npm - @protontech/openpgp - Versions diffs - 6.2.2 → 6.3.0 - Mend

@protontech/openpgp 6.2.2 → 6.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/dist/lightweight/argon2id.min.mjs +1 -1
package/dist/lightweight/argon2id.mjs +1 -1
package/dist/lightweight/legacy_ciphers.min.mjs +1 -1
package/dist/lightweight/legacy_ciphers.min.mjs.map +1 -1
package/dist/lightweight/legacy_ciphers.mjs +1418 -1586
package/dist/lightweight/nacl-fast.min.mjs +1 -1
package/dist/lightweight/nacl-fast.mjs +1 -1
package/dist/lightweight/noble_curves.min.mjs +7 -7
package/dist/lightweight/noble_curves.min.mjs.map +1 -1
package/dist/lightweight/noble_curves.mjs +15 -16
package/dist/lightweight/noble_hashes.min.mjs +1 -1
package/dist/lightweight/noble_hashes.min.mjs.map +1 -1
package/dist/lightweight/noble_hashes.mjs +12 -15
package/dist/lightweight/noble_post_quantum.min.mjs +1 -1
package/dist/lightweight/noble_post_quantum.mjs +1 -1
package/dist/lightweight/openpgp.min.mjs +3 -3
package/dist/lightweight/openpgp.min.mjs.map +1 -1
package/dist/lightweight/openpgp.mjs +12799 -13575
package/dist/lightweight/sha512.min.mjs +1 -1
package/dist/lightweight/sha512.mjs +1 -1
package/dist/lightweight/unbzip2-stream.min.mjs +3 -0
package/dist/lightweight/unbzip2-stream.min.mjs.map +1 -0
package/dist/lightweight/unbzip2-stream.mjs +570 -0
package/dist/node/openpgp.cjs +14794 -16070
package/dist/node/openpgp.min.cjs +13 -13
package/dist/node/openpgp.min.cjs.map +1 -1
package/dist/node/openpgp.min.mjs +14 -14
package/dist/node/openpgp.min.mjs.map +1 -1
package/dist/node/openpgp.mjs +14794 -16070
package/dist/openpgp.js +14794 -16070
package/dist/openpgp.min.js +14 -14
package/dist/openpgp.min.js.map +1 -1
package/dist/openpgp.min.mjs +14 -14
package/dist/openpgp.min.mjs.map +1 -1
package/dist/openpgp.mjs +14794 -16070
package/dist/types/config/config.d.ts +2 -0
package/dist/types/enums.d.ts +1 -0
package/dist/types/index.d.ts +21 -20
package/dist/types/packet/grammar.d.ts +2 -0
package/package.json +34 -33
package/dist/lightweight/seek-bzip.min.mjs +0 -3
package/dist/lightweight/seek-bzip.min.mjs.map +0 -1
package/dist/lightweight/seek-bzip.mjs +0 -900

package/dist/lightweight/openpgp.min.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v6.2.2 - 2025-09-02 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
-const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),a=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function n(e){return e&&e.getReader&&Array.isArray(e)}function s(e){if(!n(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function o(t){if(n(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function c(e){return Uint8Array.prototype.isPrototypeOf(e)}function u(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!c(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let i=0;return e.forEach((function(e){r.set(e,i),i+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[a]&&(this[a]=0),{read:async()=>(await this[t],this[a]===this.length?{value:void 0,done:!0}:{value:this[this[a]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[a]));return this.length=0,r},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[t]=this[t].then((()=>{e.push(...this)})),e},s.prototype.write=async function(e){this.stream.push(e)},s.prototype.close=async function(){this.stream[r]()},s.prototype.abort=async function(e){return this.stream[i](e),e},s.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const h=new WeakSet,l=Symbol("externalBuffer");function y(e){if(this.stream=e,e[l]&&(this[l]=e[l].slice()),n(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||h.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{h.add(e)}catch(e){}}}function p(e){return o(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){if(o(e))return e;const t=new ArrayStream;return(async()=>{const r=C(t);await r.write(e),await r.close()})(),t}function g(e){return e.some((e=>o(e)&&!n(e)))?function(e){e=e.map(p);const t=w((async function(e){await Promise.all(i.map((t=>U(t,e))))}));let r=Promise.resolve();const i=e.map(((i,a)=>k(i,((i,n)=>(r=r.then((()=>m(i,t.writable,{preventClose:a!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>n(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((i,a)=>(r=r.then((()=>m(i,t,{preventClose:a!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):u(e)}async function m(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:a=!1}={}){if(o(e)&&!n(e)){e=p(e);try{if(e[l]){const r=C(t);for(let t=0;t<e[l].length;t++)await r.ready,await r.write(e[l][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:i,preventCancel:a})}catch(e){}return}const s=x(e=d(e)),c=C(t);try{for(;;){await c.ready;const{done:e,value:t}=await s.read();if(e){r||await c.close();break}await c.write(t)}}catch(e){i||await c.abort(e)}finally{s.releaseLock(),c.releaseLock()}}function f(e,t){const r=new TransformStream(t);return m(e,r.writable),r.readable}function w(e){let t,r,i,a=!1,n=!1;return{readable:new ReadableStream({start(e){i=e},pull(){t?t():a=!0},async cancel(t){n=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(n)throw Error("Stream is cancelled");i.enqueue(e),a?a=!1:(await new Promise(((e,i)=>{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function b(e,t=()=>{},r=()=>{}){if(n(e)){const i=new ArrayStream;return(async()=>{const a=C(i);try{const i=await P(e),n=t(i),s=r();let o;o=void 0!==n&&void 0!==s?g([n,s]):void 0!==n?n:s,await a.write(o),await a.close()}catch(e){await a.abort(e)}})(),i}if(o(e))return f(e,{async transform(e,r){try{const i=await t(e);void 0!==i&&r.enqueue(i)}catch(e){r.error(e)}},async flush(e){try{const t=await r();void 0!==t&&e.enqueue(t)}catch(t){e.error(t)}}});const i=t(e),a=r();return void 0!==i&&void 0!==a?g([i,a]):void 0!==i?i:a}function k(e,t){if(o(e)&&!n(e)){let r;const i=new TransformStream({start(e){r=e}}),a=m(e,i.writable),n=w((async function(e){r.error(e),await a,await new Promise(setTimeout)}));return t(i.readable,n.writable),n.readable}e=d(e);const r=new ArrayStream;return t(e,r),r}function v(e,t){let r;const i=k(e,((e,a)=>{const n=x(e);n.remainder=()=>(n.releaseLock(),m(e,a),i),r=t(n)}));return r}function K(e){if(n(e))return e.clone();if(o(e)){const t=function(e){if(n(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(o(e)){const t=p(e).tee();return t[0][l]=t[1][l]=e[l],t}return[S(e),S(e)]}(e);return E(e,t[0]),t[1]}return S(e)}function A(e){return n(e)?K(e):o(e)?new ReadableStream({start(t){const r=k(e,(async(e,r)=>{const i=x(e),a=C(r);try{for(;;){await a.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await a.close()}try{t.enqueue(r)}catch(e){}await a.write(r)}}catch(e){t.error(e),await a.abort(e)}}));E(e,r)}}):S(e)}function E(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function S(e,t=0,r=1/0){if(n(e))throw Error("Not implemented");if(o(e)){if(t>=0&&r>=0){let i=0;return f(e,{transform(e,a){i<r?(i+e.length>=t&&a.enqueue(S(e,Math.max(t-i,0),r-i)),i+=e.length):a.terminate()}})}if(t<0&&(r<0||r===1/0)){let i=[];return b(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>S(g(i),t,r)))}if(0===t&&r<0){let i;return b(e,(e=>{const a=i?g([i,e]):e;if(a.length>=-r)return i=S(a,r),S(a,t,r);i=a}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),D((async()=>S(await P(e),t,r)))}return e[l]&&(e=g(e[l].concat([e]))),c(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function P(e,t=g){return n(e)?e.readToEnd(t):o(e)?x(e).readToEnd(t):e}async function U(e,t){if(o(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise(setTimeout),r}if(e.destroy)return e.destroy(t),await new Promise(setTimeout),t}}function D(e){const t=new ArrayStream;return(async()=>{const r=C(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function x(e){return new y(e)}function C(e){return new s(e)}y.prototype.read=async function(){if(this[l]&&this[l].length){return{done:!1,value:this[l].shift()}}return this._read()},y.prototype.releaseLock=function(){this[l]&&(this.stream[l]=this[l]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?g(t):void 0;const a=i.indexOf("\n")+1;a&&(e=g(t.concat(i.substr(0,a))),t=[]),a!==i.length&&t.push(i.substr(a))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(S(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:a}=await this.read();if(i)return t.length?g(t):void 0;if(t.push(a),r+=a.length,r>=e){const r=g(t);return this.unshift(S(r,e)),S(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[l]||(this[l]=[]),1===e.length&&c(e[0])&&this[l].length&&e[0].length&&this[l][0].byteOffset>=e[0].length?this[l][0]=new Uint8Array(this[l][0].buffer,this[l][0].byteOffset-e[0].length,this[l][0].byteLength+e[0].length):this[l].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=g){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const I=Symbol("byValue");var T={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mldsa_ed25519:30,pqc_mlkem_x25519:35,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[I]||(e[I]=[],Object.entries(e).forEach((([t,r])=>{e[I][r]=t}))),void 0!==e[I][t])return e[I][t];throw Error("Invalid enum value.")}},B={preferredHashAlgorithm:T.hash.sha512,preferredSymmetricAlgorithm:T.symmetric.aes256,preferredCompressionAlgorithm:T.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:T.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:T.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([T.symmetric.aes128,T.symmetric.aes192,T.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,enforceGrammar:!0,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.2.2",commentString:"https://openpgpjs.org",maxUserIDLength:5120,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd]),rejectMessageHashAlgorithms:new Set([T.hash.md5,T.hash.ripemd,T.hash.sha1]),rejectPublicKeyAlgorithms:new Set([T.publicKey.elgamal,T.publicKey.dsa]),rejectCurves:new Set([T.curve.secp256k1])};const M=(()=>{try{return"development"===process.env.NODE_ENV}catch(e){}return!1})(),F={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:c,isStream:o,getNobleCurve:async(e,t)=>{if(!B.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await import("./noble_curves.min.mjs");switch(e){case T.publicKey.ecdh:case T.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case T.publicKey.x448:return r.get("x448");case T.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let i=0;i<t;i++)r[i]=e>>8*(t-i-1)&255;return r},readDate:function(e){const t=F.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return F.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return F.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=F.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return F.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+F.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return b(e,(e=>{if(!F.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,i=(e=new Uint8Array(e)).length;for(let a=0;a<i;a+=r)t.push(String.fromCharCode.apply(String,e.subarray(a,a+r<i?a+r:i)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return b(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return b(e,r,(()=>r(new Uint8Array,!0)))},concat:g,concatUint8Array:u,equalsUint8Array:function(e,t){if(!F.isUint8Array(e)||!F.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},findLastIndex:function(e,t){for(let r=e.length;r>=0;r--)if(t(e[r],r,e))return r;return-1},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return F.writeNumber(t,2)},printDebug:function(e){M&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){M&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i<r;i++)t[i]=e[i]<<1^e[i+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!F.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return b(e,(e=>{let r;t&&(e=F.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const a=new Uint8Array(e.length+i.length);let n=0;for(let t=0;t<i.length;t++){const r=e.subarray(i[t-1]||0,i[t]);a.set(r,n),n+=r.length,a[n-1]=13,a[n]=10,n++}return a.set(e.subarray(i[i.length-1]||0),n),a}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return b(e,(e=>{let r;13===(e=t&&10!==e[0]?F.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const a=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,a),i+=a-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return e instanceof Error?e:Error(e);if(e instanceof Error){try{e.message+=": "+t.message,e.cause=t}catch(e){}return e}return Error(e+": "+t.message,{cause:t})},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise((async(t,r)=>{let i;await Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))),r(i)}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),a=new Uint8Array(i);let n=0;for(let i=0;i<a.length;i++)a[i]=t[i]&256-e|r[i]&255+e,n+=e&i<t.length|1-e&i<r.length;return a.subarray(0,n)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===T.symmetric.aes128||e===T.symmetric.aes192||e===T.symmetric.aes256}},L=F.getNodeBuffer();let _,N;function R(e){let t=new Uint8Array;return b(e,(e=>{t=F.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),a=45*i,n=_(t.subarray(0,a));for(let e=0;e<i;e++)r.push(n.substr(60*e,60)),r.push("\n");return t=t.subarray(a),r.join("")}),(()=>t.length?_(t)+"\n":""))}function z(e){let t="";return b(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e<i.length;e++){const a=i[e];for(let e=t.indexOf(a);-1!==e;e=t.indexOf(a,e+1))r++}let a=t.length;for(;a>0&&(a-r)%4!=0;a--)i.includes(t[a])&&r--;const n=N(t.substr(0,a));return t=t.substr(a),n}),(()=>N(t)))}function O(e){return z(e.replace(/-/g,"+").replace(/_/g,"/"))}function j(e,t){let r=R(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function q(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?T.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?T.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?T.armor.signed:/MESSAGE/.test(t[1])?T.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?T.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?T.armor.privateKey:/SIGNATURE/.test(t[1])?T.armor.signature:void 0}function H(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function G(e){const t=function(e){let t=13501623;return b(e,(e=>{const r=W?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=i[e],t=V[0][t>>24&255]^V[1][t>>16&255]^V[2][t>>8&255]^V[3][255&t];for(let i=4*r;i<e.length;i++)t=t>>8^V[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return R(t)}L?(_=e=>L.from(e).toString("base64"),N=e=>{const t=L.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(_=e=>btoa(F.uint8ArrayToString(e)),N=e=>F.stringToUint8Array(atob(e)));const V=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);V[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)V[1][e]=V[0][e]>>8^V[0][255&V[0][e]];for(let e=0;e<=255;e++)V[2][e]=V[1][e]>>8^V[0][255&V[1][e]];for(let e=0;e<=255;e++)V[3][e]=V[2][e]>>8^V[0][255&V[2][e]];const W=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function $(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||F.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||F.printDebugError(Error("Unknown header: "+e[t]))}function Q(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function X(e){return new Promise((async(t,r)=>{try{const i=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let n;const s=[];let o,c,u=s,h=[];const l=z(k(e,(async(e,y)=>{const p=x(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=F.