}=await async function(e,t,r,i,a){if(e===T.publicKey.pqc_mldsa_ed25519){const{RS:e}=await ct(T.publicKey.ed25519,0,0,i,r,a);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,0,r,i,n),{mldsaSignature:s}=await async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,a,n);return{eccSignature:t,mldsaSignature:s}}throw Error("Unsupported signature algorithm")}async function Mi(e,t,r,i,a,{eccSignature:n,mldsaSignature:s}){if(e===T.publicKey.pqc_mldsa_ed25519){const t=async function(e,t,r,i,a){if(e===T.publicKey.pqc_mldsa_ed25519)return ut(T.publicKey.ed25519,0,{RS:a},0,r,i);throw Error("Unsupported signature algorithm")}(e,0,r,a,n),o=async function(e,t,r,i){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return e.verify(t,r,i)}throw Error("Unsupported signature algorithm")}(e,i,a,s);return await t&&await o}throw Error("Unsupported signature algorithm")}function Fi(e,t){if(e===T.publicKey.pqc_mldsa_ed25519)return Te(t)>=32;throw Error("Unsupported signature algorithm")}async function Li(e,t,r,i,a){const n=async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519)return ht(T.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),s=async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:i}=await Ii(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported signature algorithm")}(e,i,a);return await n&&await s}class _i{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return F.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class Ni{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!F.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return F.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class Ri{constructor(e){if(e){const{version:t,hash:r,cipher:i,replacementFingerprint:a}=e;this.version=t||1,this.hash=r,this.cipher=i,this.replacementFingerprint=a}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new it("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const i=t-r+1;this.replacementFingerprint=e.slice(r,r+i),r+=i}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return F.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const zi=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=T.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return T.read(e,this.data)}getValue(){return this.data}},Oi=zi(T.aead),ji=zi(T.symmetric),qi=zi(T.hash);class Hi{static fromObject({wrappedKey:e,algorithm:t}){const r=new Hi;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=F.readExactSubarray(e,t,t+r),t+=r}write(){return F.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Gi=F.getWebCrypto(),Vi=F.getNodeCrypto(),Wi=Vi?Vi.getCiphers():[],$i={idea:Wi.includes("idea-cfb")?"idea-cfb":void 0,tripledes:Wi.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:Wi.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:Wi.includes("bf-cfb")?"bf-cfb":void 0,aes128:Wi.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:Wi.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:Wi.includes("aes-256-cfb")?"aes-256-cfb":void 0};async function Qi(e){const{blockSize:t}=Ar(e),r=await le(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return F.concat([r,i])}async function Xi(e,t,r,i,a){const n=T.read(T.symmetric,e);if(F.getNodeCrypto()&&$i[n])return function(e,t,r,i){const a=T.read(T.symmetric,e),n=new Vi.createCipheriv($i[a],t,i);return b(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(Gi&&await Zi.isSupported(e)){const a=new Zi(e,t,i);return F.isStream(r)?b(r,(e=>a.encryptChunk(e)),(()=>a.finish())):a.encrypt(r)}if(F.isStream(r)){const a=new Ji(!0,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return hr(t,i).encrypt(r)}(e,t,r,i);const s=new(await kr(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=F.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[i++]=c[r];u=u.subarray(o)}return t.subarray(0,i)};return b(r,h,h)}async function Yi(e,t,r,i){const a=T.read(T.symmetric,e);if(Vi&&$i[a])return function(e,t,r,i){const a=T.read(T.symmetric,e),n=new Vi.createDecipheriv($i[a],t,i);return b(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(F.isStream(r)){const a=new Ji(!1,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return hr(t,i).decrypt(r)}(e,t,r,i);const n=new(await kr(e))(t),s=n.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=F.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=n.encrypt(o);for(o=c.subarray(0,s),r=0;r<s;r++)t[i++]=o[r]^e[r];c=c.subarray(s)}return t.subarray(0,i)};return b(r,u,u)}class Zi{constructor(e,t,r){const{blockSize:i}=Ar(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i,this.zeroBlock=new Uint8Array(this.blockSize)}static async isSupported(e){const{keySize:t}=Ar(e);return Gi.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Gi.importKey("raw",this.key,r,!1,["encrypt"]);const i=await Gi.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(i).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=F.concatUint8Array([this.prevBlock,i.subarray(0,i.length-this.blockSize)]),n=await this._runCBC(a);return ea(n,i),this.prevBlock=n.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,n}let i;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;i=await this._runCBC(this.prevBlock),ea(i,t),this.prevBlock=i.slice(),this.i=0;const a=e.subarray(r.length);this.nextBlock.set(a,this.i),this.i+=a.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);ea(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(F.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return ea(t,e),this.clearSensitiveData(),t}}class Ji{constructor(e,t,r,i){this.forEncryption=e;const{blockSize:a}=Ar(t);this.key=br.expandKeyLE(r),i.byteOffset%4!=0&&(i=i.slice()),this.prevBlock=ta(i),this.nextBlock=new Uint8Array(a),this.i=0,this.blockSize=a}_runCFB(e){const t=ta(e),r=new Uint8Array(e.length),i=ta(r);for(let e=0;e+4<=i.length;e+=4){const{s0:r,s1:a,s2:n,s3:s}=br.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);i[e+0]=t[e+0]^r,i[e+1]=t[e+1]^a,i[e+2]=t[e+2]^n,i[e+3]=t[e+3]^s,this.prevBlock=(this.forEncryption?i:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=this._runCFB(i);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,a}let i;if(this.i+=r.length,this.i===this.nextBlock.length){i=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function ea(e,t){const r=Math.min(e.length,t.length);for(let i=0;i<r;i++)e[i]=e[i]^t[i]}const ta=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const ra=F.getWebCrypto(),ia=F.getNodeCrypto(),aa=16;function na(e,t){const r=e.length-aa;for(let i=0;i<aa;i++)e[i+r]^=t[i];return e}const sa=new Uint8Array(aa);async function oa(e){const t=await ca(e),r=F.double(await t(sa)),i=F.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%aa==0)return na(e,t);const i=new Uint8Array(e.length+(aa-e.length%aa));return i.set(e),i[e.length]=128,na(i,r)}(e,r,i))).subarray(-16)}}async function ca(e){if(F.getNodeCrypto())return async function(t){const r=new ia.createCipheriv("aes-"+8*e.length+"-cbc",e,sa).update(t);return new Uint8Array(r)};if(F.getWebCrypto())try{return e=await ra.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await ra.encrypt({name:"AES-CBC",iv:sa,length:128},e,t);return new Uint8Array(r).subarray(0,r.byteLength-aa)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return ur(e,sa,{disablePadding:!0}).encrypt(t)}}const ua=F.getWebCrypto(),ha=F.getNodeCrypto(),la=F.getNodeBuffer(),ya=16,pa=ya,da=new Uint8Array(ya),ga=new Uint8Array(ya);ga[15]=1;const ma=new Uint8Array(ya);async function fa(e){const t=await oa(e);return function(e,r){return t(F.concatUint8Array([e,r]))}}async function wa(e){if(F.getNodeCrypto())return async function(t,r){const i=new ha.createCipheriv("aes-"+8*e.length+"-ctr",e,r),a=la.concat([i.update(t),i.final()]);return new Uint8Array(a)};if(F.getWebCrypto())try{const t=await ua.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const i=await ua.encrypt({name:"AES-CTR",counter:r,length:128},t,e);return new Uint8Array(i)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return cr(e,r).encrypt(t)}}async function ba(e,t){if(e!==T.symmetric.aes128&&e!==T.symmetric.aes192&&e!==T.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,i]=await Promise.all([fa(t),wa(t)]);return{encrypt:async function(e,t,a){const[n,s]=await Promise.all([r(da,t),r(ga,a)]),o=await i(e,n),c=await r(ma,o);for(let e=0;e<pa;e++)c[e]^=s[e]^n[e];return F.concatUint8Array([o,c])},decrypt:async function(e,t,a){if(e.length<pa)throw Error("Invalid EAX ciphertext");const n=e.subarray(0,-16),s=e.subarray(-16),[o,c,u]=await Promise.all([r(da,t),r(ga,a),r(ma,n)]),h=u;for(let e=0;e<pa;e++)h[e]^=c[e]^o[e];if(!F.equalsUint8Array(s,h))throw Error("Authentication tag mismatch");return await i(n,o)}}}ma[15]=2,ba.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},ba.blockLength=ya,ba.ivLength=16,ba.tagLength=pa;const ka=16,va=16;function Ka(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function Aa(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function Ea(e,t){return Aa(e.slice(),t)}const Sa=new Uint8Array(ka),Pa=new Uint8Array([1]);async function Ua(e,t){const{keySize:r}=Ar(e);if(!F.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let i=0;const a=e=>ur(t,Sa,{disablePadding:!0}).encrypt(e),n=e=>ur(t,Sa,{disablePadding:!0}).decrypt(e);let s;function o(e,t,r,n){const o=t.length/ka|0;!function(e,t){const r=F.nbits(Math.max(e.length,t.length)/ka|0)-1;for(let e=i+1;e<=r;e++)s[e]=F.double(s[e-1]);i=r}(t,n);const c=F.concatUint8Array([Sa.subarray(0,15-r.length),Pa,r]),u=63&c[15];c[15]&=192;const h=a(c),l=F.concatUint8Array([h,Ea(h.subarray(0,8),h.subarray(1,9))]),y=F.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),p=new Uint8Array(ka),d=new Uint8Array(t.length+va);let g,m=0;for(g=0;g<o;g++)Aa(y,s[Ka(g+1)]),d.set(Aa(e(Ea(y,t)),y),m),Aa(p,e===a?t:d.subarray(m)),t=t.subarray(ka),m+=ka;if(t.length){Aa(y,s.x);const r=a(y);d.set(Ea(t,r),m);const i=new Uint8Array(ka);i.set(e===a?t:d.subarray(m,-16),0),i[t.length]=128,Aa(p,i),m+=t.length}const f=Aa(a(Aa(Aa(p,y),s.$)),function(e){if(!e.length)return Sa;const t=e.length/ka|0,r=new Uint8Array(ka),i=new Uint8Array(ka);for(let n=0;n<t;n++)Aa(r,s[Ka(n+1)]),Aa(i,a(Ea(r,e))),e=e.subarray(ka);if(e.length){Aa(r,s.x);const t=new Uint8Array(ka);t.set(e,0),t[e.length]=128,Aa(t,r),Aa(i,a(t))}return i}(n));return d.set(f,m),d}return function(){const e=a(Sa),t=F.double(e);s=[],s[0]=F.double(t),s.x=e,s.$=t}(),{encrypt:async function(e,t,r){return o(a,e,t,r)},decrypt:async function(e,t,r){if(e.length<va)throw Error("Invalid OCB ciphertext");const i=e.subarray(-16);e=e.subarray(0,-16);const a=o(n,e,t,r);if(F.equalsUint8Array(i,a.subarray(-16)))return a.subarray(0,-16);throw Error("Authentication tag mismatch")}}}Ua.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},Ua.blockLength=ka,Ua.ivLength=15,Ua.tagLength=va;const Da=F.getWebCrypto(),xa=F.getNodeCrypto(),Ca=F.getNodeBuffer(),Ia=16,Ta="AES-GCM";async function Ba(e,t){if(e!==T.symmetric.aes128&&e!==T.symmetric.aes192&&e!==T.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(F.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const a=new xa.createCipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i);const n=Ca.concat([a.update(e),a.final(),a.getAuthTag()]);return new Uint8Array(n)},decrypt:async function(e,r,i=new Uint8Array){const a=new xa.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i),a.setAuthTag(e.slice(e.length-Ia,e.length));const n=Ca.concat([a.update(e.slice(0,e.length-Ia)),a.final()]);return new Uint8Array(n)}};if(F.getWebCrypto())try{const e=await Da.importKey("raw",t,{name:Ta},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(i,a,n=new Uint8Array){if(r&&!i.length)return yr(t,a,n).encrypt(i);const s=await Da.encrypt({name:Ta,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(s)},decrypt:async function(i,a,n=new Uint8Array){if(r&&i.length===Ia)return yr(t,a,n).decrypt(i);try{const t=await Da.decrypt({name:Ta,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,i){return yr(t,r,i).encrypt(e)},decrypt:async function(e,r,i){return yr(t,r,i).decrypt(e)}}}function Ma(e,t=!1){switch(e){case T.aead.eax:return ba;case T.aead.ocb:return Ua;case T.aead.gcm:return Ba;case T.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return Ba;default:throw Error("Unsupported AEAD mode")}}async function Fa(e,t,r,i,a,n){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await je(a,e,t)}}case T.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return async function(e,t,r,i){t=ee(t),r=ee(r),i=ee(i);const a=ee(Me(e,ce(t))),n=ye(We,t-We);return{c1:ue(re(r,n,t)),c2:ue(te(re(i,n,t)*a,t))}}(a,e,t,i)}case T.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:i}=r,{publicKey:s,wrappedKey:o}=await di(e,i,a,t,n);return{V:s,C:new _i(o)}}case T.publicKey.x25519:case T.publicKey.x448:{if(t&&!F.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:n,wrappedKey:s}=await Ir(e,a,i);return{ephemeralPublicKey:n,C:Hi.fromObject({algorithm:t,wrappedKey:s})}}case T.publicKey.aead:{if(!i)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:n}=i,s=B.preferredAEADAlgorithm,o=Ma(B.preferredAEADAlgorithm),{ivLength:c}=o,u=le(c),h=await o(t,n),l=await h.encrypt(a,u,new Uint8Array);return{aeadMode:new Oi(s),iv:u,c:new Ni(l)}}case T.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:i,mlkemPublicKey:n}=r,{eccCipherText:s,mlkemCipherText:o,wrappedKey:c}=await Ui(e,i,n,a);return{eccCipherText:s,mlkemCipherText:o,C:Hi.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function La(e,t,r,i,a,n){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:{const{c:e}=i,{n:a,e:s}=t,{d:o,p:c,q:u,u:h}=r;return qe(e,a,s,o,c,u,h,n)}case T.publicKey.elgamal:{const{c1:e,c2:a}=i;return async function(e,t,r,i,a){return e=ee(e),t=ee(t),r=ee(r),Fe(ue(te(ae(re(e,i=ee(i),r),r)*t,r),"be",ce(r)),a)}(e,a,t.p,r.x,n)}case T.publicKey.ecdh:{const{oid:e,Q:n,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return mi(e,s,c,u.data,n,o,a)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:a}=t,{k:n}=r,{ephemeralPublicKey:s,C:o}=i;if(null!==o.algorithm&&!F.isAES(o.algorithm))throw Error("AES session key expected");return Tr(e,s,o.wrappedKey,a,n)}case T.publicKey.aead:{const{cipher:e}=t,a=e.getValue(),{keyMaterial:n}=r,{aeadMode:s,iv:o,c}=i,u=Ma(s.getValue());return(await u(a,n)).decrypt(c.data,o,new Uint8Array)}case T.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:a,mlkemSecretKey:n}=r,{eccPublicKey:s,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=i;return Di(e,c,u,a,s,n,0,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function _a(e,t,r){let i=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(i));i+=e.length+2;const r=F.readMPI(t.subarray(i));i+=r.length+2;const a=F.readMPI(t.subarray(i));i+=a.length+2;const n=F.readMPI(t.subarray(i));return i+=n.length+2,{read:i,privateParams:{d:e,p:r,q:a,u:n}}}case T.publicKey.dsa:case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const a=Ha(e,r.oid);let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{d:n}}}case T.publicKey.eddsaLegacy:{const a=Ha(e,r.oid);if(r.oid.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{seed:n}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const r=Ha(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{seed:a}}}case T.publicKey.x25519:case T.publicKey.x448:{const r=Ha(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{k:a}}}case T.publicKey.hmac:{const{cipher:e}=r,a=Te(e.getValue()),n=t.subarray(i,i+32);i+=32;const s=t.subarray(i,i+a);return i+=a,{read:i,privateParams:{hashSeed:n,keyMaterial:s}}}case T.publicKey.aead:{const{cipher:e}=r,a=t.subarray(i,i+32);i+=32;const{keySize:n}=Ar(e.getValue()),s=t.subarray(i,i+n);return i+=n,{read:i,privateParams:{hashSeed:a,keyMaterial:s}}}case T.publicKey.pqc_mlkem_x25519:{const r=F.readExactSubarray(t,i,i+Ha(T.publicKey.x25519));i+=r.length;const a=F.readExactSubarray(t,i,i+64);i+=a.length;const{mlkemSecretKey:n}=await Si(e,a);return{read:i,privateParams:{eccSecretKey:r,mlkemSecretKey:n,mlkemSeed:a}}}case T.publicKey.pqc_mldsa_ed25519:{const r=F.readExactSubarray(t,i,i+Ha(T.publicKey.ed25519));i+=r.length;const a=F.readExactSubarray(t,i,i+32);i+=a.length;const{mldsaSecretKey:n}=await Ii(e,a);return{read:i,privateParams:{eccSecretKey:r,mldsaSecretKey:n,mldsaSeed:a}}}default:throw new it("Unknown public key encryption algorithm.")}}function Na(e,t){const r=new Set([T.publicKey.ed25519,T.publicKey.x25519,T.publicKey.ed448,T.publicKey.x448,T.publicKey.aead,T.publicKey.hmac,T.publicKey.pqc_mlkem_x25519,T.publicKey.pqc_mldsa_ed25519]),i={[T.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[T.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},a=Object.keys(t).map((a=>{if(i[e]?.has(a))return new Uint8Array;const n=t[a];return F.isUint8Array(n)?r.has(e)?n:F.uint8ArrayToMPI(n):n.write()}));return F.concatUint8Array(a)}async function Ra(e,t,r,i){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),F.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:ue(t),hash:{name:"SHA-1"}},i=await _e.generateKey(r,!0,["sign","verify"]);return Ve(await _e.exportKey("jwk",i.privateKey),t)}if(F.getNodeCrypto()){const r={modulusLength:e,publicExponent:ne(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},i=await new Promise(((e,t)=>{Ne.generateKeyPair("rsa",r,((r,i,a)=>{r?t(r):e(a)}))}));return Ve(i,t)}let r,i,a;do{i=de(e-(e>>1),t,40),r=de(e>>1,t,40),a=r*i}while(oe(a)!==e);const n=(r-Re)*(i-Re);return i<r&&([r,i]=[i,r]),{n:ue(a),e:ue(t),d:ue(ae(t,n)),p:ue(r),q:ue(i),u:ue(ae(r,i))}}(t,65537).then((({n:e,e:t,d:r,p:i,q:a,u:n})=>({privateParams:{d:r,p:i,q:a,u:n},publicParams:{n:e,e:t}})));case T.publicKey.ecdsa:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Qe(e),Q:t}})));case T.publicKey.eddsaLegacy:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Qe(e),Q:t}})));case T.publicKey.ecdh:return Vr(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:a})=>({privateParams:{d:r},publicParams:{oid:new Qe(e),Q:t,kdfParams:new Ri({hash:i,cipher:a})}})));case T.publicKey.ed25519:case T.publicKey.ed448:return ot(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case T.publicKey.x25519:case T.publicKey.x448:return xr(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case T.publicKey.hmac:return za(await async function(e){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const t=T.read(T.webHash,e),r=Ai||Ei.webcrypto.subtle,i=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),a=await r.exportKey("raw",i);return new Uint8Array(a)}(i),new qi(i));case T.publicKey.aead:return za(ja(i),new ji(i));case T.publicKey.pqc_mlkem_x25519:return Pi(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:i,mlkemPublicKey:a})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:i},publicParams:{eccPublicKey:t,mlkemPublicKey:a}})));case T.publicKey.pqc_mldsa_ed25519:return Ti(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:i,mldsaPublicKey:a})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:i},publicParams:{eccPublicKey:t,mldsaPublicKey:a}})));case T.publicKey.dsa:case T.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function za(e,t){const r=le(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await Ie(T.hash.sha256,r)}}}async function Oa(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const{n:e,e:i}=t,{d:a,p:n,q:s,u:o}=r;return async function(e,t,r,i,a,n){if(e=ee(e),(i=ee(i))*(a=ee(a))!==e)return!1;const s=BigInt(2);if(te(i*(n=ee(n)),a)!==BigInt(1))return!1;t=ee(t),r=ee(r);const o=ye(s,s<<BigInt(Math.floor(oe(e)/3))),c=o*r*t;return!(te(c,i-Re)!==o||te(c,a-Re)!==o)}(e,i,a,n,s,o)}case T.publicKey.dsa:{const{p:e,q:i,g:a,y:n}=t,{x:s}=r;return async function(e,t,r,i,a){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),r<=vi||r>=e)return!1;if(te(e-vi,t)!==ki)return!1;if(re(r,t,e)!==vi)return!1;const n=BigInt(oe(t));if(n<BigInt(150)||!ge(t,null,32))return!1;a=ee(a);const s=BigInt(2);return i===re(r,t*ye(s<<n-vi,s<<n)+a,e)}(e,i,a,n,s)}case T.publicKey.elgamal:{const{p:e,g:i,y:a}=t,{x:n}=r;return async function(e,t,r,i){if(e=ee(e),t=ee(t),r=ee(r),t<=We||t>=e)return!1;const a=BigInt(oe(e));if(a<BigInt(1023))return!1;if(re(t,e-We,e)!==We)return!1;let n=t,s=BigInt(1);const o=BigInt(2),c=o<<BigInt(17);for(;s<c;){if(n=te(n*t,e),n===We)return!1;s++}i=ee(i);const u=ye(o<<a-We,o<<a);return r===re(t,(e-We)*u+i,e)}(e,i,a,n)}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const i=bi[T.read(T.publicKey,e)],{oid:a,Q:n}=t,{d:s}=r;return i.validateParams(a,n,s)}case T.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:a}=r;return ci(i,e,a)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:i}=t,{seed:a}=r;return ht(e,i,a)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:i}=t,{k:a}=r;return Cr(e,i,a)}case T.publicKey.hmac:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r;return Te(e.getValue())===n.length&&F.equalsUint8Array(i,await Ie(T.hash.sha256,a))}case T.publicKey.aead:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r,{keySize:s}=Ar(e.getValue());return s===n.length&&F.equalsUint8Array(i,await Ie(T.hash.sha256,a))}case T.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSeed:a}=r,{eccPublicKey:n,mlkemPublicKey:s}=t;return Ci(e,n,i,s,a)}case T.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:i,mldsaSeed:a}=r,{eccPublicKey:n,mldsaPublicKey:s}=t;return Li(e,n,i,s,a)}default:throw Error("Unknown public key algorithm.")}}function ja(e){const{keySize:t}=Ar(e);return le(t)}function qa(e){try{e.getName()}catch(e){throw new it("Unknown curve OID")}}function Ha(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.ecdh:case T.publicKey.eddsaLegacy:return new Gr(t).payloadSize;case T.publicKey.ed25519:case T.publicKey.ed448:return lt(e);case T.publicKey.x25519:case T.publicKey.x448:return Br(e);default:throw Error("Unknown elliptic algo")}}async function Ga(e,t,r,i,a,n,s){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:a}=i;return Oe(t,n,F.leftPad(r.s,e.length),e,a,s)}case T.publicKey.dsa:{const{g:e,p:t,q:a,y:n}=i,{r:o,s:c}=r;return async function(e,t,r,i,a,n,s,o){if(t=ee(t),r=ee(r),n=ee(n),s=ee(s),a=ee(a),o=ee(o),t<=ki||t>=s||r<=ki||r>=s)return F.printDebug("invalid DSA Signature"),!1;const c=te(ee(i.subarray(0,ce(s))),s),u=ae(r,s);if(u===ki)return F.printDebug("invalid DSA Signature"),!1;a=te(a,n),o=te(o,n);const h=te(c*u,s),l=te(t*u,s);return te(te(re(a,h,n)*re(o,l,n),n),s)===t}(0,o,c,s,e,t,a,n)}case T.publicKey.ecdsa:{const{oid:e,Q:a}=i,o=new Gr(e).payloadSize;return ii(e,t,{r:F.leftPad(r.r,o),s:F.leftPad(r.s,o)},n,a,s)}case T.publicKey.eddsaLegacy:{if(Te(t)<Te(T.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=i,n=new Gr(e).payloadSize;return oi(e,0,{r:F.leftPad(r.r,n),s:F.leftPad(r.s,n)},0,a,s)}case T.publicKey.ed25519:case T.publicKey.ed448:{if(Te(t)<Te(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=i;return ut(e,0,r,0,a,s)}case T.publicKey.hmac:{if(!a)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=i,{keyMaterial:t}=a;return async function(e,t,r,i){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const a=T.read(T.webHash,e),n=Ai||Ei.webcrypto.subtle,s=await n.importKey("raw",t,{name:"HMAC",hash:{name:a}},!1,["verify"]);return n.verify("HMAC",s,r,i)}(e.getValue(),t,r.mac.data,s)}case T.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a,mldsaPublicKey:n}=i;return Mi(e,0,a,n,s,r)}default:throw Error("Unknown signature algorithm.")}}async function Va(e,t,r,i,a,n){if(!r||!i)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await ze(t,a,e,s,o,c,u,h,n)}}case T.publicKey.dsa:{const{g:e,p:t,q:a}=r,{x:s}=i;return async function(e,t,r,i,a,n){const s=BigInt(0);let o,c,u,h;i=ee(i),a=ee(a),r=ee(r),n=ee(n),r=te(r,i),n=te(n,a);const l=te(ee(t.subarray(0,ce(a))),a);for(;;){if(o=ye(vi,a),c=te(re(r,o,i),a),c===s)continue;const e=te(n*c,a);if(h=te(l+e,a),u=te(ae(o,a)*h,a),u!==s)break}return{r:ue(c,"be",ce(i)),s:ue(u,"be",ce(i))}}(0,n,e,t,a,s)}case T.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case T.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return ri(e,t,a,s,o,n)}case T.publicKey.eddsaLegacy:{if(Te(t)<Te(T.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=r,{seed:s}=i;return si(e,0,0,a,s,n)}case T.publicKey.ed25519:case T.publicKey.ed448:{if(Te(t)<Te(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=r,{seed:s}=i;return ct(e,0,0,a,s,n)}case T.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=i,a=await async function(e,t,r){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const i=T.read(T.webHash,e),a=Ai||Ei.webcrypto.subtle,n=await a.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["sign"]),s=await a.sign("HMAC",n,r);return new Uint8Array(s)}(e.getValue(),t,n);return{mac:new Ni(a)}}case T.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a}=r,{eccSecretKey:s,mldsaSecretKey:o}=i;return Bi(e,0,s,a,o,n)}default:throw Error("Unknown signature algorithm.")}}Ba.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},Ba.blockLength=16,Ba.ivLength=12,Ba.tagLength=Ia;class Wa extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wa),this.name="Argon2OutOfMemoryError"}}let $a,Qa,Xa=2<<19;class Ya{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return Xa}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){Xa=e}static reloadWasmModule(){$a&&(Qa=$a(),Qa.catch((()=>{})))}constructor(e=B){const{passes:t,parallelism:r,memoryExponent:i}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=i}generateSalt(){this.salt=le(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([T.write(T.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return F.concatUint8Array(e)}async produceKey(e,t){const r=2<<this.encodedM-1;try{$a=$a||(await import("./argon2id.min.mjs")).default,Qa=Qa||$a();const i=await Qa,a=i({version:19,type:2,password:F.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:r,parallelism:this.p,passes:this.t});return r>Ya.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&Ya.reloadWasmModule(),a}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new Wa("Could not allocate required memory for Argon2"):e}}}class Za{constructor(e,t=B){this.algorithm=T.hash.sha256,this.type=T.read(T.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=le(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==F.uint8ArrayToString(e.subarray(t,t+3)))throw new it("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new it("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new it("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...F.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([T.write(T.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return F.concatUint8Array(e)}async produceKey(e,t){e=F.encodeUTF8(e);const r=[];let i=0,a=0;for(;i<t;){let t;switch(this.type){case"simple":t=F.concatUint8Array([new Uint8Array(a),e]);break;case"salted":t=F.concatUint8Array([new Uint8Array(a),this.salt,e]);break;case"iterated":{const r=F.concatUint8Array([this.salt,e]);let i=r.length;const n=Math.max(this.getCount(),i);t=new Uint8Array(a+n),t.set(r,a);for(let e=a+i;e<n;e+=i,i*=2)t.copyWithin(e,a,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const n=await Ie(this.algorithm,t);r.push(n),i+=n.length,a++}return F.concatUint8Array(r).subarray(0,t)}}const Ja=new Set([T.s2k.argon2,T.s2k.iterated]);function en(e,t=B){switch(e){case T.s2k.argon2:return new Ya(t);case T.s2k.iterated:case T.s2k.gnu:case T.s2k.salted:case T.s2k.simple:return new Za(e,t);default:throw new it("Unsupported S2K type")}}function tn(e){const{s2kType:t}=e;if(!Ja.has(t))throw Error("The provided `config.s2kType` value is not allowed");return en(t,e)}var rn=Uint8Array,an=Uint16Array,nn=Int32Array,sn=new rn([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),on=new rn([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),cn=new rn([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),un=function(e,t){for(var r=new an(31),i=0;i<31;++i)r[i]=t+=1<<e[i-1];var a=new nn(r[30]);for(i=1;i<30;++i)for(var n=r[i];n<r[i+1];++n)a[n]=n-r[i]<<5|i;return{b:r,r:a}},hn=un(sn,2),ln=hn.b,yn=hn.r;ln[28]=258,yn[258]=28;for(var pn=un(on,0),dn=pn.b,gn=pn.r,mn=new an(32768),fn=0;fn<32768;++fn){var wn=(43690&fn)>>1|(21845&fn)<<1;wn=(61680&(wn=(52428&wn)>>2|(13107&wn)<<2))>>4|(3855&wn)<<4,mn[fn]=((65280&wn)>>8|(255&wn)<<8)>>1}var bn=function(e,t,r){for(var i=e.length,a=0,n=new an(t);a<i;++a)e[a]&&++n[e[a]-1];var s,o=new an(t);for(a=1;a<t;++a)o[a]=o[a-1]+n[a-1]<<1;if(r){s=new an(1<<t);var c=15-t;for(a=0;a<i;++a)if(e[a])for(var u=a<<4|e[a],h=t-e[a],l=o[e[a]-1]++<<h,y=l|(1<<h)-1;l<=y;++l)s[mn[l]>>c]=u}else for(s=new an(i),a=0;a<i;++a)e[a]&&(s[a]=mn[o[e[a]-1]++]>>15-e[a]);return s},kn=new rn(288);for(fn=0;fn<144;++fn)kn[fn]=8;for(fn=144;fn<256;++fn)kn[fn]=9;for(fn=256;fn<280;++fn)kn[fn]=7;for(fn=280;fn<288;++fn)kn[fn]=8;var vn=new rn(32);for(fn=0;fn<32;++fn)vn[fn]=5;var Kn=/*#__PURE__*/bn(kn,9,0),An=/*#__PURE__*/bn(kn,9,1),En=/*#__PURE__*/bn(vn,5,0),Sn=/*#__PURE__*/bn(vn,5,1),Pn=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},Un=function(e,t,r){var i=t/8|0;return(e[i]|e[i+1]<<8)>>(7&t)&r},Dn=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},xn=function(e){return(e+7)/8|0},Cn=function(e,t,r){return(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length),new rn(e.subarray(t,r))},In=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Tn=function(e,t,r){var i=Error(t||In[e]);if(i.code=e,Error.captureStackTrace&&Error.captureStackTrace(i,Tn),!r)throw i;return i},Bn=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8},Mn=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8,e[i+2]|=r>>16},Fn=function(e,t){for(var r=[],i=0;i<e.length;++i)e[i]&&r.push({s:i,f:e[i]});var a=r.length,n=r.slice();if(!a)return{t:jn,l:0};if(1==a){var s=new rn(r[0].s+1);return s[r[0].s]=1,{t:s,l:1}}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=a-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var y=n[0].s;for(i=1;i<a;++i)n[i].s>y&&(y=n[i].s);var p=new an(y+1),d=Ln(r[h-1],p,0);if(d>t){i=0;var g=0,m=d-t,f=1<<m;for(n.sort((function(e,t){return p[t.s]-p[e.s]||e.f-t.f}));i<a;++i){var w=n[i].s;if(!(p[w]>t))break;g+=f-(1<<d-p[w]),p[w]=t}for(g>>=m;g>0;){var b=n[i].s;p[b]<t?g-=1<<t-p[b]++-1:++i}for(;i>=0&&g;--i){var k=n[i].s;p[k]==t&&(--p[k],++g)}d=t}return{t:new rn(p),l:d}},Ln=function(e,t,r){return-1==e.s?Math.max(Ln(e.l,t,r+1),Ln(e.r,t,r+1)):t[e.s]=r},_n=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new an(++t),i=0,a=e[0],n=1,s=function(e){r[i++]=e},o=1;o<=t;++o)if(e[o]==a&&o!=t)++n;else{if(!a&&n>2){for(;n>138;n-=138)s(32754);n>2&&(s(n>10?n-11<<5|28690:n-3<<5|12305),n=0)}else if(n>3){for(s(a),--n;n>6;n-=6)s(8304);n>2&&(s(n-3<<5|8208),n=0)}for(;n--;)s(a);n=1,a=e[o]}return{c:r.subarray(0,i),n:t}},Nn=function(e,t){for(var r=0,i=0;i<t.length;++i)r+=e[i]*t[i];return r},Rn=function(e,t,r){var i=r.length,a=xn(t+2);e[a]=255&i,e[a+1]=i>>8,e[a+2]=255^e[a],e[a+3]=255^e[a+1];for(var n=0;n<i;++n)e[a+n+4]=r[n];return 8*(a+4+i)},zn=function(e,t,r,i,a,n,s,o,c,u,h){Bn(t,h++,r),++a[256];for(var l=Fn(a,15),y=l.t,p=l.l,d=Fn(n,15),g=d.t,m=d.l,f=_n(y),w=f.c,b=f.n,k=_n(g),v=k.c,K=k.n,A=new an(19),E=0;E<w.length;++E)++A[31&w[E]];for(E=0;E<v.length;++E)++A[31&v[E]];for(var S=Fn(A,7),P=S.t,U=S.l,D=19;D>4&&!P[cn[D-1]];--D);var x,C,I,T,B=u+5<<3,M=Nn(a,kn)+Nn(n,vn)+s,F=Nn(a,y)+Nn(n,g)+s+14+3*D+Nn(A,P)+2*A[16]+3*A[17]+7*A[18];if(c>=0&&B<=M&&B<=F)return Rn(t,h,e.subarray(c,c+u));if(Bn(t,h,1+(F<M)),h+=2,F<M){x=bn(y,p,0),C=y,I=bn(g,m,0),T=g;var L=bn(P,U,0);Bn(t,h,b-257),Bn(t,h+5,K-1),Bn(t,h+10,D-4),h+=14;for(E=0;E<D;++E)Bn(t,h+3*E,P[cn[E]]);h+=3*D;for(var _=[w,v],N=0;N<2;++N){var R=_[N];for(E=0;E<R.length;++E){var z=31&R[E];Bn(t,h,L[z]),h+=P[z],z>15&&(Bn(t,h,R[E]>>5&127),h+=R[E]>>12)}}}else x=Kn,C=kn,I=En,T=vn;for(E=0;E<o;++E){var O=i[E];if(O>255){Mn(t,h,x[(z=O>>18&31)+257]),h+=C[z+257],z>7&&(Bn(t,h,O>>23&31),h+=sn[z]);var j=31&O;Mn(t,h,I[j]),h+=T[j],j>3&&(Mn(t,h,O>>5&8191),h+=on[j])}else Mn(t,h,x[O]),h+=C[O]}return Mn(t,h,x[256]),h+C[256]},On=/*#__PURE__*/new nn([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),jn=/*#__PURE__*/new rn(0),qn=function(){var e=1,t=0;return{p:function(r){for(var i=e,a=t,n=0|r.length,s=0;s!=n;){for(var o=Math.min(s+2655,n);s<o;++s)a+=i+=r[s];i=(65535&i)+15*(i>>16),a=(65535&a)+15*(a>>16)}e=i,t=a},d:function(){return(255&(e%=65521))<<24|(65280&e)<<8|(255&(t%=65521))<<8|t>>8}}},Hn=function(e,t,r,i,a){if(!a&&(a={l:1},t.dictionary)){var n=t.dictionary.subarray(-32768),s=new rn(n.length+e.length);s.set(n),s.set(e,n.length),e=s,a.w=n.length}return function(e,t,r,i,a,n){var s=n.z||e.length,o=new rn(i+s+5*(1+Math.ceil(s/7e3))+a),c=o.subarray(i,o.length-a),u=n.l,h=7&(n.r||0);if(t){h&&(c[0]=n.r>>3);for(var l=On[t-1],y=l>>13,p=8191&l,d=(1<<r)-1,g=n.p||new an(32768),m=n.h||new an(d+1),f=Math.ceil(r/3),w=2*f,b=function(t){return(e[t]^e[t+1]<<f^e[t+2]<<w)&d},k=new nn(25e3),v=new an(288),K=new an(32),A=0,E=0,S=n.i||0,P=0,U=n.w||0,D=0;S+2<s;++S){var x=b(S),C=32767&S,I=m[x];if(g[C]=I,m[x]=C,U<=S){var T=s-S;if((A>7e3||P>24576)&&(T>423||!u)){h=zn(e,c,0,k,v,K,E,P,D,S-D,h),P=A=E=0,D=S;for(var B=0;B<286;++B)v[B]=0;for(B=0;B<30;++B)K[B]=0}var M=2,F=0,L=p,_=C-I&32767;if(T>2&&x==b(S-_))for(var N=Math.min(y,T)-1,R=Math.min(32767,S),z=Math.min(258,T);_<=R&&--L&&C!=I;){if(e[S+M]==e[S+M-_]){for(var O=0;O<z&&e[S+O]==e[S+O-_];++O);if(O>M){if(M=O,F=_,O>N)break;var j=Math.min(_,O-2),q=0;for(B=0;B<j;++B){var H=S-_+B&32767,G=H-g[H]&32767;G>q&&(q=G,I=H)}}}_+=(C=I)-(I=g[C])&32767}if(F){k[P++]=268435456|yn[M]<<18|gn[F];var V=31&yn[M],W=31&gn[F];E+=sn[V]+on[W],++v[257+V],++K[W],U=S+M,++A}else k[P++]=e[S],++v[e[S]]}}for(S=Math.max(S,U);S<s;++S)k[P++]=e[S],++v[e[S]];h=zn(e,c,u,k,v,K,E,P,D,S-D,h),u||(n.r=7&h|c[h/8|0]<<3,h-=7,n.h=m,n.p=g,n.i=S,n.w=U)}else{for(S=n.w||0;S<s+u;S+=65535){var $=S+65535;$>=s&&(c[h/8|0]=u,$=s),h=Rn(c,h+1,e.subarray(S,$))}n.i=s}return Cn(o,0,i+xn(h)+a)}(e,null==t.level?6:t.level,null==t.mem?a.l?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):20:12+t.mem,r,i,a)},Gn=function(e,t,r){for(;r;++t)e[t]=r,r>>>=8},Vn=/*#__PURE__*/function(){function e(e,t){if("function"==typeof e&&(t=e,e={}),this.ondata=t,this.o=e||{},this.s={l:0,i:32768,w:32768,z:32768},this.b=new rn(98304),this.o.dictionary){var r=this.o.dictionary.subarray(-32768);this.b.set(r,32768-r.length),this.s.i=32768-r.length}}return e.prototype.p=function(e,t){this.ondata(Hn(e,this.o,0,0,this.s),t)},e.prototype.push=function(e,t){this.ondata||Tn(5),this.s.l&&Tn(4);var r=e.length+this.s.z;if(r>this.b.length){if(r>2*this.b.length-32768){var i=new rn(-32768&r);i.set(this.b.subarray(0,this.s.z)),this.b=i}var a=this.b.length-this.s.z;this.b.set(e.subarray(0,a),this.s.z),this.s.z=this.b.length,this.p(this.b,!1),this.b.set(this.b.subarray(-32768)),this.b.set(e.subarray(a),32768),this.s.z=e.length-a+32768,this.s.i=32766,this.s.w=32768}else this.b.set(e,this.s.z),this.s.z+=e.length;this.s.l=1&t,(this.s.z>this.s.w+8191||t)&&(this.p(this.b,t||!1),this.s.w=this.s.i,this.s.i-=2)},e.prototype.flush=function(){this.ondata||Tn(5),this.s.l&&Tn(4),this.p(this.b,!1),this.s.w=this.s.i,this.s.i-=2},e}(),Wn=/*#__PURE__*/function(){function e(e,t){"function"==typeof e&&(t=e,e={}),this.ondata=t;var r=e&&e.dictionary&&e.dictionary.subarray(-32768);this.s={i:0,b:r?r.length:0},this.o=new rn(32768),this.p=new rn(0),r&&this.o.set(r)}return e.prototype.e=function(e){if(this.ondata||Tn(5),this.d&&Tn(4),this.p.length){if(e.length){var t=new rn(this.p.length+e.length);t.set(this.p),t.set(e,this.p.length),this.p=t}}else this.p=e},e.prototype.c=function(e){this.s.i=+(this.d=e||!1);var t=this.s.b,r=function(e,t,r,i){var a=e.length;if(!a||t.f&&!t.l)return r||new rn(0);var n=!r,s=n||2!=t.i,o=t.i;n&&(r=new rn(3*a));var c=function(e){var t=r.length;if(e>t){var i=new rn(Math.max(2*t,e));i.set(r),r=i}},u=t.f||0,h=t.p||0,l=t.b||0,y=t.l,p=t.d,d=t.m,g=t.n,m=8*a;do{if(!y){u=Un(e,h,1);var f=Un(e,h+1,3);if(h+=3,!f){var w=e[(x=xn(h)+4)-4]|e[x-3]<<8,b=x+w;if(b>a){o&&Tn(0);break}s&&c(l+w),r.set(e.subarray(x,b),l),t.b=l+=w,t.p=h=8*b,t.f=u;continue}if(1==f)y=An,p=Sn,d=9,g=5;else if(2==f){var k=Un(e,h,31)+257,v=Un(e,h+10,15)+4,K=k+Un(e,h+5,31)+1;h+=14;for(var A=new rn(K),E=new rn(19),S=0;S<v;++S)E[cn[S]]=Un(e,h+3*S,7);h+=3*v;var P=Pn(E),U=(1<<P)-1,D=bn(E,P,1);for(S=0;S<K;){var x,C=D[Un(e,h,U)];if(h+=15&C,(x=C>>4)<16)A[S++]=x;else{var I=0,T=0;for(16==x?(T=3+Un(e,h,3),h+=2,I=A[S-1]):17==x?(T=3+Un(e,h,7),h+=3):18==x&&(T=11+Un(e,h,127),h+=7);T--;)A[S++]=I}}var B=A.subarray(0,k),M=A.subarray(k);d=Pn(B),g=Pn(M),y=bn(B,d,1),p=bn(M,g,1)}else Tn(1);if(h>m){o&&Tn(0);break}}s&&c(l+131072);for(var F=(1<<d)-1,L=(1<<g)-1,_=h;;_=h){var N=(I=y[Dn(e,h)&F])>>4;if((h+=15&I)>m){o&&Tn(0);break}if(I||Tn(2),N<256)r[l++]=N;else{if(256==N){_=h,y=null;break}var R=N-254;if(N>264){var z=sn[S=N-257];R=Un(e,h,(1<<z)-1)+ln[S],h+=z}var O=p[Dn(e,h)&L],j=O>>4;if(O||Tn(3),h+=15&O,M=dn[j],j>3&&(z=on[j],M+=Dn(e,h)&(1<<z)-1,h+=z),h>m){o&&Tn(0);break}s&&c(l+131072);var q=l+R;if(l<M){var H=0-M,G=Math.min(M,q);for(H+l<0&&Tn(3);l<G;++l)r[l]=i[H+l]}for(;l<q;++l)r[l]=r[l-M]}}t.l=y,t.p=_,t.b=l,t.f=u,y&&(u=1,t.m=d,t.d=p,t.n=g)}while(!u);return l!=r.length&&n?Cn(r,0,l):r.subarray(0,l)}(this.p,this.s,this.o);this.ondata(Cn(r,t,this.s.b),this.d),this.o=Cn(r,this.s.b-32768),this.s.b=this.o.length,this.p=Cn(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),$n=/*#__PURE__*/function(){function e(e,t){this.c=qn(),this.v=1,Vn.call(this,e,t)}return e.prototype.push=function(e,t){this.c.p(e),Vn.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){var r=Hn(e,this.o,this.v&&(this.o.dictionary?6:2),t&&4,this.s);this.v&&(function(e,t){var r=t.level,i=0==r?0:r<6?1:9==r?3:2;if(e[0]=120,e[1]=i<<6|(t.dictionary&&32),e[1]|=31-(e[0]<<8|e[1])%31,t.dictionary){var a=qn();a.p(t.dictionary),Gn(e,2,a.d())}}(r,this.o),this.v=0),t&&Gn(r,r.length-4,this.c.d()),this.ondata(r,t)},e.prototype.flush=function(){Vn.prototype.flush.call(this)},e}(),Qn=/*#__PURE__*/function(){function e(e,t){Wn.call(this,e,t),this.v=e&&e.dictionary?2:1}return e.prototype.push=function(e,t){if(Wn.prototype.e.call(this,e),this.v){if(this.p.length<6&&!t)return;this.p=this.p.subarray((r=this.p,i=this.v-1,(8!=(15&r[0])||r[0]>>4>7||(r[0]<<8|r[1])%31)&&Tn(6,"invalid zlib data"),(r[1]>>5&1)==+!i&&Tn(6,"invalid zlib data: "+(32&r[1]?"need":"unexpected")+" dictionary"),2+(r[1]>>3&4))),this.v=0}var r,i;t&&(this.p.length<4&&Tn(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),Wn.prototype.c.call(this,t)},e}(),Xn="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Xn.decode(jn,{stream:!0})}catch(e){}class Yn{static get tag(){return T.packet.literalData}constructor(e=new Date){this.format=T.literal.utf8,this.date=F.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=T.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||F.isStream(this.text))&&(this.text=F.decodeUTF8(F.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=F.canonicalizeEOL(F.encodeUTF8(this.text))),e?A(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await v(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=F.decodeUTF8(await e.readBytes(r)),this.date=F.readDate(await e.readBytes(4));let i=e.remainder();n(i)&&(i=await P(i)),this.setBytes(i,t)}))}writeHeader(){const e=F.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=F.writeDate(this.date);return F.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return F.concat([e,t])}}class Zn{constructor(){this.bytes=""}read(e){return this.bytes=F.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return F.stringToUint8Array(this.bytes)}toHex(){return F.uint8ArrayToHex(F.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new Zn;return t.read(F.hexToUint8Array(e)),t}static wildcard(){const e=new Zn;return e.read(new Uint8Array(8)),e}}const Jn=Symbol("verified"),es="salt@notations.openpgpjs.org",ts=new Set([T.signatureSubpacket.issuerKeyID,T.signatureSubpacket.issuerFingerprint,T.signatureSubpacket.embeddedSignature]);class rs{static get tag(){return T.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new Zn,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[Jn]=null}read(e,t=B){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const i=e.subarray(r,e.length),{read:a,signatureParams:n}=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case T.publicKey.dsa:case T.publicKey.ecdsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.eddsaLegacy:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const i=2*lt(e),a=F.readExactSubarray(t,r,r+i);return r+=a.length,{read:r,signatureParams:{RS:a}}}case T.publicKey.hmac:{const e=new Ni;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case T.publicKey.pqc_mldsa_ed25519:{const e=2*lt(T.publicKey.ed25519),i=F.readExactSubarray(t,r,r+e);r+=i.length;const a=F.readExactSubarray(t,r,r+3309);return r+=a.length,{read:r,signatureParams:{eccSignature:i,mldsaSignature:a}}}default:throw new it("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,i);if(a<i.length)throw Error("Error reading MPIs");this.params=n}writeParams(){return this.params instanceof Promise?D((async()=>Na(this.publicKeyAlgorithm,await this.params))):Na(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),F.concat(e)}async sign(e,t,r=new Date,i=!1,a){this.version=e.version,this.created=F.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const n=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=as(this.hashAlgorithm);if(null===this.salt)this.salt=le(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(a.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===es)).length)throw Error("Unexpected existing salt notation");{const e=le(as(this.hashAlgorithm));this.rawNotations.push({name:es,value:e,humanReadable:!1,critical:!1})}}n.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=F.concat(n);const s=this.toHash(this.signatureType,t,i),o=await this.hash(this.signatureType,t,s,i);this.signedHashValue=S(K(o),0,2);const c=async()=>Va(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,s,await P(o));F.isStream(o)?this.params=c():(this.params=await c(),this[Jn]=!0)}writeHashedSubPackets(){const e=T.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(is(e.signatureCreationTime,!0,F.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(is(e.signatureExpirationTime,!0,F.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(is(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(is(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(is(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(is(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(is(e.keyExpirationTime,!0,F.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(is(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=F.concat([r,this.revocationKeyFingerprint]),t.push(is(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(is(e.issuerKeyID,!1,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:a,humanReadable:n,critical:s})=>{r=[new Uint8Array([n?128:0,0,0,0])];const o=F.encodeUTF8(i);r.push(F.writeNumber(o.length,2)),r.push(F.writeNumber(a.length,2)),r.push(o),r.push(a),r=F.concat(r),t.push(is(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(is(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(is(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyServerPreferences)),t.push(is(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(is(e.preferredKeyServer,!1,F.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(is(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(is(e.policyURI,!1,F.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyFlags)),t.push(is(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(is(e.signersUserID,!1,F.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=F.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(is(e.reasonForRevocation,!0,r))),null!==this.features&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.features)),t.push(is(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(F.stringToUint8Array(this.signatureTargetHash)),r=F.concat(r),t.push(is(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(is(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=F.concat(r),t.push(is(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(is(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(is(e.preferredCipherSuites,!1,r)));const i=F.concat(t),a=F.writeNumber(i.length,6===this.version?4:2);return F.concat([a,i])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>is(e,t,r))),t=F.concat(e),r=F.writeNumber(t.length,6===this.version?4:2);return F.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),a=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)}),ts.has(a)))switch(a){case T.signatureSubpacket.signatureCreationTime:this.created=F.readDate(e.subarray(r,e.length));break;case T.signatureSubpacket.signatureExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case T.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case T.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case T.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case T.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case T.signatureSubpacket.keyExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case T.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case T.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case T.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const a=F.readNumber(e.subarray(r,r+2));r+=2;const n=F.readNumber(e.subarray(r,r+2));r+=2;const s=F.decodeUTF8(e.subarray(r,r+a)),o=e.subarray(r+a,r+a+n);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=F.decodeUTF8(o));break}case T.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case T.signatureSubpacket.policyURI:this.policyURI=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signersUserID:this.signersUserID=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Te(this.signatureTargetHashAlgorithm);this.signatureTargetHash=F.uint8ArrayToString(e.subarray(r,r+t));break}case T.signatureSubpacket.embeddedSignature:this.embeddedSignature=new rs,this.embeddedSignature.read(e.subarray(r,e.length));break;case T.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case T.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const i=6===this.version?4:2,a=F.readNumber(e.subarray(0,i));let n=i;for(;n<2+a;){const i=Xe(e.subarray(n,e.length));n+=i.offset,this.readSubPacket(e.subarray(n,n+i.len),t,r),n+=i.len}return n}toSign(e,t){const r=T.signature;switch(e){case r.binary:return null!==t.text?F.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return F.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const a=e.write();return F.concat([this.toSign(r.key,t),new Uint8Array([i]),F.writeNumber(a.length,4),a])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return F.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return b(K(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==T.signature.binary&&this.signatureType!==T.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(F.writeNumber(r,4)),F.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return F.concat([this.salt||new Uint8Array,i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){if(6===this.version&&this.salt.length!==as(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,i)),Ie(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,a=!1,n=B){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===T.signature.binary||t===T.signature.text;if(!(this[Jn]&&!s)){let i,n;if(this.hashed?n=await this.hashed:(i=this.toHash(t,r,a),n=await this.hash(t,r,i)),n=await P(n),this.signedHashValue[0]!==n[0]||this.signedHashValue[1]!==n[1])throw Error("Signed digest did not match");this.params=await this.params;const s=this.publicKeyAlgorithm===T.publicKey.hmac?e.privateParams:null;if(this[Jn]=await Ga(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,s,i,n),!this[Jn])throw Error("Signature verification failed")}const o=F.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(n.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(n.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[T.signature.binary,T.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&n.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=F.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function is(e,t,r){const i=[];return i.push(Ye(r.length+1)),i.push(new Uint8Array([(t?128:0)|e])),i.push(r),F.concat(i)}function as(e){switch(e){case T.hash.sha256:return 16;case T.hash.sha384:return 24;case T.hash.sha512:return 32;case T.hash.sha224:case T.hash.sha3_256:return 16;case T.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class ns{static get tag(){return T.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new ns;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new Zn,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new Zn,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),F.concatUint8Array(e)}calculateTrailer(...e){return D((async()=>rs.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==T.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!F.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!F.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function ss(e,t){if(!t[e]){let t;try{t=T.read(T.packet,e)}catch(t){throw new at("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}ns.prototype.hash=rs.prototype.hash,ns.prototype.toHash=rs.prototype.toHash,ns.prototype.toSign=rs.prototype.toSign;class os extends Array{static async fromBinary(e,t,r=B,i=null,a=!1){const n=new os;return await n.read(e,t,r,i,a),n}async read(e,t,r=B,i=null,a=!1){let n;r.additionalAllowedPackets.length&&(n=F.constructAllowedPackets(r.additionalAllowedPackets),t={...t,...n}),this.stream=k(e,(async(e,s)=>{const o=x(e),c=C(s);try{let s=F.isStream(e);for(;;){let e,u;if(await c.ready,await rt(o,s,(async s=>{try{if(s.tag===T.packet.marker||s.tag===T.packet.trust||s.tag===T.packet.padding)return;const e=ss(s.tag,t);try{i?.recordPacket(s.tag,n)}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}e.packets=new os,e.fromStream=F.isStream(s.packet),u=e.fromStream;try{await e.read(s.packet,r)}catch(t){if(!(t instanceof it))throw F.wrapError(new nt(`Parsing ${e.constructor.name} failed`),t);throw t}await c.write(e)}catch(t){const i=t instanceof at&&s.tag<=39,n=t instanceof it&&!(t instanceof at)&&!r.ignoreUnsupportedPackets,o=t instanceof nt&&!r.ignoreMalformedPackets,u=tt(s.tag);if(i||n||o||u||!(t instanceof at||t instanceof it||t instanceof nt))a?e=t:await c.abort(t);else{const e=new st(s.tag,s.packet);await c.write(e)}F.printDebugError(t)}})),u&&(s=null),e)throw await o.readToEnd(),e;const h=await o.peekBytes(2);if(!h||!h.length){try{i?.recordEnd()}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}return await c.ready,void await c.close()}}}catch(e){await c.abort(e)}}));const s=x(this.stream);for(;;){const{done:e,value:t}=await s.read();if(e?this.stream=null:this.push(t),e||tt(t.constructor.tag))break}s.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof st?this[t].tag:this[t].constructor.tag,i=this[t].write();if(F.isStream(i)&&tt(this[t].constructor.tag)){let t=[],a=0;const n=512;e.push(Je(r)),e.push(b(i,(e=>{if(t.push(e),a+=e.length,a>=n){const e=Math.min(Math.log(a)/Math.LN2|0,30),r=2**e,i=F.concat([Ze(e)].concat(t));return t=[i.subarray(1+r)],a=t[0].length,i.subarray(0,1+r)}}),(()=>F.concat([Ye(a)].concat(t)))))}else{if(F.isStream(i)){let t=0;e.push(b(K(i),(e=>{t+=e.length}),(()=>et(r,t))))}else e.push(et(r,i.length));e.push(i)}}return F.concat(e)}filterByTag(...e){const t=new os,r=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(r(this[i].constructor.tag))&&t.push(this[i]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let a=0;a<this.length;a++)e.some(i(r[a].constructor.tag))&&t.push(a);return t}}class cs extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,cs),this.name="GrammarError"}}var us;!function(e){e[e.EmptyMessage=0]="EmptyMessage",e[e.PlaintextOrEncryptedData=1]="PlaintextOrEncryptedData",e[e.EncryptedSessionKeys=2]="EncryptedSessionKeys",e[e.StandaloneAdditionalAllowedData=3]="StandaloneAdditionalAllowedData"}(us||(us={}));class hs{constructor(){this.state=us.EmptyMessage,this.leadingOnePassSignatureCounter=0}recordPacket(e,t){switch(this.state){case us.EmptyMessage:case us.StandaloneAdditionalAllowedData:switch(e){case T.packet.literalData:case T.packet.compressedData:case T.packet.aeadEncryptedData:case T.packet.symEncryptedIntegrityProtectedData:case T.packet.symmetricallyEncryptedData:return void(this.state=us.PlaintextOrEncryptedData);case T.packet.signature:if(this.state===us.StandaloneAdditionalAllowedData&&--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return;case T.packet.onePassSignature:if(this.state===us.StandaloneAdditionalAllowedData)throw new cs("OPS following StandaloneAdditionalAllowedData");return void this.leadingOnePassSignatureCounter++;case T.packet.publicKeyEncryptedSessionKey:case T.packet.symEncryptedSessionKey:return void(this.state=us.EncryptedSessionKeys);default:if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=us.StandaloneAdditionalAllowedData)}case us.PlaintextOrEncryptedData:if(e===T.packet.signature){if(--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return void(this.state=us.PlaintextOrEncryptedData)}if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=us.PlaintextOrEncryptedData);case us.EncryptedSessionKeys:switch(e){case T.packet.publicKeyEncryptedSessionKey:case T.packet.symEncryptedSessionKey:return void(this.state=us.EncryptedSessionKeys);case T.packet.symEncryptedIntegrityProtectedData:case T.packet.aeadEncryptedData:case T.packet.symmetricallyEncryptedData:return void(this.state=us.PlaintextOrEncryptedData);case T.packet.signature:if(--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return void(this.state=us.PlaintextOrEncryptedData);default:if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);this.state=us.EncryptedSessionKeys}}}recordEnd(){switch(this.state){case us.EmptyMessage:case us.PlaintextOrEncryptedData:case us.EncryptedSessionKeys:case us.StandaloneAdditionalAllowedData:if(this.leadingOnePassSignatureCounter>0)throw new cs("Missing trailing signature packets")}}}const ls=/*#__PURE__*/F.constructAllowedPackets([Yn,ns,rs]);class ys{static get tag(){return T.packet.compressedData}constructor(e=B){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=B){await v(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),F.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=B){const t=T.read(T.compression,this.algorithm),r=fs[t];if(!r)throw Error(t+" decompression not supported");this.packets=await os.fromBinary(await r(this.compressed),ls,e,new hs)}compress(){const e=T.read(T.compression,this.algorithm),t=ms[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function ps(e,t){return r=>{if(!F.isStream(r)||n(r))return D((()=>P(r).then((e=>new Promise(((r,i)=>{const a=new t;a.ondata=e=>{r(e)};try{a.push(e,!0)}catch(e){i(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const i=r.getReader(),a=new t;return new ReadableStream({async start(e){for(a.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await i.read();if(e)return void a.push(new Uint8Array,!0);t.length&&a.push(t)}}})}}function ds(){return async function(e){const{decode:t}=await import("./seek-bzip.min.mjs").then((function(e){return e.i}));return D((async()=>t(await P(e))))}}const gs=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),ms={zip:/*#__PURE__*/ps(gs("deflate-raw").compressor,Vn),zlib:/*#__PURE__*/ps(gs("deflate").compressor,$n)},fs={uncompressed:e=>e,zip:/*#__PURE__*/ps(gs("deflate-raw").decompressor,Wn),zlib:/*#__PURE__*/ps(gs("deflate").decompressor,Qn),bzip2:/*#__PURE__*/ds()},ws=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class bs{static get tag(){return T.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new bs;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new it(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):F.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=B){const{blockSize:i,keySize:a}=Ar(e);if(t.length!==a)throw Error("Unexpected session key size");let s=this.packets.write();if(n(s)&&(s=await P(s)),2===this.version)this.cipherAlgorithm=e,this.salt=le(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await ks(this,"encrypt",t,s);else{const r=await Qi(e),a=new Uint8Array([211,20]),n=F.concat([r,s,a]),o=await Ie(T.hash.sha1,A(n)),c=F.concat([n,o]);this.encrypted=await Xi(e,t,c,new Uint8Array(i))}return!0}async decrypt(e,t,r=B){if(t.length!==Ar(e).keySize)throw Error("Unexpected session key size");let i,a=K(this.encrypted);n(a)&&(a=await P(a));let s=!1;if(2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");i=await ks(this,"decrypt",t,a)}else{const{blockSize:n}=Ar(e),o=await Yi(e,t,a,new Uint8Array(n)),c=S(A(o),-20),u=S(o,0,-20),h=Promise.all([P(await Ie(T.hash.sha1,A(u))),P(c)]).then((([e,t])=>{if(!F.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),l=S(u,n+2);i=S(l,0,-2),i=g([i,D((()=>h))]),F.isStream(a)&&r.allowUnauthenticatedStream?s=!0:i=await P(i)}return this.packets=await os.fromBinary(i,ws,r,new hs,s),!0}}async function ks(e,t,r,i){const a=e instanceof bs&&2===e.version,n=!a&&e.constructor.tag===T.packet.aeadEncryptedData;if(!a&&!n)throw Error("Unexpected packet type");const s=Ma(e.aeadAlgorithm,n),o="decrypt"===t?s.tagLength:0,c="encrypt"===t?s.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=n?8:0,l=new ArrayBuffer(13+h),y=new Uint8Array(l,0,5+h),p=new Uint8Array(l),d=new DataView(l),g=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let f,w,b=0,v=Promise.resolve(),K=0,A=0;if(a){const{keySize:t}=Ar(e.cipherAlgorithm),{ivLength:i}=s,a=new Uint8Array(l,0,5),n=await Ur(T.hash.sha256,r,e.salt,a,t+i);r=n.subarray(0,t),f=n.subarray(t),f.fill(0,f.length-8),w=new DataView(f.buffer,f.byteOffset,f.byteLength)}else f=e.iv;const E=await s(e.cipherAlgorithm,r);return k(i,(async(r,i)=>{if("array"!==F.isStream(r)){const t=new TransformStream({},{highWaterMark:F.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});m(t.readable,i),i=t.writable}const n=x(r),s=C(i);try{for(;;){let e=await n.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let i,l,m;if(e=e.subarray(0,e.length-o),a)m=f;else{m=f.slice();for(let e=0;e<8;e++)m[f.length-8+e]^=g[e]}if(!b||e.length?(n.unshift(r),i=E[t](e,m,y),i.catch((()=>{})),A+=e.length-o+c):(d.setInt32(5+h+4,K),i=E[t](r,m,p),i.catch((()=>{})),A+=c,l=!0),K+=e.length-o,v=v.then((()=>i)).then((async e=>{await s.ready,await s.write(e),A-=e.length})).catch((e=>s.abort(e))),(l||A>s.desiredSize)&&await v,l){await s.close();break}a?w.setInt32(f.length-4,++b):d.setInt32(9,++b)}}catch(e){await s.ready.catch((()=>{})),await s.abort(e)}}))}const vs=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class Ks{static get tag(){return T.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=T.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{const t=await e.readByte();if(1!==t)throw new it(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=Ma(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=B){this.packets=await os.fromBinary(await ks(this,"decrypt",t,K(this.encrypted)),vs,r,new hs)}async encrypt(e,t,r=B){this.cipherAlgorithm=e;const{ivLength:i}=Ma(this.aeadAlgorithm,!0);this.iv=le(i),this.chunkSizeByte=r.aeadChunkSizeByte;const a=this.packets.write();this.encrypted=await ks(this,"encrypt",t,a)}}const As=new Set([T.publicKey.x25519,T.publicKey.x448,T.publicKey.pqc_mlkem_x25519]);class Es{static get tag(){return T.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new Zn,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:i,sessionKeyAlgorithm:a}){const n=new Es;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return n.version=e,6===e&&(n.publicKeyVersion=r?null:t.version,n.publicKeyFingerprint=r?null:t.getFingerprintBytes()),n.publicKeyID=r?Zn.wildcard():t.getKeyID(),n.publicKeyAlgorithm=t.algorithm,n.sessionKey=i,n.sessionKeyAlgorithm=a,n}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const i=r-1;this.publicKeyFingerprint=e.subarray(t,t+i),t+=i,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=Zn.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:return{c:F.readMPI(t.subarray(r))};case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:F.readMPI(t.subarray(r))}}case T.publicKey.ecdh:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=new _i;return i.read(t.subarray(r)),{V:e,C:i}}case T.publicKey.x25519:case T.publicKey.x448:{const i=Ha(e),a=F.readExactSubarray(t,r,r+i);r+=a.length;const n=new Hi;return n.read(t.subarray(r)),{ephemeralPublicKey:a,C:n}}case T.publicKey.aead:{const e=new Oi;r+=e.read(t.subarray(r));const{ivLength:i}=Ma(e.getValue()),a=t.subarray(r,r+i);r+=i;const n=new Ni;return r+=n.read(t.subarray(r)),{aeadMode:e,iv:a,c:n}}case T.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1088);r+=i.length;const a=new Hi;return a.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:i,C:a}}default:throw new it("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),As.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=T.write(T.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),Na(this.publicKeyAlgorithm,this.encrypted)),F.concatUint8Array(e)}async encrypt(e){const t=T.write(T.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=Ss(this.version,t,r,this.sessionKey),n=t===T.publicKey.aead?e.privateParams:null;this.encrypted=await Fa(t,r,e.publicParams,n,a,i)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ss(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=await La(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,i,r),{sessionKey:n,sessionKeyAlgorithm:s}=function(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.aead:{const t=r.subarray(0,r.length-2),a=r.subarray(r.length-2),n=F.writeChecksum(t.subarray(t.length%8)),s=n[0]===a[0]&n[1]===a[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(i){const t=s&o.sessionKeyAlgorithm===i.sessionKeyAlgorithm&o.sessionKey.length===i.sessionKey.length;return{sessionKey:F.selectUint8Array(t,o.sessionKey,i.sessionKey),sessionKeyAlgorithm:6===e?null:F.selectUint8(t,o.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(s&&(6===e||T.read(T.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,a,t);if(3===this.version){const e=!As.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?s:this.sessionKeyAlgorithm,n.length!==Ar(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=n}}function Ss(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.aead:return F.concatUint8Array([new Uint8Array(6===e?[]:[r]),i,F.writeChecksum(i.subarray(i.length%8))]);case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return i;default:throw Error("Unsupported public key algorithm")}}class Ps{static get tag(){return T.packet.symEncryptedSessionKey}constructor(e=B){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=T.write(T.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const i=e[t++];if(this.s2k=en(i),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=Ma(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const i=r.length,a=3+i+this.iv.length;t=F.concatUint8Array([new Uint8Array([this.version,a,e,this.aeadAlgorithm,i]),r,this.iv,this.encrypted])}else 5===this.version?t=F.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=F.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=F.concatUint8Array([t,this.encrypted])));return t}async decrypt(e){const t=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:r,keySize:i}=Ar(t),a=await this.s2k.produceKey(e,i);if(this.version>=5){const e=Ma(this.aeadAlgorithm,!0),r=new Uint8Array([192|Ps.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await Ur(T.hash.sha256,a,new Uint8Array,r,i):a,s=await e(t,n);this.sessionKey=await s.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await Yi(t,a,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=T.write(T.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==Ar(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=a}async encrypt(e,t=B){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=tn(t),this.s2k.generateSalt();const{blockSize:i,keySize:a}=Ar(r),n=await this.s2k.produceKey(e,a);if(null===this.sessionKey&&(this.sessionKey=ja(this.sessionKeyAlgorithm)),this.version>=5){const e=Ma(this.aeadAlgorithm);this.iv=le(e.ivLength);const t=new Uint8Array([192|Ps.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await Ur(T.hash.sha256,n,new Uint8Array,t,a):n,s=await e(r,i);this.encrypted=await s.encrypt(this.sessionKey,this.iv,t)}else{const e=F.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await Xi(r,n,e,new Uint8Array(i))}}}class Us{static get tag(){return T.packet.publicKey}constructor(e=new Date,t=B){this.version=t.v6Keys?6:4,this.created=F.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Us,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}async read(e,t=B){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=F.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:i}=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case T.publicKey.dsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));r+=a.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,q:i,g:a,y:n}}}case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,g:i,y:a}}}case T.publicKey.ecdsa:{const e=new Qe;r+=e.read(t),qa(e);const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.eddsaLegacy:{const e=new Qe;if(r+=e.read(t),qa(e),e.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let i=F.readMPI(t.subarray(r));return r+=i.length+2,i=F.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.ecdh:{const e=new Qe;r+=e.read(t),qa(e);const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=new Ri;return r+=a.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:a}}}case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.x25519:case T.publicKey.x448:{const i=F.readExactSubarray(t,r,r+Ha(e));return r+=i.length,{read:r,publicParams:{A:i}}}case T.publicKey.hmac:case T.publicKey.aead:{const e=new ji;r+=e.read(t);const i=Te(T.hash.sha256),a=t.subarray(r,r+i);return r+=i,{read:r,publicParams:{cipher:e,digest:a}}}case T.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1184);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:i}}}case T.publicKey.pqc_mldsa_ed25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.ed25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1952);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:i}}}default:throw new it("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&i.oid&&(i.oid.getName()===T.curve.curve25519Legacy||i.oid.getName()===T.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&this.algorithm===T.publicKey.pqc_mldsa_ed25519)throw Error("Unexpected key version: ML-DSA algorithms can only be used with v6 keys");return this.publicParams=i,r+=t,await this.computeFingerprintAndKeyID(),r}throw new it(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(F.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=Na(this.algorithm,this.publicParams);return this.version>=5&&e.push(F.writeNumber(t.length,4)),e.push(t),F.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,i=e>=5?4:2;return F.concatUint8Array([new Uint8Array([r]),F.writeNumber(t.length,i),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new Zn,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await Ie(T.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await Ie(T.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return F.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&F.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=T.read(T.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=F.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}Us.prototype.readPublicKey=Us.prototype.read,Us.prototype.writePublicKey=Us.prototype.write;const Ds=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class xs{static get tag(){return T.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=B){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:i}=Ar(e),a=await P(K(this.encrypted)),n=await Yi(e,t,a.subarray(i+2),a.subarray(2,i+2));this.packets=await os.fromBinary(n,Ds,r)}async encrypt(e,t,r=B){const i=this.packets.write(),{blockSize:a}=Ar(e),n=await Qi(e),s=await Xi(e,t,n,new Uint8Array(a)),o=await Xi(e,t,i,s.subarray(2));this.encrypted=F.concat([s,o])}}class Cs{static get tag(){return T.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Is extends Us{static get tag(){return T.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Is,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}}class Ts{static get tag(){return T.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=Xe(e.subarray(t,e.length));t+=r.offset,this.attributes.push(F.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(Ye(this.attributes[t].length)),e.push(F.stringToUint8Array(this.attributes[t]));return F.concatUint8Array(e)}equals(e){return!!(e&&e instanceof Ts)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class Bs extends Us{static get tag(){return T.packet.secretKey}constructor(e=new Date,t=B){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=B){let r=await this.readPublicKey(e,t);const i=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=en(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+Ar(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+Ma(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(i),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!F.equalsUint8Array(F.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await _a(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof it)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return F.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=Na(this.algorithm,this.privateParams)),5===this.version&&t.push(F.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(F.writeChecksum(this.keyMaterial))),F.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=B){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=en(T.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=T.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=B){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=tn(t),this.s2k.generateSalt();const r=Na(this.algorithm,this.privateParams);this.symmetric=T.symmetric.aes256;const{blockSize:i}=Ar(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const a=Ma(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const n=Je(this.constructor.tag),s=await Ms(this.version,this.s2k,e,this.symmetric,this.aead,n,this.isLegacyAEAD),o=await a(this.symmetric,s);this.iv=this.isLegacyAEAD?le(i):le(a.ivLength);const c=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([n,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,a.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const t=await Ms(this.version,this.s2k,e,this.symmetric);this.iv=le(i),this.keyMaterial=await Xi(this.symmetric,t,F.concatUint8Array([r,await Ie(T.hash.sha1,r)]),this.iv)}}async decrypt(e){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let t;const r=Je(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let i;if(t=await Ms(this.version,this.s2k,e,this.symmetric,this.aead,r,this.isLegacyAEAD),253===this.s2kUsage){const e=Ma(this.aead,!0),a=await e(this.symmetric,t);try{const t=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([r,this.writePublicKey()]);i=await a.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),t)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await Yi(this.symmetric,t,this.keyMaterial,this.iv);i=e.subarray(0,-20);const r=await Ie(T.hash.sha1,i);if(!F.equalsUint8Array(r,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await _a(this.algorithm,i,this.publicParams);this.privateParams=e}catch(e){throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await Oa(this.algorithm,this.publicParams,this.privateParams)}catch(t){e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===T.publicKey.ecdh&&t===T.curve.curve25519Legacy||this.algorithm===T.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&this.algorithm===T.publicKey.pqc_mldsa_ed25519)throw Error(`Cannot generate v${this.version} signing keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:i,publicParams:a}=await Ra(this.algorithm,e,t,r);this.privateParams=i,this.publicParams=a,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ms(e,t,r,i,a,n,s){if("argon2"===t.type&&!a)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=Ar(i),c=await t.produceKey(r,o);if(!a||5===e||s)return c;const u=F.concatUint8Array([n,new Uint8Array([e,i,a])]);return Ur(T.hash.sha256,c,new Uint8Array,u,o)}class Fs{static get tag(){return T.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(F.isString(e)||e.name&&!F.isString(e.name)||e.email&&!F.isEmailAddress(e.email)||e.comment&&!F.isString(e.comment))throw Error("Invalid user ID format");const t=new Fs;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=B){const r=F.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const i=e=>/^[^\s@]+@[^\s@]+$/.test(e),a=r.indexOf("<"),n=r.lastIndexOf(">");if(-1!==a&&-1!==n&&n>a){const e=r.substring(a+1,n);if(i(e)){this.email=e;const t=r.substring(0,a).trim(),i=t.indexOf("("),n=t.lastIndexOf(")");-1!==i&&-1!==n&&n>i?(this.comment=t.substring(i+1,n).trim(),this.name=t.substring(0,i).trim()):(this.name=t,this.comment="")}}else i(r.trim())&&(this.email=r.trim(),this.name="",this.comment="");this.userID=r}write(){return F.