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),n)if(o)c||n!==T.armor.signed||(i.test(e)?(h=h.join("\r\n"),c=!0,$(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(i.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if($(u),o=!0,c||n!==T.armor.signed){t({text:h,data:l,headers:s,type:n});break}}else u.push(e);else i.test(e)&&(n=q(e))}}catch(e){return void r(e)}const d=C(y);try{for(;;){await d.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=F.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const a=Q(t[0].slice(0,-1));await d.write(a);break}await d.write(r)}await d.ready,await d.close()}catch(e){await d.abort(e)}})))}catch(e){r(e)}})).then((async e=>(n(e.data)&&(e.data=await P(e.data)),e)))}function Y(e,t,r,i,a,n=!1,s=B){let o,c;e===T.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=n&&A(t),h=[];switch(e){case T.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case T.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case T.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n");break;case T.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP MESSAGE-----\n");break;case T.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case T.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case T.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(H(a,s)),h.push(R(t)),u&&h.push("=",G(u)),h.push("-----END PGP SIGNATURE-----\n")}return F.concat(h)}const Z=BigInt(0),J=BigInt(1);function ee(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function te(e,t){const r=e%t;return r<Z?r+t:r}function re(e,t,r){if(r===Z)throw Error("Modulo cannot be zero");if(r===J)return BigInt(0);if(t<Z)throw Error("Unsopported negative exponent");let i=t,a=e;a%=r;let n=BigInt(1);for(;i>Z;){const e=i&J;i>>=J;n=e?n*a%r:n,a=a*a%r}return n}function ie(e){return e>=Z?e:-e}function ae(e,t){const{gcd:r,x:i}=function(e,t){let r=BigInt(0),i=BigInt(1),a=BigInt(1),n=BigInt(0),s=ie(e),o=ie(t);const c=e<Z,u=t<Z;for(;o!==Z;){const e=s/o;let t=r;r=a-e*r,a=t,t=i,i=n-e*i,n=t,t=o,o=s%o,s=t}return{x:c?-a:a,y:u?-n:n,gcd:s}}(e,t);if(r!==J)throw Error("Inverse does not exist");return te(i+t,t)}function ne(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function se(e,t){return(e>>BigInt(t)&J)===Z?0:1}function oe(e){const t=e<Z?BigInt(-1):Z;let r=1,i=e;for(;(i>>=J)!==t;)r++;return r}function ce(e){const t=e<Z?BigInt(-1):Z,r=BigInt(8);let i=1,a=e;for(;(a>>=r)!==t;)i++;return i}function ue(e,t="be",r){let i=e.toString(16);i.length%2==1&&(i="0"+i);const a=i.length/2,n=new Uint8Array(r||a),s=r?r-a:0;let o=0;for(;o<a;)n[o+s]=parseInt(i.slice(2*o,2*o+2),16),o++;return"be"!==t&&n.reverse(),n}const he=F.getNodeCrypto();function le(e){const t="undefined"!=typeof crypto?crypto:he?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function ye(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return te(ee(le(ce(r)+8)),r)+e}const pe=BigInt(1);function de(e,t,r){const i=BigInt(30),a=pe<<BigInt(e-1),n=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let s=ye(a,a<<pe),o=ne(te(s,i));do{s+=BigInt(n[o]),o=(o+n[o])%n.length,oe(s)>e&&(s=te(s,a<<pe),s+=a,o=ne(te(s,i)))}while(!ge(s,t,r));return s}function ge(e,t,r){return(!t||function(e,t){let r=e,i=t;for(;i!==Z;){const e=i;i=r%i,r=e}return r}(e-pe,t)===pe)&&(!!function(e){const t=BigInt(0);return me.every((r=>te(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return re(t,e-pe,e)===pe}(e)&&!!function(e,t){const r=oe(e);t||(t=Math.max(1,r/48|0));const i=e-pe;let a=0;for(;!se(i,a);)a++;const n=e>>BigInt(a);for(;t>0;t--){let t,r=re(ye(BigInt(2),i),n,e);if(r!==pe&&r!==i){for(t=1;t<a;t++){if(r=te(r*r,e),r===pe)return!1;if(r===i)break}if(t===a)return!1}}return!0}(e,r)))}const me=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const fe=F.getWebCrypto(),we=F.getNodeCrypto(),be=we&&we.getHashes();function ke(e){if(we&&be.includes(e))return async function(t){const r=we.createHash(e);return b(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function ve(e,t){const r=async()=>{const{nobleHashes:t}=await import("./noble_hashes.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(n(e)&&(e=await P(e)),F.isStream(e)){const t=(await r()).create();return b(e,(e=>{t.update(e)}),(()=>t.digest()))}if(fe&&t)return new Uint8Array(await fe.digest(t,e));return(await r())(e)}}const Ke=ke("md5")||ve("md5"),Ae=ke("sha1")||ve("sha1","SHA-1"),Ee=ke("sha224")||ve("sha224"),Se=ke("sha256")||ve("sha256","SHA-256"),Pe=ke("sha384")||ve("sha384","SHA-384"),Ue=ke("sha512")||ve("sha512","SHA-512"),De=ke("ripemd160")||ve("ripemd160"),xe=ke("sha3-256")||ve("sha3_256"),Ce=ke("sha3-512")||ve("sha3_512");function Ie(e,t){switch(e){case T.hash.md5:return Ke(t);case T.hash.sha1:return Ae(t);case T.hash.ripemd:return De(t);case T.hash.sha256:return Se(t);case T.hash.sha384:return Pe(t);case T.hash.sha512:return Ue(t);case T.hash.sha224:return Ee(t);case T.hash.sha3_256:return xe(t);case T.hash.sha3_512:return Ce(t);default:throw Error("Unsupported hash function")}}function Te(e){switch(e){case T.hash.md5:return 16;case T.hash.sha1:case T.hash.ripemd:return 20;case T.hash.sha256:return 32;case T.hash.sha384:return 48;case T.hash.sha512:return 64;case T.hash.sha224:return 28;case T.hash.sha3_256:return 32;case T.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Be=[];function Me(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const i=le(e-r);for(let e=0;e<i.length;e++)0!==i[e]&&(t[r++]=i[e])}return t}(t-r-3),a=new Uint8Array(t);return a[1]=2,a.set(i,2),a.set(e,t-r),a}function Fe(e,t){let r=2,i=1;for(let t=r;t<e.length;t++)i&=0!==e[t],r+=i;const a=r-2,n=e.subarray(r+1),s=0===e[0]&2===e[1]&a>=8&!i;if(t)return F.selectUint8Array(s,n,t);if(s)return n;throw Error("Decryption error")}function Le(e,t,r){let i;if(t.length!==Te(e))throw Error("Invalid hash length");const a=new Uint8Array(Be[e].length);for(i=0;i<Be[e].length;i++)a[i]=Be[e][i];const n=a.length+t.length;if(r<n+11)throw Error("Intended encoded message length too short");const s=new Uint8Array(r-n-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(s,2),o.set(a,r-n),o.set(t,r-t.length),o}Be[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Be[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Be[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Be[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Be[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Be[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Be[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const _e=F.getWebCrypto(),Ne=F.getNodeCrypto(),Re=BigInt(1);async function ze(e,t,r,i,a,n,s,o,c){if(Te(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a,n,s,o){const c=await He(r,i,a,n,s,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await _e.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await _e.sign("RSASSA-PKCS1-v1_5",h,t))}(T.read(T.webHash,e),t,r,i,a,n,s,o)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,a,n,s,o){const c=Ne.createSign(T.read(T.hash,e));c.write(t),c.end();const u=await He(r,i,a,n,s,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,i,a,n,s,o);return async function(e,t,r,i){t=ee(t);const a=ee(Le(e,i,ce(t)));return r=ee(r),ue(re(a,r,t),"be",ce(t))}(e,r,a,c)}async function Oe(e,t,r,i,a,n){if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a){const n=Ge(i,a),s=await _e.importKey("jwk",n,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return _e.verify("RSASSA-PKCS1-v1_5",s,r,t)}(T.read(T.webHash,e),t,r,i,a)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return async function(e,t,r,i,a){const n=Ge(i,a),s={key:n,format:"jwk",type:"pkcs1"},o=Ne.createVerify(T.read(T.hash,e));o.write(t),o.end();try{return o.verify(s,r)}catch(e){return!1}}(e,t,r,i,a);return async function(e,t,r,i,a){if(r=ee(r),t=ee(t),i=ee(i),t>=r)throw Error("Signature size cannot exceed modulus size");const n=ue(re(t,i,r),"be",ce(r)),s=Le(e,a,ce(r));return F.equalsUint8Array(n,s)}(e,r,i,a,n)}async function je(e,t,r){return F.getNodeCrypto()?async function(e,t,r){const i=Ge(t,r),a={key:i,format:"jwk",type:"pkcs1",padding:Ne.constants.RSA_PKCS1_PADDING};return new Uint8Array(Ne.publicEncrypt(a,e))}(e,t,r):async function(e,t,r){if(t=ee(t),e=ee(Me(e,ce(t))),r=ee(r),e>=t)throw Error("Message size cannot exceed modulus size");return ue(re(e,r,t),"be",ce(t))}(e,t,r)}async function qe(e,t,r,i,a,n,s,o){if(F.getNodeCrypto()&&!o)try{return await async function(e,t,r,i,a,n,s){const o=await He(t,r,i,a,n,s),c={key:o,format:"jwk",type:"pkcs1",padding:Ne.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Ne.privateDecrypt(c,e))}catch(e){throw Error("Decryption error")}}(e,t,r,i,a,n,s)}catch(e){F.printDebugError(e)}return async function(e,t,r,i,a,n,s,o){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),a=ee(a),n=ee(n),s=ee(s),e>=t)throw Error("Data too large.");const c=te(i,n-Re),u=te(i,a-Re),h=ye(BigInt(2),t),l=re(ae(h,t),r,t);e=te(e*l,t);const y=re(e,u,a),p=re(e,c,n),d=te(s*(p-y),n);let g=d*a+y;return g=te(g*h,t),Fe(ue(g,"be",ce(t)),o)}(e,t,r,i,a,n,s,o)}async function He(e,t,r,i,a,n){const s=ee(i),o=ee(a),c=ee(r);let u=te(c,o-Re),h=te(c,s-Re);return h=ue(h),u=ue(u),{kty:"RSA",n:j(e),e:j(t),d:j(r),p:j(a),q:j(i),dp:j(u),dq:j(h),qi:j(n),ext:!0}}function Ge(e,t){return{kty:"RSA",n:j(e),e:j(t),ext:!0}}function Ve(e,t){return{n:O(e.n),e:ue(t),d:O(e.d),p:O(e.q),q:O(e.p),u:O(e.qi)}}const We=BigInt(1);const $e={"2a8648ce3d030107":T.curve.nistP256,"2b81040022":T.curve.nistP384,"2b81040023":T.curve.nistP521,"2b8104000a":T.curve.secp256k1,"2b06010401da470f01":T.curve.ed25519Legacy,"2b060104019755010501":T.curve.curve25519Legacy,"2b2403030208010107":T.curve.brainpoolP256r1,"2b240303020801010b":T.curve.brainpoolP384r1,"2b240303020801010d":T.curve.brainpoolP512r1};class Qe{constructor(e){if(e instanceof Qe)this.oid=e.oid;else if(F.isArray(e)||F.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return F.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return F.uint8ArrayToHex(this.oid)}getName(){const e=$e[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Xe(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=F.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Ye(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):F.concatUint8Array([new Uint8Array([255]),F.writeNumber(e,4)])}function Ze(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function Je(e){return new Uint8Array([192|e])}function et(e,t){return F.concatUint8Array([Je(e),Ye(t)])}function tt(e){return[T.packet.literalData,T.packet.compressedData,T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData].includes(e)}async function rt(e,t,r){let i,a;try{const n=await e.peekBytes(2);if(!n||n.length<2||!(128&n[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await e.readByte();let o,c,u=-1,h=-1;h=0,64&s&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const l=tt(u);let y,p=null;if(t&&l){if("array"===t){const e=new ArrayStream;i=C(e),p=e}else{const e=new TransformStream;i=C(e.writable),p=e.readable}a=r({tag:u,packet:p})}else p=[];do{if(h){const t=await e.readByte();if(y=!1,t<192)o=t;else if(t>=192&&t<224)o=(t-192<<8)+await e.readByte()+192;else if(t>223&&t<255){if(o=1<<(31&t),y=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte()}else switch(c){case 0:o=await e.readByte();break;case 1:o=await e.readByte()<<8|await e.readByte();break;case 2:o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte();break;default:o=1/0}if(o>0){let t=0;for(;;){i&&await i.ready;const{done:r,value:a}=await e.read();if(r){if(o===1/0)break;throw Error("Unexpected end of packet")}const n=o===1/0?a:a.subarray(0,o-t);if(i?await i.write(n):p.push(n),t+=a.length,t>=o){e.unshift(a.subarray(o-t+a.length));break}}}}while(y);i?(await i.ready,await i.close()):(p=F.concatUint8Array(p),await r({tag:u,packet:p}))}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await a}}class it extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnsupportedError"}}class at extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="UnknownPacketError"}}class nt extends it{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,it),this.name="MalformedPacketError"}}class st{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function ot(e){switch(e){case T.publicKey.ed25519:try{const e=F.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(O(i.x)),seed:O(r.d)}}catch(t){if("NotSupportedError"!==t.name)throw t;const{default:r}=await import("./nacl-fast.min.mjs"),i=le(lt(e)),{publicKey:a}=r.sign.keyPair.fromSeed(i);return{A:a,seed:i}}case T.publicKey.ed448:{const e=await F.getNobleCurve(T.publicKey.ed448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function ct(e,t,r,i,a,n){switch(e){case T.publicKey.ed25519:try{const t=F.getWebCrypto(),r=dt(e,i,a),s=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",s,n))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),r=F.concatUint8Array([a,i]);return{RS:t.sign.detached(n,r)}}case T.publicKey.ed448:return{RS:(await F.getNobleCurve(T.publicKey.ed448)).sign(n,a)};default:throw Error("Unsupported EdDSA algorithm")}}async function ut(e,t,{RS:r},i,a,n){switch(e){case T.publicKey.ed25519:try{const t=F.getWebCrypto(),i=pt(e,a),s=await t.importKey("jwk",i,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",s,r,n)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs");return t.sign.detached.verify(n,r,a)}case T.publicKey.ed448:return(await F.getNobleCurve(T.publicKey.ed448)).verify(r,n,a);default:throw Error("Unsupported EdDSA algorithm")}}async function ht(e,t,r){switch(e){case T.publicKey.ed25519:try{const i=F.getWebCrypto(),a=dt(e,t,r),n=pt(e,t),s=await i.importKey("jwk",a,"Ed25519",!1,["sign"]),o=await i.importKey("jwk",n,"Ed25519",!1,["verify"]),c=le(8),u=new Uint8Array(await i.sign("Ed25519",s,c));return await i.verify("Ed25519",o,u,c)}catch(e){if("NotSupportedError"!==e.name)return!1;const{default:i}=await import("./nacl-fast.min.mjs"),{publicKey:a}=i.sign.keyPair.fromSeed(r);return F.equalsUint8Array(t,a)}case T.publicKey.ed448:{const e=(await F.getNobleCurve(T.publicKey.ed448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}function lt(e){switch(e){case T.publicKey.ed25519:return 32;case T.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function yt(e){switch(e){case T.publicKey.ed25519:return T.hash.sha256;case T.publicKey.ed448:return T.hash.sha512;default:throw Error("Unknown EdDSA algo")}}const pt=(e,t)=>{if(e===T.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:j(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},dt=(e,t,r)=>{if(e===T.publicKey.ed25519){const i=pt(e,t);return i.d=j(r),i}throw Error("Unsupported EdDSA algorithm")};var gt=/*#__PURE__*/Object.freeze({__proto__:null,generate:ot,getPayloadSize:lt,getPreferredHashAlgo:yt,sign:ct,validateParams:ht,verify:ut});
-/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */function mt(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&"Uint8Array"===e.constructor.name}function ft(e,...t){if(!mt(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error("Uint8Array expected of length "+t+", got length="+e.length)}function wt(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function bt(e,t){ft(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}function kt(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function vt(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Kt(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function At(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}const Et=/* @__PURE__ */(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])();function St(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected");return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!mt(e))throw Error("Uint8Array expected, got "+typeof e);e=Bt(e)}return e}function Pt(e,t){return e.buffer===t.buffer&&e.byteOffset<t.byteOffset+t.byteLength&&t.byteOffset<e.byteOffset+e.byteLength}function Ut(e,t){if(Pt(e,t)&&e.byteOffset<t.byteOffset)throw Error("complex overlap of input and output is not supported")}function Dt(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i<e.length;i++)r|=e[i]^t[i];return 0===r}const xt=(e,t)=>{function r(r,...i){if(ft(r),!Et)throw Error("Non little-endian hardware is not yet supported");if(void 0!==e.nonceLength){const t=i[0];if(!t)throw Error("nonce / iv required");e.varSizeNonce?ft(t):ft(t,e.nonceLength)}const a=e.tagLength;a&&void 0!==i[1]&&ft(i[1]);const n=t(r,...i),s=(e,t)=>{if(void 0!==t){if(2!==e)throw Error("cipher output not supported");ft(t)}};let o=!1;return{encrypt(e,t){if(o)throw Error("cannot encrypt() twice with same key + nonce");return o=!0,ft(e),s(n.encrypt.length,t),n.encrypt(e,t)},decrypt(e,t){if(ft(e),a&&e.length<a)throw Error("invalid ciphertext length: smaller than tagLength="+a);return s(n.decrypt.length,t),n.decrypt(e,t)}}}return Object.assign(r,e),r};function Ct(e,t,r=!0){if(void 0===t)return new Uint8Array(e);if(t.length!==e)throw Error("invalid output length, expected "+e+", got: "+t.length);if(r&&!Tt(t))throw Error("invalid output, must be aligned");return t}function It(e,t,r,i){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,i);const a=BigInt(32),n=BigInt(4294967295),s=Number(r>>a&n),o=Number(r&n);e.setUint32(t+0,s,i),e.setUint32(t+4,o,i)}function Tt(e){return e.byteOffset%4==0}function Bt(e){return Uint8Array.from(e)}const Mt=16,Ft=/* @__PURE__ */new Uint8Array(16),Lt=vt(Ft),_t=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Nt{constructor(e,t){this.blockLen=Mt,this.outputLen=Mt,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,ft(e=St(e),16);const r=At(e);let i=r.getUint32(0,!1),a=r.getUint32(4,!1),n=r.getUint32(8,!1),s=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:_t(i),s1:_t(a),s2:_t(n),s3:_t(s)}),({s0:i,s1:a,s2:n,s3:s}={s3:(h=n)<<31|(l=s)>>>1,s2:(u=a)<<31|h>>>1,s1:(c=i)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const y=(p=t||1024)>65536?8:p>1024?4:2;var p;if(![1,2,4,8].includes(y))throw Error("ghash: invalid window size, expected 2, 4 or 8");this.W=y;const d=128/y,g=this.windowSize=2**y,m=[];for(let e=0;e<d;e++)for(let t=0;t<g;t++){let r=0,i=0,a=0,n=0;for(let s=0;s<y;s++){if(!(t>>>y-s-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[y*e+s];r^=c,i^=u,a^=h,n^=l}m.push({s0:r,s1:i,s2:a,s3:n})}this.t=m}_updateBlock(e,t,r,i){e^=this.s0,t^=this.s1,r^=this.s2,i^=this.s3;const{W:a,t:n,windowSize:s}=this;let o=0,c=0,u=0,h=0;const l=(1<<a)-1;let y=0;for(const p of[e,t,r,i])for(let e=0;e<4;e++){const t=p>>>8*e&255;for(let e=8/a-1;e>=0;e--){const r=t>>>a*e&l,{s0:i,s1:p,s2:d,s3:g}=n[y*s+r];o^=i,c^=p,u^=d,h^=g,y+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){wt(this),ft(e=St(e));const t=vt(e),r=Math.floor(e.length/Mt),i=e.length%Mt;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return i&&(Ft.set(e.subarray(r*Mt)),this._updateBlock(Lt[0],Lt[1],Lt[2],Lt[3]),Kt(Lt)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){wt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=vt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e}digest(){const e=new Uint8Array(Mt);return this.digestInto(e),this.destroy(),e}}class Rt extends Nt{constructor(e,t){ft(e=St(e));const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const i=e[t];e[t]=i>>>1|r,r=(1&i)<<7}return e[0]^=225&-t,e}(Bt(e));super(r,t),Kt(r)}update(e){e=St(e),wt(this);const t=vt(e),r=e.length%Mt,i=Math.floor(e.length/Mt);for(let e=0;e<i;e++)this._updateBlock(_t(t[4*e+3]),_t(t[4*e+2]),_t(t[4*e+1]),_t(t[4*e+0]));return r&&(Ft.set(e.subarray(i*Mt)),this._updateBlock(_t(Lt[3]),_t(Lt[2]),_t(Lt[1]),_t(Lt[0])),Kt(Lt)),this}digestInto(e){wt(this),bt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=vt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e.reverse()}}function zt(e){const t=(t,r)=>e(r,t.length).update(St(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const Ot=zt(((e,t)=>new Nt(e,t)));zt(((e,t)=>new Rt(e,t)));const jt=16,qt=/* @__PURE__ */new Uint8Array(jt);function Ht(e){return e<<1^283&-(e>>7)}function Gt(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=Ht(e);return r}const Vt=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=Ht(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let i=e[255-r];i|=i<<8,t[e[r]]=255&(i^i>>4^i>>5^i>>6^i>>7^99)}return Kt(e),t})(),Wt=/* @__PURE__ */Vt.map(((e,t)=>Vt.indexOf(t))),$t=e=>e<<8|e>>>24,Qt=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Xt(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,i)=>t(e[i]))),i=r.map($t),a=i.map($t),n=a.map($t),s=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;s[h]=r[t]^i[u],o[h]=a[t]^n[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:i,T2:a,T3:n,T01:s,T23:o}}const Yt=/* @__PURE__ */Xt(Vt,(e=>Gt(e,3)<<24|e<<16|e<<8|Gt(e,2))),Zt=/* @__PURE__ */Xt(Wt,(e=>Gt(e,11)<<24|Gt(e,13)<<16|Gt(e,9)<<8|Gt(e,14))),Jt=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=Ht(r))e[t]=r;return e})();function er(e){ft(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: invalid key size, should be 16, 24 or 32, got "+t);const{sbox2:r}=Yt,i=[];Tt(e)||i.push(e=Bt(e));const a=vt(e),n=a.length,s=e=>ir(r,e,e,e,e),o=new Uint32Array(t+28);o.set(a);for(let e=n;e<o.length;e++){let t=o[e-1];e%n==0?t=s((c=t)<<24|c>>>8)^Jt[e/n-1]:n>6&&e%n==4&&(t=s(t)),o[e]=o[e-n]^t}var c;return Kt(...i),o}function tr(e){const t=er(e),r=t.slice(),i=t.length,{sbox2:a}=Yt,{T0:n,T1:s,T2:o,T3:c}=Zt;for(let e=0;e<i;e+=4)for(let a=0;a<4;a++)r[e+a]=t[i-e-4+a];Kt(t);for(let e=4;e<i-4;e++){const t=r[e],i=ir(a,t,t,t,t);r[e]=n[255&i]^s[i>>>8&255]^o[i>>>16&255]^c[i>>>24]}return r}function rr(e,t,r,i,a,n){return e[r<<8&65280|i>>>8&255]^t[a>>>8&65280|n>>>24&255]}function ir(e,t,r,i,a){return e[255&t|65280&r]|e[i>>>16&255|a>>>16&65280]<<16}function ar(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Yt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^rr(s,o,t,r,i,a),u=e[c++]^rr(s,o,r,i,a,t),h=e[c++]^rr(s,o,i,a,t,r),l=e[c++]^rr(s,o,a,t,r,i);t=n,r=u,i=h,a=l}return{s0:e[c++]^ir(n,t,r,i,a),s1:e[c++]^ir(n,r,i,a,t),s2:e[c++]^ir(n,i,a,t,r),s3:e[c++]^ir(n,a,t,r,i)}}function nr(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Zt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^rr(s,o,t,a,i,r),u=e[c++]^rr(s,o,r,t,a,i),h=e[c++]^rr(s,o,i,r,t,a),l=e[c++]^rr(s,o,a,i,r,t);t=n,r=u,i=h,a=l}return{s0:e[c++]^ir(n,t,a,i,r),s1:e[c++]^ir(n,r,t,a,i),s2:e[c++]^ir(n,i,r,t,a),s3:e[c++]^ir(n,a,i,r,t)}}function sr(e,t,r,i){ft(t,jt),ft(r);const a=r.length;Ut(r,i=Ct(a,i));const n=t,s=vt(n);let{s0:o,s1:c,s2:u,s3:h}=ar(e,s[0],s[1],s[2],s[3]);const l=vt(r),y=vt(i);for(let t=0;t+4<=l.length;t+=4){y[t+0]=l[t+0]^o,y[t+1]=l[t+1]^c,y[t+2]=l[t+2]^u,y[t+3]=l[t+3]^h;let r=1;for(let e=n.length-1;e>=0;e--)r=r+(255&n[e])|0,n[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=ar(e,s[0],s[1],s[2],s[3]))}const p=jt*Math.floor(l.length/4);if(p<a){const e=new Uint32Array([o,c,u,h]),t=kt(e);for(let e=p,n=0;e<a;e++,n++)i[e]=r[e]^t[n];Kt(e)}return i}function or(e,t,r,i,a){ft(r,jt),ft(i),a=Ct(i.length,a);const n=r,s=vt(n),o=At(n),c=vt(i),u=vt(a),h=t?0:12,l=i.length;let y=o.getUint32(h,t),{s0:p,s1:d,s2:g,s3:m}=ar(e,s[0],s[1],s[2],s[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^p,u[r+1]=c[r+1]^d,u[r+2]=c[r+2]^g,u[r+3]=c[r+3]^m,y=y+1>>>0,o.setUint32(h,y,t),({s0:p,s1:d,s2:g,s3:m}=ar(e,s[0],s[1],s[2],s[3]));const f=jt*Math.floor(c.length/4);if(f<l){const e=new Uint32Array([p,d,g,m]),t=kt(e);for(let e=f,r=0;e<l;e++,r++)a[e]=i[e]^t[r];Kt(e)}return a}const cr=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t){function r(r,i){if(ft(r),void 0!==i&&(ft(i),!Tt(i)))throw Error("unaligned destination");const a=er(e),n=Bt(t),s=[a,n];Tt(r)||s.push(r=Bt(r));const o=sr(a,n,r,i);return Kt(...s),o}return{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const ur=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t,r={}){const i=!r.disablePadding;return{encrypt(r,a){const n=er(e),{b:s,o,out:c}=function(e,t,r){ft(e);let i=e.length;const a=i%jt;if(!t&&0!==a)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Tt(e)||(e=Bt(e));const n=vt(e);if(t){let e=jt-a;e||(e=jt),i+=e}return Ut(e,r=Ct(i,r)),{b:n,o:vt(r),out:r}}(r,i,a);let u=t;const h=[n];Tt(u)||h.push(u=Bt(u));const l=vt(u);let y=l[0],p=l[1],d=l[2],g=l[3],m=0;for(;m+4<=s.length;)y^=s[m+0],p^=s[m+1],d^=s[m+2],g^=s[m+3],({s0:y,s1:p,s2:d,s3:g}=ar(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g;if(i){const e=function(e){const t=new Uint8Array(16),r=vt(t);t.set(e);const i=jt-e.length;for(let e=jt-i;e<jt;e++)t[e]=i;return r}(r.subarray(4*m));y^=e[0],p^=e[1],d^=e[2],g^=e[3],({s0:y,s1:p,s2:d,s3:g}=ar(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g}return Kt(...h),c},decrypt(r,a){!function(e){if(ft(e),e.length%jt!=0)throw Error("aes-(cbc/ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const n=tr(e);let s=t;const o=[n];Tt(s)||o.push(s=Bt(s));const c=vt(s);a=Ct(r.length,a),Tt(r)||o.push(r=Bt(r)),Ut(r,a);const u=vt(r),h=vt(a);let l=c[0],y=c[1],p=c[2],d=c[3];for(let e=0;e+4<=u.length;){const t=l,r=y,i=p,a=d;l=u[e+0],y=u[e+1],p=u[e+2],d=u[e+3];const{s0:s,s1:o,s2:c,s3:g}=nr(n,l,y,p,d);h[e++]=s^t,h[e++]=o^r,h[e++]=c^i,h[e++]=g^a}return Kt(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const i=e[r-1];if(i<=0||i>16)throw Error("aes/pcks5: wrong padding");const a=e.subarray(0,-i);for(let t=0;t<i;t++)if(e[r-t-1]!==i)throw Error("aes/pcks5: wrong padding");return a}(a,i)}}})),hr=/* @__PURE__ */xt({blockSize:16,nonceLength:16},(function(e,t){function r(r,i,a){ft(r);const n=r.length;if(Pt(r,a=Ct(n,a)))throw Error("overlapping src and dst not supported.");const s=er(e);let o=t;const c=[s];Tt(o)||c.push(o=Bt(o)),Tt(r)||c.push(r=Bt(r));const u=vt(r),h=vt(a),l=i?h:u,y=vt(o);let p=y[0],d=y[1],g=y[2],m=y[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:i,s3:a}=ar(s,p,d,g,m);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^i,h[e+3]=u[e+3]^a,p=l[e++],d=l[e++],g=l[e++],m=l[e++]}const f=jt*Math.floor(u.length/4);if(f<n){({s0:p,s1:d,s2:g,s3:m}=ar(s,p,d,g,m));const e=kt(new Uint32Array([p,d,g,m]));for(let t=f,i=0;t<n;t++,i++)a[t]=r[t]^e[i];Kt(e)}return Kt(...c),a}return{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));function lr(e,t,r,i,a){const n=a?a.length:0,s=e.create(r,i.length+n);a&&s.update(a);const o=function(e,t,r){const i=new Uint8Array(16),a=At(i);return It(a,0,BigInt(t),r),It(a,8,BigInt(e),r),i}(8*i.length,8*n,t);s.update(i),s.update(o);const c=s.digest();return Kt(o),c}const yr=/* @__PURE__ */xt({blockSize:16,nonceLength:12,tagLength:16,varSizeNonce:!0},(function(e,t,r){if(t.length<8)throw Error("aes/gcm: invalid nonce length");function i(e,t,i){const a=lr(Ot,!1,e,i,r);for(let e=0;e<t.length;e++)a[e]^=t[e];return a}function a(){const r=er(e),i=qt.slice(),a=qt.slice();if(or(r,!1,a,a,i),12===t.length)a.set(t);else{const e=qt.slice();It(At(e),8,BigInt(8*t.length),!1);const r=Ot.create(i).update(t).update(e);r.digestInto(a),r.destroy()}return{xk:r,authKey:i,counter:a,tagMask:or(r,!1,a,qt)}}return{encrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=new Uint8Array(e.length+16),c=[t,r,n,s];Tt(e)||c.push(e=Bt(e)),or(t,!1,n,e,o.subarray(0,e.length));const u=i(r,s,o.subarray(0,o.length-16));return c.push(u),o.set(u,e.length),Kt(...c),o},decrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=[t,r,s,n];Tt(e)||o.push(e=Bt(e));const c=e.subarray(0,-16),u=e.subarray(-16),h=i(r,s,c);if(o.push(h),!Dt(h,u))throw Error("aes/gcm: invalid ghash tag");const l=or(t,!1,n,c);return Kt(...o),l}}}));function pr(e){return e instanceof Uint32Array||ArrayBuffer.isView(e)&&"Uint32Array"===e.constructor.name}function dr(e,t){if(ft(t,16),!pr(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=vt(t);let{s0:i,s1:a,s2:n,s3:s}=ar(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}function gr(e,t){if(ft(t,16),!pr(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=vt(t);let{s0:i,s1:a,s2:n,s3:s}=nr(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}const mr={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=er(e);if(16===t.length)dr(r,t);else{const e=vt(t);let i=e[0],a=e[1];for(let t=0,n=1;t<6;t++)for(let t=2;t<e.length;t+=2,n++){const{s0:s,s1:o,s2:c,s3:u}=ar(r,i,a,e[t],e[t+1]);i=s,a=o^Qt(n),e[t]=c,e[t+1]=u}e[0]=i,e[1]=a}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=tr(e),i=t.length/8-1;if(1===i)gr(r,t);else{const e=vt(t);let a=e[0],n=e[1];for(let t=0,s=6*i;t<6;t++)for(let t=2*i;t>=1;t-=2,s--){n^=Qt(s);const{s0:i,s1:o,s2:c,s3:u}=nr(r,a,n,e[t],e[t+1]);a=i,n=o,e[t]=c,e[t+1]=u}e[0]=a,e[1]=n}r.fill(0)}},fr=/* @__PURE__ */new Uint8Array(8).fill(166),wr=/* @__PURE__ */xt({blockSize:8},(e=>({encrypt(t){if(!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const i=e[r];ft(i),t+=i.length}const r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const a=e[t];r.set(a,i),i+=a.length}return r}(fr,t);return mr.encrypt(e,r),r},decrypt(t){if(t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=Bt(t);if(mr.decrypt(e,r),!Dt(r.subarray(0,8),fr))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),br={expandKeyLE:er,expandKeyDecLE:tr,encrypt:ar,decrypt:nr,encryptBlock:dr,decryptBlock:gr,ctrCounter:sr,ctr32:or};async function kr(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:throw Error("Not a legacy cipher");case T.symmetric.cast5:case T.symmetric.blowfish:case T.symmetric.twofish:case T.symmetric.tripledes:{const{legacyCiphers:t}=await import("./legacy_ciphers.min.mjs"),r=T.read(T.symmetric,e),i=t.get(r);if(!i)throw Error("Unsupported cipher algorithm");return i}default:throw Error("Unsupported cipher algorithm")}}function vr(e){switch(e){case T.symmetric.aes128:case T.symmetric.aes192:case T.symmetric.aes256:case T.symmetric.twofish:return 16;case T.symmetric.blowfish:case T.symmetric.cast5:case T.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function Kr(e){switch(e){case T.symmetric.aes128:case T.symmetric.blowfish:case T.symmetric.cast5:return 16;case T.symmetric.aes192:case T.symmetric.tripledes:return 24;case T.symmetric.aes256:case T.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function Ar(e){return{keySize:Kr(e),blockSize:vr(e)}}const Er=F.getWebCrypto();async function Sr(e,t,r){const{keySize:i}=Ar(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");try{const e=await Er.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),i=await Er.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),a=await Er.wrapKey("raw",i,e,{name:"AES-KW"});return new Uint8Array(a)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return wr(t).encrypt(r)}async function Pr(e,t,r){const{keySize:i}=Ar(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");let a;try{a=await Er.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return F.printDebugError("Browser did not support operation: "+e.message),wr(t).decrypt(r)}try{const e=await Er.unwrapKey("raw",r,a,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await Er.