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Ls extends Bs{static get tag(){return T.packet.secretSubkey}constructor(e=new Date,t=B){super(e,t)}}class _s{static get tag(){return T.packet.trust}read(){throw new it("Trust packets are not supported")}write(){throw new it("Trust packets are not supported")}}class Ns{static get tag(){return T.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await le(e)}}const Rs=/*#__PURE__*/F.constructAllowedPackets([rs]);class zs{constructor(e){this.packets=e||new os}write(){return this.packets.write()}armor(e=B){const t=this.packets.some((e=>e.constructor.tag===rs.tag&&6!==e.version));return Y(T.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Os({armoredSignature:e,binarySignature:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!F.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!F.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:e,data:t}=await X(a);if(e!==T.armor.signature)throw Error("Armored text not of type signature");a=t}const s=await os.fromBinary(a,Rs,r);return new zs(s)}async function js(e,t){const r=new Ls(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function qs(e,t){const r=new Bs(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Hs(e,t,r,i,a=new Date,n){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,a,void 0,n),s=e[c])}catch(e){o=e}if(!s)throw F.wrapError(`Could not find valid ${T.read(T.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Gs(e,t,r=new Date){const i=F.normalizeDate(r);if(null!==i){const r=Ys(e,t);return!(e.created<=i&&i<r)}return!1}async function Vs(e,t,r,i){const a={};a.key=t,a.bind=e;const n={signatureType:T.signature.subkeyBinding};r.sign?(n.keyFlags=[T.keyFlags.signData],n.embeddedSignature=await $s(a,[],e,{signatureType:T.signature.keyBinding},r.date,void 0,void 0,void 0,i)):n.keyFlags=r.forwarding?[T.keyFlags.forwardedCommunication]:[T.keyFlags.encryptCommunication|T.keyFlags.encryptStorage],r.keyExpirationTime>0&&(n.keyExpirationTime=r.keyExpirationTime,n.keyNeverExpires=!1);return await $s(a,[],t,n,r.date,void 0,void 0,void 0,i)}async function Ws(e,t,r=new Date,i=[],a){const n=T.hash.sha256,s=a.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,i[t],a)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=T.write(T.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===n,h=()=>{if(0===c.size)return n;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Te(e)-Te(t)))[0];return Te(e)>=Te(n)?e:n},l=new Set([T.publicKey.ecdsa,T.publicKey.eddsaLegacy,T.publicKey.ed25519,T.publicKey.ed448]),y=new Set([T.publicKey.pqc_mldsa_ed25519]);if(l.has(t.algorithm)){const e=function(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return Wr(t);case T.publicKey.ed25519:case T.publicKey.ed448:return yt(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(s),i=Te(s)>=Te(e);if(r&&i)return s;{const t=h();return Te(t)>=Te(e)?t:e}}if(y.has(t.algorithm)){if(u(s)&&Fi(t.algorithm,s))return s;{const e=h();return Fi(t.algorithm,e)?e:n}}return u(s)?s:h()}async function $s(e,t,r,i,a,n,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new rs;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Ws(t,r,a,n,c),u.rawNotations=[...s],await u.sign(r,e,a,o,c),u}async function Qs(e,t,r,i=new Date,a){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||a&&!await a(e)||t[r].some((function(t){return F.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Xs(e,t,r,i,a,n,s=new Date,o){n=n||e;const c=[];return await Promise.all(i.map((async function(e){try{if(!a||e.issuerKeyID.equals(a.issuerKeyID)){const i=![T.reasonForRevocation.keyRetired,T.reasonForRevocation.keySuperseded,T.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(n,t,r,i?null:s,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),a?(a.revoked=!!c.some((e=>e.equals(a.issuerKeyID)))||(a.revoked||!1),a.revoked):c.length>0}function Ys(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function Zs(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=T.publicKey.pqc_mldsa_ed25519:e.algorithm=T.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=T.write(T.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==T.curve.ed25519Legacy&&e.curve!==T.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?T.curve.ed25519Legacy:T.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===T.curve.ed25519Legacy?T.publicKey.eddsaLegacy:T.publicKey.ecdsa:e.algorithm=T.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?T.publicKey.ed25519:T.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?T.publicKey.ed448:T.publicKey.x448;break;case"rsa":e.algorithm=T.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=T.publicKey.hmac;try{e.symmetric=T.write(T.hash,e.symmetricHash)}catch(e){throw Error("Unknown hash algorithm")}}else{e.algorithm=T.publicKey.aead;try{e.symmetric=T.write(T.symmetric,e.symmetricCipher)}catch(e){throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function Js(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.hmac:case T.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData);default:return!1}}function eo(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.aead:case T.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage);default:return!1}}function to(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&T.keyFlags.forwardedCommunication));default:return!1}}function ro(e,t){const r=T.write(T.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.rsaEncrypt:if(i.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ecdh:if(t.rejectCurves.has(i.curve))throw Error(`Support for ${i.algorithm} keys using curve ${i.curve} is disabled.`)}}class io{constructor(e,t){this.userID=e.constructor.tag===T.packet.userID?e:null,this.userAttribute=e.constructor.tag===T.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new os;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new io(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i},n=new io(a.userID||a.userAttribute,this.mainKey);return n.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(i))throw Error("The user's own key can only be used for self-certifications");const n=await e.getSigningKey(void 0,t,void 0,r);return $s(a,[e],n.keyPacket,{signatureType:T.signature.certGeneric,keyFlags:[T.keyFlags.certifyKeys|T.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await n.update(this,t,r),n}async isRevoked(e,t,r=new Date,i=B){const a=this.mainKey.keyPacket;return Xs(a,T.signature.certRevocation,{key:a,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,i)}async verifyCertificate(e,t,r=new Date,i){const a=this,n=this.mainKey.keyPacket,s={userID:this.userID,userAttribute:this.userAttribute,key:n},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const n=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await a.isRevoked(e,n.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(n.keyPacket,T.signature.certGeneric,s,r,void 0,i)}catch(e){throw F.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,a=this.selfCertifications.concat(this.otherCertifications);return Promise.all(a.map((async a=>({keyID:a.issuerKeyID,valid:await i.verifyCertificate(a,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};let n;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const n=this.selfCertifications[s];if(n.revoked||await r.isRevoked(n,void 0,e,t))throw Error("Self-certification is revoked");try{await n.verify(i,T.signature.certGeneric,a,e,void 0,t)}catch(e){throw F.wrapError("Self-certification is invalid",e)}return!0}catch(e){n=e}throw n}async update(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};await Qs(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,T.signature.certGeneric,a,t,!1,r),!0}catch(e){return!1}})),await Qs(e,this,"otherCertifications",t),await Qs(e,this,"revocationSignatures",t,(function(e){return Xs(i,T.signature.certRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=B){const n={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new io(n.userID||n.userAttribute,this.mainKey);return s.revocationSignatures.push(await $s(n,[],e,{signatureType:T.signature.certRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}}class ao{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new os;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new ao(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=B){const a=this.mainKey.keyPacket;return Xs(a,T.signature.subkeyRevocation,{key:a,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=B){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},a=await Hs(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t);if(a.revoked||await this.isRevoked(a,null,e,t))throw Error("Subkey is revoked");if(Gs(this.keyPacket,a,e))throw Error("Subkey is expired");return a}async getExpirationTime(e=new Date,t=B){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let a;try{a=await Hs(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t)}catch(e){return null}const n=Ys(this.keyPacket,a),s=a.getExpirationTime();return n<s?n:s}async update(e,t=new Date,r=B){const i=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===T.packet.publicSubkey&&e.keyPacket.constructor.tag===T.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const a=this,n={key:i,bind:a.keyPacket};await Qs(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<a.bindingSignatures.length;t++)if(a.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>a.bindingSignatures[t].created&&(a.bindingSignatures[t]=e),!1;try{return await e.verify(i,T.signature.subkeyBinding,n,t,void 0,r),!0}catch(e){return!1}})),await Qs(e,this,"revocationSignatures",t,(function(e){return Xs(i,T.signature.subkeyRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=B){const n={key:e,bind:this.keyPacket},s=new ao(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await $s(n,[],e,{signatureType:T.signature.subkeyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{ao.prototype[e]=function(){return this.keyPacket[e]()}}));const no=/*#__PURE__*/F.constructAllowedPackets([rs]),so=new Set([T.packet.publicKey,T.packet.privateKey]),oo=new Set([T.packet.publicKey,T.packet.privateKey,T.packet.publicSubkey,T.packet.privateSubkey]);class co{packetListToStructure(e,t=new Set){let r,i,a,n;for(const s of e){if(s instanceof st){oo.has(s.tag)&&!n&&(n=so.has(s.tag)?so:oo);continue}const e=s.constructor.tag;if(n){if(!n.has(e))continue;n=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case T.packet.publicKey:case T.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case T.packet.userID:case T.packet.userAttribute:r=new io(s,this),this.users.push(r);break;case T.packet.publicSubkey:case T.packet.secretSubkey:r=null,a=new ao(s,this),this.subkeys.push(a);break;case T.packet.signature:switch(s.signatureType){case T.signature.certGeneric:case T.signature.certPersona:case T.signature.certCasual:case T.signature.certPositive:if(!r){F.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case T.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case T.signature.key:this.directSignatures.push(s);break;case T.signature.subkeyBinding:if(!a){F.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}a.bindingSignatures.push(s);break;case T.signature.keyRevocation:this.revocationSignatures.push(s);break;case T.signature.subkeyRevocation:if(!a){F.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}a.revocationSignatures.push(s)}}}}toPacketList(){const e=new os;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=B){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{ro(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Hs(r.bindingSignatures,a,T.signature.subkeyBinding,e,t,i);if(!Js(r.keyPacket,n,i))continue;if(!n.embeddedSignature)throw Error("Missing embedded signature");return await Hs([n.embeddedSignature],r.keyPacket,T.signature.keyBinding,e,t,i),ro(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&Js(a,n,i))return ro(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=B){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{ro(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Hs(r.bindingSignatures,a,T.signature.subkeyBinding,e,t,i);if(eo(r.keyPacket,n,i))return ro(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&eo(a,n,i))return ro(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=B){return Xs(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=B){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Gs(i,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==i.version){const t=await Hs(this.directSignatures,i,T.signature.key,{key:i},e,r).catch((()=>{}));if(t&&Gs(i,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=B){let r;try{const i=await this.getPrimarySelfSignature(null,e,t),a=Ys(this.keyPacket,i),n=i.getExpirationTime(),s=6!==this.keyPacket.version&&await Hs(this.directSignatures,this.keyPacket,T.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=Ys(this.keyPacket,s);r=Math.min(a,n,e)}else r=a<n?a:n}catch(e){r=null}return F.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=B){const i=this.keyPacket;if(6===i.version)return Hs(this.directSignatures,i,T.signature.key,{key:i},e,r);const{selfCertification:a}=await this.getPrimaryUser(e,t,r);return a}async getPrimaryUser(e=new Date,t={},r=B){const i=this.keyPacket,a=[];let n;for(let s=0;s<this.users.length;s++)try{const n=this.users[s];if(!n.userID)continue;if(void 0!==t.name&&n.userID.name!==t.name||void 0!==t.email&&n.userID.email!==t.email||void 0!==t.comment&&n.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:n.userID,key:i},c=await Hs(n.selfCertifications,i,T.signature.certGeneric,o,e,r);a.push({index:s,user:n,selfCertification:c})}catch(e){n=e}if(!a.length)throw n||Error("Could not find primary user");await Promise.all(a.map((async function(t){return t.selfCertification.revoked||t.user.isRevoked(t.selfCertification,null,e,r)})));const s=a.sort((function(e,t){const r=e.selfCertification,i=t.selfCertification;return i.revoked-r.revoked||r.isPrimaryUserID-i.isPrimaryUserID||r.created-i.created})).pop(),{user:o,selfCertification:c}=s;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return s}async update(e,t=new Date,r=B){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await Qs(e,i,"revocationSignatures",t,(a=>Xs(i.keyPacket,T.signature.keyRevocation,i,[a],null,e.keyPacket,t,r))),await Qs(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const a=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const a=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=B){const r={key:this.keyPacket},i=await Hs(this.revocationSignatures,this.keyPacket,T.signature.keyRevocation,r,e,t),a=new os;a.push(i);const n=6!==this.keyPacket.version;return Y(T.armor.publicKey,a.write(),null,null,"This is a revocation certificate",n,t)}async applyRevocationCertificate(e,t=new Date,r=B){const i=await X(e),a=(await os.fromBinary(i.data,no,r)).findPacket(T.packet.signature);if(!a||a.signatureType!==T.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!a.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await a.verify(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw F.wrapError("Could not verify revocation signature",e)}const n=this.clone();return n.revocationSignatures.push(a),n}async signPrimaryUser(e,t,r,i=B){const{index:a,user:n}=await this.getPrimaryUser(t,r,i),s=await n.certify(e,t,i),o=this.clone();return o.users[a]=s,o}async signAllUsers(e,t=new Date,r=B){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=B){const a=this.keyPacket,{user:n}=await this.getPrimaryUser(t,r,i);return e?await n.verifyAllCertifications(e,t,i):[{keyID:a.getKeyID(),valid:await n.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=B){const i=this.keyPacket,a=[];return await Promise.all(this.users.map((async n=>{const s=e?await n.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await n.verify(t,r).catch((()=>!1))}];a.push(...s.map((e=>({userID:n.userID?n.userID.userID:null,userAttribute:n.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),a}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{co.prototype[e]=ao.prototype[e]}));class uo extends co{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([T.packet.secretKey,T.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=B){const t=6!==this.keyPacket.version;return Y(T.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class ho extends uo{constructor(e){if(super(),this.packetListToStructure(e,new Set([T.packet.publicKey,T.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new os,t=this.toPacketList();let r=!1;for(const i of t)if(!r||i.constructor.tag!==T.packet.Signature)switch(r&&(r=!1),i.constructor.tag){case T.packet.secretKey:{if(i.algorithm===T.publicKey.aead||i.algorithm===T.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=Us.fromSecretKeyPacket(i);e.push(t);break}case T.packet.secretSubkey:{if(i.algorithm===T.publicKey.aead||i.algorithm===T.publicKey.hmac){r=!0;break}const t=Is.fromSecretSubkeyPacket(i);e.push(t);break}default:e.push(i)}return new uo(e)}armor(e=B){const t=6!==this.keyPacket.version;return Y(T.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},i=B){const a=this.keyPacket,n=[];let s=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){s=s||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:a,bind:this.subkeys[r].keyPacket},s=await Hs(this.subkeys[r].bindingSignatures,a,T.signature.subkeyBinding,e,t,i);to(this.subkeys[r].keyPacket,s,i)&&n.push(this.subkeys[r])}catch(e){s=e}}const o=await this.getPrimarySelfSignature(t,r,i);if(e&&!a.getKeyID().equals(e,!0)||!to(a,o,i)||(a.isDummy()?s=s||Error("Gnu-dummy key packets cannot be used for decryption"):n.push(this)),0===n.length)throw s||Error("No decryption key packets found");return n}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=B){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=T.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=B){if(!this.isPrivate())throw Error("Need private key for revoking");const a={key:this.keyPacket},n=this.clone();return n.revocationSignatures.push(await $s(a,[],this.keyPacket,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),n}async addSubkey(e={}){const t={...B,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const i=r.getAlgorithmInfo();i.type=function(e){switch(T.write(T.publicKey,e)){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:return"rsa";case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return"ecc";case T.publicKey.ed25519:return"curve25519";case T.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(i.algorithm),i.rsaBits=i.bits||4096,i.curve=i.curve||"curve25519Legacy",e=Zs(e,i);const a=await js(e,{...t,v6Keys:6===this.keyPacket.version});ro(a,t);const n=await Vs(a,r,e,t),s=this.toPacketList();return s.push(a,n),new ho(s)}}const lo=/*#__PURE__*/F.constructAllowedPackets([Us,Is,Bs,Ls,Fs,Ts,rs]);function yo(e){for(const t of e)switch(t.constructor.tag){case T.packet.secretKey:return new ho(e);case T.packet.publicKey:return new uo(e)}throw Error("No key packet found")}async function po(e,t,r,i){r.passphrase&&await e.encrypt(r.passphrase,i),await Promise.all(t.map((async function(e,t){const a=r.subkeys[t].passphrase;a&&await e.encrypt(a,i)})));const a=new os;function n(e,t){return[t,...e.filter((e=>e!==t))]}function s(){const t={};t.keyFlags=[T.keyFlags.certifyKeys|T.keyFlags.signData];const a=n([T.symmetric.aes256,T.symmetric.aes128],i.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=a,i.aeadProtect){const e=n([T.aead.gcm,T.aead.eax,T.aead.ocb],i.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>a.map((t=>[t,e]))))}return t.preferredHashAlgorithms=n([T.hash.sha512,T.hash.sha256,...6===e.version?[T.hash.sha3_512,T.hash.sha3_256]:[]],i.preferredHashAlgorithm),t.preferredCompressionAlgorithms=n([T.compression.uncompressed,T.compression.zlib,T.compression.zip],i.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=T.features.modificationDetection,i.aeadProtect&&(t.features[0]|=T.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(a.push(e),6===e.version){const t={key:e},n=s();n.signatureType=T.signature.key;const o=await $s(t,[],e,n,r.date,void 0,void 0,void 0,i);a.push(o)}await Promise.all(r.userIDs.map((async function(t,a){const n=Fs.fromObject(t),o={userID:n,key:e},c=6!==e.version?s():{};c.signatureType=T.signature.certPositive,0===a&&(c.isPrimaryUserID=!0);return{userIDPacket:n,signaturePacket:await $s(o,[],e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{a.push(e),a.push(t)}))})),await Promise.all(t.map((async function(t,a){const n=r.subkeys[a];return{secretSubkeyPacket:t,subkeySignaturePacket:await Vs(t,e,n,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{a.push(e),a.push(t)}))}));const o={key:e};return a.push(await $s(o,[],e,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new ho(a)}async function go({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...B,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");n=r}else n=t;const s=await os.fromBinary(n,lo,r),o=s.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===o.length)throw Error("No key packet found");return yo(s.slice(o[0],o[1]))}async function mo({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...B,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");n=r}else n=t;const s=await os.fromBinary(n,lo,r),o=s.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e<o.length;e++){if(s[o[e]].constructor.tag===T.packet.publicKey)continue;const t=s.slice(o[e],o[e+1]);return new ho(t)}throw Error("No secret key packet found")}async function fo({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");a=r}const s=[],o=await os.fromBinary(a,lo,r),c=o.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=yo(o.slice(c[e],c[e+1]));s.push(t)}return s}async function wo({armoredKeys:e,binaryKeys:t,config:r}){r={...B,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");i=r}const a=[],n=await os.fromBinary(i,lo,r),s=n.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e<s.length;e++){if(n[s[e]].constructor.tag===T.packet.publicKey)continue;const t=n.slice(s[e],s[e+1]),r=new ho(t);a.push(r)}if(0===a.length)throw Error("No secret key packet found");return a}const bo=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,Ks,bs,xs,Es,Ps,ns,rs]),ko=/*#__PURE__*/F.constructAllowedPackets([Ps]),vo=/*#__PURE__*/F.constructAllowedPackets([rs]);class Ko{constructor(e){this.packets=e||new os}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(T.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(T.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,a=B){const n=this.packets.filterByTag(T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData);if(0===n.length)throw Error("No encrypted data found");const s=n[0],o=s.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,i,a);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!F.isUint8Array(t)||!s.cipherAlgorithm&&!F.isString(e))throw Error("Invalid session key for decryption.");try{const r=s.cipherAlgorithm||T.write(T.symmetric,e);await s.decrypt(r,t,a)}catch(e){F.printDebugError(e),u=e}})));if(U(s.encrypted),s.encrypted=null,await h,!s.packets||!s.packets.length)throw u||Error("Decryption failed.");const l=new Ko(s.packets);return s.packets=new os,l}async decryptSessionKeys(e,t,r,i=new Date,a=B){let n,s=[];if(t){const e=this.packets.filterByTag(T.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await os.fromBinary(e.write(),ko,a):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t),s.push(e)}catch(e){F.printDebugError(e),e instanceof Wa&&(n=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,a)).map((e=>e.keyPacket))}catch(e){return void(n=e)}let c=[T.symmetric.aes256,T.symmetric.aes128,T.symmetric.tripledes,T.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(i,void 0,a);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(a.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===T.publicKey.rsaEncrypt||t.publicKeyAlgorithm===T.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===T.publicKey.rsaSign||t.publicKeyAlgorithm===T.publicKey.elgamal)){const i=t.write();await Promise.all((r?[r]:Array.from(a.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Es;r.read(i);const a={sessionKeyAlgorithm:t,sessionKey:ja(t)};try{await r.decrypt(e,a),s.push(r)}catch(e){F.printDebugError(e),n=e}})))}else try{await t.decrypt(e);const i=r||t.sessionKeyAlgorithm;if(i&&!c.includes(T.write(T.symmetric,i)))throw Error("A non-preferred symmetric algorithm was used.");s.push(t)}catch(e){F.printDebugError(e),n=e}})))}))),U(t.encrypted),t.encrypted=null})))}}if(s.length>0){if(s.length>1){const e=new Set;s=s.filter((t=>{const r=t.sessionKeyAlgorithm+F.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return s.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&T.read(T.symmetric,e.sessionKeyAlgorithm)})))}throw n||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=B){const{symmetricAlgo:a,aeadAlgo:n}=await async function(e=[],t=new Date,r=[],i=B){const a=await Promise.all(e.map(((e,a)=>e.getPrimarySelfSignature(t,r[a],i))));if(e.length?!i.ignoreSEIPDv2FeatureFlag&&a.every((e=>e.features&&e.features[0]&T.features.seipdv2)):i.aeadProtect){const e={symmetricAlgo:T.symmetric.aes128,aeadAlgo:T.aead.ocb},t=[{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:i.preferredAEADAlgorithm},{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:T.aead.ocb},{symmetricAlgo:T.symmetric.aes128,aeadAlgo:i.preferredAEADAlgorithm}];for(const e of t)if(a.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const n=T.symmetric.aes128,s=i.preferredSymmetricAlgorithm;return{symmetricAlgo:a.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(s)))?s:n,aeadAlgo:void 0}}(e,t,r,i),s=T.read(T.symmetric,a),o=n?T.read(T.aead,n):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===T.publicKey.x25519||e.keyPacket.algorithm===T.publicKey.x448)&&!o&&!F.isAES(a))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:ja(a),algorithm:s,aeadAlgorithm:o}}async encrypt(e,t,r,i=!1,a=[],n=new Date,s=[],o=B){if(r){if(!F.isUint8Array(r.data)||!F.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ko.generateSessionKey(e,n,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ko.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await Ko.encryptSessionKey(c,u,h,e,t,i,a,n,s,o),y=bs.fromObject({version:h?2:1,aeadAlgorithm:h?T.write(T.aead,h):null});y.packets=this.packets;const p=T.write(T.symmetric,u);return await y.encrypt(p,c,o),l.packets.push(y),y.packets=new os,l}static async encryptSessionKey(e,t,r,i,a,n=!1,s=[],o=new Date,c=[],u=B){const h=new os,l=T.write(T.symmetric,t),y=r&&T.write(T.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),a=Es.fromObject({version:y?6:3,encryptionKeyPacket:i.keyPacket,anonymousRecipient:n,sessionKey:e,sessionKeyAlgorithm:l});return await a.encrypt(i.keyPacket),delete a.sessionKey,a})));h.push(...t)}if(a){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,n,s,o){const c=new Ps(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=n,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(a.map((e=>t(c,e))))).reduce(r))return i(e,n,o)}return delete c.sessionKey,c},n=await Promise.all(a.map((t=>i(e,l,y,t))));h.push(...n)}return new Ko(h)}async sign(e=[],t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=B){const u=new os,h=this.packets.findPacket(T.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await Ao(h,e,t,r,i,a,n,s,o,!1,c),y=l.map(((e,t)=>ns.fromSignaturePacket(e,0===t))).reverse();return u.push(...y),u.push(h),u.push(...l),new Ko(u)}compress(e,t=B){if(e===T.compression.uncompressed)return this;const r=new ys(t);r.algorithm=e,r.packets=this.packets;const i=new os;return i.push(r),new Ko(i)}async signDetached(e=[],t=[],r=null,i=[],a=[],n=new Date,s=[],o=[],c=B){const u=this.packets.findPacket(T.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new zs(await Ao(u,e,t,r,i,a,n,s,o,!0,c))}async verify(e,t=new Date,r=B){const i=this.unwrapCompressed(),a=i.packets.filterByTag(T.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");let s=i.packets;n(s.stream)&&(s=s.concat(await P(s.stream,(e=>e||[]))));const o=s.filterByTag(T.packet.onePassSignature).reverse(),c=s.filterByTag(T.packet.signature);return o.length&&!c.length&&F.isStream(s.stream)&&!n(s.stream)?(await Promise.all(o.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=D((async()=>(await e.correspondingSig).signatureData)),e.hashed=P(await e.hash(e.signatureType,a[0],void 0,!1)),e.hashed.catch((()=>{}))}))),s.stream=k(s.stream,(async(e,t)=>{const r=x(e),i=C(t);try{for(let e=0;e<o.length;e++){const{value:t}=await r.read();o[e].correspondingSigResolve(t)}await r.readToEnd(),await i.ready,await i.close()}catch(e){o.forEach((t=>{t.correspondingSigReject(e)})),await i.abort(e)}})),Eo(o,a,e,t,!1,r)):Eo(c,a,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=B){const a=this.unwrapCompressed().packets.filterByTag(T.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");return Eo(e.packets.filterByTag(T.packet.signature),a,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(T.packet.compressedData);return e.length?new Ko(e[0].packets):this}async appendSignature(e,t=B){await this.packets.read(F.isUint8Array(e)?e:(await X(e)).data,vo,t)}write(){return this.packets.write()}armor(e=B){const t=this.packets[this.packets.length-1],r=t.constructor.tag===bs.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===rs.tag&&6!==e.version));return Y(T.armor.message,this.write(),null,null,null,r,e)}}async function Ao(e,t,r=[],i=null,a=[],n=new Date,s=[],o=[],c=[],u=!1,h=B){const l=new os,y=null===e.text?T.signature.binary:T.signature.text;if(await Promise.all(t.map((async(t,i)=>{const l=s[i];if(!t.isPrivate())throw Error("Need private key for signing");const p=await t.getSigningKey(a[i],n,l,h);return $s(e,r.length?r:[t],p.keyPacket,{signatureType:y},n,o,c,u,h)}))).then((e=>{l.push(...e)})),i){const e=i.packets.filterByTag(T.packet.signature);l.push(...e)}return l}async function Eo(e,t,r,i=new Date,a=!1,n=B){return Promise.all(e.filter((function(e){return["text","binary"].includes(T.read(T.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,a=!1,n=B){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof ns?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,a,n);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,n)}catch(e){if(!n.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,n)}return!0})(),signature:(async()=>{const e=await c,t=new os;return e&&t.push(e),new zs(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,a,n)})))}async function So({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const s=F.isStream(a);if(e){const{type:e,data:t}=await X(a);if(e!==T.armor.message)throw Error("Armored text not of type message");a=t}const o=await os.fromBinary(a,bo,r,new hs),c=new Ko(o);return c.fromStream=s,c}async function Po({text:e,binary:t,filename:r,date:i=new Date,format:a=(void 0!==e?"utf8":"binary"),...n}){const s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(n);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=F.isStream(s),u=new Yn(i);void 0!==e?u.setText(s,T.write(T.literal,a)):u.setBytes(s,T.write(T.literal,a)),void 0!==r&&u.setFilename(r);const h=new os;h.push(u);const l=new Ko(h);return l.fromStream=c,l}const Uo=/*#__PURE__*/F.constructAllowedPackets([rs]);class Do{constructor(e,t){if(this.text=F.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof zs))throw Error("Invalid signature input");this.signature=t||new zs(new os)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=B){const u=new Yn;u.setText(this.text);const h=new zs(await Ao(u,e,t,r,i,a,n,s,o,!0,c));return new Do(this.text,h)}verify(e,t=new Date,r=B){const i=this.signature.packets.filterByTag(T.packet.signature),a=new Yn;return a.setText(this.text),Eo(i,[a],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=B){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>T.read(T.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return Y(T.armor.signed,r,void 0,void 0,void 0,t,e)}}async function xo({cleartextMessage:e,config:t,...r}){if(t={...B,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!F.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const a=await X(e);if(a.type!==T.armor.signed)throw Error("No cleartext signed message.");const n=await os.fromBinary(a.data,Uo,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i<t.length;i++)if(t[i].constructor.tag===T.packet.signature&&!e.some(r(t[i])))return!1;return!0},i=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return T.write(T.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));i.push(...e)}})),i.length&&!r(i))throw Error("Hash algorithm mismatch in armor header and signature")}(a.headers,n);const s=new zs(n);return new Do(a.text,s)}async function Co({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!F.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Do(e)}async function Io({userIDs:e=[],passphrase:t,type:r,curve:i,rsaBits:a=4096,symmetricHash:n="sha256",symmetricCipher:s="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...y}){Wo(l={...B,...l}),r||i?(r=r||"ecc",i=i||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",i="curve25519Legacy"),e=$o(e);const p=Object.keys(y);if(p.length>0)throw Error("Unknown option: "+p.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&a<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${a}`);const d={userIDs:e,passphrase:t,type:r,rsaBits:a,curve:i,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:n,symmetricCipher:s};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=Zs(e)).subkeys=e.subkeys.map(((t,r)=>Zs(e.subkeys[r],e)));let r=[qs(e,t)];r=r.concat(e.subkeys.map((e=>js(e,t))));const i=await Promise.all(r),a=await po(i[0],i.slice(1),e,t),n=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:n}}(d,l);return e.getKeys().forEach((({keyPacket:e})=>ro(e,l))),{privateKey:Yo(e,h,l),publicKey:"symmetric"!==r?Yo(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw F.wrapError("Error generating keypair",e)}}async function To({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:a,format:n="armored",config:s,...o}){Wo(s={...B,...s}),t=$o(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:a};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,a={key:i,bind:r},n=await Hs(e.bindingSignatures,i,T.signature.subkeyBinding,a,null,t).catch((()=>({})));return{sign:n.keyFlags&&n.keyFlags[0]&T.keyFlags.signData,forwarding:n.keyFlags&&n.keyFlags[0]&T.keyFlags.forwardedCommunication}}))));const a=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==a.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const n=await po(i,a,e,t),s=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:Yo(e,n,s),publicKey:Yo(e.toPublic(),n,s),revocationCertificate:t}}catch(e){throw F.wrapError("Error reformatting keypair",e)}}async function Bo({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:a="armored",config:n,...s}){Wo(n={...B,...n});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,n):await e.revoke(r,i,n);return s.isPrivate()?{privateKey:Yo(s,a,n),publicKey:Yo(s.toPublic(),a,n)}:{privateKey:null,publicKey:Yo(s,a,n)}}catch(e){throw F.wrapError("Error revoking key",e)}}async function Mo({privateKey:e,passphrase:t,config:r,...i}){Wo(r={...B,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const n=e.clone(!0),s=F.isArray(t)?t:[t];try{return await Promise.all(n.getKeys().map((e=>F.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await n.validate(r),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error decrypting private key",e)}}async function Fo({privateKey:e,passphrase:t,config:r,...i}){Wo(r={...B,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const n=e.clone(!0),s=n.getKeys(),o=F.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error encrypting private key",e)}}async function Lo({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:a,format:n="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:p=[],config:d,...g}){if(Wo(d={...B,...d}),qo(e),Go(n),t=$o(t),r=$o(r),i=$o(i),c=$o(c),u=$o(u),l=$o(l),y=$o(y),p=$o(p),g.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(g.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(g.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==g.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const m=Object.keys(g);if(m.length>0)throw Error("Unknown option: "+m.join(", "));r||(r=[]);try{if((r.length||s)&&(e=await e.sign(r,t,s,c,h,l,u,p,d)),e=e.compress(await async function(e=[],t=new Date,r=[],i=B){const a=T.compression.uncompressed,n=i.preferredCompressionAlgorithm,s=await Promise.all(e.map((async function(e,a){const s=(await e.getPrimarySelfSignature(t,r[a],i)).preferredCompressionAlgorithms;return!!s&&s.indexOf(n)>=0})));return s.every(Boolean)?n:a}(t,h,y,d),d),e=await e.encrypt(t,i,a,o,u,h,y,d),"object"===n)return e;const g="armored"===n?e.armor(d):e.write();return await Qo(g)}catch(e){throw F.wrapError("Error encrypting message",e)}}async function _o({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:a,expectSigned:n=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Wo(u={...B,...u}),qo(e),a=$o(a),t=$o(t),r=$o(r),i=$o(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,i,c,u);a||(a=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,a,c,u):await h.verify(a,c,u),l.data="binary"===s?h.getLiteralData():h.getText(),l.filename=h.getFilename(),Xo(l,e,...new Set([h,h.unwrapCompressed()])),n){if(0===a.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=g([l.data,D((async()=>(await F.anyPromise(l.signatures.map((e=>e.verified))),"binary"===s?new Uint8Array:"")))])}return l.data=await Qo(l.data),l}catch(e){throw F.wrapError("Error decrypting message",e)}}async function No({message:e,signingKeys:t,recipientKeys:r=[],format:i="armored",detached:a=!1,signingKeyIDs:n=[],date:s=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if(Wo(h={...B,...h}),Ho(e),Go(i),t=$o(t),n=$o(n),o=$o(o),r=$o(r),c=$o(c),u=$o(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof Do&&"binary"===i)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Do&&a)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=a?await e.signDetached(t,r,void 0,n,s,o,c,u,h):await e.sign(t,r,void 0,n,s,o,c,u,h),"object"===i)return l;return l="armored"===i?l.armor(h):l.write(),a&&(l=k(e.packets.write(),(async(e,t)=>{await Promise.all([m(l,t),P(e).catch((()=>{}))])}))),await Qo(l)}catch(e){throw F.wrapError("Error signing message",e)}}async function Ro({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:a=null,date:n=new Date,config:s,...o}){if(Wo(s={...B,...s}),Ho(e),t=$o(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Do&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof Do&&a)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=a?await e.verifyDetached(a,t,n,s):await e.verify(t,n,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!a&&Xo(o,...new Set([e,e.unwrapCompressed()])),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=g([o.data,D((async()=>(await F.anyPromise(o.signatures.map((e=>e.verified))),"binary"===i?new Uint8Array:"")))])}return o.data=await Qo(o.data),o}catch(e){throw F.wrapError("Error verifying signed message",e)}}async function zo({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...a}){if(Wo(i={...B,...i}),e=$o(e),r=$o(r),a.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const n=Object.keys(a);if(n.length>0)throw Error("Unknown option: "+n.join(", "));try{return await Ko.generateSessionKey(e,t,r,i)}catch(e){throw F.wrapError("Error generating session key",e)}}async function Oo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:a,format:n="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if(Wo(h={...B,...h}),function(e){if(!F.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!F.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Go(n),i=$o(i),a=$o(a),o=$o(o),u=$o(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(i&&0!==i.length||a&&0!==a.length))throw Error("No encryption keys or passwords provided.");try{return Yo(await Ko.encryptSessionKey(e,t,r,i,a,s,o,c,u,h),n,h)}catch(e){throw F.wrapError("Error encrypting session key",e)}}async function jo({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:a,...n}){if(Wo(a={...B,...a}),qo(e),t=$o(t),r=$o(r),n.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,i,a)}catch(e){throw F.wrapError("Error decrypting session keys",e)}}function qo(e){if(!(e instanceof Ko))throw Error("Parameter [message] needs to be of type Message")}function Ho(e){if(!(e instanceof Do||e instanceof Ko))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Go(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Vo=Object.keys(B).length;function Wo(e){const t=Object.keys(e);if(t.length!==Vo)for(const e of t)if(void 0===B[e])throw Error("Unknown config property: "+e)}function $o(e){return e&&!F.isArray(e)&&(e=[e]),e}async function Qo(e){return"array"===F.isStream(e)?P(e):e}function Xo(e,t,...r){e.data=k(t.packets.stream,(async(t,i)=>{await m(e.data,i,{preventClose:!0});const a=C(i);try{await P(t,(e=>e)),await Promise.all(r.map((e=>P(e.packets.stream,(e=>e))))),await a.close()}catch(e){await a.abort(e)}}))}function Yo(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{Ks as AEADEncryptedDataPacket,Wa as Argon2OutOfMemoryError,Ya as Argon2S2K,Do as CleartextMessage,ys as CompressedDataPacket,cs as GrammarError,Ri as KDFParams,Yn as LiteralDataPacket,Cs as MarkerPacket,Ko as Message,ns as OnePassSignaturePacket,os as PacketList,Ns as PaddingPacket,ho as PrivateKey,uo as PublicKey,Es as PublicKeyEncryptedSessionKeyPacket,Us as PublicKeyPacket,Is as PublicSubkeyPacket,Bs as SecretKeyPacket,Ls as SecretSubkeyPacket,zs as Signature,rs as SignaturePacket,ao as Subkey,bs as SymEncryptedIntegrityProtectedDataPacket,Ps as SymEncryptedSessionKeyPacket,xs as SymmetricallyEncryptedDataPacket,_s as TrustPacket,st as UnparseablePacket,Ts as UserAttributePacket,Fs as UserIDPacket,Y as armor,B as config,Co as createCleartextMessage,Po as createMessage,_o as decrypt,Mo as decryptKey,jo as decryptSessionKeys,Lo as encrypt,Fo as encryptKey,Oo as encryptSessionKey,T as enums,Io as generateKey,zo as generateSessionKey,xo as readCleartextMessage,go as readKey,fo as readKeys,So as readMessage,mo as readPrivateKey,wo as readPrivateKeys,Os as readSignature,To as reformatKey,Bo as revokeKey,No as sign,X as unarmor,Ro as verify};
+/*! OpenPGP.js v6.2.2 - 2025-09-02 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),a=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function n(e){return e&&e.getReader&&Array.isArray(e)}function s(e){if(!n(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function o(t){if(n(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function c(e){return Uint8Array.prototype.isPrototypeOf(e)}function u(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!c(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let i=0;return e.forEach((function(e){r.set(e,i),i+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[a]&&(this[a]=0),{read:async()=>(await this[t],this[a]===this.length?{value:void 0,done:!0}:{value:this[this[a]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[a]));return this.length=0,r},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[t]=this[t].then((()=>{e.push(...this)})),e},s.prototype.write=async function(e){this.stream.push(e)},s.prototype.close=async function(){this.stream[r]()},s.prototype.abort=async function(e){return this.stream[i](e),e},s.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const h=new WeakSet,l=Symbol("externalBuffer");function y(e){if(this.stream=e,e[l]&&(this[l]=e[l].slice()),n(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||h.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{h.add(e)}catch(e){}}}function p(e){return o(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(o(e))return e;const t=new ArrayStream;return(async()=>{const r=C(t);await r.write(e),await r.close()})(),t}function g(e){return e.some((e=>o(e)&&!n(e)))?function(e){e=e.map(p);const t=w((async function(e){await Promise.all(i.map((t=>U(t,e))))}));let r=Promise.resolve();const i=e.map(((i,a)=>k(i,((i,n)=>(r=r.then((()=>m(i,t.writable,{preventClose:a!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>n(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((i,a)=>(r=r.then((()=>m(i,t,{preventClose:a!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):u(e)}async function m(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:a=!1}={}){if(o(e)&&!n(e)){e=p(e);try{if(e[l]){const r=C(t);for(let t=0;t<e[l].length;t++)await r.ready,await r.write(e[l][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:i,preventCancel:a})}catch(e){}return}const s=x(e=d(e)),c=C(t);try{for(;;){await c.ready;const{done:e,value:t}=await s.read();if(e){r||await c.close();break}await c.write(t)}}catch(e){i||await c.abort(e)}finally{s.releaseLock(),c.releaseLock()}}function f(e,t){const r=new TransformStream(t);return m(e,r.writable),r.readable}function w(e){let t,r,i,a=!1,n=!1;return{readable:new ReadableStream({start(e){i=e},pull(){t?t():a=!0},async cancel(t){n=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(n)throw Error("Stream is cancelled");i.enqueue(e),a?a=!1:(await new Promise(((e,i)=>{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function b(e,t=()=>{},r=()=>{}){if(n(e)){const i=new ArrayStream;return(async()=>{const a=C(i);try{const i=await P(e),n=t(i),s=r();let o;o=void 0!==n&&void 0!==s?g([n,s]):void 0!==n?n:s,await a.write(o),await a.close()}catch(e){await a.abort(e)}})(),i}if(o(e))return f(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),a=r();return void 0!==i&&void 0!==a?g([i,a]):void 0!==i?i:a}function k(e,t){if(o(e)&&!n(e)){let r;const i=new TransformStream({start(e){r=e}}),a=m(e,i.writable),n=w((async function(e){r.error(e),await a,await new Promise(setTimeout)}));return t(i.readable,n.writable),n.readable}e=d(e);const r=new ArrayStream;return t(e,r),r}function v(e,t){let r;const i=k(e,((e,a)=>{const n=x(e);n.remainder=()=>(n.releaseLock(),m(e,a),i),r=t(n)}));return r}function K(e){if(n(e))return e.clone();if(o(e)){const t=function(e){if(n(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(o(e)){const t=p(e).tee();return t[0][l]=t[1][l]=e[l],t}return[S(e),S(e)]}(e);return E(e,t[0]),t[1]}return S(e)}function A(e){return n(e)?K(e):o(e)?new ReadableStream({start(t){const r=k(e,(async(e,r)=>{const i=x(e),a=C(r);try{for(;;){await a.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await a.close()}try{t.enqueue(r)}catch(e){}await a.write(r)}}catch(e){t.error(e),await a.abort(e)}}));E(e,r)}}):S(e)}function E(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function S(e,t=0,r=1/0){if(n(e))throw Error("Not implemented");if(o(e)){if(t>=0&&r>=0){let i=0;return f(e,{transform(e,a){i<r?(i+e.length>=t&&a.enqueue(S(e,Math.max(t-i,0),r-i)),i+=e.length):a.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return b(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>S(g(i),t,r)))}if(0===t&&r<0){let i;return b(e,(e=>{const a=i?g([i,e]):e;if(a.length>=-r)return i=S(a,r),S(a,t,r);i=a}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),D((async()=>S(await P(e),t,r)))}return e[l]&&(e=g(e[l].concat([e]))),c(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function P(e,t=g){return n(e)?e.readToEnd(t):o(e)?x(e).readToEnd(t):e}async function U(e,t){if(o(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function D(e){const t=new ArrayStream;return(async()=>{const r=C(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function x(e){return new y(e)}function C(e){return new s(e)}y.prototype.read=async function(){if(this[l]&&this[l].length){return{done:!1,value:this[l].shift()}}return this._read()},y.prototype.releaseLock=function(){this[l]&&(this.stream[l]=this[l]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?g(t):void 0;const a=i.indexOf("\n")+1;a&&(e=g(t.concat(i.substr(0,a))),t=[]),a!==i.length&&t.push(i.substr(a))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(S(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:a}=await this.read();if(i)return t.length?g(t):void 0;if(t.push(a),r+=a.length,r>=e){const r=g(t);return this.unshift(S(r,e)),S(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[l]||(this[l]=[]),1===e.length&&c(e[0])&&this[l].length&&e[0].length&&this[l][0].byteOffset>=e[0].length?this[l][0]=new Uint8Array(this[l][0].buffer,this[l][0].byteOffset-e[0].length,this[l][0].byteLength+e[0].length):this[l].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=g){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const I=Symbol("byValue");var T={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mldsa_ed25519:30,pqc_mlkem_x25519:35,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[I]||(e[I]=[],Object.entries(e).forEach((([t,r])=>{e[I][r]=t}))),void 0!==e[I][t])return e[I][t];throw Error("Invalid enum value.")}},B={preferredHashAlgorithm:T.hash.sha512,preferredSymmetricAlgorithm:T.symmetric.aes256,preferredCompressionAlgorithm:T.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:T.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:T.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([T.symmetric.aes128,T.symmetric.aes192,T.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,enforceGrammar:!0,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.2.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd]),rejectMessageHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd,T.hash.sha1]),rejectPublicKeyAlgorithms:new Set([T.publicKey.elgamal,T.publicKey.dsa]),rejectCurves:new Set([T.curve.secp256k1])};const M=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),F={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:c,isStream:o,getNobleCurve:async(e,t)=>{if(!B.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await import("./noble_curves.min.mjs");switch(e){case T.publicKey.ecdh:case T.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case T.publicKey.x448:return r.get("x448");case T.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let i=0;i<t;i++)r[i]=e>>8*(t-i-1)&255;return r},readDate:function(e){const t=F.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return F.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return F.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=F.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return F.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+F.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return b(e,(e=>{if(!F.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,i=(e=new Uint8Array(e)).length;for(let a=0;a<i;a+=r)t.push(String.fromCharCode.apply(String,e.subarray(a,a+r<i?a+r:i)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return b(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return b(e,r,(()=>r(new Uint8Array,!0)))},concat:g,concatUint8Array:u,equalsUint8Array:function(e,t){if(!F.isUint8Array(e)||!F.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},findLastIndex:function(e,t){for(let r=e.length;r>=0;r--)if(t(e[r],r,e))return r;return-1},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return F.writeNumber(t,2)},printDebug:function(e){M&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){M&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i<r;i++)t[i]=e[i]<<1^e[i+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!F.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return b(e,(e=>{let r;t&&(e=F.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const a=new Uint8Array(e.length+i.length);let n=0;for(let t=0;t<i.length;t++){const r=e.subarray(i[t-1]||0,i[t]);a.set(r,n),n+=r.length,a[n-1]=13,a[n]=10,n++}return a.set(e.subarray(i[i.length-1]||0),n),a}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return b(e,(e=>{let r;13===(e=t&&10!==e[0]?F.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const a=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,a),i+=a-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return e instanceof Error?e:Error(e);if(e instanceof Error){try{e.message+=": "+t.message,e.cause=t}catch(e){}return e}return Error(e+": "+t.message,{cause:t})},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),a=new Uint8Array(i);let n=0;for(let i=0;i<a.length;i++)a[i]=t[i]&256-e|r[i]&255+e,n+=e&i<t.length|1-e&i<r.length;return a.subarray(0,n)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===T.symmetric.aes128||e===T.symmetric.aes192||e===T.symmetric.aes256}},L=F.getNodeBuffer();let _,N;function R(e){let t=new Uint8Array;return b(e,(e=>{t=F.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),a=45*i,n=_(t.subarray(0,a));for(let e=0;e<i;e++)r.push(n.substr(60*e,60)),r.push("\n");return t=t.subarray(a),r.join("")}),(()=>t.length?_(t)+"\n":""))}function z(e){let t="";return b(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e<i.length;e++){const a=i[e];for(let e=t.indexOf(a);-1!==e;e=t.indexOf(a,e+1))r++}let a=t.length;for(;a>0&&(a-r)%4!=0;a--)i.includes(t[a])&&r--;const n=N(t.substr(0,a));return t=t.substr(a),n}),(()=>N(t)))}function O(e){return z(e.replace(/-/g,"+").replace(/_/g,"/"))}function j(e,t){let r=R(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function q(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?T.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?T.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?T.armor.signed:/MESSAGE/.test(t[1])?T.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?T.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?T.armor.privateKey:/SIGNATURE/.test(t[1])?T.armor.signature:void 0}function H(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function G(e){const t=function(e){let t=13501623;return b(e,(e=>{const r=W?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=i[e],t=V[0][t>>24&255]^V[1][t>>16&255]^V[2][t>>8&255]^V[3][255&t];for(let i=4*r;i<e.length;i++)t=t>>8^V[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return R(t)}L?(_=e=>L.from(e).toString("base64"),N=e=>{const t=L.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(_=e=>btoa(F.uint8ArrayToString(e)),N=e=>F.stringToUint8Array(atob(e)));const V=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);V[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)V[1][e]=V[0][e]>>8^V[0][255&V[0][e]];for(let e=0;e<=255;e++)V[2][e]=V[1][e]>>8^V[0][255&V[1][e]];for(let e=0;e<=255;e++)V[3][e]=V[2][e]>>8^V[0][255&V[2][e]];const W=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function $(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||F.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||F.printDebugError(Error("Unknown header: "+e[t]))}function Q(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function X(e){return new Promise((async(t,r)=>{try{const i=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let n;const s=[];let o,c,u=s,h=[];const l=z(k(e,(async(e,y)=>{const p=x(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=F.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),n)if(o)c||n!==T.armor.signed||(i.test(e)?(h=h.join("\r\n"),c=!0,$(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(i.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if($(u),o=!0,c||n!==T.armor.signed){t({text:h,data:l,headers:s,type:n});break}}else u.push(e);else i.test(e)&&(n=q(e))}}catch(e){return void r(e)}const d=C(y);try{for(;;){await d.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=F.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const a=Q(t[0].slice(0,-1));await d.write(a);break}await d.write(r)}await d.ready,await d.close()}catch(e){await d.abort(e)}})))}catch(e){r(e)}})).then((async e=>(n(e.data)&&(e.data=await P(e.data)),e)))}function Y(e,t,r,i,a,n=!1,s=B){let o,c;e===T.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=n&&A(t),h=[];switch(e){case T.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case T.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case T.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n");break;case T.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE-----\n");break;case T.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case T.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case T.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n")}return F.concat(h)}const Z=BigInt(0),J=BigInt(1);function ee(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function te(e,t){const r=e%t;return r<Z?r+t:r}function re(e,t,r){if(r===Z)throw Error("Modulo cannot be zero");if(r===J)return BigInt(0);if(t<Z)throw Error("Unsopported negative exponent");let i=t,a=e;a%=r;let n=BigInt(1);for(;i>Z;){const e=i&J;i>>=J;n=e?n*a%r:n,a=a*a%r}return n}function ie(e){return e>=Z?e:-e}function ae(e,t){const{gcd:r,x:i}=function(e,t){let r=BigInt(0),i=BigInt(1),a=BigInt(1),n=BigInt(0),s=ie(e),o=ie(t);const c=e<Z,u=t<Z;for(;o!==Z;){const e=s/o;let t=r;r=a-e*r,a=t,t=i,i=n-e*i,n=t,t=o,o=s%o,s=t}return{x:c?-a:a,y:u?-n:n,gcd:s}}(e,t);if(r!==J)throw Error("Inverse does not exist");return te(i+t,t)}function ne(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function se(e,t){return(e>>BigInt(t)&J)===Z?0:1}function oe(e){const t=e<Z?BigInt(-1):Z;let r=1,i=e;for(;(i>>=J)!==t;)r++;return r}function ce(e){const t=e<Z?BigInt(-1):Z,r=BigInt(8);let i=1,a=e;for(;(a>>=r)!==t;)i++;return i}function ue(e,t="be",r){let i=e.toString(16);i.length%2==1&&(i="0"+i);const a=i.length/2,n=new Uint8Array(r||a),s=r?r-a:0;let o=0;for(;o<a;)n[o+s]=parseInt(i.slice(2*o,2*o+2),16),o++;return"be"!==t&&n.reverse(),n}const he=F.getNodeCrypto();function le(e){const t="undefined"!=typeof crypto?crypto:he?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function ye(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return te(ee(le(ce(r)+8)),r)+e}const pe=BigInt(1);function de(e,t,r){const i=BigInt(30),a=pe<<BigInt(e-1),n=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let s=ye(a,a<<pe),o=ne(te(s,i));do{s+=BigInt(n[o]),o=(o+n[o])%n.length,oe(s)>e&&(s=te(s,a<<pe),s+=a,o=ne(te(s,i)))}while(!ge(s,t,r));return s}function ge(e,t,r){return(!t||function(e,t){let r=e,i=t;for(;i!==Z;){const e=i;i=r%i,r=e}return r}(e-pe,t)===pe)&&(!!function(e){const t=BigInt(0);return me.every((r=>te(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return re(t,e-pe,e)===pe}(e)&&!!function(e,t){const r=oe(e);t||(t=Math.max(1,r/48|0));const i=e-pe;let a=0;for(;!se(i,a);)a++;const n=e>>BigInt(a);for(;t>0;t--){let t,r=re(ye(BigInt(2),i),n,e);if(r!==pe&&r!==i){for(t=1;t<a;t++){if(r=te(r*r,e),r===pe)return!1;if(r===i)break}if(t===a)return!1}}return!0}(e,r)))}const me=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const fe=F.getWebCrypto(),we=F.getNodeCrypto(),be=we&&we.getHashes();function ke(e){if(we&&be.includes(e))return async function(t){const r=we.createHash(e);return b(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function ve(e,t){const r=async()=>{const{nobleHashes:t}=await import("./noble_hashes.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(n(e)&&(e=await P(e)),F.isStream(e)){const t=(await r()).create();return b(e,(e=>{t.update(e)}),(()=>t.digest()))}if(fe&&t)return new Uint8Array(await fe.digest(t,e));return(await r())(e)}}const Ke=ke("md5")||ve("md5"),Ae=ke("sha1")||ve("sha1","SHA-1"),Ee=ke("sha224")||ve("sha224"),Se=ke("sha256")||ve("sha256","SHA-256"),Pe=ke("sha384")||ve("sha384","SHA-384"),Ue=ke("sha512")||ve("sha512","SHA-512"),De=ke("ripemd160")||ve("ripemd160"),xe=ke("sha3-256")||ve("sha3_256"),Ce=ke("sha3-512")||ve("sha3_512");function Ie(e,t){switch(e){case T.hash.md5:return Ke(t);case T.hash.sha1:return Ae(t);case T.hash.ripemd:return De(t);case T.hash.sha256:return Se(t);case T.hash.sha384:return Pe(t);case T.hash.sha512:return Ue(t);case T.hash.sha224:return Ee(t);case T.hash.sha3_256:return xe(t);case T.hash.sha3_512:return Ce(t);default:throw Error("Unsupported hash function")}}function Te(e){switch(e){case T.hash.md5:return 16;case T.hash.sha1:case T.hash.ripemd:return 20;case T.hash.sha256:return 32;case T.hash.sha384:return 48;case T.hash.sha512:return 64;case T.hash.sha224:return 28;case T.hash.sha3_256:return 32;case T.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Be=[];function Me(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const i=le(e-r);for(let e=0;e<i.length;e++)0!==i[e]&&(t[r++]=i[e])}return t}(t-r-3),a=new Uint8Array(t);return a[1]=2,a.set(i,2),a.set(e,t-r),a}function Fe(e,t){let r=2,i=1;for(let t=r;t<e.length;t++)i&=0!==e[t],r+=i;const a=r-2,n=e.subarray(r+1),s=0===e[0]&2===e[1]&a>=8&!i;if(t)return F.selectUint8Array(s,n,t);if(s)return n;throw Error("Decryption error")}function Le(e,t,r){let i;if(t.length!==Te(e))throw Error("Invalid hash length");const a=new Uint8Array(Be[e].length);for(i=0;i<Be[e].length;i++)a[i]=Be[e][i];const n=a.length+t.length;if(r<n+11)throw Error("Intended encoded message length too short");const s=new Uint8Array(r-n-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(s,2),o.set(a,r-n),o.set(t,r-t.length),o}Be[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Be[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Be[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Be[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Be[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Be[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Be[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const _e=F.getWebCrypto(),Ne=F.getNodeCrypto(),Re=BigInt(1);async function ze(e,t,r,i,a,n,s,o,c){if(Te(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a,n,s,o){const c=await He(r,i,a,n,s,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await _e.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await _e.sign("RSASSA-PKCS1-v1_5",h,t))}(T.read(T.webHash,e),t,r,i,a,n,s,o)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,a,n,s,o){const c=Ne.createSign(T.read(T.hash,e));c.write(t),c.end();const u=await He(r,i,a,n,s,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,i,a,n,s,o);return async function(e,t,r,i){t=ee(t);const a=ee(Le(e,i,ce(t)));return r=ee(r),ue(re(a,r,t),"be",ce(t))}(e,r,a,c)}async function Oe(e,t,r,i,a,n){if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a){const n=Ge(i,a),s=await _e.importKey("jwk",n,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return _e.verify("RSASSA-PKCS1-v1_5",s,r,t)}(T.read(T.webHash,e),t,r,i,a)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,a){const n=Ge(i,a),s={key:n,format:"jwk",type:"pkcs1"},o=Ne.createVerify(T.read(T.hash,e));o.write(t),o.end();try{return o.verify(s,r)}catch(e){return!1}}(e,t,r,i,a);return async function(e,t,r,i,a){if(r=ee(r),t=ee(t),i=ee(i),t>=r)throw Error("Signature size cannot exceed modulus size");const n=ue(re(t,i,r),"be",ce(r)),s=Le(e,a,ce(r));return F.equalsUint8Array(n,s)}(e,r,i,a,n)}async function je(e,t,r){return F.getNodeCrypto()?async function(e,t,r){const i=Ge(t,r),a={key:i,format:"jwk",type:"pkcs1",padding:Ne.constants.RSA_PKCS1_PADDING};return new Uint8Array(Ne.publicEncrypt(a,e))}(e,t,r):async function(e,t,r){if(t=ee(t),e=ee(Me(e,ce(t))),r=ee(r),e>=t)throw Error("Message size cannot exceed modulus size");return ue(re(e,r,t),"be",ce(t))}(e,t,r)}async function qe(e,t,r,i,a,n,s,o){if(F.getNodeCrypto()&&!o)try{return await async function(e,t,r,i,a,n,s){const o=await He(t,r,i,a,n,s),c={key:o,format:"jwk",type:"pkcs1",padding:Ne.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Ne.privateDecrypt(c,e))}catch(e){throw Error("Decryption error")}}(e,t,r,i,a,n,s)}catch(e){F.printDebugError(e)}return async function(e,t,r,i,a,n,s,o){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),a=ee(a),n=ee(n),s=ee(s),e>=t)throw Error("Data too large.");const c=te(i,n-Re),u=te(i,a-Re),h=ye(BigInt(2),t),l=re(ae(h,t),r,t);e=te(e*l,t);const y=re(e,u,a),p=re(e,c,n),d=te(s*(p-y),n);let g=d*a+y;return g=te(g*h,t),Fe(ue(g,"be",ce(t)),o)}(e,t,r,i,a,n,s,o)}async function He(e,t,r,i,a,n){const s=ee(i),o=ee(a),c=ee(r);let u=te(c,o-Re),h=te(c,s-Re);return h=ue(h),u=ue(u),{kty:"RSA",n:j(e),e:j(t),d:j(r),p:j(a),q:j(i),dp:j(u),dq:j(h),qi:j(n),ext:!0}}function Ge(e,t){return{kty:"RSA",n:j(e),e:j(t),ext:!0}}function Ve(e,t){return{n:O(e.n),e:ue(t),d:O(e.d),p:O(e.q),q:O(e.p),u:O(e.qi)}}const We=BigInt(1);const $e={"2a8648ce3d030107":T.curve.nistP256,"2b81040022":T.curve.nistP384,"2b81040023":T.curve.nistP521,"2b8104000a":T.curve.secp256k1,"2b06010401da470f01":T.curve.ed25519Legacy,"2b060104019755010501":T.curve.curve25519Legacy,"2b2403030208010107":T.curve.brainpoolP256r1,"2b240303020801010b":T.curve.brainpoolP384r1,"2b240303020801010d":T.curve.brainpoolP512r1};class Qe{constructor(e){if(e instanceof Qe)this.oid=e.oid;else if(F.isArray(e)||F.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return F.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return F.uint8ArrayToHex(this.oid)}getName(){const e=$e[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Xe(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=F.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Ye(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):F.concatUint8Array([new Uint8Array([255]),F.writeNumber(e,4)])}function Ze(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function Je(e){return new Uint8Array([192|e])}function et(e,t){return F.concatUint8Array([Je(e),Ye(t)])}function tt(e){return[T.packet.literalData,T.packet.compressedData,T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData].includes(e)}async function rt(e,t,r){let i,a;try{const n=await e.peekBytes(2);if(!n||n.length<2||!(128&n[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await e.readByte();let o,c,u=-1,h=-1;h=0,64&s&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const l=tt(u);let y,p=null;if(t&&l){if("array"===t){const e=new ArrayStream;i=C(e),p=e}else{const e=new TransformStream;i=C(e.writable),p=e.readable}a=r({tag:u,packet:p})}else p=[];do{if(h){const t=await e.readByte();if(y=!1,t<192)o=t;else if(t>=192&&t<224)o=(t-192<<8)+await e.readByte()+192;else if(t>223&&t<255){if(o=1<<(31&t),y=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte()}else switch(c){case 0:o=await e.readByte();break;case 1:o=await e.readByte()<<8|await e.readByte();break;case 2:o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte();break;default:o=1/0}if(o>0){let t=0;for(;;){i&&await i.ready;const{done:r,value:a}=await e.read();if(r){if(o===1/0)break;throw Error("Unexpected end of packet")}const n=o===1/0?a:a.subarray(0,o-t);if(i?await i.write(n):p.push(n),t+=a.length,t>=o){e.unshift(a.subarray(o-t+a.length));break}}}}while(y);i?(await i.ready,await i.close()):(p=F.concatUint8Array(p),await r({tag:u,packet:p}))}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await a}}class it extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnsupportedError"}}class at extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnknownPacketError"}}class nt extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="MalformedPacketError"}}class st{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function ot(e){switch(e){case T.publicKey.ed25519:try{const e=F.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(O(i.x)),seed:O(r.d)}}catch(t){if("NotSupportedError"!==t.name)throw t;const{default:r}=await import("./nacl-fast.min.mjs"),i=le(lt(e)),{publicKey:a}=r.sign.keyPair.fromSeed(i);return{A:a,seed:i}}case T.publicKey.ed448:{const e=await F.getNobleCurve(T.publicKey.ed448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function ct(e,t,r,i,a,n){switch(e){case T.publicKey.ed25519:try{const t=F.getWebCrypto(),r=dt(e,i,a),s=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",s,n))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),r=F.concatUint8Array([a,i]);return{RS:t.sign.detached(n,r)}}case T.publicKey.ed448:return{RS:(await F.getNobleCurve(T.publicKey.ed448)).sign(n,a)};default:throw Error("Unsupported EdDSA algorithm")}}async function ut(e,t,{RS:r},i,a,n){switch(e){case T.publicKey.ed25519:try{const t=F.getWebCrypto(),i=pt(e,a),s=await t.importKey("jwk",i,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",s,r,n)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs");return t.sign.detached.verify(n,r,a)}case T.publicKey.ed448:return(await F.getNobleCurve(T.publicKey.ed448)).verify(r,n,a);default:throw Error("Unsupported EdDSA algorithm")}}async function ht(e,t,r){switch(e){case T.publicKey.ed25519:try{const i=F.getWebCrypto(),a=dt(e,t,r),n=pt(e,t),s=await i.importKey("jwk",a,"Ed25519",!1,["sign"]),o=await i.importKey("jwk",n,"Ed25519",!1,["verify"]),c=le(8),u=new Uint8Array(await i.sign("Ed25519",s,c));return await i.verify("Ed25519",o,u,c)}catch(e){if("NotSupportedError"!==e.name)return!1;const{default:i}=await import("./nacl-fast.min.mjs"),{publicKey:a}=i.sign.keyPair.fromSeed(r);return F.equalsUint8Array(t,a)}case T.publicKey.ed448:{const e=(await F.getNobleCurve(T.publicKey.ed448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}function lt(e){switch(e){case T.publicKey.ed25519:return 32;case T.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function yt(e){switch(e){case T.publicKey.ed25519:return T.hash.sha256;case T.publicKey.ed448:return T.hash.sha512;default:throw Error("Unknown EdDSA algo")}}const pt=(e,t)=>{if(e===T.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:j(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},dt=(e,t,r)=>{if(e===T.publicKey.ed25519){const i=pt(e,t);return i.d=j(r),i}throw Error("Unsupported EdDSA algorithm")};var gt=/*#__PURE__*/Object.freeze({__proto__:null,generate:ot,getPayloadSize:lt,getPreferredHashAlgo:yt,sign:ct,validateParams:ht,verify:ut});