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}async function Ur(e,t,r,i,a){const n=F.getWebCrypto(),s=T.read(T.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const o=await n.importKey("raw",t,"HKDF",!1,["deriveBits"]),c=await n.deriveBits({name:"HKDF",hash:s,salt:r,info:i},o,8*a);return new Uint8Array(c)}const Dr={x25519:F.encodeUTF8("OpenPGP X25519"),x448:F.encodeUTF8("OpenPGP X448")};async function xr(e){switch(e){case T.publicKey.x25519:try{const e=F.getWebCrypto(),t=await e.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);if(r.x!==i.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}return{A:new Uint8Array(O(i.x)),k:O(r.d)}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),{secretKey:r,publicKey:i}=t.box.keyPair();return{A:i,k:r}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function Cr(e,t,r){switch(e){case T.publicKey.x25519:try{const{ephemeralPublicKey:i,sharedSecret:a}=await Mr(e,t),n=await Fr(e,i,t,r);return F.equalsUint8Array(a,n)}catch(e){return!1}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}async function Ir(e,t,r){const{ephemeralPublicKey:i,sharedSecret:a}=await Mr(e,r),n=F.concatUint8Array([i,r,a]);switch(e){case T.publicKey.x25519:{const e=T.symmetric.aes128,{keySize:r}=Ar(e),a=await Ur(T.hash.sha256,n,new Uint8Array,Dr.x25519,r);return{ephemeralPublicKey:i,wrappedKey:await Sr(e,a,t)}}case T.publicKey.x448:{const e=T.symmetric.aes256,{keySize:r}=Ar(T.symmetric.aes256),a=await Ur(T.hash.sha512,n,new Uint8Array,Dr.x448,r);return{ephemeralPublicKey:i,wrappedKey:await Sr(e,a,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function Tr(e,t,r,i,a){const n=await Fr(e,t,i,a),s=F.concatUint8Array([t,i,n]);switch(e){case T.publicKey.x25519:{const e=T.symmetric.aes128,{keySize:t}=Ar(e);return Pr(e,await Ur(T.hash.sha256,s,new Uint8Array,Dr.x25519,t),r)}case T.publicKey.x448:{const e=T.symmetric.aes256,{keySize:t}=Ar(T.symmetric.aes256);return Pr(e,await Ur(T.hash.sha512,s,new Uint8Array,Dr.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function Br(e){switch(e){case T.publicKey.x25519:return 32;case T.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function Mr(e,t){switch(e){case T.publicKey.x25519:try{const r=F.getWebCrypto(),i=await r.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),a=await r.exportKey("jwk",i.publicKey);if((await r.exportKey("jwk",i.privateKey)).x!==a.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}const n=_r(e,t),s=await r.importKey("jwk",n,"X25519",!1,[]),o=await r.deriveBits({name:"X25519",public:s},i.privateKey,8*Br(e));return{sharedSecret:new Uint8Array(o),ephemeralPublicKey:new Uint8Array(O(a.x))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),{secretKey:i,publicKey:a}=r.box.keyPair(),n=r.scalarMult(i,t);return Lr(n),{ephemeralPublicKey:a,sharedSecret:n}}case T.publicKey.x448:{const e=await F.getNobleCurve(T.publicKey.x448),{secretKey:r,publicKey:i}=e.keygen(),a=e.getSharedSecret(r,t);return Lr(a),{ephemeralPublicKey:i,sharedSecret:a}}default:throw Error("Unsupported ECDH algorithm")}}async function Fr(e,t,r,i){switch(e){case T.publicKey.x25519:try{const a=F.getWebCrypto(),n=function(e,t,r){if(e===T.publicKey.x25519){const i=_r(e,t);return i.d=j(r),i}throw Error("Unsupported ECDH algorithm")}(e,r,i),s=_r(e,t),o=await a.importKey("jwk",n,"X25519",!1,["deriveKey","deriveBits"]),c=await a.importKey("jwk",s,"X25519",!1,[]),u=await a.deriveBits({name:"X25519",public:c},o,8*Br(e));return new Uint8Array(u)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),a=r.scalarMult(i,t);return Lr(a),a}case T.publicKey.x448:{const e=(await F.getNobleCurve(T.publicKey.x448)).getSharedSecret(i,t);return Lr(e),e}default:throw Error("Unsupported ECDH algorithm")}}function Lr(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}function _r(e,t){if(e===T.publicKey.x25519){return{kty:"OKP",crv:"X25519",x:j(t),ext:!0}}throw Error("Unsupported ECDH algorithm")}var Nr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Tr,encrypt:Ir,generate:xr,generateEphemeralEncryptionMaterial:Mr,getPayloadSize:Br,recomputeSharedSecret:Fr,validateParams:Cr});const Rr=F.getWebCrypto(),zr=F.getNodeCrypto(),Or={[T.curve.nistP256]:"P-256",[T.curve.nistP384]:"P-384",[T.curve.nistP521]:"P-521"},jr=zr?zr.getCurves():[],qr=zr?{[T.curve.secp256k1]:jr.includes("secp256k1")?"secp256k1":void 0,[T.curve.nistP256]:jr.includes("prime256v1")?"prime256v1":void 0,[T.curve.nistP384]:jr.includes("secp384r1")?"secp384r1":void 0,[T.curve.nistP521]:jr.includes("secp521r1")?"secp521r1":void 0,[T.curve.ed25519Legacy]:jr.includes("ED25519")?"ED25519":void 0,[T.curve.curve25519Legacy]:jr.includes("X25519")?"X25519":void 0,[T.curve.brainpoolP256r1]:jr.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[T.curve.brainpoolP384r1]:jr.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[T.curve.brainpoolP512r1]:jr.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Hr={[T.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.nistP256],web:Or[T.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[T.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:T.publicKey.ecdsa,hash:T.hash.sha384,cipher:T.symmetric.aes192,node:qr[T.curve.nistP384],web:Or[T.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[T.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:T.publicKey.ecdsa,hash:T.hash.sha512,cipher:T.symmetric.aes256,node:qr[T.curve.nistP521],web:Or[T.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[T.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[T.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:T.publicKey.eddsaLegacy,hash:T.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[T.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:T.publicKey.ecdh,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[T.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:T.publicKey.ecdsa,hash:T.hash.sha256,cipher:T.symmetric.aes128,node:qr[T.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[T.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:T.publicKey.ecdsa,hash:T.hash.sha384,cipher:T.symmetric.aes192,node:qr[T.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[T.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:T.publicKey.ecdsa,hash:T.hash.sha512,cipher:T.symmetric.aes256,node:qr[T.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class Gr{constructor(e){try{this.name=e instanceof Qe?e.getName():T.write(T.curve,e)}catch(e){throw new it("Unknown curve")}const t=Hr[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&F.getWebCrypto()?this.type="web":this.node&&F.getNodeCrypto()?this.type="node":this.name===T.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===T.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await Rr.generateKey({name:"ECDSA",namedCurve:Or[e]},!0,["sign","verify"]),i=await Rr.exportKey("jwk",r.privateKey);return{publicKey:Yr(await Rr.exportKey("jwk",r.publicKey),t),privateKey:O(i.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return F.printDebugError("Browser did not support generating ec key "+e.message),Xr(this.name)}case"node":return async function(e){const t=zr.createECDH(qr[e]);return await t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await xr(T.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await ot(T.publicKey.ed25519);return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return Xr(this.name)}}}async function Vr(e){const t=new Gr(e),{oid:r,hash:i,cipher:a}=t,n=await t.genKeyPair();return{oid:r,Q:n.publicKey,secret:F.leftPad(n.privateKey,t.payloadSize),hash:i,cipher:a}}function Wr(e){return Hr[e.getName()].hash}async function $r(e,t,r,i){const a={[T.curve.nistP256]:!0,[T.curve.nistP384]:!0,[T.curve.nistP521]:!0,[T.curve.secp256k1]:!0,[T.curve.curve25519Legacy]:e===T.publicKey.ecdh,[T.curve.brainpoolP256r1]:!0,[T.curve.brainpoolP384r1]:!0,[T.curve.brainpoolP512r1]:!0},n=t.getName();if(!a[n])return!1;if(n===T.curve.curve25519Legacy){const e=i.slice().reverse();return!(r.length<1||64!==r[0])&&Cr(T.publicKey.x25519,r.subarray(1),e)}const s=(await F.getNobleCurve(T.publicKey.ecdsa,n)).getPublicKey(i,!1);return!!F.equalsUint8Array(s,r)}function Qr(e,t){const{payloadSize:r,wireFormatLeadingByte:i,name:a}=e,n=a===T.curve.curve25519Legacy||a===T.curve.ed25519Legacy?r:2*r;if(t[0]!==i||t.length!==n+1)throw Error("Invalid point encoding")}async function Xr(e){const t=await F.getNobleCurve(T.publicKey.ecdsa,e),{secretKey:r}=t.keygen();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function Yr(e,t){const r=O(e.x),i=O(e.y),a=new Uint8Array(r.length+i.length+1);return a[0]=t,a.set(r,1),a.set(i,r.length+1),a}function Zr(e,t,r){const i=e,a=r.slice(1,i+1),n=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:j(a),y:j(n),ext:!0}}function Jr(e,t,r,i){const a=Zr(e,t,r);return a.d=j(i),a}const ei=F.getWebCrypto(),ti=F.getNodeCrypto();async function ri(e,t,r,i,a,n){const s=new Gr(e);if(Qr(s,i),r&&!F.isStream(r)){const e={publicKey:i,privateKey:a};switch(s.type){case"web":try{return await async function(e,t,r,i){const a=e.payloadSize,n=Jr(e.payloadSize,Or[e.name],i.publicKey,i.privateKey),s=await ei.importKey("jwk",n,{name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await ei.sign({name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,t)}},s,r));return{r:o.slice(0,a),s:o.slice(a,a<<1)}}(s,t,r,e)}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return async function(e,t,r,i){const a=F.nodeRequire("eckey-utils"),n=F.getNodeBuffer(),{privateKey:s}=a.generateDer({curveName:qr[e.name],privateKey:n.from(i)}),o=ti.createSign(T.read(T.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:s,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(s,t,r,a)}}const o=(await F.getNobleCurve(T.publicKey.ecdsa,s.name)).sign(n,a,{lowS:!1});return{r:ue(o.r,"be",s.payloadSize),s:ue(o.s,"be",s.payloadSize)}}async function ii(e,t,r,i,a,n){const s=new Gr(e);Qr(s,a);const o=async()=>0===n[0]&&ai(s,r,n.subarray(1),a);if(i&&!F.isStream(i))switch(s.type){case"web":try{const e=await async function(e,t,{r,s:i},a,n){const s=Zr(e.payloadSize,Or[e.name],n),o=await ei.importKey("jwk",s,{name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,e.hash)}},!1,["verify"]),c=F.concatUint8Array([r,i]).buffer;return ei.verify({name:"ECDSA",namedCurve:Or[e.name],hash:{name:T.read(T.webHash,t)}},o,c,a)}(s,t,r,i,a);return e||o()}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=await async function(e,t,{r,s:i},a,n){const s=F.nodeRequire("eckey-utils"),o=F.getNodeBuffer(),{publicKey:c}=s.generateDer({curveName:qr[e.name],publicKey:o.from(n)}),u=ti.createVerify(T.read(T.hash,t));u.write(a),u.end();const h=F.concatUint8Array([r,i]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch(e){return!1}}(s,t,r,i,a);return e||o()}}return await ai(s,r,n,a)||o()}async function ai(e,t,r,i){return(await F.getNobleCurve(T.publicKey.ecdsa,e.name)).verify(F.concatUint8Array([t.r,t.s]),r,i,{lowS:!1})}var ni=/*#__PURE__*/Object.freeze({__proto__:null,sign:ri,validateParams:async function(e,t,r){const i=new Gr(e);if(i.keyType!==T.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=le(8),a=T.hash.sha256,n=await Ie(a,i);try{const s=await ri(e,a,i,t,r,n);return await ii(e,a,s,i,t,n)}catch(e){return!1}}default:return $r(T.publicKey.ecdsa,e,t,r)}},verify:ii});async function si(e,t,r,i,a,n){Qr(new Gr(e),i);const{RS:s}=await ct(T.publicKey.ed25519,0,0,i.subarray(1),a,n);return{r:s.subarray(0,32),s:s.subarray(32)}}async function oi(e,t,{r,s:i},a,n,s){Qr(new Gr(e),n);const o=F.concatUint8Array([r,i]);return ut(T.publicKey.ed25519,0,{RS:o},0,n.subarray(1),s)}async function ci(e,t,r){return e.getName()===T.curve.ed25519Legacy&&(!(t.length<1||64!==t[0])&&ht(T.publicKey.ed25519,t.subarray(1),r))}var ui=/*#__PURE__*/Object.freeze({__proto__:null,sign:si,validateParams:ci,verify:oi});function hi(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),a=new Uint8Array(r).fill(r);if(F.equalsUint8Array(i,a))return e.subarray(0,t-r)}}throw Error("Invalid padding")}function li(e,t,r,i){return F.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),F.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||i])}async function yi(e,t,r,i,a=!1,n=!1){let s;if(a){for(s=0;s<t.length&&0===t[s];s++);t=t.subarray(s)}if(n){for(s=t.length-1;s>=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Ie(e,F.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function pi(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:i}=await Mr(T.publicKey.x25519,t.subarray(1));return{publicKey:F.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),i]),sharedKey:r}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t){const r=F.getWebCrypto(),i=Zr(e.payloadSize,e.web,t);let a=r.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),n=r.importKey("jwk",i,{name:"ECDH",namedCurve:e.web},!1,[]);[a,n]=await Promise.all([a,n]);let s=r.deriveBits({name:"ECDH",namedCurve:e.web,public:n},a.privateKey,e.sharedSize),o=r.exportKey("jwk",a.publicKey);[s,o]=await Promise.all([s,o]);const c=new Uint8Array(s),u=new Uint8Array(Yr(o,e.wireFormatLeadingByte));return{publicKey:u,sharedKey:c}}(e,t)}catch(r){return F.printDebugError(r),wi(e,t)}break;case"node":return async function(e,t){const r=F.getNodeCrypto(),i=r.createECDH(e.node);i.generateKeys();const a=new Uint8Array(i.computeSecret(t));return{publicKey:new Uint8Array(i.getPublicKey()),sharedKey:a}}(e,t);default:return wi(e,t)}}async function di(e,t,r,i,a){const n=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),s=new Gr(e);Qr(s,i);const{publicKey:o,sharedKey:c}=await pi(s,i),u=li(T.publicKey.ecdh,e,t,a),{keySize:h}=Ar(t.cipher),l=await yi(t.hash,c,h,u);return{publicKey:o,wrappedKey:await Sr(t.cipher,l,n)}}async function gi(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519Legacy":{const e=i.slice().reverse();return{secretKey:e,sharedKey:await Fr(T.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t,r,i){const a=F.getWebCrypto(),n=Jr(e.payloadSize,e.web,r,i);let s=a.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const o=Zr(e.payloadSize,e.web,t);let c=a.importKey("jwk",o,{name:"ECDH",namedCurve:e.web},!0,[]);[s,c]=await Promise.all([s,c]);let u=a.deriveBits({name:"ECDH",namedCurve:e.web,public:c},s,e.sharedSize),h=a.exportKey("jwk",s);[u,h]=await Promise.all([u,h]);const l=new Uint8Array(u);return{secretKey:O(h.d),sharedKey:l}}(e,t,r,i)}catch(r){return F.printDebugError(r),fi(e,t,i)}break;case"node":return async function(e,t,r){const i=F.getNodeCrypto(),a=i.createECDH(e.node);a.setPrivateKey(r);const n=new Uint8Array(a.computeSecret(t));return{secretKey:new Uint8Array(a.getPrivateKey()),sharedKey:n}}(e,t,i);default:return fi(e,t,i)}}async function mi(e,t,r,i,a,n,s){const o=new Gr(e);Qr(o,a),Qr(o,r);const{sharedKey:c}=await gi(o,r,a,n),u=li(T.publicKey.ecdh,e,t,s),{keySize:h}=Ar(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await yi(t.hash,c,h,u,1===e,2===e);return hi(await Pr(t.cipher,r,i))}catch(e){l=e}throw l}async function fi(e,t,r){return{secretKey:r,sharedKey:(await F.getNobleCurve(T.