+/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */function mt(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&"Uint8Array"===e.constructor.name}function ft(e,...t){if(!mt(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error("Uint8Array expected of length "+t+", got length="+e.length)}function wt(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function bt(e,t){ft(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}function kt(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function vt(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Kt(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function At(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}const Et=/* @__PURE__ */(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])();function St(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected");return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!mt(e))throw Error("Uint8Array expected, got "+typeof e);e=Bt(e)}return e}function Pt(e,t){return e.buffer===t.buffer&&e.byteOffset<t.byteOffset+t.byteLength&&t.byteOffset<e.byteOffset+e.byteLength}function Ut(e,t){if(Pt(e,t)&&e.byteOffset<t.byteOffset)throw Error("complex overlap of input and output is not supported")}function Dt(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i<e.length;i++)r|=e[i]^t[i];return 0===r}const xt=(e,t)=>{function r(r,...i){if(ft(r),!Et)throw Error("Non little-endian hardware is not yet supported");if(void 0!==e.nonceLength){const t=i[0];if(!t)throw Error("nonce / iv required");e.varSizeNonce?ft(t):ft(t,e.nonceLength)}const a=e.tagLength;a&&void 0!==i[1]&&ft(i[1]);const n=t(r,...i),s=(e,t)=>{if(void 0!==t){if(2!==e)throw Error("cipher output not supported");ft(t)}};let o=!1;return{encrypt(e,t){if(o)throw Error("cannot encrypt() twice with same key + nonce");return o=!0,ft(e),s(n.encrypt.length,t),n.encrypt(e,t)},decrypt(e,t){if(ft(e),a&&e.length<a)throw Error("invalid ciphertext length: smaller than tagLength="+a);return s(n.decrypt.length,t),n.decrypt(e,t)}}}return Object.assign(r,e),r};function Ct(e,t,r=!0){if(void 0===t)return new Uint8Array(e);if(t.length!==e)throw Error("invalid output length, expected "+e+", got: "+t.length);if(r&&!Tt(t))throw Error("invalid output, must be aligned");return t}function It(e,t,r,i){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,i);const a=BigInt(32),n=BigInt(4294967295),s=Number(r>>a&n),o=Number(r&n);e.setUint32(t+0,s,i),e.setUint32(t+4,o,i)}function Tt(e){return e.byteOffset%4==0}function Bt(e){return Uint8Array.from(e)}const Mt=16,Ft=/* @__PURE__ */new Uint8Array(16),Lt=vt(Ft),_t=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Nt{constructor(e,t){this.blockLen=Mt,this.outputLen=Mt,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,ft(e=St(e),16);const r=At(e);let i=r.getUint32(0,!1),a=r.getUint32(4,!1),n=r.getUint32(8,!1),s=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:_t(i),s1:_t(a),s2:_t(n),s3:_t(s)}),({s0:i,s1:a,s2:n,s3:s}={s3:(h=n)<<31|(l=s)>>>1,s2:(u=a)<<31|h>>>1,s1:(c=i)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const y=(p=t||1024)>65536?8:p>1024?4:2;var p;if(![1,2,4,8].includes(y))throw Error("ghash: invalid window size, expected 2, 4 or 8");this.W=y;const d=128/y,g=this.windowSize=2**y,m=[];for(let e=0;e<d;e++)for(let t=0;t<g;t++){let r=0,i=0,a=0,n=0;for(let s=0;s<y;s++){if(!(t>>>y-s-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[y*e+s];r^=c,i^=u,a^=h,n^=l}m.push({s0:r,s1:i,s2:a,s3:n})}this.t=m}_updateBlock(e,t,r,i){e^=this.s0,t^=this.s1,r^=this.s2,i^=this.s3;const{W:a,t:n,windowSize:s}=this;let o=0,c=0,u=0,h=0;const l=(1<<a)-1;let y=0;for(const p of[e,t,r,i])for(let e=0;e<4;e++){const t=p>>>8*e&255;for(let e=8/a-1;e>=0;e--){const r=t>>>a*e&l,{s0:i,s1:p,s2:d,s3:g}=n[y*s+r];o^=i,c^=p,u^=d,h^=g,y+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){wt(this),ft(e=St(e));const t=vt(e),r=Math.floor(e.length/Mt),i=e.length%Mt;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return i&&(Ft.set(e.subarray(r*Mt)),this._updateBlock(Lt[0],Lt[1],Lt[2],Lt[3]),Kt(Lt)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){wt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=vt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e}digest(){const e=new Uint8Array(Mt);return this.digestInto(e),this.destroy(),e}}class Rt extends Nt{constructor(e,t){ft(e=St(e));const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const i=e[t];e[t]=i>>>1|r,r=(1&i)<<7}return e[0]^=225&-t,e}(Bt(e));super(r,t),Kt(r)}update(e){e=St(e),wt(this);const t=vt(e),r=e.length%Mt,i=Math.floor(e.length/Mt);for(let e=0;e<i;e++)this._updateBlock(_t(t[4*e+3]),_t(t[4*e+2]),_t(t[4*e+1]),_t(t[4*e+0]));return r&&(Ft.set(e.subarray(i*Mt)),this._updateBlock(_t(Lt[3]),_t(Lt[2]),_t(Lt[1]),_t(Lt[0])),Kt(Lt)),this}digestInto(e){wt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=vt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e.reverse()}}function zt(e){const t=(t,r)=>e(r,t.length).update(St(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const Ot=zt(((e,t)=>new Nt(e,t)));zt(((e,t)=>new Rt(e,t)));const jt=16,qt=/* @__PURE__ */new Uint8Array(jt);function Ht(e){return e<<1^283&-(e>>7)}function Gt(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=Ht(e);return r}const Vt=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=Ht(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let i=e[255-r];i|=i<<8,t[e[r]]=255&(i^i>>4^i>>5^i>>6^i>>7^99)}return Kt(e),t})(),Wt=/* @__PURE__ */Vt.map(((e,t)=>Vt.indexOf(t))),$t=e=>e<<8|e>>>24,Qt=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Xt(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,i)=>t(e[i]))),i=r.map($t),a=i.map($t),n=a.map($t),s=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;s[h]=r[t]^i[u],o[h]=a[t]^n[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:i,T2:a,T3:n,T01:s,T23:o}}const Yt=/* @__PURE__ */Xt(Vt,(e=>Gt(e,3)<<24|e<<16|e<<8|Gt(e,2))),Zt=/* @__PURE__ */Xt(Wt,(e=>Gt(e,11)<<24|Gt(e,13)<<16|Gt(e,9)<<8|Gt(e,14))),Jt=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=Ht(r))e[t]=r;return e})();function er(e){ft(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: invalid key size, should be 16, 24 or 32, got "+t);const{sbox2:r}=Yt,i=[];Tt(e)||i.push(e=Bt(e));const a=vt(e),n=a.length,s=e=>ir(r,e,e,e,e),o=new Uint32Array(t+28);o.set(a);for(let e=n;e<o.length;e++){let t=o[e-1];e%n==0?t=s((c=t)<<24|c>>>8)^Jt[e/n-1]:n>6&&e%n==4&&(t=s(t)),o[e]=o[e-n]^t}var c;return Kt(...i),o}function tr(e){const t=er(e),r=t.slice(),i=t.length,{sbox2:a}=Yt,{T0:n,T1:s,T2:o,T3:c}=Zt;for(let e=0;e<i;e+=4)for(let a=0;a<4;a++)r[e+a]=t[i-e-4+a];Kt(t);for(let e=4;e<i-4;e++){const t=r[e],i=ir(a,t,t,t,t);r[e]=n[255&i]^s[i>>>8&255]^o[i>>>16&255]^c[i>>>24]}return r}function rr(e,t,r,i,a,n){return e[r<<8&65280|i>>>8&255]^t[a>>>8&65280|n>>>24&255]}function ir(e,t,r,i,a){return e[255&t|65280&r]|e[i>>>16&255|a>>>16&65280]<<16}function ar(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Yt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^rr(s,o,t,r,i,a),u=e[c++]^rr(s,o,r,i,a,t),h=e[c++]^rr(s,o,i,a,t,r),l=e[c++]^rr(s,o,a,t,r,i);t=n,r=u,i=h,a=l}return{s0:e[c++]^ir(n,t,r,i,a),s1:e[c++]^ir(n,r,i,a,t),s2:e[c++]^ir(n,i,a,t,r),s3:e[c++]^ir(n,a,t,r,i)}}function nr(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Zt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^rr(s,o,t,a,i,r),u=e[c++]^rr(s,o,r,t,a,i),h=e[c++]^rr(s,o,i,r,t,a),l=e[c++]^rr(s,o,a,i,r,t);t=n,r=u,i=h,a=l}return{s0:e[c++]^ir(n,t,a,i,r),s1:e[c++]^ir(n,r,t,a,i),s2:e[c++]^ir(n,i,r,t,a),s3:e[c++]^ir(n,a,i,r,t)}}function sr(e,t,r,i){ft(t,jt),ft(r);const a=r.length;Ut(r,i=Ct(a,i));const n=t,s=vt(n);let{s0:o,s1:c,s2:u,s3:h}=ar(e,s[0],s[1],s[2],s[3]);const l=vt(r),y=vt(i);for(let t=0;t+4<=l.length;t+=4){y[t+0]=l[t+0]^o,y[t+1]=l[t+1]^c,y[t+2]=l[t+2]^u,y[t+3]=l[t+3]^h;let r=1;for(let e=n.length-1;e>=0;e--)r=r+(255&n[e])|0,n[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=ar(e,s[0],s[1],s[2],s[3]))}const p=jt*Math.floor(l.length/4);if(p<a){const e=new Uint32Array([o,c,u,h]),t=kt(e);for(let e=p,n=0;e<a;e++,n++)i[e]=r[e]^t[n];Kt(e)}return i}function or(e,t,r,i,a){ft(r,jt),ft(i),a=Ct(i.length,a);const n=r,s=vt(n),o=At(n),c=vt(i),u=vt(a),h=t?0:12,l=i.length;let y=o.getUint32(h,t),{s0:p,s1:d,s2:g,s3:m}=ar(e,s[0],s[1],s[2],s[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^p,u[r+1]=c[r+1]^d,u[r+2]=c[r+2]^g,u[r+3]=c[r+3]^m,y=y+1>>>0,o.setUint32(h,y,t),({s0:p,s1:d,s2:g,s3:m}=ar(e,s[0],s[1],s[2],s[3]));const f=jt*Math.floor(c.length/4);if(f<l){const e=new Uint32Array([p,d,g,m]),t=kt(e);for(let e=f,r=0;e<l;e++,r++)a[e]=i[e]^t[r];Kt(e)}return a}const cr=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t){function r(r,i){if(ft(r),void 0!==i&&(ft(i),!Tt(i)))throw Error("unaligned destination");const a=er(e),n=Bt(t),s=[a,n];Tt(r)||s.push(r=Bt(r));const o=sr(a,n,r,i);return Kt(...s),o}return{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const ur=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t,r={}){const i=!r.disablePadding;return{encrypt(r,a){const n=er(e),{b:s,o,out:c}=function(e,t,r){ft(e);let i=e.length;const a=i%jt;if(!t&&0!==a)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Tt(e)||(e=Bt(e));const n=vt(e);if(t){let e=jt-a;e||(e=jt),i+=e}return Ut(e,r=Ct(i,r)),{b:n,o:vt(r),out:r}}(r,i,a);let u=t;const h=[n];Tt(u)||h.push(u=Bt(u));const l=vt(u);let y=l[0],p=l[1],d=l[2],g=l[3],m=0;for(;m+4<=s.length;)y^=s[m+0],p^=s[m+1],d^=s[m+2],g^=s[m+3],({s0:y,s1:p,s2:d,s3:g}=ar(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g;if(i){const e=function(e){const t=new Uint8Array(16),r=vt(t);t.set(e);const i=jt-e.length;for(let e=jt-i;e<jt;e++)t[e]=i;return r}(r.subarray(4*m));y^=e[0],p^=e[1],d^=e[2],g^=e[3],({s0:y,s1:p,s2:d,s3:g}=ar(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g}return Kt(...h),c},decrypt(r,a){!function(e){if(ft(e),e.length%jt!=0)throw Error("aes-(cbc/ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const n=tr(e);let s=t;const o=[n];Tt(s)||o.push(s=Bt(s));const c=vt(s);a=Ct(r.length,a),Tt(r)||o.push(r=Bt(r)),Ut(r,a);const u=vt(r),h=vt(a);let l=c[0],y=c[1],p=c[2],d=c[3];for(let e=0;e+4<=u.length;){const t=l,r=y,i=p,a=d;l=u[e+0],y=u[e+1],p=u[e+2],d=u[e+3];const{s0:s,s1:o,s2:c,s3:g}=nr(n,l,y,p,d);h[e++]=s^t,h[e++]=o^r,h[e++]=c^i,h[e++]=g^a}return Kt(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const i=e[r-1];if(i<=0||i>16)throw Error("aes/pcks5: wrong padding");const a=e.subarray(0,-i);for(let t=0;t<i;t++)if(e[r-t-1]!==i)throw Error("aes/pcks5: wrong padding");return a}(a,i)}}})),hr=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t){function r(r,i,a){ft(r);const n=r.length;if(Pt(r,a=Ct(n,a)))throw Error("overlapping src and dst not supported.");const s=er(e);let o=t;const c=[s];Tt(o)||c.push(o=Bt(o)),Tt(r)||c.push(r=Bt(r));const u=vt(r),h=vt(a),l=i?h:u,y=vt(o);let p=y[0],d=y[1],g=y[2],m=y[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:i,s3:a}=ar(s,p,d,g,m);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^i,h[e+3]=u[e+3]^a,p=l[e++],d=l[e++],g=l[e++],m=l[e++]}const f=jt*Math.floor(u.length/4);if(f<n){({s0:p,s1:d,s2:g,s3:m}=ar(s,p,d,g,m));const e=kt(new Uint32Array([p,d,g,m]));for(let t=f,i=0;t<n;t++,i++)a[t]=r[t]^e[i];Kt(e)}return Kt(...c),a}return{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));function lr(e,t,r,i,a){const n=a?a.length:0,s=e.create(r,i.length+n);a&&s.update(a);const o=function(e,t,r){const i=new Uint8Array(16),a=At(i);return It(a,0,BigInt(t),r),It(a,8,BigInt(e),r),i}(8*i.length,8*n,t);s.update(i),s.update(o);const c=s.digest();return Kt(o),c}const yr=/* @__PURE__ */xt({blockSize:16,nonceLength:12,tagLength:16,varSizeNonce:!0},(function(e,t,r){if(t.length<8)throw Error("aes/gcm: invalid nonce length");function i(e,t,i){const a=lr(Ot,!1,e,i,r);for(let e=0;e<t.length;e++)a[e]^=t[e];return a}function a(){const r=er(e),i=qt.slice(),a=qt.slice();if(or(r,!1,a,a,i),12===t.length)a.set(t);else{const e=qt.slice();It(At(e),8,BigInt(8*t.length),!1);const r=Ot.create(i).update(t).update(e);r.digestInto(a),r.destroy()}return{xk:r,authKey:i,counter:a,tagMask:or(r,!1,a,qt)}}return{encrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=new Uint8Array(e.length+16),c=[t,r,n,s];Tt(e)||c.push(e=Bt(e)),or(t,!1,n,e,o.subarray(0,e.length));const u=i(r,s,o.subarray(0,o.length-16));return c.push(u),o.set(u,e.length),Kt(...c),o},decrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=[t,r,s,n];Tt(e)||o.push(e=Bt(e));const c=e.subarray(0,-16),u=e.subarray(-16),h=i(r,s,c);if(o.push(h),!Dt(h,u))throw Error("aes/gcm: invalid ghash tag");const l=or(t,!1,n,c);return Kt(...o),l}}}));function pr(e){return e instanceof Uint32Array||ArrayBuffer.isView(e)&&"Uint32Array"===e.constructor.name}function dr(e,t){if(ft(t,16),!pr(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=vt(t);let{s0:i,s1:a,s2:n,s3:s}=ar(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}function gr(e,t){if(ft(t,16),!pr(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=vt(t);let{s0:i,s1:a,s2:n,s3:s}=nr(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}const mr={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=er(e);if(16===t.length)dr(r,t);else{const e=vt(t);let i=e[0],a=e[1];for(let t=0,n=1;t<6;t++)for(let t=2;t<e.length;t+=2,n++){const{s0:s,s1:o,s2:c,s3:u}=ar(r,i,a,e[t],e[t+1]);i=s,a=o^Qt(n),e[t]=c,e[t+1]=u}e[0]=i,e[1]=a}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=tr(e),i=t.length/8-1;if(1===i)gr(r,t);else{const e=vt(t);let a=e[0],n=e[1];for(let t=0,s=6*i;t<6;t++)for(let t=2*i;t>=1;t-=2,s--){n^=Qt(s);const{s0:i,s1:o,s2:c,s3:u}=nr(r,a,n,e[t],e[t+1]);a=i,n=o,e[t]=c,e[t+1]=u}e[0]=a,e[1]=n}r.fill(0)}},fr=/* @__PURE__ */new Uint8Array(8).fill(166),wr=/* @__PURE__ */xt({blockSize:8},(e=>({encrypt(t){if(!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const i=e[r];ft(i),t+=i.length}const r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const a=e[t];r.set(a,i),i+=a.length}return r}(fr,t);return mr.encrypt(e,r),r},decrypt(t){if(t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=Bt(t);if(mr.decrypt(e,r),!Dt(r.subarray(0,8),fr))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),br={expandKeyLE:er,expandKeyDecLE:tr,encrypt:ar,decrypt:nr,encryptBlock:dr,decryptBlock:gr,ctrCounter:sr,ctr32:or};async function kr(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:throw Error("Not a legacy cipher");case T.symmetric.cast5:case T.symmetric.blowfish:case T.symmetric.twofish:case T.symmetric.tripledes:{const{legacyCiphers:t}=await import("./legacy_ciphers.min.mjs"),r=T.read(T.symmetric,e),i=t.get(r);if(!i)throw Error("Unsupported cipher algorithm");return i}default:throw Error("Unsupported cipher algorithm")}}function vr(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:case T.symmetric.twofish:return 16;case T.symmetric.blowfish:case T.symmetric.cast5:case T.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function Kr(e){switch(e){case T.symmetric.aes128:case T.symmetric.blowfish:case T.symmetric.cast5:return 16;case T.symmetric.aes192:case T.symmetric.tripledes:return 24;case T.symmetric.aes256:case T.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function Ar(e){return{keySize:Kr(e),blockSize:vr(e)}}const Er=F.getWebCrypto();async function Sr(e,t,r){const{keySize:i}=Ar(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");try{const e=await Er.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),i=await Er.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),a=await Er.wrapKey("raw",i,e,{name:"AES-KW"});return new Uint8Array(a)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return wr(t).encrypt(r)}async function Pr(e,t,r){const{keySize:i}=Ar(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");let a;try{a=await Er.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return F.printDebugError("Browser did not support operation: "+e.message),wr(t).decrypt(r)}try{const e=await Er.unwrapKey("raw",r,a,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await Er.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}async function Ur(e,t,r,i,a){const n=F.getWebCrypto(),s=T.read(T.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const o=await n.importKey("raw",t,"HKDF",!1,["deriveBits"]),c=await n.deriveBits({name:"HKDF",hash:s,salt:r,info:i},o,8*a);return new Uint8Array(c)}const Dr={x25519:F.encodeUTF8("OpenPGP X25519"),x448:F.encodeUTF8("OpenPGP X448")};async function xr(e){switch(e){case T.publicKey.x25519:try{const e=F.getWebCrypto(),t=await e.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);if(r.x!==i.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}return{A:new Uint8Array(O(i.x)),k:O(r.d)}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),{secretKey:r,publicKey:i}=t.box.keyPair();return{A:i,k:r}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function Cr(e,t,r){switch(e){case T.publicKey.x25519:try{const{ephemeralPublicKey:i,sharedSecret:a}=await Mr(e,t),n=await Fr(e,i,t,r);return F.equalsUint8Array(a,n)}catch(e){return!1}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}async function Ir(e,t,r){const{ephemeralPublicKey:i,sharedSecret:a}=await Mr(e,r),n=F.concatUint8Array([i,r,a]);switch(e){case T.publicKey.x25519:{const e=T.symmetric.aes128,{keySize:r}=Ar(e),a=await Ur(T.hash.sha256,n,new Uint8Array,Dr.x25519,r);return{ephemeralPublicKey:i,wrappedKey:await Sr(e,a,t)}}case T.publicKey.x448:{const e=T.symmetric.aes256,{keySize:r}=Ar(T.symmetric.aes256),a=await Ur(T.hash.sha512,n,new Uint8Array,Dr.x448,r);return{ephemeralPublicKey:i,wrappedKey:await Sr(e,a,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function Tr(e,t,r,i,a){const n=await Fr(e,t,i,a),s=F.concatUint8Array([t,i,n]);switch(e){case T.publicKey.x25519:{const e=T.symmetric.aes128,{keySize:t}=Ar(e);return Pr(e,await Ur(T.hash.sha256,s,new Uint8Array,Dr.x25519,t),r)}case T.publicKey.x448:{const e=T.symmetric.aes256,{keySize:t}=Ar(T.symmetric.aes256);return Pr(e,await Ur(T.hash.sha512,s,new Uint8Array,Dr.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function Br(e){switch(e){case T.publicKey.x25519:return 32;case T.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function Mr(e,t){switch(e){case T.publicKey.x25519:try{const r=F.getWebCrypto(),i=await r.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),a=await r.exportKey("jwk",i.publicKey);if((await r.exportKey("jwk",i.privateKey)).x!==a.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}const n=_r(e,t),s=await r.importKey("jwk",n,"X25519",!1,[]),o=await r.deriveBits({name:"X25519",public:s},i.privateKey,8*Br(e));return{sharedSecret:new Uint8Array(o),ephemeralPublicKey:new Uint8Array(O(a.x))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),{secretKey:i,publicKey:a}=r.box.keyPair(),n=r.scalarMult(i,t);return Lr(n),{ephemeralPublicKey:a,sharedSecret:n}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),{secretKey:r,publicKey:i}=e.keygen(),a=e.getSharedSecret(r,t);return Lr(a),{ephemeralPublicKey:i,sharedSecret:a}}default:throw Error("Unsupported ECDH algorithm")}}async function Fr(e,t,r,i){switch(e){case T.publicKey.x25519:try{const a=F.getWebCrypto(),n=function(e,t,r){if(e===T.publicKey.x25519){const i=_r(e,t);return i.d=j(r),i}throw Error("Unsupported ECDH algorithm")}(e,r,i),s=_r(e,t),o=await a.importKey("jwk",n,"X25519",!1,["deriveKey","deriveBits"]),c=await a.importKey("jwk",s,"X25519",!1,[]),u=await a.deriveBits({name:"X25519",public:c},o,8*Br(e));return new Uint8Array(u)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),a=r.scalarMult(i,t);return Lr(a),a}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getSharedSecret(i,t);return Lr(e),e}default:throw Error("Unsupported ECDH algorithm")}}function Lr(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}function _r(e,t){if(e===T.publicKey.x25519){return{kty:"OKP",crv:"X25519",x:j(t),ext:!0}}throw Error("Unsupported ECDH algorithm")}var Nr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Tr,encrypt:Ir,generate:xr,generateEphemeralEncryptionMaterial:Mr,getPayloadSize:Br,recomputeSharedSecret:Fr,validateParams:Cr});const Rr=F.getWebCrypto(),zr=F.getNodeCrypto(),Or={[T.curve.nistP256]:"P-256",[T.curve.nistP384]:"P-384",[T.curve.nistP521]:"P-521"},jr=zr?zr.getCurves():[],qr=zr?{[T.curve.secp256k1]:jr.includes("secp256k1")?"secp256k1":void 0,[T.curve.nistP256]:jr.includes("prime256v1")?"prime256v1":void 0,[T.curve.nistP384]:jr.includes("secp384r1")?"secp384r1":void 0,[T.curve.nistP521]:jr.includes("secp521r1")?"secp521r1":void 0,[T.curve.ed25519Legacy]:jr.includes("ED25519")?"ED25519":void 0,[T.curve.curve25519Legacy]:jr.includes("X25519")?"X25519":void 0,[T.curve.brainpoolP256r1]:jr.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[T.curve.brainpoolP384r1]:jr.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[T.curve.brainpoolP512r1]:jr.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Hr={[T.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.nistP256],web:Or[T.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[T.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:T.publicKey.ecdsa,hash:T.hash.sha384,cipher:T.symmetric.aes192,node:qr[T.curve.nistP384],web:Or[T.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[T.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:T.publicKey.ecdsa,hash:T.hash.sha512,cipher:T.symmetric.aes256,node:qr[T.curve.nistP521],web:Or[T.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[T.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[T.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:T.publicKey.eddsaLegacy,hash:T.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[T.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:T.publicKey.ecdh,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[T.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[T.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:T.publicKey.ecdsa,hash:T.hash.sha384,cipher:T.symmetric.aes192,node:qr[T.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[T.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:T.publicKey.ecdsa,hash:T.hash.sha512,cipher:T.symmetric.aes256,node:qr[T.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class Gr{constructor(e){try{this.name=e instanceof Qe?e.getName():T.write(T.curve,e)}catch(e){throw new it("Unknown curve")}const t=Hr[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&F.getWebCrypto()?this.type="web":this.node&&F.getNodeCrypto()?this.type="node":this.name===T.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===T.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await Rr.generateKey({name:"ECDSA",namedCurve:Or[e]},!0,["sign","verify"]),i=await Rr.exportKey("jwk",r.privateKey);return{publicKey:Yr(await Rr.exportKey("jwk",r.publicKey),t),privateKey:O(i.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return F.printDebugError("Browser did not support generating ec key "+e.message),Xr(this.name)}case"node":return async function(e){const t=zr.createECDH(qr[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await xr(T.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await ot(T.publicKey.ed25519);return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return Xr(this.name)}}}async function Vr(e){const t=new Gr(e),{oid:r,hash:i,cipher:a}=t,n=await t.genKeyPair();return{oid:r,Q:n.publicKey,secret:F.leftPad(n.privateKey,t.payloadSize),hash:i,cipher:a}}function Wr(e){return Hr[e.getName()].hash}async function $r(e,t,r,i){const a={[T.curve.nistP256]:!0,[T.curve.nistP384]:!0,[T.curve.nistP521]:!0,[T.curve.secp256k1]:!0,[T.curve.curve25519Legacy]:e===T.publicKey.ecdh,[T.curve.brainpoolP256r1]:!0,[T.curve.brainpoolP384r1]:!0,[T.curve.brainpoolP512r1]:!0},n=t.getName();if(!a[n])return!1;if(n===T.curve.curve25519Legacy){const e=i.slice().reverse();return!(r.length<1||64!==r[0])&&Cr(T.publicKey.x25519,r.subarray(1),e)}const s=(await F.getNobleCurve(T.publicKey.ecdsa,n)).getPublicKey(i,!1);return!!F.equalsUint8Array(s,r)}function Qr(e,t){const{payloadSize:r,wireFormatLeadingByte:i,name:a}=e,n=a===T.curve.curve25519Legacy||a===T.curve.ed25519Legacy?r:2*r;if(t[0]!==i||t.length!==n+1)throw Error("Invalid point encoding")}async function Xr(e){const t=await F.getNobleCurve(T.publicKey.ecdsa,e),{secretKey:r}=t.keygen();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function Yr(e,t){const r=O(e.x),i=O(e.y),a=new Uint8Array(r.length+i.length+1);return a[0]=t,a.set(r,1),a.set(i,r.length+1),a}function Zr(e,t,r){const i=e,a=r.slice(1,i+1),n=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:j(a),y:j(n),ext:!0}}function Jr(e,t,r,i){const a=Zr(e,t,r);return a.d=j(i),a}const ei=F.getWebCrypto(),ti=F.getNodeCrypto();async function ri(e,t,r,i,a,n){const s=new Gr(e);if(Qr(s,i),r&&!F.isStream(r)){const e={publicKey:i,privateKey:a};switch(s.type){case"web":try{return await async function(e,t,r,i){const a=e.payloadSize,n=Jr(e.payloadSize,Or[e.name],i.publicKey,i.privateKey),s=await ei.importKey("jwk",n,{name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await ei.sign({name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,t)}},s,r));return{r:o.slice(0,a),s:o.slice(a,a<<1)}}(s,t,r,e)}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return async function(e,t,r,i){const a=F.nodeRequire("eckey-utils"),n=F.getNodeBuffer(),{privateKey:s}=a.generateDer({curveName:qr[e.name],privateKey:n.from(i)}),o=ti.createSign(T.read(T.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:s,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(s,t,r,a)}}const o=(await F.getNobleCurve(T.publicKey.ecdsa,s.name)).sign(n,a,{lowS:!1});return{r:ue(o.r,"be",s.payloadSize),s:ue(o.s,"be",s.payloadSize)}}async function ii(e,t,r,i,a,n){const s=new Gr(e);Qr(s,a);const o=async()=>0===n[0]&&ai(s,r,n.subarray(1),a);if(i&&!F.isStream(i))switch(s.type){case"web":try{const e=await async function(e,t,{r,s:i},a,n){const s=Zr(e.payloadSize,Or[e.name],n),o=await ei.importKey("jwk",s,{name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["verify"]),c=F.concatUint8Array([r,i]).buffer;return ei.verify({name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,t)}},o,c,a)}(s,t,r,i,a);return e||o()}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:i},a,n){const s=F.nodeRequire("eckey-utils"),o=F.getNodeBuffer(),{publicKey:c}=s.generateDer({curveName:qr[e.name],publicKey:o.from(n)}),u=ti.createVerify(T.read(T.hash,t));u.write(a),u.end();const h=F.concatUint8Array([r,i]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(s,t,r,i,a);return e||o()}}return await ai(s,r,n,a)||o()}async function ai(e,t,r,i){return(await F.getNobleCurve(T.publicKey.ecdsa,e.name)).verify(F.concatUint8Array([t.r,t.s]),r,i,{lowS:!1})}var ni=/*#__PURE__*/Object.freeze({__proto__:null,sign:ri,validateParams:async function(e,t,r){const i=new Gr(e);if(i.keyType!==T.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=le(8),a=T.hash.sha256,n=await Ie(a,i);try{const s=await ri(e,a,i,t,r,n);return await ii(e,a,s,i,t,n)}catch(e){return!1}}default:return $r(T.publicKey.ecdsa,e,t,r)}},verify:ii});async function si(e,t,r,i,a,n){Qr(new Gr(e),i);const{RS:s}=await ct(T.publicKey.ed25519,0,0,i.subarray(1),a,n);return{r:s.subarray(0,32),s:s.subarray(32)}}async function oi(e,t,{r,s:i},a,n,s){Qr(new Gr(e),n);const o=F.concatUint8Array([r,i]);return ut(T.publicKey.ed25519,0,{RS:o},0,n.subarray(1),s)}async function ci(e,t,r){return e.getName()===T.curve.ed25519Legacy&&(!(t.length<1||64!==t[0])&&ht(T.publicKey.ed25519,t.subarray(1),r))}var ui=/*#__PURE__*/Object.freeze({__proto__:null,sign:si,validateParams:ci,verify:oi});function hi(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),a=new Uint8Array(r).fill(r);if(F.equalsUint8Array(i,a))return e.subarray(0,t-r)}}throw Error("Invalid padding")}function li(e,t,r,i){return F.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),F.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||i])}async function yi(e,t,r,i,a=!1,n=!1){let s;if(a){for(s=0;s<t.length&&0===t[s];s++);t=t.subarray(s)}if(n){for(s=t.length-1;s>=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Ie(e,F.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function pi(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:i}=await Mr(T.publicKey.x25519,t.subarray(1));return{publicKey:F.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),i]),sharedKey:r}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t){const r=F.getWebCrypto(),i=Zr(e.payloadSize,e.web,t);let a=r.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),n=r.importKey("jwk",i,{name:"ECDH",namedCurve:e.web},!1,[]);[a,n]=await Promise.all([a,n]);let s=r.deriveBits({name:"ECDH",namedCurve:e.web,public:n},a.privateKey,e.sharedSize),o=r.exportKey("jwk",a.publicKey);[s,o]=await Promise.all([s,o]);const c=new Uint8Array(s),u=new Uint8Array(Yr(o,e.wireFormatLeadingByte));return{publicKey:u,sharedKey:c}}(e,t)}catch(r){return F.printDebugError(r),wi(e,t)}break;case"node":return async function(e,t){const r=F.getNodeCrypto(),i=r.createECDH(e.node);i.generateKeys();const a=new Uint8Array(i.computeSecret(t));return{publicKey:new Uint8Array(i.getPublicKey()),sharedKey:a}}(e,t);default:return wi(e,t)}}async function di(e,t,r,i,a){const n=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),s=new Gr(e);Qr(s,i);const{publicKey:o,sharedKey:c}=await pi(s,i),u=li(T.publicKey.ecdh,e,t,a),{keySize:h}=Ar(t.cipher),l=await yi(t.hash,c,h,u);return{publicKey:o,wrappedKey:await Sr(t.cipher,l,n)}}async function gi(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519Legacy":{const e=i.slice().reverse();return{secretKey:e,sharedKey:await Fr(T.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t,r,i){const a=F.getWebCrypto(),n=Jr(e.payloadSize,e.web,r,i);let s=a.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const o=Zr(e.payloadSize,e.web,t);let c=a.importKey("jwk",o,{name:"ECDH",namedCurve:e.web},!0,[]);[s,c]=await Promise.all([s,c]);let u=a.deriveBits({name:"ECDH",namedCurve:e.web,public:c},s,e.sharedSize),h=a.exportKey("jwk",s);[u,h]=await Promise.all([u,h]);const l=new Uint8Array(u);return{secretKey:O(h.d),sharedKey:l}}(e,t,r,i)}catch(r){return F.printDebugError(r),fi(e,t,i)}break;case"node":return async function(e,t,r){const i=F.getNodeCrypto(),a=i.createECDH(e.node);a.setPrivateKey(r);const n=new Uint8Array(a.computeSecret(t));return{secretKey:new Uint8Array(a.getPrivateKey()),sharedKey:n}}(e,t,i);default:return fi(e,t,i)}}async function mi(e,t,r,i,a,n,s){const o=new Gr(e);Qr(o,a),Qr(o,r);const{sharedKey:c}=await gi(o,r,a,n),u=li(T.publicKey.ecdh,e,t,s),{keySize:h}=Ar(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await yi(t.hash,c,h,u,1===e,2===e);return hi(await Pr(t.cipher,r,i))}catch(e){l=e}throw l}async function fi(e,t,r){return{secretKey:r,sharedKey:(await F.getNobleCurve(T.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function wi(e,t){const r=await F.getNobleCurve(T.publicKey.ecdh,e.name),{publicKey:i,privateKey:a}=await e.genKeyPair();return{publicKey:i,sharedKey:r.getSharedSecret(a,t).subarray(1)}}var bi=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Gr,ecdh:/*#__PURE__*/Object.freeze({__proto__:null,decrypt:mi,encrypt:di,validateParams:async function(e,t,r){return $r(T.publicKey.ecdh,e,t,r)}}),ecdhX:Nr,ecdsa:ni,eddsa:gt,eddsaLegacy:ui,generate:Vr,getPreferredHashAlgo:Wr});const ki=BigInt(0),vi=BigInt(1);const Ki=new Set([T.hash.sha1,T.hash.sha256,T.hash.sha512]),Ai=F.getWebCrypto(),Ei=F.getNodeCrypto();async function Si(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{publicKey:r,secretKey:i}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:i}}throw Error("Unsupported KEM algorithm")}async function Pi(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===T.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await xr(T.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}=await async function(e){if(e===T.publicKey.pqc_mlkem_x25519){const t=le(64),{mlkemSecretKey:r,mlkemPublicKey:i}=await Si(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:i}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}}async function Ui(e,t,r,i){const{eccKeyShare:a,eccCipherText:n}=await async function(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await Mr(T.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:s,mlkemCipherText:o}=await async function(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{cipherText:r,sharedSecret:i}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:i}}throw Error("Unsupported KEM algorithm")}(e,r),c=await xi(e,s,a,n,t);return{eccCipherText:n,mlkemCipherText:o,wrappedKey:await Sr(T.symmetric.aes256,c,i)}}async function Di(e,t,r,i,a,n,s,o){const c=await async function(e,t,r,i){if(e===T.publicKey.pqc_mlkem_x25519)return await Fr(T.publicKey.x25519,t,i,r);throw Error("Unsupported KEM algorithm")}(e,t,i,a),u=await async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs");return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,n),h=await xi(e,u,c,t,a);return await Pr(T.symmetric.aes256,h,o)}async function xi(e,t,r,i,a){const n=F.encodeUTF8("OpenPGPCompositeKDFv1"),s=F.concatUint8Array([t,r,i,a,new Uint8Array([e]),n,new Uint8Array([n.length])]);return await Ie(T.hash.sha3_256,s)}async function Ci(e,t,r,i,a){const n=async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519)return Cr(T.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),s=async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:i}=await Si(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported KEM algorithm")}(e,i,a);return await n&&await s}async function Ii(e,t){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs"),{secretKey:r,publicKey:i}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}async function Ti(e){if(e===T.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===T.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await ot(T.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}=await async function(e){if(e===T.publicKey.pqc_mldsa_ed25519){const t=le(32),{mldsaSecretKey:r,mldsaPublicKey:i}=await Ii(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}}throw Error("Unsupported signature algorithm")}async function Bi(e,t,r,i,a,n){if(e===T.publicKey.pqc_mldsa_ed25519){const{eccSignature:t}=await async function(e,t,r,i,a){if(e===T.publicKey.pqc_mldsa_ed25519){const{RS:e}=await ct(T.publicKey.ed25519,0,0,i,r,a);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,0,r,i,n),{mldsaSignature:s}=await async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,a,n);return{eccSignature:t,mldsaSignature:s}}throw Error("Unsupported signature algorithm")}async function Mi(e,t,r,i,a,{eccSignature:n,mldsaSignature:s}){if(e===T.publicKey.pqc_mldsa_ed25519){const t=async function(e,t,r,i,a){if(e===T.publicKey.pqc_mldsa_ed25519)return ut(T.publicKey.ed25519,0,{RS:a},0,r,i);throw Error("Unsupported signature algorithm")}(e,0,r,a,n),o=async function(e,t,r,i){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return e.verify(t,r,i)}throw Error("Unsupported signature algorithm")}(e,i,a,s);return await t&&await o}throw Error("Unsupported signature algorithm")}function Fi(e,t){if(e===T.publicKey.pqc_mldsa_ed25519)return Te(t)>=32;throw Error("Unsupported signature algorithm")}async function Li(e,t,r,i,a){const n=async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519)return ht(T.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),s=async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:i}=await Ii(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported signature algorithm")}(e,i,a);return await n&&await s}class _i{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return F.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class Ni{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!F.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return F.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class Ri{constructor(e){if(e){const{version:t,hash:r,cipher:i,replacementFingerprint:a}=e;this.version=t||1,this.hash=r,this.cipher=i,this.replacementFingerprint=a}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new it("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const i=t-r+1;this.replacementFingerprint=e.slice(r,r+i),r+=i}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return F.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const zi=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=T.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return T.read(e,this.data)}getValue(){return this.data}},Oi=zi(T.aead),ji=zi(T.symmetric),qi=zi(T.hash);class Hi{static fromObject({wrappedKey:e,algorithm:t}){const r=new Hi;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=F.readExactSubarray(e,t,t+r),t+=r}write(){return F.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Gi=F.getWebCrypto(),Vi=F.getNodeCrypto(),Wi=Vi?Vi.getCiphers():[],$i={idea:Wi.includes("idea-cfb")?"idea-cfb":void 0,tripledes:Wi.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:Wi.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:Wi.includes("bf-cfb")?"bf-cfb":void 0,aes128:Wi.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:Wi.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:Wi.includes("aes-256-cfb")?"aes-256-cfb":void 0};async function Qi(e){const{blockSize:t}=Ar(e),r=await le(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return F.concat([r,i])}async function Xi(e,t,r,i,a){const n=T.read(T.symmetric,e);if(F.getNodeCrypto()&&$i[n])return function(e,t,r,i){const a=T.read(T.symmetric,e),n=new Vi.createCipheriv($i[a],t,i);return b(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(Gi&&await Zi.isSupported(e)){const a=new Zi(e,t,i);return F.isStream(r)?b(r,(e=>a.encryptChunk(e)),(()=>a.finish())):a.encrypt(r)}if(F.isStream(r)){const a=new Ji(!0,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return hr(t,i).encrypt(r)}(e,t,r,i);const s=new(await kr(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=F.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[i++]=c[r];u=u.subarray(o)}return t.subarray(0,i)};return b(r,h,h)}async function Yi(e,t,r,i){const a=T.read(T.symmetric,e);if(Vi&&$i[a])return function(e,t,r,i){const a=T.read(T.symmetric,e),n=new Vi.createDecipheriv($i[a],t,i);return b(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(F.isStream(r)){const a=new Ji(!1,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return hr(t,i).decrypt(r)}(e,t,r,i);const n=new(await kr(e))(t),s=n.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=F.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=n.encrypt(o);for(o=c.subarray(0,s),r=0;r<s;r++)t[i++]=o[r]^e[r];c=c.subarray(s)}return t.subarray(0,i)};return b(r,u,u)}class Zi{constructor(e,t,r){const{blockSize:i}=Ar(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i,this.zeroBlock=new Uint8Array(this.blockSize)}static async isSupported(e){const{keySize:t}=Ar(e);return Gi.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Gi.importKey("raw",this.key,r,!1,["encrypt"]);const i=await Gi.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(i).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=F.concatUint8Array([this.prevBlock,i.subarray(0,i.length-this.blockSize)]),n=await this._runCBC(a);return ea(n,i),this.prevBlock=n.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,n}let i;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;i=await this._runCBC(this.prevBlock),ea(i,t),this.prevBlock=i.slice(),this.i=0;const a=e.subarray(r.length);this.nextBlock.set(a,this.i),this.i+=a.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);ea(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(F.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return ea(t,e),this.clearSensitiveData(),t}}class Ji{constructor(e,t,r,i){this.forEncryption=e;const{blockSize:a}=Ar(t);this.key=br.expandKeyLE(r),i.byteOffset%4!=0&&(i=i.slice()),this.prevBlock=ta(i),this.nextBlock=new Uint8Array(a),this.i=0,this.blockSize=a}_runCFB(e){const t=ta(e),r=new Uint8Array(e.length),i=ta(r);for(let e=0;e+4<=i.length;e+=4){const{s0:r,s1:a,s2:n,s3:s}=br.