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function wi(e,t){const r=await F.getNobleCurve(T.publicKey.ecdh,e.name),{publicKey:i,privateKey:a}=await e.genKeyPair();return{publicKey:i,sharedKey:r.getSharedSecret(a,t).subarray(1)}}var bi=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Gr,ecdh:/*#__PURE__*/Object.freeze({__proto__:null,decrypt:mi,encrypt:di,validateParams:async function(e,t,r){return $r(T.publicKey.ecdh,e,t,r)}}),ecdhX:Nr,ecdsa:ni,eddsa:gt,eddsaLegacy:ui,generate:Vr,getPreferredHashAlgo:Wr});const ki=BigInt(0),vi=BigInt(1);const Ki=new Set([T.hash.sha1,T.hash.sha256,T.hash.sha512]),Ai=F.getWebCrypto(),Ei=F.getNodeCrypto();async function Si(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{publicKey:r,secretKey:i}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:i}}throw Error("Unsupported KEM algorithm")}async function Pi(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===T.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await xr(T.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}=await async function(e){if(e===T.publicKey.pqc_mlkem_x25519){const t=le(64),{mlkemSecretKey:r,mlkemPublicKey:i}=await Si(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:i}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}}async function Ui(e,t,r,i){const{eccKeyShare:a,eccCipherText:n}=await async function(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await Mr(T.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:s,mlkemCipherText:o}=await async function(e,t){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{cipherText:r,sharedSecret:i}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:i}}throw Error("Unsupported KEM algorithm")}(e,r),c=await xi(e,s,a,n,t);return{eccCipherText:n,mlkemCipherText:o,wrappedKey:await Sr(T.symmetric.aes256,c,i)}}async function Di(e,t,r,i,a,n,s,o){const c=await async function(e,t,r,i){if(e===T.publicKey.pqc_mlkem_x25519)return await Fr(T.publicKey.x25519,t,i,r);throw Error("Unsupported KEM algorithm")}(e,t,i,a),u=await async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs");return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,n),h=await xi(e,u,c,t,a);return await Pr(T.symmetric.aes256,h,o)}async function xi(e,t,r,i,a){const n=F.encodeUTF8("OpenPGPCompositeKDFv1"),s=F.concatUint8Array([t,r,i,a,new Uint8Array([e]),n,new Uint8Array([n.length])]);return await Ie(T.hash.sha3_256,s)}async function Ci(e,t,r,i,a){const n=async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519)return Cr(T.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),s=async function(e,t,r){if(e===T.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:i}=await Si(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported KEM algorithm")}(e,i,a);return await n&&await s}async function Ii(e,t){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs"),{secretKey:r,publicKey:i}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}async function Ti(e){if(e===T.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===T.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await ot(T.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}=await async function(e){if(e===T.publicKey.pqc_mldsa_ed25519){const t=le(32),{mldsaSecretKey:r,mldsaPublicKey:i}=await Ii(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}}throw Error("Unsupported signature algorithm")}async function Bi(e,t,r,i,a,n){if(e===T.publicKey.pqc_mldsa_ed25519){const{eccSignature:t}=await async function(e,t,r,i,a){if(e===T.publicKey.pqc_mldsa_ed25519){const{RS:e}=await ct(T.publicKey.ed25519,0,0,i,r,a);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,0,r,i,n),{mldsaSignature:s}=await async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,a,n);return{eccSignature:t,mldsaSignature:s}}throw Error("Unsupported signature algorithm")}async function Mi(e,t,r,i,a,{eccSignature:n,mldsaSignature:s}){if(e===T.publicKey.pqc_mldsa_ed25519){const t=async function(e,t,r,i,a){if(e===T.publicKey.pqc_mldsa_ed25519)return ut(T.publicKey.ed25519,0,{RS:a},0,r,i);throw Error("Unsupported signature algorithm")}(e,0,r,a,n),o=async function(e,t,r,i){if(e===T.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return e.verify(t,r,i)}throw Error("Unsupported signature algorithm")}(e,i,a,s);return await t&&await o}throw Error("Unsupported signature algorithm")}function Fi(e,t){if(e===T.publicKey.pqc_mldsa_ed25519)return Te(t)>=32;throw Error("Unsupported signature algorithm")}async function Li(e,t,r,i,a){const n=async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519)return ht(T.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),s=async function(e,t,r){if(e===T.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:i}=await Ii(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported signature algorithm")}(e,i,a);return await n&&await s}class _i{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return F.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class Ni{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!F.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return F.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class Ri{constructor(e){if(e){const{version:t,hash:r,cipher:i,replacementFingerprint:a}=e;this.version=t||1,this.hash=r,this.cipher=i,this.replacementFingerprint=a}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new it("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const i=t-r+1;this.replacementFingerprint=e.slice(r,r+i),r+=i}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return F.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const zi=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=T.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return T.read(e,this.data)}getValue(){return this.data}},Oi=zi(T.aead),ji=zi(T.symmetric),qi=zi(T.hash);class Hi{static fromObject({wrappedKey:e,algorithm:t}){const r=new Hi;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=F.readExactSubarray(e,t,t+r),t+=r}write(){return F.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Gi=F.getWebCrypto(),Vi=F.getNodeCrypto(),Wi=Vi?Vi.getCiphers():[],$i={idea:Wi.includes("idea-cfb")?"idea-cfb":void 0,tripledes:Wi.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:Wi.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:Wi.includes("bf-cfb")?"bf-cfb":void 0,aes128:Wi.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:Wi.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:Wi.includes("aes-256-cfb")?"aes-256-cfb":void 0};async function Qi(e){const{blockSize:t}=Ar(e),r=await le(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return F.concat([r,i])}async function Xi(e,t,r,i,a){const n=T.read(T.symmetric,e);if(F.getNodeCrypto()&&$i[n])return function(e,t,r,i){const a=T.read(T.symmetric,e),n=new Vi.createCipheriv($i[a],t,i);return b(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(Gi&&await Zi.isSupported(e)){const a=new Zi(e,t,i);return F.isStream(r)?b(r,(e=>a.encryptChunk(e)),(()=>a.finish())):a.encrypt(r)}if(F.isStream(r)){const a=new Ji(!0,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return hr(t,i).encrypt(r)}(e,t,r,i);const s=new(await kr(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=F.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[i++]=c[r];u=u.subarray(o)}return t.subarray(0,i)};return b(r,h,h)}async function Yi(e,t,r,i){const a=T.read(T.symmetric,e);if(Vi&&$i[a])return function(e,t,r,i){const a=T.read(T.symmetric,e),n=new Vi.createDecipheriv($i[a],t,i);return b(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(F.isStream(r)){const a=new Ji(!1,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return hr(t,i).decrypt(r)}(e,t,r,i);const n=new(await kr(e))(t),s=n.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=F.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=n.encrypt(o);for(o=c.subarray(0,s),r=0;r<s;r++)t[i++]=o[r]^e[r];c=c.subarray(s)}return t.subarray(0,i)};return b(r,u,u)}class Zi{constructor(e,t,r){const{blockSize:i}=Ar(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i,this.zeroBlock=new Uint8Array(this.blockSize)}static async isSupported(e){const{keySize:t}=Ar(e);return Gi.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Gi.importKey("raw",this.key,r,!1,["encrypt"]);const i=await Gi.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(i).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=F.concatUint8Array([this.prevBlock,i.subarray(0,i.length-this.blockSize)]),n=await this._runCBC(a);return ea(n,i),this.prevBlock=n.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,n}let i;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;i=await this._runCBC(this.prevBlock),ea(i,t),this.prevBlock=i.slice(),this.i=0;const a=e.subarray(r.length);this.nextBlock.set(a,this.i),this.i+=a.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);ea(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(F.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return ea(t,e),this.clearSensitiveData(),t}}class Ji{constructor(e,t,r,i){this.forEncryption=e;const{blockSize:a}=Ar(t);this.key=br.expandKeyLE(r),i.byteOffset%4!=0&&(i=i.slice()),this.prevBlock=ta(i),this.nextBlock=new Uint8Array(a),this.i=0,this.blockSize=a}_runCFB(e){const t=ta(e),r=new Uint8Array(e.length),i=ta(r);for(let e=0;e+4<=i.length;e+=4){const{s0:r,s1:a,s2:n,s3:s}=br.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);i[e+0]=t[e+0]^r,i[e+1]=t[e+1]^a,i[e+2]=t[e+2]^n,i[e+3]=t[e+3]^s,this.prevBlock=(this.forEncryption?i:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=this._runCFB(i);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,a}let i;if(this.i+=r.length,this.i===this.nextBlock.length){i=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function ea(e,t){const r=Math.min(e.length,t.length);for(let i=0;i<r;i++)e[i]=e[i]^t[i]}const ta=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const ra=F.getWebCrypto(),ia=F.getNodeCrypto(),aa=16;function na(e,t){const r=e.length-aa;for(let i=0;i<aa;i++)e[i+r]^=t[i];return e}const sa=new Uint8Array(aa);async function oa(e){const t=await ca(e),r=F.double(await t(sa)),i=F.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%aa==0)return na(e,t);const i=new Uint8Array(e.length+(aa-e.length%aa));return i.set(e),i[e.length]=128,na(i,r)}(e,r,i))).subarray(-16)}}async function ca(e){if(F.getNodeCrypto())return async function(t){const r=new ia.createCipheriv("aes-"+8*e.length+"-cbc",e,sa).update(t);return new Uint8Array(r)};if(F.getWebCrypto())try{return e=await ra.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await ra.encrypt({name:"AES-CBC",iv:sa,length:128},e,t);return new Uint8Array(r).subarray(0,r.byteLength-aa)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return ur(e,sa,{disablePadding:!0}).encrypt(t)}}const ua=F.getWebCrypto(),ha=F.getNodeCrypto(),la=F.getNodeBuffer(),ya=16,pa=ya,da=new Uint8Array(ya),ga=new Uint8Array(ya);ga[15]=1;const ma=new Uint8Array(ya);async function fa(e){const t=await oa(e);return function(e,r){return t(F.concatUint8Array([e,r]))}}async function wa(e){if(F.getNodeCrypto())return async function(t,r){const i=new ha.createCipheriv("aes-"+8*e.length+"-ctr",e,r),a=la.concat([i.update(t),i.final()]);return new Uint8Array(a)};if(F.getWebCrypto())try{const t=await ua.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const i=await ua.encrypt({name:"AES-CTR",counter:r,length:128},t,e);return new Uint8Array(i)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return cr(e,r).encrypt(t)}}async function ba(e,t){if(e!==T.symmetric.aes128&&e!==T.symmetric.aes192&&e!==T.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,i]=await Promise.all([fa(t),wa(t)]);return{encrypt:async function(e,t,a){const[n,s]=await Promise.all([r(da,t),r(ga,a)]),o=await i(e,n),c=await r(ma,o);for(let e=0;e<pa;e++)c[e]^=s[e]^n[e];return F.concatUint8Array([o,c])},decrypt:async function(e,t,a){if(e.length<pa)throw Error("Invalid EAX ciphertext");const n=e.subarray(0,-16),s=e.subarray(-16),[o,c,u]=await Promise.all([r(da,t),r(ga,a),r(ma,n)]),h=u;for(let e=0;e<pa;e++)h[e]^=c[e]^o[e];if(!F.equalsUint8Array(s,h))throw Error("Authentication tag mismatch");return await i(n,o)}}}ma[15]=2,ba.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},ba.blockLength=ya,ba.ivLength=16,ba.tagLength=pa;const ka=16,va=16;function Ka(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function Aa(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function Ea(e,t){return Aa(e.slice(),t)}const Sa=new Uint8Array(ka),Pa=new Uint8Array([1]);async function Ua(e,t){const{keySize:r}=Ar(e);if(!F.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let i=0;const a=e=>ur(t,Sa,{disablePadding:!0}).encrypt(e),n=e=>ur(t,Sa,{disablePadding:!0}).decrypt(e);let s;function o(e,t,r,n){const o=t.length/ka|0;!function(e,t){const r=F.nbits(Math.max(e.length,t.length)/ka|0)-1;for(let e=i+1;e<=r;e++)s[e]=F.double(s[e-1]);i=r}(t,n);const c=F.concatUint8Array([Sa.subarray(0,15-r.length),Pa,r]),u=63&c[15];c[15]&=192;const h=a(c),l=F.concatUint8Array([h,Ea(h.subarray(0,8),h.subarray(1,9))]),y=F.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),p=new Uint8Array(ka),d=new Uint8Array(t.length+va);let g,m=0;for(g=0;g<o;g++)Aa(y,s[Ka(g+1)]),d.set(Aa(e(Ea(y,t)),y),m),Aa(p,e===a?t:d.subarray(m)),t=t.subarray(ka),m+=ka;if(t.length){Aa(y,s.x);const r=a(y);d.set(Ea(t,r),m);const i=new Uint8Array(ka);i.set(e===a?t:d.subarray(m,-16),0),i[t.length]=128,Aa(p,i),m+=t.length}const f=Aa(a(Aa(Aa(p,y),s.$)),function(e){if(!e.length)return Sa;const t=e.length/ka|0,r=new Uint8Array(ka),i=new Uint8Array(ka);for(let n=0;n<t;n++)Aa(r,s[Ka(n+1)]),Aa(i,a(Ea(r,e))),e=e.subarray(ka);if(e.length){Aa(r,s.x);const t=new Uint8Array(ka);t.set(e,0),t[e.length]=128,Aa(t,r),Aa(i,a(t))}return i}(n));return d.set(f,m),d}return function(){const e=a(Sa),t=F.double(e);s=[],s[0]=F.double(t),s.x=e,s.$=t}(),{encrypt:async function(e,t,r){return o(a,e,t,r)},decrypt:async function(e,t,r){if(e.length<va)throw Error("Invalid OCB ciphertext");const i=e.subarray(-16);e=e.subarray(0,-16);const a=o(n,e,t,r);if(F.equalsUint8Array(i,a.subarray(-16)))return a.subarray(0,-16);throw Error("Authentication tag mismatch")}}}Ua.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},Ua.blockLength=ka,Ua.ivLength=15,Ua.tagLength=va;const Da=F.getWebCrypto(),xa=F.getNodeCrypto(),Ca=F.getNodeBuffer(),Ia=16,Ta="AES-GCM";async function Ba(e,t){if(e!==T.symmetric.aes128&&e!==T.symmetric.aes192&&e!==T.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(F.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const a=new xa.createCipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i);const n=Ca.concat([a.update(e),a.final(),a.getAuthTag()]);return new Uint8Array(n)},decrypt:async function(e,r,i=new Uint8Array){const a=new xa.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i),a.setAuthTag(e.slice(e.length-Ia,e.length));const n=Ca.concat([a.update(e.slice(0,e.length-Ia)),a.final()]);return new Uint8Array(n)}};if(F.getWebCrypto())try{const e=await Da.importKey("raw",t,{name:Ta},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(i,a,n=new Uint8Array){if(r&&!i.length)return yr(t,a,n).encrypt(i);const s=await Da.encrypt({name:Ta,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(s)},decrypt:async function(i,a,n=new Uint8Array){if(r&&i.length===Ia)return yr(t,a,n).decrypt(i);try{const t=await Da.decrypt({name:Ta,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,i){return yr(t,r,i).encrypt(e)},decrypt:async function(e,r,i){return yr(t,r,i).decrypt(e)}}}function Ma(e,t=!1){switch(e){case T.aead.eax:return ba;case T.aead.ocb:return Ua;case T.aead.gcm:return Ba;case T.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return Ba;default:throw Error("Unsupported AEAD mode")}}async function Fa(e,t,r,i,a,n){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await je(a,e,t)}}case T.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return async function(e,t,r,i){t=ee(t),r=ee(r),i=ee(i);const a=ee(Me(e,ce(t))),n=ye(We,t-We);return{c1:ue(re(r,n,t)),c2:ue(te(re(i,n,t)*a,t))}}(a,e,t,i)}case T.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:i}=r,{publicKey:s,wrappedKey:o}=await di(e,i,a,t,n);return{V:s,C:new _i(o)}}case T.publicKey.x25519:case T.publicKey.x448:{if(t&&!F.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:n,wrappedKey:s}=await Ir(e,a,i);return{ephemeralPublicKey:n,C:Hi.fromObject({algorithm:t,wrappedKey:s})}}case T.publicKey.aead:{if(!i)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:n}=i,s=B.preferredAEADAlgorithm,o=Ma(B.preferredAEADAlgorithm),{ivLength:c}=o,u=le(c),h=await o(t,n),l=await h.encrypt(a,u,new Uint8Array);return{aeadMode:new Oi(s),iv:u,c:new Ni(l)}}case T.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:i,mlkemPublicKey:n}=r,{eccCipherText:s,mlkemCipherText:o,wrappedKey:c}=await Ui(e,i,n,a);return{eccCipherText:s,mlkemCipherText:o,C:Hi.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function La(e,t,r,i,a,n){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:{const{c:e}=i,{n:a,e:s}=t,{d:o,p:c,q:u,u:h}=r;return qe(e,a,s,o,c,u,h,n)}case T.publicKey.elgamal:{const{c1:e,c2:a}=i;return async function(e,t,r,i,a){return e=ee(e),t=ee(t),r=ee(r),Fe(ue(te(ae(re(e,i=ee(i),r),r)*t,r),"be",ce(r)),a)}(e,a,t.p,r.x,n)}case T.publicKey.ecdh:{const{oid:e,Q:n,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return mi(e,s,c,u.data,n,o,a)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:a}=t,{k:n}=r,{ephemeralPublicKey:s,C:o}=i;if(null!==o.algorithm&&!F.isAES(o.algorithm))throw Error("AES session key expected");return Tr(e,s,o.wrappedKey,a,n)}case T.publicKey.aead:{const{cipher:e}=t,a=e.getValue(),{keyMaterial:n}=r,{aeadMode:s,iv:o,c}=i,u=Ma(s.getValue());return(await u(a,n)).decrypt(c.data,o,new Uint8Array)}case T.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:a,mlkemSecretKey:n}=r,{eccPublicKey:s,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=i;return Di(e,c,u,a,s,n,0,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function _a(e,t,r){let i=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(i));i+=e.length+2;const r=F.readMPI(t.subarray(i));i+=r.length+2;const a=F.readMPI(t.subarray(i));i+=a.length+2;const n=F.readMPI(t.subarray(i));return i+=n.length+2,{read:i,privateParams:{d:e,p:r,q:a,u:n}}}case T.publicKey.dsa:case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const a=Ha(e,r.oid);let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{d:n}}}case T.publicKey.eddsaLegacy:{const a=Ha(e,r.oid);if(r.oid.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{seed:n}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const r=Ha(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{seed:a}}}case T.publicKey.x25519:case T.publicKey.x448:{const r=Ha(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{k:a}}}case T.publicKey.hmac:{const{cipher:e}=r,a=Te(e.getValue()),n=t.subarray(i,i+32);i+=32;const s=t.subarray(i,i+a);return i+=a,{read:i,privateParams:{hashSeed:n,keyMaterial:s}}}case T.publicKey.aead:{const{cipher:e}=r,a=t.subarray(i,i+32);i+=32;const{keySize:n}=Ar(e.getValue()),s=t.subarray(i,i+n);return i+=n,{read:i,privateParams:{hashSeed:a,keyMaterial:s}}}case T.publicKey.pqc_mlkem_x25519:{const r=F.readExactSubarray(t,i,i+Ha(T.publicKey.x25519));i+=r.length;const a=F.readExactSubarray(t,i,i+64);i+=a.length;const{mlkemSecretKey:n}=await Si(e,a);return{read:i,privateParams:{eccSecretKey:r,mlkemSecretKey:n,mlkemSeed:a}}}case T.publicKey.pqc_mldsa_ed25519:{const r=F.readExactSubarray(t,i,i+Ha(T.publicKey.ed25519));i+=r.length;const a=F.readExactSubarray(t,i,i+32);i+=a.length;const{mldsaSecretKey:n}=await Ii(e,a);return{read:i,privateParams:{eccSecretKey:r,mldsaSecretKey:n,mldsaSeed:a}}}default:throw new it("Unknown public key encryption algorithm.")}}function Na(e,t){const r=new Set([T.publicKey.ed25519,T.publicKey.x25519,T.publicKey.ed448,T.publicKey.x448,T.publicKey.aead,T.publicKey.hmac,T.publicKey.pqc_mlkem_x25519,T.publicKey.pqc_mldsa_ed25519]),i={[T.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[T.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},a=Object.keys(t).map((a=>{if(i[e]?.has(a))return new Uint8Array;const n=t[a];return F.isUint8Array(n)?r.has(e)?n:F.uint8ArrayToMPI(n):n.write()}));return F.concatUint8Array(a)}async function Ra(e,t,r,i){switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),F.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:ue(t),hash:{name:"SHA-1"}},i=await _e.generateKey(r,!0,["sign","verify"]);return Ve(await _e.exportKey("jwk",i.privateKey),t)}if(F.getNodeCrypto()){const r={modulusLength:e,publicExponent:ne(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},i=await new Promise(((e,t)=>{Ne.generateKeyPair("rsa",r,((r,i,a)=>{r?t(r):e(a)}))}));return Ve(i,t)}let r,i,a;do{i=de(e-(e>>1),t,40),r=de(e>>1,t,40),a=r*i}while(oe(a)!==e);const n=(r-Re)*(i-Re);return i<r&&([r,i]=[i,r]),{n:ue(a),e:ue(t),d:ue(ae(t,n)),p:ue(r),q:ue(i),u:ue(ae(r,i))}}(t,65537).then((({n:e,e:t,d:r,p:i,q:a,u:n})=>({privateParams:{d:r,p:i,q:a,u:n},publicParams:{n:e,e:t}})));case T.publicKey.ecdsa:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Qe(e),Q:t}})));case T.publicKey.eddsaLegacy:return Vr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Qe(e),Q:t}})));case T.publicKey.ecdh:return Vr(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:a})=>({privateParams:{d:r},publicParams:{oid:new Qe(e),Q:t,kdfParams:new Ri({hash:i,cipher:a})}})));case T.publicKey.ed25519:case T.publicKey.ed448:return ot(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case T.publicKey.x25519:case T.publicKey.x448:return xr(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case T.publicKey.hmac:return za(await async function(e){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const t=T.read(T.webHash,e),r=Ai||Ei.webcrypto.subtle,i=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),a=await r.exportKey("raw",i);return new Uint8Array(a)}(i),new qi(i));case T.publicKey.aead:return za(ja(i),new ji(i));case T.publicKey.pqc_mlkem_x25519:return Pi(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:i,mlkemPublicKey:a})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:i},publicParams:{eccPublicKey:t,mlkemPublicKey:a}})));case T.publicKey.pqc_mldsa_ed25519:return Ti(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:i,mldsaPublicKey:a})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:i},publicParams:{eccPublicKey:t,mldsaPublicKey:a}})));case T.publicKey.dsa:case T.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function za(e,t){const r=le(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await Ie(T.hash.sha256,r)}}}async function Oa(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const{n:e,e:i}=t,{d:a,p:n,q:s,u:o}=r;return async function(e,t,r,i,a,n){if(e=ee(e),(i=ee(i))*(a=ee(a))!==e)return!1;const s=BigInt(2);if(te(i*(n=ee(n)),a)!==BigInt(1))return!1;t=ee(t),r=ee(r);const o=ye(s,s<<BigInt(Math.floor(oe(e)/3))),c=o*r*t;return!(te(c,i-Re)!==o||te(c,a-Re)!==o)}(e,i,a,n,s,o)}case T.publicKey.dsa:{const{p:e,q:i,g:a,y:n}=t,{x:s}=r;return async function(e,t,r,i,a){if(e=ee(e),t=ee(t),r=ee(r),i=ee(i),r<=vi||r>=e)return!1;if(te(e-vi,t)!==ki)return!1;if(re(r,t,e)!==vi)return!1;const n=BigInt(oe(t));if(n<BigInt(150)||!ge(t,null,32))return!1;a=ee(a);const s=BigInt(2);return i===re(r,t*ye(s<<n-vi,s<<n)+a,e)}(e,i,a,n,s)}case T.publicKey.elgamal:{const{p:e,g:i,y:a}=t,{x:n}=r;return async function(e,t,r,i){if(e=ee(e),t=ee(t),r=ee(r),t<=We||t>=e)return!1;const a=BigInt(oe(e));if(a<BigInt(1023))return!1;if(re(t,e-We,e)!==We)return!1;let n=t,s=BigInt(1);const o=BigInt(2),c=o<<BigInt(17);for(;s<c;){if(n=te(n*t,e),n===We)return!1;s++}i=ee(i);const u=ye(o<<a-We,o<<a);return r===re(t,(e-We)*u+i,e)}(e,i,a,n)}case T.publicKey.ecdsa:case T.publicKey.ecdh:{const i=bi[T.read(T.publicKey,e)],{oid:a,Q:n}=t,{d:s}=r;return i.validateParams(a,n,s)}case T.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:a}=r;return ci(i,e,a)}case T.publicKey.ed25519:case T.publicKey.ed448:{const{A:i}=t,{seed:a}=r;return ht(e,i,a)}case T.publicKey.x25519:case T.publicKey.x448:{const{A:i}=t,{k:a}=r;return Cr(e,i,a)}case T.publicKey.hmac:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r;return Te(e.getValue())===n.length&&F.equalsUint8Array(i,await Ie(T.hash.sha256,a))}case T.publicKey.aead:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r,{keySize:s}=Ar(e.getValue());return s===n.length&&F.equalsUint8Array(i,await Ie(T.hash.sha256,a))}case T.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSeed:a}=r,{eccPublicKey:n,mlkemPublicKey:s}=t;return Ci(e,n,i,s,a)}case T.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:i,mldsaSeed:a}=r,{eccPublicKey:n,mldsaPublicKey:s}=t;return Li(e,n,i,s,a)}default:throw Error("Unknown public key algorithm.")}}function ja(e){const{keySize:t}=Ar(e);return le(t)}function qa(e){try{e.getName()}catch(e){throw new it("Unknown curve OID")}}function Ha(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.ecdh:case T.publicKey.eddsaLegacy:return new Gr(t).payloadSize;case T.publicKey.ed25519:case T.publicKey.ed448:return lt(e);case T.publicKey.x25519:case T.publicKey.x448:return Br(e);default:throw Error("Unknown elliptic algo")}}async function Ga(e,t,r,i,a,n,s){switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:a}=i;return Oe(t,n,F.leftPad(r.s,e.length),e,a,s)}case T.publicKey.dsa:{const{g:e,p:t,q:a,y:n}=i,{r:o,s:c}=r;return async function(e,t,r,i,a,n,s,o){if(t=ee(t),r=ee(r),n=ee(n),s=ee(s),a=ee(a),o=ee(o),t<=ki||t>=s||r<=ki||r>=s)return F.printDebug("invalid DSA Signature"),!1;const c=te(ee(i.subarray(0,ce(s))),s),u=ae(r,s);if(u===ki)return F.printDebug("invalid DSA Signature"),!1;a=te(a,n),o=te(o,n);const h=te(c*u,s),l=te(t*u,s);return te(te(re(a,h,n)*re(o,l,n),n),s)===t}(0,o,c,s,e,t,a,n)}case T.publicKey.ecdsa:{const{oid:e,Q:a}=i,o=new Gr(e).payloadSize;return ii(e,t,{r:F.leftPad(r.r,o),s:F.leftPad(r.s,o)},n,a,s)}case T.publicKey.eddsaLegacy:{if(Te(t)<Te(T.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=i,n=new Gr(e).payloadSize;return oi(e,0,{r:F.leftPad(r.r,n),s:F.leftPad(r.s,n)},0,a,s)}case T.publicKey.ed25519:case T.publicKey.ed448:{if(Te(t)<Te(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=i;return ut(e,0,r,0,a,s)}case T.publicKey.hmac:{if(!a)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=i,{keyMaterial:t}=a;return async function(e,t,r,i){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const a=T.read(T.webHash,e),n=Ai||Ei.webcrypto.subtle,s=await n.importKey("raw",t,{name:"HMAC",hash:{name:a}},!1,["verify"]);return n.verify("HMAC",s,r,i)}(e.getValue(),t,r.mac.data,s)}case T.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a,mldsaPublicKey:n}=i;return Mi(e,0,a,n,s,r)}default:throw Error("Unknown signature algorithm.")}}async function Va(e,t,r,i,a,n){if(!r||!i)throw Error("Missing key parameters");switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await ze(t,a,e,s,o,c,u,h,n)}}case T.publicKey.dsa:{const{g:e,p:t,q:a}=r,{x:s}=i;return async function(e,t,r,i,a,n){const s=BigInt(0);let o,c,u,h;i=ee(i),a=ee(a),r=ee(r),n=ee(n),r=te(r,i),n=te(n,a);const l=te(ee(t.subarray(0,ce(a))),a);for(;;){if(o=ye(vi,a),c=te(re(r,o,i),a),c===s)continue;const e=te(n*c,a);if(h=te(l+e,a),u=te(ae(o,a)*h,a),u!==s)break}return{r:ue(c,"be",ce(i)),s:ue(u,"be",ce(i))}}(0,n,e,t,a,s)}case T.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case T.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return ri(e,t,a,s,o,n)}case T.publicKey.eddsaLegacy:{if(Te(t)<Te(T.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=r,{seed:s}=i;return si(e,0,0,a,s,n)}case T.publicKey.ed25519:case T.publicKey.ed448:{if(Te(t)<Te(yt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=r,{seed:s}=i;return ct(e,0,0,a,s,n)}case T.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=i,a=await async function(e,t,r){if(!Ki.has(e))throw Error("Unsupported hash algorithm.");const i=T.read(T.webHash,e),a=Ai||Ei.webcrypto.subtle,n=await a.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["sign"]),s=await a.sign("HMAC",n,r);return new Uint8Array(s)}(e.getValue(),t,n);return{mac:new Ni(a)}}case T.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a}=r,{eccSecretKey:s,mldsaSecretKey:o}=i;return Bi(e,0,s,a,o,n)}default:throw Error("Unknown signature algorithm.")}}Ba.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},Ba.blockLength=16,Ba.ivLength=12,Ba.tagLength=Ia;class Wa extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,Wa),this.name="Argon2OutOfMemoryError"}}let $a,Qa,Xa=2<<19;class Ya{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return Xa}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){Xa=e}static reloadWasmModule(){$a&&(Qa=$a(),Qa.catch((()=>{})))}constructor(e=B){const{passes:t,parallelism:r,memoryExponent:i}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=i}generateSalt(){this.salt=le(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([T.write(T.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return F.concatUint8Array(e)}async produceKey(e,t){const r=2<<this.encodedM-1;try{$a=$a||(await import("./argon2id.min.mjs")).default,Qa=Qa||$a();const i=await Qa,a=i({version:19,type:2,password:F.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:r,parallelism:this.p,passes:this.t});return r>Ya.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&Ya.reloadWasmModule(),a}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new Wa("Could not allocate required memory for Argon2"):e}}}class Za{constructor(e,t=B){this.algorithm=T.hash.sha256,this.type=T.read(T.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=le(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==F.uint8ArrayToString(e.subarray(t,t+3)))throw new it("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new it("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new it("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...F.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([T.write(T.