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);i[e+0]=t[e+0]^r,i[e+1]=t[e+1]^a,i[e+2]=t[e+2]^n,i[e+3]=t[e+3]^s,this.prevBlock=(this.forEncryption?i:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=this._runCFB(i);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,a}let i;if(this.i+=r.length,this.i===this.nextBlock.length){i=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function ea(e,t){const r=Math.min(e.length,t.length);for(let i=0;i<r;i++)e[i]=e[i]^t[i]}const ta=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const ra=F.getWebCrypto(),ia=F.getNodeCrypto(),aa=16;function na(e,t){const r=e.length-aa;for(let i=0;i<aa;i++)e[i+r]^=t[i];return e}const sa=new Uint8Array(aa);async function oa(e){const t=await ca(e),r=F.double(await t(sa)),i=F.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%aa==0)return na(e,t);const i=new Uint8Array(e.length+(aa-e.length%aa));return i.set(e),i[e.length]=128,na(i,r)}(e,r,i))).subarray(-16)}}async function ca(e){if(F.getNodeCrypto())return async function(t){const r=new ia.createCipheriv("aes-"+8*e.length+"-cbc",e,sa).update(t);return new Uint8Array(r)};if(F.getWebCrypto())try{return e=await ra.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await ra.encrypt({name:"AES-CBC",iv:sa,length:128},e,t);return new Uint8Array(r).subarray(0,r.byteLength-aa)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return ur(e,sa,{disablePadding:!0}).encrypt(t)}}const ua=F.getWebCrypto(),ha=F.getNodeCrypto(),la=F.getNodeBuffer(),ya=16,pa=ya,da=new Uint8Array(ya),ga=new Uint8Array(ya);ga[15]=1;const ma=new Uint8Array(ya);async function fa(e){const t=await oa(e);return function(e,r){return t(F.concatUint8Array([e,r]))}}async function wa(e){if(F.getNodeCrypto())return async function(t,r){const i=new ha.createCipheriv("aes-"+8*e.length+"-ctr",e,r),a=la.concat([i.update(t),i.final()]);return new Uint8Array(a)};if(F.getWebCrypto())try{const t=await ua.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const i=await ua.encrypt({name:"AES-CTR",counter:r,length:128},t,e);return new Uint8Array(i)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return cr(e,r).encrypt(t)}}async function ba(e,t){if(e!==T.symmetric.aes128&&e!==T.symmetric.aes192&&e!==T.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,i]=await Promise.all([fa(t),wa(t)]);return{encrypt:async function(e,t,a){const[n,s]=await Promise.all([r(da,t),r(ga,a)]),o=await i(e,n),c=await r(ma,o);for(let e=0;e<pa;e++)c[e]^=s[e]^n[e];return F.concatUint8Array([o,c])},decrypt:async function(e,t,a){if(e.length<pa)throw Error("Invalid EAX ciphertext");const n=e.subarray(0,-16),s=e.subarray(-16),[o,c,u]=await Promise.all([r(da,t),r(ga,a),r(ma,n)]),h=u;for(let e=0;e<pa;e++)h[e]^=c[e]^o[e];if(!F.equalsUint8Array(s,h))throw Error("Authentication tag mismatch");return await i(n,o)}}}ma[15]=2,ba.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},ba.blockLength=ya,ba.ivLength=16,ba.tagLength=pa;const ka=16,va=16;function Ka(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function Aa(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function Ea(e,t){return Aa(e.slice(),t)}const Sa=new Uint8Array(ka),Pa=new Uint8Array([1]);async function Ua(e,t){const{keySize:r}=Ar(e);if(!F.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let i=0;const a=e=>ur(t,Sa,{disablePadding:!0}).encrypt(e),n=e=>ur(t,Sa,{disablePadding:!0}).decrypt(e);let s;function o(e,t,r,n){const o=t.length/ka|0;!function(e,t){const r=F.nbits(Math.max(e.length,t.length)/ka|0)-1;for(let e=i+1;e<=r;e++)s[e]=F.double(s[e-1]);i=r}(t,n);const c=F.concatUint8Array([Sa.subarray(0,15-r.length),Pa,r]),u=63&c[15];c[15]&=192;const h=a(c),l=F.concatUint8Array([h,Ea(h.subarray(0,8),h.subarray(1,9))]),y=F.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),p=new Uint8Array(ka),d=new Uint8Array(t.length+va);let g,m=0;for(g=0;g<o;g++)Aa(y,s[Ka(g+1)]),d.set(Aa(e(Ea(y,t)),y),m),Aa(p,e===a?t:d.subarray(m)),t=t.subarray(ka),m+=ka;if(t.length){Aa(y,s.x);const r=a(y);d.set(Ea(t,r),m);const i=new Uint8Array(ka);i.set(e===a?t:d.subarray(m,-16),0),i[t.length]=128,Aa(p,i),m+=t.length}const f=Aa(a(Aa(Aa(p,y),s.$)),function(e){if(!e.length)return Sa;const t=e.length/ka|0,r=new Uint8Array(ka),i=new Uint8Array(ka);for(let n=0;n<t;n++)Aa(r,s[Ka(n+1)]),Aa(i,a(Ea(r,e))),e=e.subarray(ka);if(e.length){Aa(r,s.x);const t=new Uint8Array(ka);t.set(e,0),t[e.length]=128,Aa(t,r),Aa(i,a(t))}return i}(n));return d.set(f,m),d}return function(){const e=a(Sa),t=F.double(e);s=[],s[0]=F.double(t),s.x=e,s.$=t}(),{encrypt:async function(e,t,r){return o(a,e,t,r)},decrypt:async function(e,t,r){if(e.length<va)throw Error("Invalid OCB ciphertext");const i=e.subarray(-16);e=e.subarray(0,-16);const a=o(n,e,t,r);if(F.equalsUint8Array(i,a.subarray(-16)))return a.subarray(0,-16);throw Error("Authentication tag mismatch")}}}Ua.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},Ua.blockLength=ka,Ua.ivLength=15,Ua.tagLength=va;const Da=F.getWebCrypto(),xa=F.getNodeCrypto(),Ca=F.getNodeBuffer(),Ia=16,Ta="AES-GCM";async function Ba(e,t){if(e!==T.symmetric.aes128&&e!==T.symmetric.aes192&&e!==T.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(F.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const a=new xa.createCipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i);const n=Ca.concat([a.update(e),a.final(),a.getAuthTag()]);return new Uint8Array(n)},decrypt:async function(e,r,i=new Uint8Array){const a=new xa.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i),a.setAuthTag(e.slice(e.length-Ia,e.length));const n=Ca.concat([a.update(e.slice(0,e.length-Ia)),a.final()]);return new Uint8Array(n)}};if(F.getWebCrypto())try{const e=await Da.importKey("raw",t,{name:Ta},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(i,a,n=new Uint8Array){if(r&&!i.length)return yr(t,a,n).encrypt(i);const s=await Da.encrypt({name:Ta,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(s)},decrypt:async function(i,a,n=new Uint8Array){if(r&&i.length===Ia)return yr(t,a,n).decrypt(i);try{const t=await Da.decrypt({name:Ta,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,i){return yr(t,r,i).encrypt(e)},decrypt:async function(e,r,i){return yr(t,r,i).decrypt(e)}}}function Ma(e,t=!1){switch(e){case T.aead.eax:return ba;case T.aead.ocb:return Ua;case T.aead.gcm:return Ba;case T.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return Ba;default:throw Error("Unsupported AEAD mode")}}async function Fa(e,t,r,i,a,n){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await je(a,e,t)}}case T.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return async function(e,t,r,i){t=ee(t),r=ee(r),i=ee(i);const a=ee(Me(e,ce(t))),n=ye(We,t-We);return{c1:ue(re(r,n,t)),c2:ue(te(re(i,n,t)*a,t))}}(a,e,t,i)}case T.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:i}=r,{publicKey:s,wrappedKey:o}=await di(e,i,a,t,n);return{V:s,C:new _i(o)}}case T.publicKey.x25519:case T.publicKey.x448:{if(t&&!F.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:n,wrappedKey:s}=await Ir(e,a,i);return{ephemeralPublicKey:n,C:Hi.fromObject({algorithm:t,wrappedKey:s})}}case T.publicKey.aead:{if(!i)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:n}=i,s=B.preferredAEADAlgorithm,o=Ma(B.preferredAEADAlgorithm),{ivLength:c}=o,u=le(c),h=await o(t,n),l=await h.encrypt(a,u,new Uint8Array);return{aeadMode:new Oi(s),iv:u,c:new Ni(l)}}case T.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:i,mlkemPublicKey:n}=r,{eccCipherText:s,mlkemCipherText:o,wrappedKey:c}=await Ui(e,i,n,a);return{eccCipherText:s,mlkemCipherText:o,C:Hi.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function La(e,t,r,i,a,n){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:{const{c:e}=i,{n:a,e:s}=t,{d:o,p:c,q:u,u:h}=r;return qe(e,a,s,o,c,u,h,n)}case T.publicKey.elgamal:{const{c1:e,c2:a}=i;return async function(e,t,r,i,a){return e=ee(e),t=ee(t),r=ee(r),Fe(ue(te(ae(re(e,i=ee(i),r),r)*t,r),"be",ce(r)),a)}(e,a,t.p,r.x,n)}case T.publicKey.ecdh:{const{oid:e,Q:n,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return mi(e,s,c,u.data,n,o,a)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:a}=t,{k:n}=r,{ephemeralPublicKey:s,C:o}=i;if(null!==o.algorithm&&!F.isAES(o.algorithm))throw Error("AES session key expected");return Tr(e,s,o.wrappedKey,a,n)}case T.publicKey.aead:{const{cipher:e}=t,a=e.getValue(),{keyMaterial:n}=r,{aeadMode:s,iv:o,c}=i,u=Ma(s.getValue());return(await u(a,n)).decrypt(c.data,o,new Uint8Array)}case T.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:a,mlkemSecretKey:n}=r,{eccPublicKey:s,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=i;return Di(e,c,u,a,s,n,0,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function _a(e,t,r){let i=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(i));i+=e.length+2;const r=F.readMPI(t.subarray(i));i+=r.length+2;const a=F.readMPI(t.subarray(i));i+=a.length+2;const n=F.readMPI(t.subarray(i));return i+=n.length+2,{read:i,privateParams:{d:e,p:r,q:a,u:n}}}case T.publicKey.dsa:case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const a=Ha(e,r.oid);let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{d:n}}}case T.publicKey.eddsaLegacy:{const a=Ha(e,r.oid);if(r.oid.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{seed:n}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const r=Ha(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{seed:a}}}case T.publicKey.x25519:case T.publicKey.x448:{const r=Ha(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{k:a}}}case T.publicKey.hmac:{const{cipher:e}=r,a=Te(e.getValue()),n=t.subarray(i,i+32);i+=32;const s=t.subarray(i,i+a);return i+=a,{read:i,privateParams:{hashSeed:n,keyMaterial:s}}}case T.publicKey.aead:{const{cipher:e}=r,a=t.subarray(i,i+32);i+=32;const{keySize:n}=Ar(e.getValue()),s=t.subarray(i,i+n);return i+=n,{read:i,privateParams:{hashSeed:a,keyMaterial:s}}}case T.publicKey.pqc_mlkem_x25519:{const r=F.readExactSubarray(t,i,i+Ha(T.publicKey.x25519));i+=r.length;const a=F.readExactSubarray(t,i,i+64);i+=a.length;const{mlkemSecretKey:n}=await Si(e,a);return{read:i,privateParams:{eccSecretKey:r,mlkemSecretKey:n,mlkemSeed:a}}}case T.publicKey.pqc_mldsa_ed25519:{const r=F.readExactSubarray(t,i,i+Ha(T.publicKey.ed25519));i+=r.length;const a=F.readExactSubarray(t,i,i+32);i+=a.length;const{mldsaSecretKey:n}=await Ii(e,a);return{read:i,privateParams:{eccSecretKey:r,mldsaSecretKey:n,mldsaSeed:a}}}default:throw new it("Unknown public key encryption algorithm.")}}function Na(e,t){const r=new Set([T.publicKey.ed25519,T.publicKey.x25519,T.publicKey.ed448,T.publicKey.x448,T.publicKey.aead,T.publicKey.hmac,T.publicKey.pqc_mlkem_x25519,T.publicKey.pqc_mldsa_ed25519]),i={[T.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[T.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},a=Object.keys(t).map((a=>{if(i[e]?.has(a))return new Uint8Array;const n=t[a];return F.isUint8Array(n)?r.has(e)?n:F.uint8ArrayToMPI(n):n.write()}));return F.concatUint8Array(a)}async function Ra(e,t,r,i){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),F.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:ue(t),hash:{name:"SHA-1"}},i=await _e.generateKey(r,!0,["sign","verify"]);return Ve(await _e.exportKey("jwk",i.privateKey),t)}if(F.getNodeCrypto()){const r={modulusLength:e,publicExponent:ne(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},i=await new Promise(((e,t)=>{Ne.generateKeyPair("rsa",r,((r,i,a)=>{r?t(r):e(a)}))}));return Ve(i,t)}let r,i,a;do{i=de(e-(e>>1),t,40),r=de(e>>1,t,40),a=r*i}while(oe(a)!==e);const n=(r-Re)*(i-Re);return i<r&&([r,i]=[i,r]),{n:ue(a),e:ue(t),d:ue(ae(t,n)),p:ue(r),q:ue(i),u:ue(ae(r,i))}}(t,65537).then((({n:e,e:t,d:r,p:i,q:a,u:n})=>({privateParams:{d:r,p:i,q:a,u:n},publicParams:{n:e,e:t}})));case T.publicKey.ecdsa:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Qe(e),Q:t}})));case T.publicKey.eddsaLegacy:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Qe(e),Q:t}})));case T.publicKey.ecdh:return Vr(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:a})=>({privateParams:{d:r},publicParams:{oid:new Qe(e),Q:t,kdfParams:new Ri({hash:i,cipher:a})}})));case T.publicKey.ed25519:case T.publicKey.ed448:return ot(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case T.publicKey.x25519:case T.publicKey.x448:return xr(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case T.publicKey.hmac:return za(await async function(e){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const t=T.read(T.webHash,e),r=Ai||Ei.webcrypto.subtle,i=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),a=await r.exportKey("raw",i);return new Uint8Array(a)}(i),new qi(i));case T.publicKey.aead:return za(ja(i),new ji(i));case T.publicKey.pqc_mlkem_x25519:return Pi(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:i,mlkemPublicKey:a})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:i},publicParams:{eccPublicKey:t,mlkemPublicKey:a}})));case T.publicKey.pqc_mldsa_ed25519:return Ti(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:i,mldsaPublicKey:a})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:i},publicParams:{eccPublicKey:t,mldsaPublicKey:a}})));case T.publicKey.dsa:case T.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function za(e,t){const r=le(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await Ie(T.hash.sha256,r)}}}async function Oa(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const{n:e,e:i}=t,{d:a,p:n,q:s,u:o}=r;return async function(e,t,r,i,a,n){if(e=ee(e),(i=ee(i))*(a=ee(a))!==e)return!1;const s=BigInt(2);if(te(i*(n=ee(n)),a)!==BigInt(1))return!1;t=ee(t),r=ee(r);const o=ye(s,s<<BigInt(Math.floor(oe(e)/3))),c=o*r*t;return!(te(c,i-Re)!==o||te(c,a-Re)!==o)}(e,i,a,n,s,o)}case T.publicKey.dsa:{const{p:e,q:i,g:a,y:n}=t,{x:s}=r;return async function(e,t,r,i,a){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),r<=vi||r>=e)return!1;if(te(e-vi,t)!==ki)return!1;if(re(r,t,e)!==vi)return!1;const n=BigInt(oe(t));if(n<BigInt(150)||!ge(t,null,32))return!1;a=ee(a);const s=BigInt(2);return i===re(r,t*ye(s<<n-vi,s<<n)+a,e)}(e,i,a,n,s)}case T.publicKey.elgamal:{const{p:e,g:i,y:a}=t,{x:n}=r;return async function(e,t,r,i){if(e=ee(e),t=ee(t),r=ee(r),t<=We||t>=e)return!1;const a=BigInt(oe(e));if(a<BigInt(1023))return!1;if(re(t,e-We,e)!==We)return!1;let n=t,s=BigInt(1);const o=BigInt(2),c=o<<BigInt(17);for(;s<c;){if(n=te(n*t,e),n===We)return!1;s++}i=ee(i);const u=ye(o<<a-We,o<<a);return r===re(t,(e-We)*u+i,e)}(e,i,a,n)}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const i=bi[T.read(T.publicKey,e)],{oid:a,Q:n}=t,{d:s}=r;return i.validateParams(a,n,s)}case T.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:a}=r;return ci(i,e,a)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:i}=t,{seed:a}=r;return ht(e,i,a)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:i}=t,{k:a}=r;return Cr(e,i,a)}case T.publicKey.hmac:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r;return Te(e.getValue())===n.length&&F.equalsUint8Array(i,await Ie(T.hash.sha256,a))}case T.publicKey.aead:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r,{keySize:s}=Ar(e.getValue());return s===n.length&&F.equalsUint8Array(i,await Ie(T.hash.sha256,a))}case T.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSeed:a}=r,{eccPublicKey:n,mlkemPublicKey:s}=t;return Ci(e,n,i,s,a)}case T.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:i,mldsaSeed:a}=r,{eccPublicKey:n,mldsaPublicKey:s}=t;return Li(e,n,i,s,a)}default:throw Error("Unknown public key algorithm.")}}function ja(e){const{keySize:t}=Ar(e);return le(t)}function qa(e){try{e.getName()}catch(e){throw new it("Unknown curve OID")}}function Ha(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.ecdh:case T.publicKey.eddsaLegacy:return new Gr(t).payloadSize;case T.publicKey.ed25519:case T.publicKey.ed448:return lt(e);case T.publicKey.x25519:case T.publicKey.x448:return Br(e);default:throw Error("Unknown elliptic algo")}}async function Ga(e,t,r,i,a,n,s){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:a}=i;return Oe(t,n,F.leftPad(r.s,e.length),e,a,s)}case T.publicKey.dsa:{const{g:e,p:t,q:a,y:n}=i,{r:o,s:c}=r;return async function(e,t,r,i,a,n,s,o){if(t=ee(t),r=ee(r),n=ee(n),s=ee(s),a=ee(a),o=ee(o),t<=ki||t>=s||r<=ki||r>=s)return F.printDebug("invalid DSA Signature"),!1;const c=te(ee(i.subarray(0,ce(s))),s),u=ae(r,s);if(u===ki)return F.printDebug("invalid DSA Signature"),!1;a=te(a,n),o=te(o,n);const h=te(c*u,s),l=te(t*u,s);return te(te(re(a,h,n)*re(o,l,n),n),s)===t}(0,o,c,s,e,t,a,n)}case T.publicKey.ecdsa:{const{oid:e,Q:a}=i,o=new Gr(e).payloadSize;return ii(e,t,{r:F.leftPad(r.r,o),s:F.leftPad(r.s,o)},n,a,s)}case T.publicKey.eddsaLegacy:{if(Te(t)<Te(T.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=i,n=new Gr(e).payloadSize;return oi(e,0,{r:F.leftPad(r.r,n),s:F.leftPad(r.s,n)},0,a,s)}case T.publicKey.ed25519:case T.publicKey.ed448:{if(Te(t)<Te(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=i;return ut(e,0,r,0,a,s)}case T.publicKey.hmac:{if(!a)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=i,{keyMaterial:t}=a;return async function(e,t,r,i){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const a=T.read(T.webHash,e),n=Ai||Ei.webcrypto.subtle,s=await n.importKey("raw",t,{name:"HMAC",hash:{name:a}},!1,["verify"]);return n.verify("HMAC",s,r,i)}(e.getValue(),t,r.mac.data,s)}case T.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a,mldsaPublicKey:n}=i;return Mi(e,0,a,n,s,r)}default:throw Error("Unknown signature algorithm.")}}async function Va(e,t,r,i,a,n){if(!r||!i)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await ze(t,a,e,s,o,c,u,h,n)}}case T.publicKey.dsa:{const{g:e,p:t,q:a}=r,{x:s}=i;return async function(e,t,r,i,a,n){const s=BigInt(0);let o,c,u,h;i=ee(i),a=ee(a),r=ee(r),n=ee(n),r=te(r,i),n=te(n,a);const l=te(ee(t.subarray(0,ce(a))),a);for(;;){if(o=ye(vi,a),c=te(re(r,o,i),a),c===s)continue;const e=te(n*c,a);if(h=te(l+e,a),u=te(ae(o,a)*h,a),u!==s)break}return{r:ue(c,"be",ce(i)),s:ue(u,"be",ce(i))}}(0,n,e,t,a,s)}case T.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case T.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return ri(e,t,a,s,o,n)}case T.publicKey.eddsaLegacy:{if(Te(t)<Te(T.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=r,{seed:s}=i;return si(e,0,0,a,s,n)}case T.publicKey.ed25519:case T.publicKey.ed448:{if(Te(t)<Te(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=r,{seed:s}=i;return ct(e,0,0,a,s,n)}case T.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=i,a=await async function(e,t,r){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const i=T.read(T.webHash,e),a=Ai||Ei.webcrypto.subtle,n=await a.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["sign"]),s=await a.sign("HMAC",n,r);return new Uint8Array(s)}(e.getValue(),t,n);return{mac:new Ni(a)}}case T.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a}=r,{eccSecretKey:s,mldsaSecretKey:o}=i;return Bi(e,0,s,a,o,n)}default:throw Error("Unknown signature algorithm.")}}Ba.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},Ba.blockLength=16,Ba.ivLength=12,Ba.tagLength=Ia;class Wa extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wa),this.name="Argon2OutOfMemoryError"}}let $a,Qa,Xa=2<<19;class Ya{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return Xa}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){Xa=e}static reloadWasmModule(){$a&&(Qa=$a(),Qa.catch((()=>{})))}constructor(e=B){const{passes:t,parallelism:r,memoryExponent:i}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=i}generateSalt(){this.salt=le(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([T.write(T.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return F.concatUint8Array(e)}async produceKey(e,t){const r=2<<this.encodedM-1;try{$a=$a||(await import("./argon2id.min.mjs")).default,Qa=Qa||$a();const i=await Qa,a=i({version:19,type:2,password:F.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:r,parallelism:this.p,passes:this.t});return r>Ya.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&Ya.reloadWasmModule(),a}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new Wa("Could not allocate required memory for Argon2"):e}}}class Za{constructor(e,t=B){this.algorithm=T.hash.sha256,this.type=T.read(T.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=le(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==F.uint8ArrayToString(e.subarray(t,t+3)))throw new it("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new it("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new it("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...F.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([T.write(T.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return F.concatUint8Array(e)}async produceKey(e,t){e=F.encodeUTF8(e);const r=[];let i=0,a=0;for(;i<t;){let t;switch(this.type){case"simple":t=F.concatUint8Array([new Uint8Array(a),e]);break;case"salted":t=F.concatUint8Array([new Uint8Array(a),this.salt,e]);break;case"iterated":{const r=F.concatUint8Array([this.salt,e]);let i=r.length;const n=Math.max(this.getCount(),i);t=new Uint8Array(a+n),t.set(r,a);for(let e=a+i;e<n;e+=i,i*=2)t.copyWithin(e,a,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const n=await Ie(this.algorithm,t);r.push(n),i+=n.length,a++}return F.concatUint8Array(r).subarray(0,t)}}const Ja=new Set([T.s2k.argon2,T.s2k.iterated]);function en(e,t=B){switch(e){case T.s2k.argon2:return new Ya(t);case T.s2k.iterated:case T.s2k.gnu:case T.s2k.salted:case T.s2k.simple:return new Za(e,t);default:throw new it("Unsupported S2K type")}}function tn(e){const{s2kType:t}=e;if(!Ja.has(t))throw Error("The provided `config.s2kType` value is not allowed");return en(t,e)}var rn=Uint8Array,an=Uint16Array,nn=Int32Array,sn=new rn([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),on=new rn([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),cn=new rn([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),un=function(e,t){for(var r=new an(31),i=0;i<31;++i)r[i]=t+=1<<e[i-1];var a=new nn(r[30]);for(i=1;i<30;++i)for(var n=r[i];n<r[i+1];++n)a[n]=n-r[i]<<5|i;return{b:r,r:a}},hn=un(sn,2),ln=hn.b,yn=hn.r;ln[28]=258,yn[258]=28;for(var pn=un(on,0),dn=pn.b,gn=pn.r,mn=new an(32768),fn=0;fn<32768;++fn){var wn=(43690&fn)>>1|(21845&fn)<<1;wn=(61680&(wn=(52428&wn)>>2|(13107&wn)<<2))>>4|(3855&wn)<<4,mn[fn]=((65280&wn)>>8|(255&wn)<<8)>>1}var bn=function(e,t,r){for(var i=e.length,a=0,n=new an(t);a<i;++a)e[a]&&++n[e[a]-1];var s,o=new an(t);for(a=1;a<t;++a)o[a]=o[a-1]+n[a-1]<<1;if(r){s=new an(1<<t);var c=15-t;for(a=0;a<i;++a)if(e[a])for(var u=a<<4|e[a],h=t-e[a],l=o[e[a]-1]++<<h,y=l|(1<<h)-1;l<=y;++l)s[mn[l]>>c]=u}else for(s=new an(i),a=0;a<i;++a)e[a]&&(s[a]=mn[o[e[a]-1]++]>>15-e[a]);return s},kn=new rn(288);for(fn=0;fn<144;++fn)kn[fn]=8;for(fn=144;fn<256;++fn)kn[fn]=9;for(fn=256;fn<280;++fn)kn[fn]=7;for(fn=280;fn<288;++fn)kn[fn]=8;var vn=new rn(32);for(fn=0;fn<32;++fn)vn[fn]=5;var Kn=/*#__PURE__*/bn(kn,9,0),An=/*#__PURE__*/bn(kn,9,1),En=/*#__PURE__*/bn(vn,5,0),Sn=/*#__PURE__*/bn(vn,5,1),Pn=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},Un=function(e,t,r){var i=t/8|0;return(e[i]|e[i+1]<<8)>>(7&t)&r},Dn=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},xn=function(e){return(e+7)/8|0},Cn=function(e,t,r){return(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length),new rn(e.subarray(t,r))},In=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Tn=function(e,t,r){var i=Error(t||In[e]);if(i.code=e,Error.captureStackTrace&&Error.captureStackTrace(i,Tn),!r)throw i;return i},Bn=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8},Mn=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8,e[i+2]|=r>>16},Fn=function(e,t){for(var r=[],i=0;i<e.length;++i)e[i]&&r.push({s:i,f:e[i]});var a=r.length,n=r.slice();if(!a)return{t:jn,l:0};if(1==a){var s=new rn(r[0].s+1);return s[r[0].s]=1,{t:s,l:1}}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=a-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var y=n[0].s;for(i=1;i<a;++i)n[i].s>y&&(y=n[i].s);var p=new an(y+1),d=Ln(r[h-1],p,0);if(d>t){i=0;var g=0,m=d-t,f=1<<m;for(n.sort((function(e,t){return p[t.s]-p[e.s]||e.f-t.f}));i<a;++i){var w=n[i].s;if(!(p[w]>t))break;g+=f-(1<<d-p[w]),p[w]=t}for(g>>=m;g>0;){var b=n[i].s;p[b]<t?g-=1<<t-p[b]++-1:++i}for(;i>=0&&g;--i){var k=n[i].s;p[k]==t&&(--p[k],++g)}d=t}return{t:new rn(p),l:d}},Ln=function(e,t,r){return-1==e.s?Math.max(Ln(e.l,t,r+1),Ln(e.r,t,r+1)):t[e.s]=r},_n=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new an(++t),i=0,a=e[0],n=1,s=function(e){r[i++]=e},o=1;o<=t;++o)if(e[o]==a&&o!=t)++n;else{if(!a&&n>2){for(;n>138;n-=138)s(32754);n>2&&(s(n>10?n-11<<5|28690:n-3<<5|12305),n=0)}else if(n>3){for(s(a),--n;n>6;n-=6)s(8304);n>2&&(s(n-3<<5|8208),n=0)}for(;n--;)s(a);n=1,a=e[o]}return{c:r.subarray(0,i),n:t}},Nn=function(e,t){for(var r=0,i=0;i<t.length;++i)r+=e[i]*t[i];return r},Rn=function(e,t,r){var i=r.length,a=xn(t+2);e[a]=255&i,e[a+1]=i>>8,e[a+2]=255^e[a],e[a+3]=255^e[a+1];for(var n=0;n<i;++n)e[a+n+4]=r[n];return 8*(a+4+i)},zn=function(e,t,r,i,a,n,s,o,c,u,h){Bn(t,h++,r),++a[256];for(var l=Fn(a,15),y=l.t,p=l.l,d=Fn(n,15),g=d.t,m=d.l,f=_n(y),w=f.c,b=f.n,k=_n(g),v=k.c,K=k.n,A=new an(19),E=0;E<w.length;++E)++A[31&w[E]];for(E=0;E<v.length;++E)++A[31&v[E]];for(var S=Fn(A,7),P=S.t,U=S.l,D=19;D>4&&!P[cn[D-1]];--D);var x,C,I,T,B=u+5<<3,M=Nn(a,kn)+Nn(n,vn)+s,F=Nn(a,y)+Nn(n,g)+s+14+3*D+Nn(A,P)+2*A[16]+3*A[17]+7*A[18];if(c>=0&&B<=M&&B<=F)return Rn(t,h,e.subarray(c,c+u));if(Bn(t,h,1+(F<M)),h+=2,F<M){x=bn(y,p,0),C=y,I=bn(g,m,0),T=g;var L=bn(P,U,0);Bn(t,h,b-257),Bn(t,h+5,K-1),Bn(t,h+10,D-4),h+=14;for(E=0;E<D;++E)Bn(t,h+3*E,P[cn[E]]);h+=3*D;for(var _=[w,v],N=0;N<2;++N){var R=_[N];for(E=0;E<R.length;++E){var z=31&R[E];Bn(t,h,L[z]),h+=P[z],z>15&&(Bn(t,h,R[E]>>5&127),h+=R[E]>>12)}}}else x=Kn,C=kn,I=En,T=vn;for(E=0;E<o;++E){var O=i[E];if(O>255){Mn(t,h,x[(z=O>>18&31)+257]),h+=C[z+257],z>7&&(Bn(t,h,O>>23&31),h+=sn[z]);var j=31&O;Mn(t,h,I[j]),h+=T[j],j>3&&(Mn(t,h,O>>5&8191),h+=on[j])}else Mn(t,h,x[O]),h+=C[O]}return Mn(t,h,x[256]),h+C[256]},On=/*#__PURE__*/new nn([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),jn=/*#__PURE__*/new rn(0),qn=function(){var e=1,t=0;return{p:function(r){for(var i=e,a=t,n=0|r.length,s=0;s!=n;){for(var o=Math.min(s+2655,n);s<o;++s)a+=i+=r[s];i=(65535&i)+15*(i>>16),a=(65535&a)+15*(a>>16)}e=i,t=a},d:function(){return(255&(e%=65521))<<24|(65280&e)<<8|(255&(t%=65521))<<8|t>>8}}},Hn=function(e,t,r,i,a){if(!a&&(a={l:1},t.dictionary)){var n=t.dictionary.subarray(-32768),s=new rn(n.length+e.length);s.set(n),s.set(e,n.length),e=s,a.w=n.length}return function(e,t,r,i,a,n){var s=n.z||e.length,o=new rn(i+s+5*(1+Math.ceil(s/7e3))+a),c=o.subarray(i,o.length-a),u=n.l,h=7&(n.r||0);if(t){h&&(c[0]=n.r>>3);for(var l=On[t-1],y=l>>13,p=8191&l,d=(1<<r)-1,g=n.p||new an(32768),m=n.h||new an(d+1),f=Math.ceil(r/3),w=2*f,b=function(t){return(e[t]^e[t+1]<<f^e[t+2]<<w)&d},k=new nn(25e3),v=new an(288),K=new an(32),A=0,E=0,S=n.i||0,P=0,U=n.w||0,D=0;S+2<s;++S){var x=b(S),C=32767&S,I=m[x];if(g[C]=I,m[x]=C,U<=S){var T=s-S;if((A>7e3||P>24576)&&(T>423||!u)){h=zn(e,c,0,k,v,K,E,P,D,S-D,h),P=A=E=0,D=S;for(var B=0;B<286;++B)v[B]=0;for(B=0;B<30;++B)K[B]=0}var M=2,F=0,L=p,_=C-I&32767;if(T>2&&x==b(S-_))for(var N=Math.min(y,T)-1,R=Math.min(32767,S),z=Math.min(258,T);_<=R&&--L&&C!=I;){if(e[S+M]==e[S+M-_]){for(var O=0;O<z&&e[S+O]==e[S+O-_];++O);if(O>M){if(M=O,F=_,O>N)break;var j=Math.min(_,O-2),q=0;for(B=0;B<j;++B){var H=S-_+B&32767,G=H-g[H]&32767;G>q&&(q=G,I=H)}}}_+=(C=I)-(I=g[C])&32767}if(F){k[P++]=268435456|yn[M]<<18|gn[F];var V=31&yn[M],W=31&gn[F];E+=sn[V]+on[W],++v[257+V],++K[W],U=S+M,++A}else k[P++]=e[S],++v[e[S]]}}for(S=Math.max(S,U);S<s;++S)k[P++]=e[S],++v[e[S]];h=zn(e,c,u,k,v,K,E,P,D,S-D,h),u||(n.r=7&h|c[h/8|0]<<3,h-=7,n.h=m,n.p=g,n.i=S,n.w=U)}else{for(S=n.w||0;S<s+u;S+=65535){var $=S+65535;$>=s&&(c[h/8|0]=u,$=s),h=Rn(c,h+1,e.subarray(S,$))}n.i=s}return Cn(o,0,i+xn(h)+a)}(e,null==t.level?6:t.level,null==t.mem?a.l?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):20:12+t.mem,r,i,a)},Gn=function(e,t,r){for(;r;++t)e[t]=r,r>>>=8},Vn=/*#__PURE__*/function(){function e(e,t){if("function"==typeof e&&(t=e,e={}),this.ondata=t,this.o=e||{},this.s={l:0,i:32768,w:32768,z:32768},this.b=new rn(98304),this.o.dictionary){var r=this.o.dictionary.subarray(-32768);this.b.set(r,32768-r.length),this.s.i=32768-r.length}}return e.prototype.p=function(e,t){this.ondata(Hn(e,this.o,0,0,this.s),t)},e.prototype.push=function(e,t){this.ondata||Tn(5),this.s.l&&Tn(4);var r=e.length+this.s.z;if(r>this.b.length){if(r>2*this.b.length-32768){var i=new rn(-32768&r);i.set(this.b.subarray(0,this.s.z)),this.b=i}var a=this.b.length-this.s.z;this.b.set(e.subarray(0,a),this.s.z),this.s.z=this.b.length,this.p(this.b,!1),this.b.set(this.b.subarray(-32768)),this.b.set(e.subarray(a),32768),this.s.z=e.length-a+32768,this.s.i=32766,this.s.w=32768}else this.b.set(e,this.s.z),this.s.z+=e.length;this.s.l=1&t,(this.s.z>this.s.w+8191||t)&&(this.p(this.b,t||!1),this.s.w=this.s.i,this.s.i-=2)},e.prototype.flush=function(){this.ondata||Tn(5),this.s.l&&Tn(4),this.p(this.b,!1),this.s.w=this.s.i,this.s.i-=2},e}(),Wn=/*#__PURE__*/function(){function e(e,t){"function"==typeof e&&(t=e,e={}),this.ondata=t;var r=e&&e.dictionary&&e.dictionary.subarray(-32768);this.s={i:0,b:r?r.length:0},this.o=new rn(32768),this.p=new rn(0),r&&this.o.set(r)}return e.prototype.e=function(e){if(this.ondata||Tn(5),this.d&&Tn(4),this.p.length){if(e.length){var t=new rn(this.p.length+e.length);t.set(this.p),t.set(e,this.p.length),this.p=t}}else this.p=e},e.prototype.c=function(e){this.s.i=+(this.d=e||!1);var t=this.s.b,r=function(e,t,r,i){var a=e.length;if(!a||t.f&&!t.l)return r||new rn(0);var n=!r,s=n||2!=t.i,o=t.i;n&&(r=new rn(3*a));var c=function(e){var t=r.length;if(e>t){var i=new rn(Math.max(2*t,e));i.set(r),r=i}},u=t.f||0,h=t.p||0,l=t.b||0,y=t.l,p=t.d,d=t.m,g=t.n,m=8*a;do{if(!y){u=Un(e,h,1);var f=Un(e,h+1,3);if(h+=3,!f){var w=e[(x=xn(h)+4)-4]|e[x-3]<<8,b=x+w;if(b>a){o&&Tn(0);break}s&&c(l+w),r.set(e.subarray(x,b),l),t.b=l+=w,t.p=h=8*b,t.f=u;continue}if(1==f)y=An,p=Sn,d=9,g=5;else if(2==f){var k=Un(e,h,31)+257,v=Un(e,h+10,15)+4,K=k+Un(e,h+5,31)+1;h+=14;for(var A=new rn(K),E=new rn(19),S=0;S<v;++S)E[cn[S]]=Un(e,h+3*S,7);h+=3*v;var P=Pn(E),U=(1<<P)-1,D=bn(E,P,1);for(S=0;S<K;){var x,C=D[Un(e,h,U)];if(h+=15&C,(x=C>>4)<16)A[S++]=x;else{var I=0,T=0;for(16==x?(T=3+Un(e,h,3),h+=2,I=A[S-1]):17==x?(T=3+Un(e,h,7),h+=3):18==x&&(T=11+Un(e,h,127),h+=7);T--;)A[S++]=I}}var B=A.subarray(0,k),M=A.subarray(k);d=Pn(B),g=Pn(M),y=bn(B,d,1),p=bn(M,g,1)}else Tn(1);if(h>m){o&&Tn(0);break}}s&&c(l+131072);for(var F=(1<<d)-1,L=(1<<g)-1,_=h;;_=h){var N=(I=y[Dn(e,h)&F])>>4;if((h+=15&I)>m){o&&Tn(0);break}if(I||Tn(2),N<256)r[l++]=N;else{if(256==N){_=h,y=null;break}var R=N-254;if(N>264){var z=sn[S=N-257];R=Un(e,h,(1<<z)-1)+ln[S],h+=z}var O=p[Dn(e,h)&L],j=O>>4;if(O||Tn(3),h+=15&O,M=dn[j],j>3&&(z=on[j],M+=Dn(e,h)&(1<<z)-1,h+=z),h>m){o&&Tn(0);break}s&&c(l+131072);var q=l+R;if(l<M){var H=0-M,G=Math.min(M,q);for(H+l<0&&Tn(3);l<G;++l)r[l]=i[H+l]}for(;l<q;++l)r[l]=r[l-M]}}t.l=y,t.p=_,t.b=l,t.f=u,y&&(u=1,t.m=d,t.d=p,t.n=g)}while(!u);return l!=r.length&&n?Cn(r,0,l):r.subarray(0,l)}(this.p,this.s,this.o);this.ondata(Cn(r,t,this.s.b),this.d),this.o=Cn(r,this.s.b-32768),this.s.b=this.o.length,this.p=Cn(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),$n=/*#__PURE__*/function(){function e(e,t){this.c=qn(),this.v=1,Vn.call(this,e,t)}return e.prototype.push=function(e,t){this.c.p(e),Vn.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){var r=Hn(e,this.o,this.v&&(this.o.dictionary?6:2),t&&4,this.s);this.v&&(function(e,t){var r=t.level,i=0==r?0:r<6?1:9==r?3:2;if(e[0]=120,e[1]=i<<6|(t.dictionary&&32),e[1]|=31-(e[0]<<8|e[1])%31,t.dictionary){var a=qn();a.p(t.dictionary),Gn(e,2,a.d())}}(r,this.o),this.v=0),t&&Gn(r,r.length-4,this.c.d()),this.ondata(r,t)},e.prototype.flush=function(){Vn.prototype.flush.call(this)},e}(),Qn=/*#__PURE__*/function(){function e(e,t){Wn.call(this,e,t),this.v=e&&e.dictionary?2:1}return e.prototype.push=function(e,t){if(Wn.prototype.e.call(this,e),this.v){if(this.p.length<6&&!t)return;this.p=this.p.subarray((r=this.p,i=this.v-1,(8!=(15&r[0])||r[0]>>4>7||(r[0]<<8|r[1])%31)&&Tn(6,"invalid zlib data"),(r[1]>>5&1)==+!i&&Tn(6,"invalid zlib data: "+(32&r[1]?"need":"unexpected")+" dictionary"),2+(r[1]>>3&4))),this.v=0}var r,i;t&&(this.p.length<4&&Tn(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),Wn.prototype.c.call(this,t)},e}(),Xn="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Xn.decode(jn,{stream:!0})}catch(e){}class Yn{static get tag(){return T.packet.literalData}constructor(e=new Date){this.format=T.literal.utf8,this.date=F.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=T.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||F.isStream(this.text))&&(this.text=F.decodeUTF8(F.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=F.canonicalizeEOL(F.encodeUTF8(this.text))),e?A(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await v(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=F.decodeUTF8(await e.readBytes(r)),this.date=F.readDate(await e.readBytes(4));let i=e.remainder();n(i)&&(i=await P(i)),this.setBytes(i,t)}))}writeHeader(){const e=F.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=F.writeDate(this.date);return F.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return F.concat([e,t])}}class Zn{constructor(){this.bytes=""}read(e){return this.bytes=F.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return F.stringToUint8Array(this.bytes)}toHex(){return F.uint8ArrayToHex(F.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new Zn;return t.read(F.hexToUint8Array(e)),t}static wildcard(){const e=new Zn;return e.read(new Uint8Array(8)),e}}const Jn=Symbol("verified"),es="salt@notations.openpgpjs.org",ts=new Set([T.signatureSubpacket.issuerKeyID,T.signatureSubpacket.issuerFingerprint,T.signatureSubpacket.embeddedSignature]);class rs{static get tag(){return T.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new Zn,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[Jn]=null}read(e,t=B){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const i=e.subarray(r,e.length),{read:a,signatureParams:n}=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case T.publicKey.dsa:case T.publicKey.ecdsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.eddsaLegacy:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const i=2*lt(e),a=F.readExactSubarray(t,r,r+i);return r+=a.length,{read:r,signatureParams:{RS:a}}}case T.publicKey.hmac:{const e=new Ni;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case T.publicKey.pqc_mldsa_ed25519:{const e=2*lt(T.publicKey.ed25519),i=F.readExactSubarray(t,r,r+e);r+=i.length;const a=F.readExactSubarray(t,r,r+3309);return r+=a.length,{read:r,signatureParams:{eccSignature:i,mldsaSignature:a}}}default:throw new it("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,i);if(a<i.length)throw Error("Error reading MPIs");this.params=n}writeParams(){return this.params instanceof Promise?D((async()=>Na(this.publicKeyAlgorithm,await this.params))):Na(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),F.concat(e)}async sign(e,t,r=new Date,i=!1,a){this.version=e.version,this.created=F.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const n=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=as(this.hashAlgorithm);if(null===this.salt)this.salt=le(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(a.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===es)).length)throw Error("Unexpected existing salt notation");{const e=le(as(this.hashAlgorithm));this.rawNotations.push({name:es,value:e,humanReadable:!1,critical:!1})}}n.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=F.concat(n);const s=this.toHash(this.signatureType,t,i),o=await this.hash(this.signatureType,t,s,i);this.signedHashValue=S(K(o),0,2);const c=async()=>Va(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,s,await P(o));F.isStream(o)?this.params=c():(this.params=await c(),this[Jn]=!0)}writeHashedSubPackets(){const e=T.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(is(e.signatureCreationTime,!0,F.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(is(e.signatureExpirationTime,!0,F.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(is(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(is(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(is(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(is(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(is(e.keyExpirationTime,!0,F.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(is(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=F.concat([r,this.revocationKeyFingerprint]),t.push(is(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(is(e.issuerKeyID,!1,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:a,humanReadable:n,critical:s})=>{r=[new Uint8Array([n?128:0,0,0,0])];const o=F.encodeUTF8(i);r.push(F.writeNumber(o.length,2)),r.push(F.writeNumber(a.length,2)),r.push(o),r.push(a),r=F.concat(r),t.push(is(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(is(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(is(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyServerPreferences)),t.push(is(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(is(e.preferredKeyServer,!1,F.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(is(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(is(e.policyURI,!1,F.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyFlags)),t.push(is(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(is(e.signersUserID,!1,F.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=F.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(is(e.reasonForRevocation,!0,r))),null!==this.features&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.features)),t.push(is(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(F.stringToUint8Array(this.signatureTargetHash)),r=F.concat(r),t.push(is(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(is(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=F.concat(r),t.push(is(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(is(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(is(e.preferredCipherSuites,!1,r)));const i=F.concat(t),a=F.writeNumber(i.length,6===this.version?4:2);return F.concat([a,i])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>is(e,t,r))),t=F.concat(e),r=F.writeNumber(t.length,6===this.version?4:2);return F.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),a=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)}),ts.has(a)))switch(a){case T.signatureSubpacket.signatureCreationTime:this.created=F.readDate(e.subarray(r,e.length));break;case T.signatureSubpacket.signatureExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case T.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case T.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case T.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case T.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case T.signatureSubpacket.keyExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case T.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case T.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case T.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const a=F.readNumber(e.subarray(r,r+2));r+=2;const n=F.readNumber(e.subarray(r,r+2));r+=2;const s=F.decodeUTF8(e.subarray(r,r+a)),o=e.subarray(r+a,r+a+n);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=F.decodeUTF8(o));break}case T.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case T.signatureSubpacket.policyURI:this.policyURI=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signersUserID:this.signersUserID=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Te(this.signatureTargetHashAlgorithm);this.signatureTargetHash=F.uint8ArrayToString(e.subarray(r,r+t));break}case T.signatureSubpacket.embeddedSignature:this.embeddedSignature=new rs,this.embeddedSignature.read(e.subarray(r,e.length));break;case T.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case T.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const i=6===this.version?4:2,a=F.readNumber(e.subarray(0,i));let n=i;for(;n<2+a;){const i=Xe(e.subarray(n,e.length));n+=i.offset,this.readSubPacket(e.subarray(n,n+i.len),t,r),n+=i.len}return n}toSign(e,t){const r=T.signature;switch(e){case r.binary:return null!==t.text?F.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return F.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const a=e.write();return F.concat([this.toSign(r.key,t),new Uint8Array([i]),F.writeNumber(a.length,4),a])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return F.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return b(K(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==T.signature.binary&&this.signatureType!==T.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(F.writeNumber(r,4)),F.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return F.concat([this.salt||new Uint8Array,i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){if(6===this.version&&this.salt.length!==as(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,i)),Ie(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,a=!1,n=B){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===T.signature.binary||t===T.signature.text;if(!(this[Jn]&&!s)){let i,n;if(this.hashed?n=await this.hashed:(i=this.toHash(t,r,a),n=await this.hash(t,r,i)),n=await P(n),this.signedHashValue[0]!==n[0]||this.signedHashValue[1]!==n[1])throw Error("Signed digest did not match");this.params=await this.params;const s=this.publicKeyAlgorithm===T.publicKey.hmac?e.privateParams:null;if(this[Jn]=await Ga(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,s,i,n),!this[Jn])throw Error("Signature verification failed")}const o=F.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(n.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(n.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[T.signature.binary,T.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&n.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=F.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function is(e,t,r){const i=[];return i.push(Ye(r.length+1)),i.push(new Uint8Array([(t?128:0)|e])),i.push(r),F.concat(i)}function as(e){switch(e){case T.hash.sha256:return 16;case T.hash.sha384:return 24;case T.hash.sha512:return 32;case T.hash.sha224:case T.hash.sha3_256:return 16;case T.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class ns{static get tag(){return T.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new ns;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new Zn,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new Zn,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),F.concatUint8Array(e)}calculateTrailer(...e){return D((async()=>rs.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==T.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!F.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!F.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function ss(e,t){if(!t[e]){let t;try{t=T.read(T.packet,e)}catch(t){throw new at("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}ns.prototype.hash=rs.prototype.hash,ns.prototype.toHash=rs.prototype.toHash,ns.prototype.toSign=rs.prototype.toSign;class os extends Array{static async fromBinary(e,t,r=B,i=null,a=!1){const n=new os;return await n.read(e,t,r,i,a),n}async read(e,t,r=B,i=null,a=!1){let n;r.additionalAllowedPackets.length&&(n=F.constructAllowedPackets(r.additionalAllowedPackets),t={...t,...n}),this.stream=k(e,(async(e,s)=>{const o=x(e),c=C(s);try{let s=F.isStream(e);for(;;){let e,u;if(await c.ready,await rt(o,s,(async s=>{try{if(s.tag===T.packet.marker||s.tag===T.packet.trust||s.tag===T.packet.padding)return;const e=ss(s.tag,t);try{i?.recordPacket(s.tag,n)}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}e.packets=new os,e.fromStream=F.isStream(s.packet),u=e.fromStream;try{await e.read(s.packet,r)}catch(t){if(!(t instanceof it))throw F.wrapError(new nt(`Parsing ${e.constructor.name} failed`),t);throw t}await c.write(e)}catch(t){const i=t instanceof at&&s.tag<=39,n=t instanceof it&&!(t instanceof at)&&!r.ignoreUnsupportedPackets,o=t instanceof nt&&!r.ignoreMalformedPackets,u=tt(s.tag);if(i||n||o||u||!(t instanceof at||t instanceof it||t instanceof nt))a?e=t:await c.abort(t);else{const e=new st(s.tag,s.packet);await c.write(e)}F.printDebugError(t)}})),u&&(s=null),e)throw await o.readToEnd(),e;const h=await o.peekBytes(2);if(!h||!h.length){try{i?.recordEnd()}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}return await c.ready,void await c.close()}}}catch(e){await c.abort(e)}}));const s=x(this.stream);for(;;){const{done:e,value:t}=await s.read();if(e?this.stream=null:this.push(t),e||tt(t.constructor.tag))break}s.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof st?this[t].tag:this[t].constructor.tag,i=this[t].write();if(F.isStream(i)&&tt(this[t].constructor.tag)){let t=[],a=0;const n=512;e.push(Je(r)),e.push(b(i,(e=>{if(t.push(e),a+=e.length,a>=n){const e=Math.min(Math.log(a)/Math.LN2|0,30),r=2**e,i=F.concat([Ze(e)].concat(t));return t=[i.subarray(1+r)],a=t[0].length,i.subarray(0,1+r)}}),(()=>F.concat([Ye(a)].concat(t)))))}else{if(F.isStream(i)){let t=0;e.push(b(K(i),(e=>{t+=e.length}),(()=>et(r,t))))}else e.push(et(r,i.length));e.push(i)}}return F.concat(e)}filterByTag(...e){const t=new os,r=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(r(this[i].constructor.tag))&&t.push(this[i]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let a=0;a<this.length;a++)e.some(i(r[a].constructor.tag))&&t.push(a);return t}}class cs extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,cs),this.name="GrammarError"}}var us;!function(e){e[e.EmptyMessage=0]="EmptyMessage",e[e.PlaintextOrEncryptedData=1]="PlaintextOrEncryptedData",e[e.EncryptedSessionKeys=2]="EncryptedSessionKeys",e[e.StandaloneAdditionalAllowedData=3]="StandaloneAdditionalAllowedData"}(us||(us={}));class hs{constructor(){this.state=us.EmptyMessage,this.leadingOnePassSignatureCounter=0}recordPacket(e,t){switch(this.state){case us.EmptyMessage:case us.StandaloneAdditionalAllowedData:switch(e){case T.packet.literalData:case T.packet.compressedData:case T.packet.aeadEncryptedData:case T.packet.symEncryptedIntegrityProtectedData:case T.packet.symmetricallyEncryptedData:return void(this.state=us.PlaintextOrEncryptedData);case T.packet.signature:if(this.state===us.StandaloneAdditionalAllowedData&&--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return;case T.packet.onePassSignature:if(this.state===us.StandaloneAdditionalAllowedData)throw new cs("OPS following StandaloneAdditionalAllowedData");return void this.leadingOnePassSignatureCounter++;case T.packet.publicKeyEncryptedSessionKey:case T.packet.symEncryptedSessionKey:return void(this.state=us.EncryptedSessionKeys);default:if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=us.StandaloneAdditionalAllowedData)}case us.PlaintextOrEncryptedData:if(e===T.packet.signature){if(--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return void(this.state=us.PlaintextOrEncryptedData)}if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=us.PlaintextOrEncryptedData);case us.EncryptedSessionKeys:switch(e){case T.packet.publicKeyEncryptedSessionKey:case T.packet.symEncryptedSessionKey:return void(this.state=us.EncryptedSessionKeys);case T.packet.symEncryptedIntegrityProtectedData:case T.packet.aeadEncryptedData:case T.packet.symmetricallyEncryptedData:return void(this.state=us.PlaintextOrEncryptedData);case T.packet.signature:if(--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return void(this.state=us.PlaintextOrEncryptedData);default:if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);this.state=us.EncryptedSessionKeys}}}recordEnd(){switch(this.state){case us.EmptyMessage:case us.PlaintextOrEncryptedData:case us.EncryptedSessionKeys:case us.StandaloneAdditionalAllowedData:if(this.leadingOnePassSignatureCounter>0)throw new cs("Missing trailing signature packets")}}}const ls=/*#__PURE__*/F.constructAllowedPackets([Yn,ns,rs]);class ys{static get tag(){return T.packet.compressedData}constructor(e=B){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=B){await v(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),F.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=B){const t=T.read(T.compression,this.algorithm),r=fs[t];if(!r)throw Error(t+" decompression not supported");this.packets=await os.fromBinary(await r(this.compressed),ls,e,new hs)}compress(){const e=T.read(T.compression,this.algorithm),t=ms[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function ps(e,t){return r=>{if(!F.isStream(r)||n(r))return D((()=>P(r).then((e=>new Promise(((r,i)=>{const a=new t,n=[];a.ondata=(e,t)=>{n.push(e),t&&r(F.concatUint8Array(n))};try{a.push(e,!0)}catch(e){i(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const i=r.getReader(),a=new t;return new ReadableStream({async start(e){for(a.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await i.read();if(e)return void a.push(new Uint8Array,!0);t.length&&a.push(t)}}})}}function ds(){return async function(e){const{decode:t}=await import("./seek-bzip.min.mjs").then((function(e){return e.i}));return D((async()=>t(await P(e))))}}const gs=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),ms={zip:/*#__PURE__*/ps(gs("deflate-raw").compressor,Vn),zlib:/*#__PURE__*/ps(gs("deflate").compressor,$n)},fs={uncompressed:e=>e,zip:/*#__PURE__*/ps(gs("deflate-raw").decompressor,Wn),zlib:/*#__PURE__*/ps(gs("deflate").decompressor,Qn),bzip2:/*#__PURE__*/ds()},ws=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class bs{static get tag(){return T.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new bs;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new it(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):F.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=B){const{blockSize:i,keySize:a}=Ar(e);if(t.length!==a)throw Error("Unexpected session key size");let s=this.packets.write();if(n(s)&&(s=await P(s)),2===this.version)this.cipherAlgorithm=e,this.salt=le(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await ks(this,"encrypt",t,s);else{const r=await Qi(e),a=new Uint8Array([211,20]),n=F.concat([r,s,a]),o=await Ie(T.hash.sha1,A(n)),c=F.concat([n,o]);this.encrypted=await Xi(e,t,c,new Uint8Array(i))}return!0}async decrypt(e,t,r=B){if(t.length!==Ar(e).keySize)throw Error("Unexpected session key size");let i,a=K(this.encrypted);n(a)&&(a=await P(a));let s=!1;if(2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");i=await ks(this,"decrypt",t,a)}else{const{blockSize:n}=Ar(e),o=await Yi(e,t,a,new Uint8Array(n)),c=S(A(o),-20),u=S(o,0,-20),h=Promise.all([P(await Ie(T.hash.sha1,A(u))),P(c)]).then((([e,t])=>{if(!F.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),l=S(u,n+2);i=S(l,0,-2),i=g([i,D((()=>h))]),F.isStream(a)&&r.allowUnauthenticatedStream?s=!0:i=await P(i)}return this.packets=await os.fromBinary(i,ws,r,new hs,s),!0}}async function ks(e,t,r,i){const a=e instanceof bs&&2===e.version,n=!a&&e.constructor.tag===T.packet.aeadEncryptedData;if(!a&&!n)throw Error("Unexpected packet type");const s=Ma(e.aeadAlgorithm,n),o="decrypt"===t?s.tagLength:0,c="encrypt"===t?s.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=n?8:0,l=new ArrayBuffer(13+h),y=new Uint8Array(l,0,5+h),p=new Uint8Array(l),d=new DataView(l),g=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let f,w,b=0,v=Promise.resolve(),K=0,A=0;if(a){const{keySize:t}=Ar(e.cipherAlgorithm),{ivLength:i}=s,a=new Uint8Array(l,0,5),n=await Ur(T.hash.sha256,r,e.salt,a,t+i);r=n.subarray(0,t),f=n.subarray(t),f.fill(0,f.length-8),w=new DataView(f.buffer,f.byteOffset,f.byteLength)}else f=e.iv;const E=await s(e.cipherAlgorithm,r);return k(i,(async(r,i)=>{if("array"!==F.isStream(r)){const t=new TransformStream({},{highWaterMark:F.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});m(t.readable,i),i=t.writable}const n=x(r),s=C(i);try{for(;;){let e=await n.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let i,l,m;if(e=e.subarray(0,e.length-o),a)m=f;else{m=f.slice();for(let e=0;e<8;e++)m[f.length-8+e]^=g[e]}if(!b||e.length?(n.unshift(r),i=E[t](e,m,y),i.catch((()=>{})),A+=e.length-o+c):(d.setInt32(5+h+4,K),i=E[t](r,m,p),i.catch((()=>{})),A+=c,l=!0),K+=e.length-o,v=v.then((()=>i)).then((async e=>{await s.ready,await s.write(e),A-=e.length})).catch((e=>s.abort(e))),(l||A>s.desiredSize)&&await v,l){await s.close();break}a?w.setInt32(f.length-4,++b):d.setInt32(9,++b)}}catch(e){await s.ready.catch((()=>{})),await s.abort(e)}}))}const vs=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class Ks{static get tag(){return T.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=T.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{const t=await e.readByte();if(1!==t)throw new it(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=Ma(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=B){this.packets=await os.fromBinary(await ks(this,"decrypt",t,K(this.encrypted)),vs,r,new hs)}async encrypt(e,t,r=B){this.cipherAlgorithm=e;const{ivLength:i}=Ma(this.aeadAlgorithm,!0);this.iv=le(i),this.chunkSizeByte=r.aeadChunkSizeByte;const a=this.packets.write();this.encrypted=await ks(this,"encrypt",t,a)}}const As=new Set([T.publicKey.x25519,T.publicKey.x448,T.publicKey.pqc_mlkem_x25519]);class Es{static get tag(){return T.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new Zn,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:i,sessionKeyAlgorithm:a}){const n=new Es;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return n.version=e,6===e&&(n.publicKeyVersion=r?null:t.version,n.publicKeyFingerprint=r?null:t.getFingerprintBytes()),n.publicKeyID=r?Zn.wildcard():t.getKeyID(),n.publicKeyAlgorithm=t.algorithm,n.sessionKey=i,n.sessionKeyAlgorithm=a,n}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const i=r-1;this.publicKeyFingerprint=e.subarray(t,t+i),t+=i,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=Zn.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:return{c:F.readMPI(t.subarray(r))};case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:F.readMPI(t.subarray(r))}}case T.publicKey.ecdh:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=new _i;return i.read(t.subarray(r)),{V:e,C:i}}case T.publicKey.x25519:case T.publicKey.x448:{const i=Ha(e),a=F.readExactSubarray(t,r,r+i);r+=a.length;const n=new Hi;return n.read(t.subarray(r)),{ephemeralPublicKey:a,C:n}}case T.publicKey.aead:{const e=new Oi;r+=e.read(t.subarray(r));const{ivLength:i}=Ma(e.getValue()),a=t.subarray(r,r+i);r+=i;const n=new Ni;return r+=n.read(t.subarray(r)),{aeadMode:e,iv:a,c:n}}case T.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1088);r+=i.length;const a=new Hi;return a.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:i,C:a}}default:throw new it("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),As.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=T.write(T.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),Na(this.publicKeyAlgorithm,this.encrypted)),F.concatUint8Array(e)}async encrypt(e){const t=T.write(T.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=Ss(this.version,t,r,this.sessionKey),n=t===T.publicKey.aead?e.privateParams:null;this.encrypted=await Fa(t,r,e.publicParams,n,a,i)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ss(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=await La(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,i,r),{sessionKey:n,sessionKeyAlgorithm:s}=function(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.aead:{const t=r.subarray(0,r.length-2),a=r.subarray(r.length-2),n=F.writeChecksum(t.subarray(t.length%8)),s=n[0]===a[0]&n[1]===a[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(i){const t=s&o.sessionKeyAlgorithm===i.sessionKeyAlgorithm&o.sessionKey.length===i.sessionKey.length;return{sessionKey:F.selectUint8Array(t,o.sessionKey,i.sessionKey),sessionKeyAlgorithm:6===e?null:F.selectUint8(t,o.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(s&&(6===e||T.read(T.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,a,t);if(3===this.version){const e=!As.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?s:this.sessionKeyAlgorithm,n.length!==Ar(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=n}}function Ss(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.aead:return F.concatUint8Array([new Uint8Array(6===e?[]:[r]),i,F.writeChecksum(i.subarray(i.length%8))]);case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return i;default:throw Error("Unsupported public key algorithm")}}class Ps{static get tag(){return T.packet.symEncryptedSessionKey}constructor(e=B){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=T.write(T.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const i=e[t++];if(this.s2k=en(i),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=Ma(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const i=r.length,a=3+i+this.iv.length;t=F.concatUint8Array([new Uint8Array([this.version,a,e,this.aeadAlgorithm,i]),r,this.iv,this.encrypted])}else 5===this.version?t=F.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=F.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=F.concatUint8Array([t,this.encrypted])));return t}async decrypt(e){const t=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:r,keySize:i}=Ar(t),a=await this.s2k.produceKey(e,i);if(this.version>=5){const e=Ma(this.aeadAlgorithm,!0),r=new Uint8Array([192|Ps.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await Ur(T.hash.sha256,a,new Uint8Array,r,i):a,s=await e(t,n);this.sessionKey=await s.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await Yi(t,a,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=T.write(T.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==Ar(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=a}async encrypt(e,t=B){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=tn(t),this.s2k.generateSalt();const{blockSize:i,keySize:a}=Ar(r),n=await this.s2k.produceKey(e,a);if(null===this.sessionKey&&(this.sessionKey=ja(this.sessionKeyAlgorithm)),this.version>=5){const e=Ma(this.aeadAlgorithm);this.iv=le(e.ivLength);const t=new Uint8Array([192|Ps.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await Ur(T.hash.sha256,n,new Uint8Array,t,a):n,s=await e(r,i);this.encrypted=await s.encrypt(this.sessionKey,this.iv,t)}else{const e=F.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await Xi(r,n,e,new Uint8Array(i))}}}class Us{static get tag(){return T.packet.publicKey}constructor(e=new Date,t=B){this.version=t.v6Keys?6:4,this.created=F.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Us,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}async read(e,t=B){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=F.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:i}=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case T.publicKey.dsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));r+=a.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,q:i,g:a,y:n}}}case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,g:i,y:a}}}case T.publicKey.ecdsa:{const e=new Qe;r+=e.read(t),qa(e);const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.eddsaLegacy:{const e=new Qe;if(r+=e.read(t),qa(e),e.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let i=F.readMPI(t.subarray(r));return r+=i.length+2,i=F.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.ecdh:{const e=new Qe;r+=e.read(t),qa(e);const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=new Ri;return r+=a.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:a}}}case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.x25519:case T.publicKey.x448:{const i=F.readExactSubarray(t,r,r+Ha(e));return r+=i.length,{read:r,publicParams:{A:i}}}case T.publicKey.hmac:case T.publicKey.aead:{const e=new ji;r+=e.read(t);const i=Te(T.hash.sha256),a=t.subarray(r,r+i);return r+=i,{read:r,publicParams:{cipher:e,digest:a}}}case T.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1184);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:i}}}case T.publicKey.pqc_mldsa_ed25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.ed25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1952);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:i}}}default:throw new it("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&i.oid&&(i.oid.getName()===T.curve.curve25519Legacy||i.oid.getName()===T.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&this.algorithm===T.publicKey.pqc_mldsa_ed25519)throw Error("Unexpected key version: ML-DSA algorithms can only be used with v6 keys");return this.publicParams=i,r+=t,await this.computeFingerprintAndKeyID(),r}throw new it(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(F.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=Na(this.algorithm,this.publicParams);return this.version>=5&&e.push(F.writeNumber(t.length,4)),e.push(t),F.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,i=e>=5?4:2;return F.concatUint8Array([new Uint8Array([r]),F.writeNumber(t.length,i),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new Zn,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await Ie(T.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await Ie(T.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return F.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&F.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=T.read(T.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=F.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}Us.prototype.readPublicKey=Us.prototype.read,Us.prototype.writePublicKey=Us.prototype.write;const Ds=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class xs{static get tag(){return T.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=B){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:i}=Ar(e),a=await P(K(this.encrypted)),n=await Yi(e,t,a.subarray(i+2),a.subarray(2,i+2));this.packets=await os.fromBinary(n,Ds,r)}async encrypt(e,t,r=B){const i=this.packets.write(),{blockSize:a}=Ar(e),n=await Qi(e),s=await Xi(e,t,n,new Uint8Array(a)),o=await Xi(e,t,i,s.subarray(2));this.encrypted=F.concat([s,o])}}class Cs{static get tag(){return T.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Is extends Us{static get tag(){return T.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Is,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}}class Ts{static get tag(){return T.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=Xe(e.subarray(t,e.length));t+=r.offset,this.attributes.push(F.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(Ye(this.attributes[t].length)),e.push(F.stringToUint8Array(this.attributes[t]));return F.concatUint8Array(e)}equals(e){return!!(e&&e instanceof Ts)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class Bs extends Us{static get tag(){return T.packet.secretKey}constructor(e=new Date,t=B){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=B){let r=await this.readPublicKey(e,t);const i=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=en(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+Ar(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+Ma(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(i),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!F.equalsUint8Array(F.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await _a(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof it)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return F.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=Na(this.algorithm,this.privateParams)),5===this.version&&t.push(F.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(F.writeChecksum(this.keyMaterial))),F.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=B){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=en(T.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=T.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=B){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=tn(t),this.s2k.generateSalt();const r=Na(this.algorithm,this.privateParams);this.symmetric=T.symmetric.aes256;const{blockSize:i}=Ar(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const a=Ma(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const n=Je(this.constructor.tag),s=await Ms(this.version,this.s2k,e,this.symmetric,this.aead,n,this.isLegacyAEAD),o=await a(this.symmetric,s);this.iv=this.isLegacyAEAD?le(i):le(a.ivLength);const c=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([n,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,a.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const t=await Ms(this.version,this.s2k,e,this.symmetric);this.iv=le(i),this.keyMaterial=await Xi(this.symmetric,t,F.concatUint8Array([r,await Ie(T.hash.sha1,r)]),this.iv)}}async decrypt(e){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let t;const r=Je(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let i;if(t=await Ms(this.version,this.s2k,e,this.symmetric,this.aead,r,this.isLegacyAEAD),253===this.s2kUsage){const e=Ma(this.aead,!0),a=await e(this.symmetric,t);try{const t=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([r,this.writePublicKey()]);i=await a.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),t)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await Yi(this.symmetric,t,this.keyMaterial,this.iv);i=e.subarray(0,-20);const r=await Ie(T.hash.sha1,i);if(!F.equalsUint8Array(r,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await _a(this.algorithm,i,this.publicParams);this.privateParams=e}catch(e){throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await Oa(this.algorithm,this.publicParams,this.privateParams)}catch(t){e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===T.publicKey.ecdh&&t===T.curve.curve25519Legacy||this.algorithm===T.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&this.algorithm===T.publicKey.pqc_mldsa_ed25519)throw Error(`Cannot generate v${this.version} signing keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:i,publicParams:a}=await Ra(this.algorithm,e,t,r);this.privateParams=i,this.publicParams=a,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ms(e,t,r,i,a,n,s){if("argon2"===t.type&&!a)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=Ar(i),c=await t.produceKey(r,o);if(!a||5===e||s)return c;const u=F.concatUint8Array([n,new Uint8Array([e,i,a])]);return Ur(T.hash.sha256,c,new Uint8Array,u,o)}class Fs{static get tag(){return T.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(F.isString(e)||e.name&&!F.isString(e.name)||e.email&&!F.isEmailAddress(e.email)||e.comment&&!F.isString(e.comment))throw Error("Invalid user ID format");const t=new Fs;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=B){const r=F.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const i=e=>/^[^\s@]+@[^\s@]+$/.test(e),a=r.indexOf("<"),n=r.lastIndexOf(">");if(-1!==a&&-1!==n&&n>a){const e=r.substring(a+1,n);if(i(e)){this.email=e;const t=r.substring(0,a).trim(),i=t.indexOf("("),n=t.lastIndexOf(")");-1!==i&&-1!==n&&n>i?(this.comment=t.substring(i+1,n).trim(),this.name=t.substring(0,i).trim()):(this.name=t,this.comment="")}}else i(r.trim())&&(this.email=r.trim(),this.name="",this.comment="");this.userID=r}write(){return F.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Ls extends Bs{static get tag(){return T.packet.secretSubkey}constructor(e=new Date,t=B){super(e,t)}}class _s{static get tag(){return T.packet.trust}read(){throw new it("Trust packets are not supported")}write(){throw new it("Trust packets are not supported")}}class Ns{static get tag(){return T.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await le(e)}}const Rs=/*#__PURE__*/F.constructAllowedPackets([rs]);class zs{constructor(e){this.packets=e||new os}write(){return this.packets.write()}armor(e=B){const t=this.packets.some((e=>e.constructor.tag===rs.tag&&6!==e.version));return Y(T.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Os({armoredSignature:e,binarySignature:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!F.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!F.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:e,data:t}=await X(a);if(e!==T.armor.signature)throw Error("Armored text not of type signature");a=t}const s=await os.fromBinary(a,Rs,r);return new zs(s)}async function js(e,t){const r=new Ls(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function qs(e,t){const r=new Bs(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Hs(e,t,r,i,a=new Date,n){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,a,void 0,n),s=e[c])}catch(e){o=e}if(!s)throw F.wrapError(`Could not find valid ${T.read(T.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Gs(e,t,r=new Date){const i=F.normalizeDate(r);if(null!==i){const r=Ys(e,t);return!(e.created<=i&&i<r)}return!1}async function Vs(e,t,r,i){const a={};a.key=t,a.bind=e;const n={signatureType:T.signature.subkeyBinding};r.sign?(n.keyFlags=[T.keyFlags.signData],n.embeddedSignature=await $s(a,[],e,{signatureType:T.signature.keyBinding},r.date,void 0,void 0,void 0,i)):n.keyFlags=r.forwarding?[T.keyFlags.forwardedCommunication]:[T.keyFlags.encryptCommunication|T.keyFlags.encryptStorage],r.keyExpirationTime>0&&(n.keyExpirationTime=r.keyExpirationTime,n.keyNeverExpires=!1);return await $s(a,[],t,n,r.date,void 0,void 0,void 0,i)}async function Ws(e,t,r=new Date,i=[],a){const n=T.hash.sha256,s=a.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,i[t],a)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=T.write(T.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===n,h=()=>{if(0===c.size)return n;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Te(e)-Te(t)))[0];return Te(e)>=Te(n)?e:n},l=new Set([T.publicKey.ecdsa,T.publicKey.eddsaLegacy,T.publicKey.ed25519,T.publicKey.ed448]),y=new Set([T.publicKey.pqc_mldsa_ed25519]);if(l.has(t.algorithm)){const e=function(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return Wr(t);case T.publicKey.ed25519:case T.publicKey.ed448:return yt(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(s),i=Te(s)>=Te(e);if(r&&i)return s;{const t=h();return Te(t)>=Te(e)?t:e}}if(y.has(t.algorithm)){if(u(s)&&Fi(t.algorithm,s))return s;{const e=h();return Fi(t.algorithm,e)?e:n}}return u(s)?s:h()}async function $s(e,t,r,i,a,n,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new rs;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Ws(t,r,a,n,c),u.rawNotations=[...s],await u.sign(r,e,a,o,c),u}async function Qs(e,t,r,i=new Date,a){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||a&&!await a(e)||t[r].some((function(t){return F.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Xs(e,t,r,i,a,n,s=new Date,o){n=n||e;const c=[];return await Promise.all(i.map((async function(e){try{if(!a||e.issuerKeyID.equals(a.issuerKeyID)){const i=![T.reasonForRevocation.keyRetired,T.reasonForRevocation.keySuperseded,T.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(n,t,r,i?null:s,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),a?(a.revoked=!!c.some((e=>e.equals(a.issuerKeyID)))||(a.revoked||!1),a.revoked):c.length>0}function Ys(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function Zs(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=T.publicKey.pqc_mldsa_ed25519:e.algorithm=T.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=T.write(T.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==T.curve.ed25519Legacy&&e.curve!==T.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?T.curve.ed25519Legacy:T.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===T.curve.ed25519Legacy?T.publicKey.eddsaLegacy:T.publicKey.ecdsa:e.algorithm=T.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?T.publicKey.ed25519:T.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?T.publicKey.ed448:T.publicKey.x448;break;case"rsa":e.algorithm=T.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=T.publicKey.hmac;try{e.symmetric=T.write(T.hash,e.symmetricHash)}catch(e){throw Error("Unknown hash algorithm")}}else{e.algorithm=T.publicKey.aead;try{e.symmetric=T.write(T.symmetric,e.symmetricCipher)}catch(e){throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function Js(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.hmac:case T.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData);default:return!1}}function eo(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.aead:case T.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage);default:return!1}}function to(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&T.keyFlags.forwardedCommunication));default:return!1}}function ro(e,t){const r=T.write(T.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.rsaEncrypt:if(i.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ecdh:if(t.rejectCurves.has(i.curve))throw Error(`Support for ${i.algorithm} keys using curve ${i.curve} is disabled.`)}}class io{constructor(e,t){this.userID=e.constructor.tag===T.packet.userID?e:null,this.userAttribute=e.constructor.tag===T.