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return F.concatUint8Array(e)}async produceKey(e,t){e=F.encodeUTF8(e);const r=[];let i=0,a=0;for(;i<t;){let t;switch(this.type){case"simple":t=F.concatUint8Array([new Uint8Array(a),e]);break;case"salted":t=F.concatUint8Array([new Uint8Array(a),this.salt,e]);break;case"iterated":{const r=F.concatUint8Array([this.salt,e]);let i=r.length;const n=Math.max(this.getCount(),i);t=new Uint8Array(a+n),t.set(r,a);for(let e=a+i;e<n;e+=i,i*=2)t.copyWithin(e,a,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const n=await Ie(this.algorithm,t);r.push(n),i+=n.length,a++}return F.concatUint8Array(r).subarray(0,t)}}const Ja=new Set([T.s2k.argon2,T.s2k.iterated]);function en(e,t=B){switch(e){case T.s2k.argon2:return new Ya(t);case T.s2k.iterated:case T.s2k.gnu:case T.s2k.salted:case T.s2k.simple:return new Za(e,t);default:throw new it("Unsupported S2K type")}}function tn(e){const{s2kType:t}=e;if(!Ja.has(t))throw Error("The provided `config.s2kType` value is not allowed");return en(t,e)}var rn=Uint8Array,an=Uint16Array,nn=Int32Array,sn=new rn([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),on=new rn([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),cn=new rn([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),un=function(e,t){for(var r=new an(31),i=0;i<31;++i)r[i]=t+=1<<e[i-1];var a=new nn(r[30]);for(i=1;i<30;++i)for(var n=r[i];n<r[i+1];++n)a[n]=n-r[i]<<5|i;return{b:r,r:a}},hn=un(sn,2),ln=hn.b,yn=hn.r;ln[28]=258,yn[258]=28;for(var pn=un(on,0),dn=pn.b,gn=pn.r,mn=new an(32768),fn=0;fn<32768;++fn){var wn=(43690&fn)>>1|(21845&fn)<<1;wn=(61680&(wn=(52428&wn)>>2|(13107&wn)<<2))>>4|(3855&wn)<<4,mn[fn]=((65280&wn)>>8|(255&wn)<<8)>>1}var bn=function(e,t,r){for(var i=e.length,a=0,n=new an(t);a<i;++a)e[a]&&++n[e[a]-1];var s,o=new an(t);for(a=1;a<t;++a)o[a]=o[a-1]+n[a-1]<<1;if(r){s=new an(1<<t);var c=15-t;for(a=0;a<i;++a)if(e[a])for(var u=a<<4|e[a],h=t-e[a],l=o[e[a]-1]++<<h,y=l|(1<<h)-1;l<=y;++l)s[mn[l]>>c]=u}else for(s=new an(i),a=0;a<i;++a)e[a]&&(s[a]=mn[o[e[a]-1]++]>>15-e[a]);return s},kn=new rn(288);for(fn=0;fn<144;++fn)kn[fn]=8;for(fn=144;fn<256;++fn)kn[fn]=9;for(fn=256;fn<280;++fn)kn[fn]=7;for(fn=280;fn<288;++fn)kn[fn]=8;var vn=new rn(32);for(fn=0;fn<32;++fn)vn[fn]=5;var Kn=/*#__PURE__*/bn(kn,9,0),An=/*#__PURE__*/bn(kn,9,1),En=/*#__PURE__*/bn(vn,5,0),Sn=/*#__PURE__*/bn(vn,5,1),Pn=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},Un=function(e,t,r){var i=t/8|0;return(e[i]|e[i+1]<<8)>>(7&t)&r},Dn=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},xn=function(e){return(e+7)/8|0},Cn=function(e,t,r){return(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length),new rn(e.subarray(t,r))},In=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Tn=function(e,t,r){var i=Error(t||In[e]);if(i.code=e,Error.captureStackTrace&&Error.captureStackTrace(i,Tn),!r)throw i;return i},Bn=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8},Mn=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8,e[i+2]|=r>>16},Fn=function(e,t){for(var r=[],i=0;i<e.length;++i)e[i]&&r.push({s:i,f:e[i]});var a=r.length,n=r.slice();if(!a)return{t:jn,l:0};if(1==a){var s=new rn(r[0].s+1);return s[r[0].s]=1,{t:s,l:1}}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=a-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var y=n[0].s;for(i=1;i<a;++i)n[i].s>y&&(y=n[i].s);var p=new an(y+1),d=Ln(r[h-1],p,0);if(d>t){i=0;var g=0,m=d-t,f=1<<m;for(n.sort((function(e,t){return p[t.s]-p[e.s]||e.f-t.f}));i<a;++i){var w=n[i].s;if(!(p[w]>t))break;g+=f-(1<<d-p[w]),p[w]=t}for(g>>=m;g>0;){var b=n[i].s;p[b]<t?g-=1<<t-p[b]++-1:++i}for(;i>=0&&g;--i){var k=n[i].s;p[k]==t&&(--p[k],++g)}d=t}return{t:new rn(p),l:d}},Ln=function(e,t,r){return-1==e.s?Math.max(Ln(e.l,t,r+1),Ln(e.r,t,r+1)):t[e.s]=r},_n=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new an(++t),i=0,a=e[0],n=1,s=function(e){r[i++]=e},o=1;o<=t;++o)if(e[o]==a&&o!=t)++n;else{if(!a&&n>2){for(;n>138;n-=138)s(32754);n>2&&(s(n>10?n-11<<5|28690:n-3<<5|12305),n=0)}else if(n>3){for(s(a),--n;n>6;n-=6)s(8304);n>2&&(s(n-3<<5|8208),n=0)}for(;n--;)s(a);n=1,a=e[o]}return{c:r.subarray(0,i),n:t}},Nn=function(e,t){for(var r=0,i=0;i<t.length;++i)r+=e[i]*t[i];return r},Rn=function(e,t,r){var i=r.length,a=xn(t+2);e[a]=255&i,e[a+1]=i>>8,e[a+2]=255^e[a],e[a+3]=255^e[a+1];for(var n=0;n<i;++n)e[a+n+4]=r[n];return 8*(a+4+i)},zn=function(e,t,r,i,a,n,s,o,c,u,h){Bn(t,h++,r),++a[256];for(var l=Fn(a,15),y=l.t,p=l.l,d=Fn(n,15),g=d.t,m=d.l,f=_n(y),w=f.c,b=f.n,k=_n(g),v=k.c,K=k.n,A=new an(19),E=0;E<w.length;++E)++A[31&w[E]];for(E=0;E<v.length;++E)++A[31&v[E]];for(var S=Fn(A,7),P=S.t,U=S.l,D=19;D>4&&!P[cn[D-1]];--D);var x,C,I,T,B=u+5<<3,M=Nn(a,kn)+Nn(n,vn)+s,F=Nn(a,y)+Nn(n,g)+s+14+3*D+Nn(A,P)+2*A[16]+3*A[17]+7*A[18];if(c>=0&&B<=M&&B<=F)return Rn(t,h,e.subarray(c,c+u));if(Bn(t,h,1+(F<M)),h+=2,F<M){x=bn(y,p,0),C=y,I=bn(g,m,0),T=g;var L=bn(P,U,0);Bn(t,h,b-257),Bn(t,h+5,K-1),Bn(t,h+10,D-4),h+=14;for(E=0;E<D;++E)Bn(t,h+3*E,P[cn[E]]);h+=3*D;for(var _=[w,v],N=0;N<2;++N){var R=_[N];for(E=0;E<R.length;++E){var z=31&R[E];Bn(t,h,L[z]),h+=P[z],z>15&&(Bn(t,h,R[E]>>5&127),h+=R[E]>>12)}}}else x=Kn,C=kn,I=En,T=vn;for(E=0;E<o;++E){var O=i[E];if(O>255){Mn(t,h,x[(z=O>>18&31)+257]),h+=C[z+257],z>7&&(Bn(t,h,O>>23&31),h+=sn[z]);var j=31&O;Mn(t,h,I[j]),h+=T[j],j>3&&(Mn(t,h,O>>5&8191),h+=on[j])}else Mn(t,h,x[O]),h+=C[O]}return Mn(t,h,x[256]),h+C[256]},On=/*#__PURE__*/new nn([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),jn=/*#__PURE__*/new rn(0),qn=function(){var e=1,t=0;return{p:function(r){for(var i=e,a=t,n=0|r.length,s=0;s!=n;){for(var o=Math.min(s+2655,n);s<o;++s)a+=i+=r[s];i=(65535&i)+15*(i>>16),a=(65535&a)+15*(a>>16)}e=i,t=a},d:function(){return(255&(e%=65521))<<24|(65280&e)<<8|(255&(t%=65521))<<8|t>>8}}},Hn=function(e,t,r,i,a){if(!a&&(a={l:1},t.dictionary)){var n=t.dictionary.subarray(-32768),s=new rn(n.length+e.length);s.set(n),s.set(e,n.length),e=s,a.w=n.length}return function(e,t,r,i,a,n){var s=n.z||e.length,o=new rn(i+s+5*(1+Math.ceil(s/7e3))+a),c=o.subarray(i,o.length-a),u=n.l,h=7&(n.r||0);if(t){h&&(c[0]=n.r>>3);for(var l=On[t-1],y=l>>13,p=8191&l,d=(1<<r)-1,g=n.p||new an(32768),m=n.h||new an(d+1),f=Math.ceil(r/3),w=2*f,b=function(t){return(e[t]^e[t+1]<<f^e[t+2]<<w)&d},k=new nn(25e3),v=new an(288),K=new an(32),A=0,E=0,S=n.i||0,P=0,U=n.w||0,D=0;S+2<s;++S){var x=b(S),C=32767&S,I=m[x];if(g[C]=I,m[x]=C,U<=S){var T=s-S;if((A>7e3||P>24576)&&(T>423||!u)){h=zn(e,c,0,k,v,K,E,P,D,S-D,h),P=A=E=0,D=S;for(var B=0;B<286;++B)v[B]=0;for(B=0;B<30;++B)K[B]=0}var M=2,F=0,L=p,_=C-I&32767;if(T>2&&x==b(S-_))for(var N=Math.min(y,T)-1,R=Math.min(32767,S),z=Math.min(258,T);_<=R&&--L&&C!=I;){if(e[S+M]==e[S+M-_]){for(var O=0;O<z&&e[S+O]==e[S+O-_];++O);if(O>M){if(M=O,F=_,O>N)break;var j=Math.min(_,O-2),q=0;for(B=0;B<j;++B){var H=S-_+B&32767,G=H-g[H]&32767;G>q&&(q=G,I=H)}}}_+=(C=I)-(I=g[C])&32767}if(F){k[P++]=268435456|yn[M]<<18|gn[F];var V=31&yn[M],W=31&gn[F];E+=sn[V]+on[W],++v[257+V],++K[W],U=S+M,++A}else k[P++]=e[S],++v[e[S]]}}for(S=Math.max(S,U);S<s;++S)k[P++]=e[S],++v[e[S]];h=zn(e,c,u,k,v,K,E,P,D,S-D,h),u||(n.r=7&h|c[h/8|0]<<3,h-=7,n.h=m,n.p=g,n.i=S,n.w=U)}else{for(S=n.w||0;S<s+u;S+=65535){var $=S+65535;$>=s&&(c[h/8|0]=u,$=s),h=Rn(c,h+1,e.subarray(S,$))}n.i=s}return Cn(o,0,i+xn(h)+a)}(e,null==t.level?6:t.level,null==t.mem?a.l?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):20:12+t.mem,r,i,a)},Gn=function(e,t,r){for(;r;++t)e[t]=r,r>>>=8},Vn=/*#__PURE__*/function(){function e(e,t){if("function"==typeof e&&(t=e,e={}),this.ondata=t,this.o=e||{},this.s={l:0,i:32768,w:32768,z:32768},this.b=new rn(98304),this.o.dictionary){var r=this.o.dictionary.subarray(-32768);this.b.set(r,32768-r.length),this.s.i=32768-r.length}}return e.prototype.p=function(e,t){this.ondata(Hn(e,this.o,0,0,this.s),t)},e.prototype.push=function(e,t){this.ondata||Tn(5),this.s.l&&Tn(4);var r=e.length+this.s.z;if(r>this.b.length){if(r>2*this.b.length-32768){var i=new rn(-32768&r);i.set(this.b.subarray(0,this.s.z)),this.b=i}var a=this.b.length-this.s.z;this.b.set(e.subarray(0,a),this.s.z),this.s.z=this.b.length,this.p(this.b,!1),this.b.set(this.b.subarray(-32768)),this.b.set(e.subarray(a),32768),this.s.z=e.length-a+32768,this.s.i=32766,this.s.w=32768}else this.b.set(e,this.s.z),this.s.z+=e.length;this.s.l=1&t,(this.s.z>this.s.w+8191||t)&&(this.p(this.b,t||!1),this.s.w=this.s.i,this.s.i-=2)},e.prototype.flush=function(){this.ondata||Tn(5),this.s.l&&Tn(4),this.p(this.b,!1),this.s.w=this.s.i,this.s.i-=2},e}(),Wn=/*#__PURE__*/function(){function e(e,t){"function"==typeof e&&(t=e,e={}),this.ondata=t;var r=e&&e.dictionary&&e.dictionary.subarray(-32768);this.s={i:0,b:r?r.length:0},this.o=new rn(32768),this.p=new rn(0),r&&this.o.set(r)}return e.prototype.e=function(e){if(this.ondata||Tn(5),this.d&&Tn(4),this.p.length){if(e.length){var t=new rn(this.p.length+e.length);t.set(this.p),t.set(e,this.p.length),this.p=t}}else this.p=e},e.prototype.c=function(e){this.s.i=+(this.d=e||!1);var t=this.s.b,r=function(e,t,r,i){var a=e.length;if(!a||t.f&&!t.l)return r||new rn(0);var n=!r,s=n||2!=t.i,o=t.i;n&&(r=new rn(3*a));var c=function(e){var t=r.length;if(e>t){var i=new rn(Math.max(2*t,e));i.set(r),r=i}},u=t.f||0,h=t.p||0,l=t.b||0,y=t.l,p=t.d,d=t.m,g=t.n,m=8*a;do{if(!y){u=Un(e,h,1);var f=Un(e,h+1,3);if(h+=3,!f){var w=e[(x=xn(h)+4)-4]|e[x-3]<<8,b=x+w;if(b>a){o&&Tn(0);break}s&&c(l+w),r.set(e.subarray(x,b),l),t.b=l+=w,t.p=h=8*b,t.f=u;continue}if(1==f)y=An,p=Sn,d=9,g=5;else if(2==f){var k=Un(e,h,31)+257,v=Un(e,h+10,15)+4,K=k+Un(e,h+5,31)+1;h+=14;for(var A=new rn(K),E=new rn(19),S=0;S<v;++S)E[cn[S]]=Un(e,h+3*S,7);h+=3*v;var P=Pn(E),U=(1<<P)-1,D=bn(E,P,1);for(S=0;S<K;){var x,C=D[Un(e,h,U)];if(h+=15&C,(x=C>>4)<16)A[S++]=x;else{var I=0,T=0;for(16==x?(T=3+Un(e,h,3),h+=2,I=A[S-1]):17==x?(T=3+Un(e,h,7),h+=3):18==x&&(T=11+Un(e,h,127),h+=7);T--;)A[S++]=I}}var B=A.subarray(0,k),M=A.subarray(k);d=Pn(B),g=Pn(M),y=bn(B,d,1),p=bn(M,g,1)}else Tn(1);if(h>m){o&&Tn(0);break}}s&&c(l+131072);for(var F=(1<<d)-1,L=(1<<g)-1,_=h;;_=h){var N=(I=y[Dn(e,h)&F])>>4;if((h+=15&I)>m){o&&Tn(0);break}if(I||Tn(2),N<256)r[l++]=N;else{if(256==N){_=h,y=null;break}var R=N-254;if(N>264){var z=sn[S=N-257];R=Un(e,h,(1<<z)-1)+ln[S],h+=z}var O=p[Dn(e,h)&L],j=O>>4;if(O||Tn(3),h+=15&O,M=dn[j],j>3&&(z=on[j],M+=Dn(e,h)&(1<<z)-1,h+=z),h>m){o&&Tn(0);break}s&&c(l+131072);var q=l+R;if(l<M){var H=0-M,G=Math.min(M,q);for(H+l<0&&Tn(3);l<G;++l)r[l]=i[H+l]}for(;l<q;++l)r[l]=r[l-M]}}t.l=y,t.p=_,t.b=l,t.f=u,y&&(u=1,t.m=d,t.d=p,t.n=g)}while(!u);return l!=r.length&&n?Cn(r,0,l):r.subarray(0,l)}(this.p,this.s,this.o);this.ondata(Cn(r,t,this.s.b),this.d),this.o=Cn(r,this.s.b-32768),this.s.b=this.o.length,this.p=Cn(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),$n=/*#__PURE__*/function(){function e(e,t){this.c=qn(),this.v=1,Vn.call(this,e,t)}return e.prototype.push=function(e,t){this.c.p(e),Vn.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){var r=Hn(e,this.o,this.v&&(this.o.dictionary?6:2),t&&4,this.s);this.v&&(function(e,t){var r=t.level,i=0==r?0:r<6?1:9==r?3:2;if(e[0]=120,e[1]=i<<6|(t.dictionary&&32),e[1]|=31-(e[0]<<8|e[1])%31,t.dictionary){var a=qn();a.p(t.dictionary),Gn(e,2,a.d())}}(r,this.o),this.v=0),t&&Gn(r,r.length-4,this.c.d()),this.ondata(r,t)},e.prototype.flush=function(){Vn.prototype.flush.call(this)},e}(),Qn=/*#__PURE__*/function(){function e(e,t){Wn.call(this,e,t),this.v=e&&e.dictionary?2:1}return e.prototype.push=function(e,t){if(Wn.prototype.e.call(this,e),this.v){if(this.p.length<6&&!t)return;this.p=this.p.subarray((r=this.p,i=this.v-1,(8!=(15&r[0])||r[0]>>4>7||(r[0]<<8|r[1])%31)&&Tn(6,"invalid zlib data"),(r[1]>>5&1)==+!i&&Tn(6,"invalid zlib data: "+(32&r[1]?"need":"unexpected")+" dictionary"),2+(r[1]>>3&4))),this.v=0}var r,i;t&&(this.p.length<4&&Tn(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),Wn.prototype.c.call(this,t)},e}(),Xn="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Xn.decode(jn,{stream:!0})}catch(e){}class Yn{static get tag(){return T.packet.literalData}constructor(e=new Date){this.format=T.literal.utf8,this.date=F.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=T.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||F.isStream(this.text))&&(this.text=F.decodeUTF8(F.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=F.canonicalizeEOL(F.encodeUTF8(this.text))),e?A(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await v(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=F.decodeUTF8(await e.readBytes(r)),this.date=F.readDate(await e.readBytes(4));let i=e.remainder();n(i)&&(i=await P(i)),this.setBytes(i,t)}))}writeHeader(){const e=F.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=F.writeDate(this.date);return F.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return F.concat([e,t])}}class Zn{constructor(){this.bytes=""}read(e){return this.bytes=F.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return F.stringToUint8Array(this.bytes)}toHex(){return F.uint8ArrayToHex(F.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new Zn;return t.read(F.hexToUint8Array(e)),t}static wildcard(){const e=new Zn;return e.read(new Uint8Array(8)),e}}const Jn=Symbol("verified"),es="salt@notations.openpgpjs.org",ts=new Set([T.signatureSubpacket.issuerKeyID,T.signatureSubpacket.issuerFingerprint,T.signatureSubpacket.embeddedSignature]);class rs{static get tag(){return T.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new Zn,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[Jn]=null}read(e,t=B){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const i=e.subarray(r,e.length),{read:a,signatureParams:n}=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case T.publicKey.dsa:case T.publicKey.ecdsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.eddsaLegacy:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case T.publicKey.ed25519:case T.publicKey.ed448:{const i=2*lt(e),a=F.readExactSubarray(t,r,r+i);return r+=a.length,{read:r,signatureParams:{RS:a}}}case T.publicKey.hmac:{const e=new Ni;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case T.publicKey.pqc_mldsa_ed25519:{const e=2*lt(T.publicKey.ed25519),i=F.readExactSubarray(t,r,r+e);r+=i.length;const a=F.readExactSubarray(t,r,r+3309);return r+=a.length,{read:r,signatureParams:{eccSignature:i,mldsaSignature:a}}}default:throw new it("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,i);if(a<i.length)throw Error("Error reading MPIs");this.params=n}writeParams(){return this.params instanceof Promise?D((async()=>Na(this.publicKeyAlgorithm,await this.params))):Na(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),F.concat(e)}async sign(e,t,r=new Date,i=!1,a){this.version=e.version,this.created=F.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const n=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=as(this.hashAlgorithm);if(null===this.salt)this.salt=le(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(a.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===es)).length)throw Error("Unexpected existing salt notation");{const e=le(as(this.hashAlgorithm));this.rawNotations.push({name:es,value:e,humanReadable:!1,critical:!1})}}n.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=F.concat(n);const s=this.toHash(this.signatureType,t,i),o=await this.hash(this.signatureType,t,s,i);this.signedHashValue=S(K(o),0,2);const c=async()=>Va(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,s,await P(o));F.isStream(o)?this.params=c():(this.params=await c(),this[Jn]=!0)}writeHashedSubPackets(){const e=T.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(is(e.signatureCreationTime,!0,F.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(is(e.signatureExpirationTime,!0,F.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(is(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(is(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(is(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(is(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(is(e.keyExpirationTime,!0,F.