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new os;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new io(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i},n=new io(a.userID||a.userAttribute,this.mainKey);return n.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(i))throw Error("The user's own key can only be used for self-certifications");const n=await e.getSigningKey(void 0,t,void 0,r);return $s(a,[e],n.keyPacket,{signatureType:T.signature.certGeneric,keyFlags:[T.keyFlags.certifyKeys|T.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await n.update(this,t,r),n}async isRevoked(e,t,r=new Date,i=B){const a=this.mainKey.keyPacket;return Xs(a,T.signature.certRevocation,{key:a,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,i)}async verifyCertificate(e,t,r=new Date,i){const a=this,n=this.mainKey.keyPacket,s={userID:this.userID,userAttribute:this.userAttribute,key:n},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const n=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await a.isRevoked(e,n.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(n.keyPacket,T.signature.certGeneric,s,r,void 0,i)}catch(e){throw F.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,a=this.selfCertifications.concat(this.otherCertifications);return Promise.all(a.map((async a=>({keyID:a.issuerKeyID,valid:await i.verifyCertificate(a,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};let n;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const n=this.selfCertifications[s];if(n.revoked||await r.isRevoked(n,void 0,e,t))throw Error("Self-certification is revoked");try{await n.verify(i,T.signature.certGeneric,a,e,void 0,t)}catch(e){throw F.wrapError("Self-certification is invalid",e)}return!0}catch(e){n=e}throw n}async update(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};await Qs(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,T.signature.certGeneric,a,t,!1,r),!0}catch(e){return!1}})),await Qs(e,this,"otherCertifications",t),await Qs(e,this,"revocationSignatures",t,(function(e){return Xs(i,T.signature.certRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=B){const n={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new io(n.userID||n.userAttribute,this.mainKey);return s.revocationSignatures.push(await $s(n,[],e,{signatureType:T.signature.certRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}}class ao{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new os;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new ao(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=B){const a=this.mainKey.keyPacket;return Xs(a,T.signature.subkeyRevocation,{key:a,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=B){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},a=await Hs(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t);if(a.revoked||await this.isRevoked(a,null,e,t))throw Error("Subkey is revoked");if(Gs(this.keyPacket,a,e))throw Error("Subkey is expired");return a}async getExpirationTime(e=new Date,t=B){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let a;try{a=await Hs(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t)}catch(e){return null}const n=Ys(this.keyPacket,a),s=a.getExpirationTime();return n<s?n:s}async update(e,t=new Date,r=B){const i=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===T.packet.publicSubkey&&e.keyPacket.constructor.tag===T.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const a=this,n={key:i,bind:a.keyPacket};await Qs(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<a.bindingSignatures.length;t++)if(a.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>a.bindingSignatures[t].created&&(a.bindingSignatures[t]=e),!1;try{return await e.verify(i,T.signature.subkeyBinding,n,t,void 0,r),!0}catch(e){return!1}})),await Qs(e,this,"revocationSignatures",t,(function(e){return Xs(i,T.signature.subkeyRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=B){const n={key:e,bind:this.keyPacket},s=new ao(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await $s(n,[],e,{signatureType:T.signature.subkeyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{ao.prototype[e]=function(){return this.keyPacket[e]()}}));const no=/*#__PURE__*/F.constructAllowedPackets([rs]),so=new Set([T.packet.publicKey,T.packet.privateKey]),oo=new Set([T.packet.publicKey,T.packet.privateKey,T.packet.publicSubkey,T.packet.privateSubkey]);class co{packetListToStructure(e,t=new Set){let r,i,a,n;for(const s of e){if(s instanceof st){oo.has(s.tag)&&!n&&(n=so.has(s.tag)?so:oo);continue}const e=s.constructor.tag;if(n){if(!n.has(e))continue;n=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case T.packet.publicKey:case T.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case T.packet.userID:case T.packet.userAttribute:r=new io(s,this),this.users.push(r);break;case T.packet.publicSubkey:case T.packet.secretSubkey:r=null,a=new ao(s,this),this.subkeys.push(a);break;case T.packet.signature:switch(s.signatureType){case T.signature.certGeneric:case T.signature.certPersona:case T.signature.certCasual:case T.signature.certPositive:if(!r){F.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case T.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case T.signature.key:this.directSignatures.push(s);break;case T.signature.subkeyBinding:if(!a){F.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}a.bindingSignatures.push(s);break;case T.signature.keyRevocation:this.revocationSignatures.push(s);break;case T.signature.subkeyRevocation:if(!a){F.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}a.revocationSignatures.push(s)}}}}toPacketList(){const e=new os;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=B){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{ro(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Hs(r.bindingSignatures,a,T.signature.subkeyBinding,e,t,i);if(!Js(r.keyPacket,n,i))continue;if(!n.embeddedSignature)throw Error("Missing embedded signature");return await Hs([n.embeddedSignature],r.keyPacket,T.signature.keyBinding,e,t,i),ro(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&Js(a,n,i))return ro(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=B){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{ro(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Hs(r.bindingSignatures,a,T.signature.subkeyBinding,e,t,i);if(eo(r.keyPacket,n,i))return ro(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&eo(a,n,i))return ro(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=B){return Xs(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=B){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Gs(i,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==i.version){const t=await Hs(this.directSignatures,i,T.signature.key,{key:i},e,r).catch((()=>{}));if(t&&Gs(i,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=B){let r;try{const i=await this.getPrimarySelfSignature(null,e,t),a=Ys(this.keyPacket,i),n=i.getExpirationTime(),s=6!==this.keyPacket.version&&await Hs(this.directSignatures,this.keyPacket,T.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=Ys(this.keyPacket,s);r=Math.min(a,n,e)}else r=a<n?a:n}catch(e){r=null}return F.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=B){const i=this.keyPacket;if(6===i.version)return Hs(this.directSignatures,i,T.signature.key,{key:i},e,r);const{selfCertification:a}=await this.getPrimaryUser(e,t,r);return a}async getPrimaryUser(e=new Date,t={},r=B){const i=this.keyPacket,a=[];let n;for(let s=0;s<this.users.length;s++)try{const n=this.users[s];if(!n.userID)continue;if(void 0!==t.name&&n.userID.name!==t.name||void 0!==t.email&&n.userID.email!==t.email||void 0!==t.comment&&n.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:n.userID,key:i},c=await Hs(n.selfCertifications,i,T.signature.certGeneric,o,e,r);a.push({index:s,user:n,selfCertification:c})}catch(e){n=e}if(!a.length)throw n||Error("Could not find primary user");await Promise.all(a.map((async function(t){return t.selfCertification.revoked||t.user.isRevoked(t.selfCertification,null,e,r)})));const s=a.sort((function(e,t){const r=e.selfCertification,i=t.selfCertification;return i.revoked-r.revoked||r.isPrimaryUserID-i.isPrimaryUserID||r.created-i.created})).pop(),{user:o,selfCertification:c}=s;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return s}async update(e,t=new Date,r=B){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await Qs(e,i,"revocationSignatures",t,(a=>Xs(i.keyPacket,T.signature.keyRevocation,i,[a],null,e.keyPacket,t,r))),await Qs(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const a=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const a=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=B){const r={key:this.keyPacket},i=await Hs(this.revocationSignatures,this.keyPacket,T.signature.keyRevocation,r,e,t),a=new os;a.push(i);const n=6!==this.keyPacket.version;return Y(T.armor.publicKey,a.write(),null,null,"This is a revocation certificate",n,t)}async applyRevocationCertificate(e,t=new Date,r=B){const i=await X(e),a=(await os.fromBinary(i.data,no,r)).findPacket(T.packet.signature);if(!a||a.signatureType!==T.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!a.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await a.verify(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw F.wrapError("Could not verify revocation signature",e)}const n=this.clone();return n.revocationSignatures.push(a),n}async signPrimaryUser(e,t,r,i=B){const{index:a,user:n}=await this.getPrimaryUser(t,r,i),s=await n.certify(e,t,i),o=this.clone();return o.users[a]=s,o}async signAllUsers(e,t=new Date,r=B){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=B){const a=this.keyPacket,{user:n}=await this.getPrimaryUser(t,r,i);return e?await n.verifyAllCertifications(e,t,i):[{keyID:a.getKeyID(),valid:await n.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=B){const i=this.keyPacket,a=[];return await Promise.all(this.users.map((async n=>{const s=e?await n.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await n.verify(t,r).catch((()=>!1))}];a.push(...s.map((e=>({userID:n.userID?n.userID.userID:null,userAttribute:n.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),a}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{co.prototype[e]=ao.prototype[e]}));class uo extends co{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([T.packet.secretKey,T.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=B){const t=6!==this.keyPacket.version;return Y(T.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class ho extends uo{constructor(e){if(super(),this.packetListToStructure(e,new Set([T.packet.publicKey,T.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new os,t=this.toPacketList();let r=!1;for(const i of t)if(!r||i.constructor.tag!==T.packet.Signature)switch(r&&(r=!1),i.constructor.tag){case T.packet.secretKey:{if(i.algorithm===T.publicKey.aead||i.algorithm===T.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=Us.fromSecretKeyPacket(i);e.push(t);break}case T.packet.secretSubkey:{if(i.algorithm===T.publicKey.aead||i.algorithm===T.publicKey.hmac){r=!0;break}const t=Is.fromSecretSubkeyPacket(i);e.push(t);break}default:e.push(i)}return new uo(e)}armor(e=B){const t=6!==this.keyPacket.version;return Y(T.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},i=B){const a=this.keyPacket,n=[];let s=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){s=s||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:a,bind:this.subkeys[r].keyPacket},s=await Hs(this.subkeys[r].bindingSignatures,a,T.signature.subkeyBinding,e,t,i);to(this.subkeys[r].keyPacket,s,i)&&n.push(this.subkeys[r])}catch(e){s=e}}const o=await this.getPrimarySelfSignature(t,r,i);if(e&&!a.getKeyID().equals(e,!0)||!to(a,o,i)||(a.isDummy()?s=s||Error("Gnu-dummy key packets cannot be used for decryption"):n.push(this)),0===n.length)throw s||Error("No decryption key packets found");return n}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=B){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=T.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=B){if(!this.isPrivate())throw Error("Need private key for revoking");const a={key:this.keyPacket},n=this.clone();return n.revocationSignatures.push(await $s(a,[],this.keyPacket,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),n}async addSubkey(e={}){const t={...B,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const i=r.getAlgorithmInfo();i.type=function(e){switch(T.write(T.publicKey,e)){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:return"rsa";case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return"ecc";case T.publicKey.ed25519:return"curve25519";case T.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(i.algorithm),i.rsaBits=i.bits||4096,i.curve=i.curve||"curve25519Legacy",e=Zs(e,i);const a=await js(e,{...t,v6Keys:6===this.keyPacket.version});ro(a,t);const n=await Vs(a,r,e,t),s=this.toPacketList();return s.push(a,n),new ho(s)}}const lo=/*#__PURE__*/F.constructAllowedPackets([Us,Is,Bs,Ls,Fs,Ts,rs]);function yo(e){for(const t of e)switch(t.constructor.tag){case T.packet.secretKey:return new ho(e);case T.packet.publicKey:return new uo(e)}throw Error("No key packet found")}async function po(e,t,r,i){r.passphrase&&await e.encrypt(r.passphrase,i),await Promise.all(t.map((async function(e,t){const a=r.subkeys[t].passphrase;a&&await e.encrypt(a,i)})));const a=new os;function n(e,t){return[t,...e.filter((e=>e!==t))]}function s(){const t={};t.keyFlags=[T.keyFlags.certifyKeys|T.keyFlags.signData];const a=n([T.symmetric.aes256,T.symmetric.aes128],i.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=a,i.aeadProtect){const e=n([T.aead.gcm,T.aead.eax,T.aead.ocb],i.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>a.map((t=>[t,e]))))}return t.preferredHashAlgorithms=n([T.hash.sha512,T.hash.sha256,...6===e.version?[T.hash.sha3_512,T.hash.sha3_256]:[]],i.preferredHashAlgorithm),t.preferredCompressionAlgorithms=n([T.compression.uncompressed,T.compression.zlib,T.compression.zip],i.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=T.features.modificationDetection,i.aeadProtect&&(t.features[0]|=T.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(a.push(e),6===e.version){const t={key:e},n=s();n.signatureType=T.signature.key;const o=await $s(t,[],e,n,r.date,void 0,void 0,void 0,i);a.push(o)}await Promise.all(r.userIDs.map((async function(t,a){const n=Fs.fromObject(t),o={userID:n,key:e},c=6!==e.version?s():{};c.signatureType=T.signature.certPositive,0===a&&(c.isPrimaryUserID=!0);return{userIDPacket:n,signaturePacket:await $s(o,[],e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{a.push(e),a.push(t)}))})),await Promise.all(t.map((async function(t,a){const n=r.subkeys[a];return{secretSubkeyPacket:t,subkeySignaturePacket:await Vs(t,e,n,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{a.push(e),a.push(t)}))}));const o={key:e};return a.push(await $s(o,[],e,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new ho(a)}async function go({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...B,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");n=r}else n=t;const s=await os.fromBinary(n,lo,r),o=s.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===o.length)throw Error("No key packet found");return yo(s.slice(o[0],o[1]))}async function mo({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...B,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");n=r}else n=t;const s=await os.fromBinary(n,lo,r),o=s.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e<o.length;e++){if(s[o[e]].constructor.tag===T.packet.publicKey)continue;const t=s.slice(o[e],o[e+1]);return new ho(t)}throw Error("No secret key packet found")}async function fo({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");a=r}const s=[],o=await os.fromBinary(a,lo,r),c=o.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=yo(o.slice(c[e],c[e+1]));s.push(t)}return s}async function wo({armoredKeys:e,binaryKeys:t,config:r}){r={...B,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");i=r}const a=[],n=await os.fromBinary(i,lo,r),s=n.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e<s.length;e++){if(n[s[e]].constructor.tag===T.packet.publicKey)continue;const t=n.slice(s[e],s[e+1]),r=new ho(t);a.push(r)}if(0===a.length)throw Error("No secret key packet found");return a}const bo=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,Ks,bs,xs,Es,Ps,ns,rs]),ko=/*#__PURE__*/F.constructAllowedPackets([Ps]),vo=/*#__PURE__*/F.constructAllowedPackets([rs]);class Ko{constructor(e){this.packets=e||new os}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(T.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(T.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,a=B){const n=this.packets.filterByTag(T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData);if(0===n.length)throw Error("No encrypted data found");const s=n[0],o=s.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,i,a);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!F.isUint8Array(t)||!s.cipherAlgorithm&&!F.isString(e))throw Error("Invalid session key for decryption.");try{const r=s.cipherAlgorithm||T.write(T.symmetric,e);await s.decrypt(r,t,a)}catch(e){F.printDebugError(e),u=e}})));if(U(s.encrypted),s.encrypted=null,await h,!s.packets||!s.packets.length)throw u||Error("Decryption failed.");const l=new Ko(s.packets);return s.packets=new os,l}async decryptSessionKeys(e,t,r,i=new Date,a=B){let n,s=[];if(t){const e=this.packets.filterByTag(T.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await os.fromBinary(e.write(),ko,a):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t),s.push(e)}catch(e){F.printDebugError(e),e instanceof Wa&&(n=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,a)).map((e=>e.keyPacket))}catch(e){return void(n=e)}let c=[T.symmetric.aes256,T.symmetric.aes128,T.symmetric.tripledes,T.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(i,void 0,a);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(a.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===T.publicKey.rsaEncrypt||t.publicKeyAlgorithm===T.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===T.publicKey.rsaSign||t.publicKeyAlgorithm===T.publicKey.elgamal)){const i=t.write();await Promise.all((r?[r]:Array.from(a.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Es;r.read(i);const a={sessionKeyAlgorithm:t,sessionKey:ja(t)};try{await r.decrypt(e,a),s.push(r)}catch(e){F.printDebugError(e),n=e}})))}else try{await t.decrypt(e);const i=r||t.sessionKeyAlgorithm;if(i&&!c.includes(T.write(T.symmetric,i)))throw Error("A non-preferred symmetric algorithm was used.");s.push(t)}catch(e){F.printDebugError(e),n=e}})))}))),U(t.encrypted),t.encrypted=null})))}}if(s.length>0){if(s.length>1){const e=new Set;s=s.filter((t=>{const r=t.sessionKeyAlgorithm+F.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return s.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&T.read(T.symmetric,e.sessionKeyAlgorithm)})))}throw n||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=B){const{symmetricAlgo:a,aeadAlgo:n}=await async function(e=[],t=new Date,r=[],i=B){const a=await Promise.all(e.map(((e,a)=>e.getPrimarySelfSignature(t,r[a],i))));if(e.length?!i.ignoreSEIPDv2FeatureFlag&&a.every((e=>e.features&&e.features[0]&T.features.seipdv2)):i.aeadProtect){const e={symmetricAlgo:T.symmetric.aes128,aeadAlgo:T.aead.ocb},t=[{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:i.preferredAEADAlgorithm},{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:T.aead.ocb},{symmetricAlgo:T.symmetric.aes128,aeadAlgo:i.preferredAEADAlgorithm}];for(const e of t)if(a.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const n=T.symmetric.aes128,s=i.preferredSymmetricAlgorithm;return{symmetricAlgo:a.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(s)))?s:n,aeadAlgo:void 0}}(e,t,r,i),s=T.read(T.symmetric,a),o=n?T.read(T.aead,n):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===T.publicKey.x25519||e.keyPacket.algorithm===T.publicKey.x448)&&!o&&!F.isAES(a))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:ja(a),algorithm:s,aeadAlgorithm:o}}async encrypt(e,t,r,i=!1,a=[],n=new Date,s=[],o=B){if(r){if(!F.isUint8Array(r.data)||!F.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ko.generateSessionKey(e,n,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ko.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await Ko.encryptSessionKey(c,u,h,e,t,i,a,n,s,o),y=bs.fromObject({version:h?2:1,aeadAlgorithm:h?T.write(T.aead,h):null});y.packets=this.packets;const p=T.write(T.symmetric,u);return await y.encrypt(p,c,o),l.packets.push(y),y.packets=new os,l}static async encryptSessionKey(e,t,r,i,a,n=!1,s=[],o=new Date,c=[],u=B){const h=new os,l=T.write(T.symmetric,t),y=r&&T.write(T.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),a=Es.fromObject({version:y?6:3,encryptionKeyPacket:i.keyPacket,anonymousRecipient:n,sessionKey:e,sessionKeyAlgorithm:l});return await a.encrypt(i.keyPacket),delete a.sessionKey,a})));h.push(...t)}if(a){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,n,s,o){const c=new Ps(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=n,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(a.map((e=>t(c,e))))).reduce(r))return i(e,n,o)}return delete c.sessionKey,c},n=await Promise.all(a.map((t=>i(e,l,y,t))));h.push(...n)}return new Ko(h)}async sign(e=[],t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=B){const u=new os,h=this.packets.findPacket(T.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await Ao(h,e,t,r,i,a,n,s,o,!1,c),y=l.map(((e,t)=>ns.fromSignaturePacket(e,0===t))).reverse();return u.push(...y),u.push(h),u.push(...l),new Ko(u)}compress(e,t=B){if(e===T.compression.uncompressed)return this;const r=new ys(t);r.algorithm=e,r.packets=this.packets;const i=new os;return i.push(r),new Ko(i)}async signDetached(e=[],t=[],r=null,i=[],a=[],n=new Date,s=[],o=[],c=B){const u=this.packets.findPacket(T.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new zs(await Ao(u,e,t,r,i,a,n,s,o,!0,c))}async verify(e,t=new Date,r=B){const i=this.unwrapCompressed(),a=i.packets.filterByTag(T.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");let s=i.packets;n(s.stream)&&(s=s.concat(await P(s.stream,(e=>e||[]))));const o=s.filterByTag(T.packet.onePassSignature).reverse(),c=s.filterByTag(T.packet.signature);return o.length&&!c.length&&F.isStream(s.stream)&&!n(s.stream)?(await Promise.all(o.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=D((async()=>(await e.correspondingSig).signatureData)),e.hashed=P(await e.hash(e.signatureType,a[0],void 0,!1)),e.hashed.catch((()=>{}))}))),s.stream=k(s.stream,(async(e,t)=>{const r=x(e),i=C(t);try{for(let e=0;e<o.length;e++){const{value:t}=await r.read();o[e].correspondingSigResolve(t)}await r.readToEnd(),await i.ready,await i.close()}catch(e){o.forEach((t=>{t.correspondingSigReject(e)})),await i.abort(e)}})),Eo(o,a,e,t,!1,r)):Eo(c,a,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=B){const a=this.unwrapCompressed().packets.filterByTag(T.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");return Eo(e.packets.filterByTag(T.packet.signature),a,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(T.packet.compressedData);return e.length?new Ko(e[0].packets):this}async appendSignature(e,t=B){await this.packets.read(F.isUint8Array(e)?e:(await X(e)).data,vo,t)}write(){return this.packets.write()}armor(e=B){const t=this.packets[this.packets.length-1],r=t.constructor.tag===bs.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===rs.tag&&6!==e.version));return Y(T.armor.message,this.write(),null,null,null,r,e)}}async function Ao(e,t,r=[],i=null,a=[],n=new Date,s=[],o=[],c=[],u=!1,h=B){const l=new os,y=null===e.text?T.signature.binary:T.signature.text;if(await Promise.all(t.map((async(t,i)=>{const l=s[i];if(!t.isPrivate())throw Error("Need private key for signing");const p=await t.getSigningKey(a[i],n,l,h);return $s(e,r.length?r:[t],p.keyPacket,{signatureType:y},n,o,c,u,h)}))).then((e=>{l.push(...e)})),i){const e=i.packets.filterByTag(T.packet.signature);l.push(...e)}return l}async function Eo(e,t,r,i=new Date,a=!1,n=B){return Promise.all(e.filter((function(e){return["text","binary"].includes(T.read(T.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,a=!1,n=B){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof ns?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,a,n);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,n)}catch(e){if(!n.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,n)}return!0})(),signature:(async()=>{const e=await c,t=new os;return e&&t.push(e),new zs(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,a,n)})))}async function So({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const s=F.isStream(a);if(e){const{type:e,data:t}=await X(a);if(e!==T.armor.message)throw Error("Armored text not of type message");a=t}const o=await os.fromBinary(a,bo,r,new hs),c=new Ko(o);return c.fromStream=s,c}async function Po({text:e,binary:t,filename:r,date:i=new Date,format:a=(void 0!==e?"utf8":"binary"),...n}){const s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(n);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=F.isStream(s),u=new Yn(i);void 0!==e?u.setText(s,T.write(T.literal,a)):u.setBytes(s,T.write(T.literal,a)),void 0!==r&&u.setFilename(r);const h=new os;h.push(u);const l=new Ko(h);return l.fromStream=c,l}const Uo=/*#__PURE__*/F.constructAllowedPackets([rs]);class Do{constructor(e,t){if(this.text=F.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof zs))throw Error("Invalid signature input");this.signature=t||new zs(new os)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=B){const u=new Yn;u.setText(this.text);const h=new zs(await Ao(u,e,t,r,i,a,n,s,o,!0,c));return new Do(this.text,h)}verify(e,t=new Date,r=B){const i=this.signature.packets.filterByTag(T.packet.signature),a=new Yn;return a.setText(this.text),Eo(i,[a],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=B){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>T.read(T.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return Y(T.armor.signed,r,void 0,void 0,void 0,t,e)}}async function xo({cleartextMessage:e,config:t,...r}){if(t={...B,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!F.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const a=await X(e);if(a.type!==T.armor.signed)throw Error("No cleartext signed message.");const n=await os.fromBinary(a.data,Uo,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i<t.length;i++)if(t[i].constructor.tag===T.packet.signature&&!e.some(r(t[i])))return!1;return!0},i=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return T.write(T.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));i.push(...e)}})),i.length&&!r(i))throw Error("Hash algorithm mismatch in armor header and signature")}(a.headers,n);const s=new zs(n);return new Do(a.text,s)}async function Co({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!F.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Do(e)}async function Io({userIDs:e=[],passphrase:t,type:r,curve:i,rsaBits:a=4096,symmetricHash:n="sha256",symmetricCipher:s="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...y}){Wo(l={...B,...l}),r||i?(r=r||"ecc",i=i||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",i="curve25519Legacy"),e=$o(e);const p=Object.keys(y);if(p.length>0)throw Error("Unknown option: "+p.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&a<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${a}`);const d={userIDs:e,passphrase:t,type:r,rsaBits:a,curve:i,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:n,symmetricCipher:s};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=Zs(e)).subkeys=e.subkeys.map(((t,r)=>Zs(e.subkeys[r],e)));let r=[qs(e,t)];r=r.concat(e.subkeys.map((e=>js(e,t))));const i=await Promise.all(r),a=await po(i[0],i.slice(1),e,t),n=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:n}}(d,l);return e.getKeys().forEach((({keyPacket:e})=>ro(e,l))),{privateKey:Yo(e,h,l),publicKey:"symmetric"!==r?Yo(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw F.wrapError("Error generating keypair",e)}}async function To({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:a,format:n="armored",config:s,...o}){Wo(s={...B,...s}),t=$o(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:a};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,a={key:i,bind:r},n=await Hs(e.bindingSignatures,i,T.signature.subkeyBinding,a,null,t).catch((()=>({})));return{sign:n.keyFlags&&n.keyFlags[0]&T.keyFlags.signData,forwarding:n.keyFlags&&n.keyFlags[0]&T.keyFlags.forwardedCommunication}}))));const a=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==a.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const n=await po(i,a,e,t),s=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:Yo(e,n,s),publicKey:Yo(e.toPublic(),n,s),revocationCertificate:t}}catch(e){throw F.wrapError("Error reformatting keypair",e)}}async function Bo({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:a="armored",config:n,...s}){Wo(n={...B,...n});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,n):await e.revoke(r,i,n);return s.isPrivate()?{privateKey:Yo(s,a,n),publicKey:Yo(s.toPublic(),a,n)}:{privateKey:null,publicKey:Yo(s,a,n)}}catch(e){throw F.wrapError("Error revoking key",e)}}async function Mo({privateKey:e,passphrase:t,config:r,...i}){Wo(r={...B,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const n=e.clone(!0),s=F.isArray(t)?t:[t];try{return await Promise.all(n.getKeys().map((e=>F.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await n.validate(r),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error decrypting private key",e)}}async function Fo({privateKey:e,passphrase:t,config:r,...i}){Wo(r={...B,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const n=e.clone(!0),s=n.getKeys(),o=F.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error encrypting private key",e)}}async function Lo({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:a,format:n="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:p=[],config:d,...g}){if(Wo(d={...B,...d}),qo(e),Go(n),t=$o(t),r=$o(r),i=$o(i),c=$o(c),u=$o(u),l=$o(l),y=$o(y),p=$o(p),g.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(g.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(g.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==g.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const m=Object.keys(g);if(m.length>0)throw Error("Unknown option: "+m.join(", "));r||(r=[]);try{if((r.length||s)&&(e=await e.sign(r,t,s,c,h,l,u,p,d)),e=e.compress(await async function(e=[],t=new Date,r=[],i=B){const a=T.compression.uncompressed,n=i.preferredCompressionAlgorithm,s=await Promise.all(e.map((async function(e,a){const s=(await e.getPrimarySelfSignature(t,r[a],i)).preferredCompressionAlgorithms;return!!s&&s.indexOf(n)>=0})));return s.every(Boolean)?n:a}(t,h,y,d),d),e=await e.encrypt(t,i,a,o,u,h,y,d),"object"===n)return e;const g="armored"===n?e.armor(d):e.write();return await Qo(g)}catch(e){throw F.wrapError("Error encrypting message",e)}}async function _o({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:a,expectSigned:n=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Wo(u={...B,...u}),qo(e),a=$o(a),t=$o(t),r=$o(r),i=$o(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,i,c,u);a||(a=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,a,c,u):await h.verify(a,c,u),l.data="binary"===s?h.getLiteralData():h.getText(),l.filename=h.getFilename(),Xo(l,e,...new Set([h,h.unwrapCompressed()])),n){if(0===a.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=g([l.data,D((async()=>(await F.anyPromise(l.signatures.map((e=>e.verified))),"binary"===s?new Uint8Array:"")))])}return l.data=await Qo(l.data),l}catch(e){throw F.wrapError("Error decrypting message",e)}}async function No({message:e,signingKeys:t,recipientKeys:r=[],format:i="armored",detached:a=!1,signingKeyIDs:n=[],date:s=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if(Wo(h={...B,...h}),Ho(e),Go(i),t=$o(t),n=$o(n),o=$o(o),r=$o(r),c=$o(c),u=$o(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof Do&&"binary"===i)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Do&&a)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=a?await e.signDetached(t,r,void 0,n,s,o,c,u,h):await e.sign(t,r,void 0,n,s,o,c,u,h),"object"===i)return l;return l="armored"===i?l.armor(h):l.write(),a&&(l=k(e.packets.write(),(async(e,t)=>{await Promise.all([m(l,t),P(e).catch((()=>{}))])}))),await Qo(l)}catch(e){throw F.wrapError("Error signing message",e)}}async function Ro({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:a=null,date:n=new Date,config:s,...o}){if(Wo(s={...B,...s}),Ho(e),t=$o(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Do&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof Do&&a)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=a?await e.verifyDetached(a,t,n,s):await e.verify(t,n,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!a&&Xo(o,...new Set([e,e.unwrapCompressed()])),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=g([o.data,D((async()=>(await F.anyPromise(o.signatures.map((e=>e.verified))),"binary"===i?new Uint8Array:"")))])}return o.data=await Qo(o.data),o}catch(e){throw F.wrapError("Error verifying signed message",e)}}async function zo({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...a}){if(Wo(i={...B,...i}),e=$o(e),r=$o(r),a.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const n=Object.keys(a);if(n.length>0)throw Error("Unknown option: "+n.join(", "));try{return await Ko.generateSessionKey(e,t,r,i)}catch(e){throw F.wrapError("Error generating session key",e)}}async function Oo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:a,format:n="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if(Wo(h={...B,...h}),function(e){if(!F.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!F.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Go(n),i=$o(i),a=$o(a),o=$o(o),u=$o(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(i&&0!==i.length||a&&0!==a.length))throw Error("No encryption keys or passwords provided.");try{return Yo(await Ko.encryptSessionKey(e,t,r,i,a,s,o,c,u,h),n,h)}catch(e){throw F.wrapError("Error encrypting session key",e)}}async function jo({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:a,...n}){if(Wo(a={...B,...a}),qo(e),t=$o(t),r=$o(r),n.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,i,a)}catch(e){throw F.wrapError("Error decrypting session keys",e)}}function qo(e){if(!(e instanceof Ko))throw Error("Parameter [message] needs to be of type Message")}function Ho(e){if(!(e instanceof Do||e instanceof Ko))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Go(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Vo=Object.keys(B).length;function Wo(e){const t=Object.keys(e);if(t.length!==Vo)for(const e of t)if(void 0===B[e])throw Error("Unknown config property: "+e)}function $o(e){return e&&!F.isArray(e)&&(e=[e]),e}async function Qo(e){return"array"===F.isStream(e)?P(e):e}function Xo(e,t,...r){e.data=k(t.packets.stream,(async(t,i)=>{await m(e.data,i,{preventClose:!0});const a=C(i);try{await P(t,(e=>e)),await Promise.all(r.map((e=>P(e.packets.stream,(e=>e))))),await a.close()}catch(e){await a.abort(e)}}))}function Yo(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{Ks as AEADEncryptedDataPacket,Wa as Argon2OutOfMemoryError,Ya as Argon2S2K,Do as CleartextMessage,ys as CompressedDataPacket,cs as GrammarError,Ri as KDFParams,Yn as LiteralDataPacket,Cs as MarkerPacket,Ko as Message,ns as OnePassSignaturePacket,os as PacketList,Ns as PaddingPacket,ho as PrivateKey,uo as PublicKey,Es as PublicKeyEncryptedSessionKeyPacket,Us as PublicKeyPacket,Is as PublicSubkeyPacket,Bs as SecretKeyPacket,Ls as SecretSubkeyPacket,zs as Signature,rs as SignaturePacket,ao as Subkey,bs as SymEncryptedIntegrityProtectedDataPacket,Ps as SymEncryptedSessionKeyPacket,xs as SymmetricallyEncryptedDataPacket,_s as TrustPacket,st as UnparseablePacket,Ts as UserAttributePacket,Fs as UserIDPacket,Y as armor,B as config,Co as createCleartextMessage,Po as createMessage,_o as decrypt,Mo as decryptKey,jo as decryptSessionKeys,Lo as encrypt,Fo as encryptKey,Oo as encryptSessionKey,T as enums,Io as generateKey,zo as generateSessionKey,xo as readCleartextMessage,go as readKey,fo as readKeys,So as readMessage,mo as readPrivateKey,wo as readPrivateKeys,Os as readSignature,To as reformatKey,Bo as revokeKey,No as sign,X as unarmor,Ro as verify};
 //# sourceMappingURL=openpgp.min.mjs.map