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(is(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=F.concat([r,this.revocationKeyFingerprint]),t.push(is(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(is(e.issuerKeyID,!1,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:a,humanReadable:n,critical:s})=>{r=[new Uint8Array([n?128:0,0,0,0])];const o=F.encodeUTF8(i);r.push(F.writeNumber(o.length,2)),r.push(F.writeNumber(a.length,2)),r.push(o),r.push(a),r=F.concat(r),t.push(is(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(is(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(is(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyServerPreferences)),t.push(is(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(is(e.preferredKeyServer,!1,F.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(is(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(is(e.policyURI,!1,F.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyFlags)),t.push(is(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(is(e.signersUserID,!1,F.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=F.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(is(e.reasonForRevocation,!0,r))),null!==this.features&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.features)),t.push(is(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(F.stringToUint8Array(this.signatureTargetHash)),r=F.concat(r),t.push(is(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(is(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=F.concat(r),t.push(is(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(is(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(is(e.preferredCipherSuites,!1,r)));const i=F.concat(t),a=F.writeNumber(i.length,6===this.version?4:2);return F.concat([a,i])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>is(e,t,r))),t=F.concat(e),r=F.writeNumber(t.length,6===this.version?4:2);return F.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),a=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)}),ts.has(a)))switch(a){case T.signatureSubpacket.signatureCreationTime:this.created=F.readDate(e.subarray(r,e.length));break;case T.signatureSubpacket.signatureExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case T.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case T.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case T.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case T.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case T.signatureSubpacket.keyExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case T.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case T.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case T.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const a=F.readNumber(e.subarray(r,r+2));r+=2;const n=F.readNumber(e.subarray(r,r+2));r+=2;const s=F.decodeUTF8(e.subarray(r,r+a)),o=e.subarray(r+a,r+a+n);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=F.decodeUTF8(o));break}case T.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case T.signatureSubpacket.policyURI:this.policyURI=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signersUserID:this.signersUserID=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=F.decodeUTF8(e.subarray(r,e.length));break;case T.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Te(this.signatureTargetHashAlgorithm);this.signatureTargetHash=F.uint8ArrayToString(e.subarray(r,r+t));break}case T.signatureSubpacket.embeddedSignature:this.embeddedSignature=new rs,this.embeddedSignature.read(e.subarray(r,e.length));break;case T.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case T.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case T.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const i=6===this.version?4:2,a=F.readNumber(e.subarray(0,i));let n=i;for(;n<2+a;){const i=Xe(e.subarray(n,e.length));n+=i.offset,this.readSubPacket(e.subarray(n,n+i.len),t,r),n+=i.len}return n}toSign(e,t){const r=T.signature;switch(e){case r.binary:return null!==t.text?F.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return F.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const a=e.write();return F.concat([this.toSign(r.key,t),new Uint8Array([i]),F.writeNumber(a.length,4),a])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return F.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return b(K(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==T.signature.binary&&this.signatureType!==T.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(F.writeNumber(r,4)),F.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return F.concat([this.salt||new Uint8Array,i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){if(6===this.version&&this.salt.length!==as(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,i)),Ie(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,a=!1,n=B){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===T.signature.binary||t===T.signature.text;if(!(this[Jn]&&!s)){let i,n;if(this.hashed?n=await this.hashed:(i=this.toHash(t,r,a),n=await this.hash(t,r,i)),n=await P(n),this.signedHashValue[0]!==n[0]||this.signedHashValue[1]!==n[1])throw Error("Signed digest did not match");this.params=await this.params;const s=this.publicKeyAlgorithm===T.publicKey.hmac?e.privateParams:null;if(this[Jn]=await Ga(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,s,i,n),!this[Jn])throw Error("Signature verification failed")}const o=F.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(n.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(n.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[T.signature.binary,T.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+T.read(T.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&n.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=F.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function is(e,t,r){const i=[];return i.push(Ye(r.length+1)),i.push(new Uint8Array([(t?128:0)|e])),i.push(r),F.concat(i)}function as(e){switch(e){case T.hash.sha256:return 16;case T.hash.sha384:return 24;case T.hash.sha512:return 32;case T.hash.sha224:case T.hash.sha3_256:return 16;case T.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class ns{static get tag(){return T.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new ns;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new Zn,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new Zn,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),F.concatUint8Array(e)}calculateTrailer(...e){return D((async()=>rs.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==T.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!F.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!F.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function ss(e,t){if(!t[e]){let t;try{t=T.read(T.packet,e)}catch(t){throw new at("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}ns.prototype.hash=rs.prototype.hash,ns.prototype.toHash=rs.prototype.toHash,ns.prototype.toSign=rs.prototype.toSign;class os extends Array{static async fromBinary(e,t,r=B,i=null,a=!1){const n=new os;return await n.read(e,t,r,i,a),n}async read(e,t,r=B,i=null,a=!1){let n;r.additionalAllowedPackets.length&&(n=F.constructAllowedPackets(r.additionalAllowedPackets),t={...t,...n}),this.stream=k(e,(async(e,s)=>{const o=x(e),c=C(s);try{let s=F.isStream(e);for(;;){let e,u;if(await c.ready,await rt(o,s,(async s=>{try{if(s.tag===T.packet.marker||s.tag===T.packet.trust||s.tag===T.packet.padding)return;const e=ss(s.tag,t);try{i?.recordPacket(s.tag,n)}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}e.packets=new os,e.fromStream=F.isStream(s.packet),u=e.fromStream;try{await e.read(s.packet,r)}catch(t){if(!(t instanceof it))throw F.wrapError(new nt(`Parsing ${e.constructor.name} failed`),t);throw t}await c.write(e)}catch(t){const i=t instanceof at&&s.tag<=39,n=t instanceof it&&!(t instanceof at)&&!r.ignoreUnsupportedPackets,o=t instanceof nt&&!r.ignoreMalformedPackets,u=tt(s.tag);if(i||n||o||u||!(t instanceof at||t instanceof it||t instanceof nt))a?e=t:await c.abort(t);else{const e=new st(s.tag,s.packet);await c.write(e)}F.printDebugError(t)}})),u&&(s=null),e)throw await o.readToEnd(),e;const h=await o.peekBytes(2);if(!h||!h.length){try{i?.recordEnd()}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}return await c.ready,void await c.close()}}}catch(e){await c.abort(e)}}));const s=x(this.stream);for(;;){const{done:e,value:t}=await s.read();if(e?this.stream=null:this.push(t),e||tt(t.constructor.tag))break}s.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof st?this[t].tag:this[t].constructor.tag,i=this[t].write();if(F.isStream(i)&&tt(this[t].constructor.tag)){let t=[],a=0;const n=512;e.push(Je(r)),e.push(b(i,(e=>{if(t.push(e),a+=e.length,a>=n){const e=Math.min(Math.log(a)/Math.LN2|0,30),r=2**e,i=F.concat([Ze(e)].concat(t));return t=[i.subarray(1+r)],a=t[0].length,i.subarray(0,1+r)}}),(()=>F.concat([Ye(a)].concat(t)))))}else{if(F.isStream(i)){let t=0;e.push(b(K(i),(e=>{t+=e.length}),(()=>et(r,t))))}else e.push(et(r,i.length));e.push(i)}}return F.concat(e)}filterByTag(...e){const t=new os,r=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(r(this[i].constructor.tag))&&t.push(this[i]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let a=0;a<this.length;a++)e.some(i(r[a].constructor.tag))&&t.push(a);return t}}class cs extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,cs),this.name="GrammarError"}}var us;!function(e){e[e.EmptyMessage=0]="EmptyMessage",e[e.PlaintextOrEncryptedData=1]="PlaintextOrEncryptedData",e[e.EncryptedSessionKeys=2]="EncryptedSessionKeys",e[e.StandaloneAdditionalAllowedData=3]="StandaloneAdditionalAllowedData"}(us||(us={}));class hs{constructor(){this.state=us.EmptyMessage,this.leadingOnePassSignatureCounter=0}recordPacket(e,t){switch(this.state){case us.EmptyMessage:case us.StandaloneAdditionalAllowedData:switch(e){case T.packet.literalData:case T.packet.compressedData:case T.packet.aeadEncryptedData:case T.packet.symEncryptedIntegrityProtectedData:case T.packet.symmetricallyEncryptedData:return void(this.state=us.PlaintextOrEncryptedData);case T.packet.signature:if(this.state===us.StandaloneAdditionalAllowedData&&--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return;case T.packet.onePassSignature:if(this.state===us.StandaloneAdditionalAllowedData)throw new cs("OPS following StandaloneAdditionalAllowedData");return void this.leadingOnePassSignatureCounter++;case T.packet.publicKeyEncryptedSessionKey:case T.packet.symEncryptedSessionKey:return void(this.state=us.EncryptedSessionKeys);default:if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=us.StandaloneAdditionalAllowedData)}case us.PlaintextOrEncryptedData:if(e===T.packet.signature){if(--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return void(this.state=us.PlaintextOrEncryptedData)}if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=us.PlaintextOrEncryptedData);case us.EncryptedSessionKeys:switch(e){case T.packet.publicKeyEncryptedSessionKey:case T.packet.symEncryptedSessionKey:return void(this.state=us.EncryptedSessionKeys);case T.packet.symEncryptedIntegrityProtectedData:case T.packet.aeadEncryptedData:case T.packet.symmetricallyEncryptedData:return void(this.state=us.PlaintextOrEncryptedData);case T.packet.signature:if(--this.leadingOnePassSignatureCounter<0)throw new cs("Trailing signature packet without OPS");return void(this.state=us.PlaintextOrEncryptedData);default:if(!t?.[e])throw new cs(`Unexpected packet ${e} in state ${this.state}`);this.state=us.EncryptedSessionKeys}}}recordEnd(){switch(this.state){case us.EmptyMessage:case us.PlaintextOrEncryptedData:case us.EncryptedSessionKeys:case us.StandaloneAdditionalAllowedData:if(this.leadingOnePassSignatureCounter>0)throw new cs("Missing trailing signature packets")}}}const ls=/*#__PURE__*/F.constructAllowedPackets([Yn,ns,rs]);class ys{static get tag(){return T.packet.compressedData}constructor(e=B){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=B){await v(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),F.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=B){const t=T.read(T.compression,this.algorithm),r=fs[t];if(!r)throw Error(t+" decompression not supported");this.packets=await os.fromBinary(await r(this.compressed),ls,e,new hs)}compress(){const e=T.read(T.compression,this.algorithm),t=ms[e];if(!t)throw Error(e+" compression not supported");this.compressed=t(this.packets.write())}}function ps(e,t){return r=>{if(!F.isStream(r)||n(r))return D((()=>P(r).then((e=>new Promise(((r,i)=>{const a=new t,n=[];a.ondata=(e,t)=>{n.push(e),t&&r(F.concatUint8Array(n))};try{a.push(e,!0)}catch(e){i(e)}}))))));if(e)try{const t=e();return r.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const i=r.getReader(),a=new t;return new ReadableStream({async start(e){for(a.ondata=async(t,r)=>{e.enqueue(t),r&&e.close()};;){const{done:e,value:t}=await i.read();if(e)return void a.push(new Uint8Array,!0);t.length&&a.push(t)}}})}}function ds(){return async function(e){const{decode:t}=await import("./seek-bzip.min.mjs").then((function(e){return e.i}));return D((async()=>t(await P(e))))}}const gs=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),ms={zip:/*#__PURE__*/ps(gs("deflate-raw").compressor,Vn),zlib:/*#__PURE__*/ps(gs("deflate").compressor,$n)},fs={uncompressed:e=>e,zip:/*#__PURE__*/ps(gs("deflate-raw").decompressor,Wn),zlib:/*#__PURE__*/ps(gs("deflate").decompressor,Qn),bzip2:/*#__PURE__*/ds()},ws=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class bs{static get tag(){return T.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new bs;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new it(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):F.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=B){const{blockSize:i,keySize:a}=Ar(e);if(t.length!==a)throw Error("Unexpected session key size");let s=this.packets.write();if(n(s)&&(s=await P(s)),2===this.version)this.cipherAlgorithm=e,this.salt=le(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await ks(this,"encrypt",t,s);else{const r=await Qi(e),a=new Uint8Array([211,20]),n=F.concat([r,s,a]),o=await Ie(T.hash.sha1,A(n)),c=F.concat([n,o]);this.encrypted=await Xi(e,t,c,new Uint8Array(i))}return!0}async decrypt(e,t,r=B){if(t.length!==Ar(e).keySize)throw Error("Unexpected session key size");let i,a=K(this.encrypted);n(a)&&(a=await P(a));let s=!1;if(2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");i=await ks(this,"decrypt",t,a)}else{const{blockSize:n}=Ar(e),o=await Yi(e,t,a,new Uint8Array(n)),c=S(A(o),-20),u=S(o,0,-20),h=Promise.all([P(await Ie(T.hash.sha1,A(u))),P(c)]).then((([e,t])=>{if(!F.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),l=S(u,n+2);i=S(l,0,-2),i=g([i,D((()=>h))]),F.isStream(a)&&r.allowUnauthenticatedStream?s=!0:i=await P(i)}return this.packets=await os.fromBinary(i,ws,r,new hs,s),!0}}async function ks(e,t,r,i){const a=e instanceof bs&&2===e.version,n=!a&&e.constructor.tag===T.packet.aeadEncryptedData;if(!a&&!n)throw Error("Unexpected packet type");const s=Ma(e.aeadAlgorithm,n),o="decrypt"===t?s.tagLength:0,c="encrypt"===t?s.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=n?8:0,l=new ArrayBuffer(13+h),y=new Uint8Array(l,0,5+h),p=new Uint8Array(l),d=new DataView(l),g=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let f,w,b=0,v=Promise.resolve(),K=0,A=0;if(a){const{keySize:t}=Ar(e.cipherAlgorithm),{ivLength:i}=s,a=new Uint8Array(l,0,5),n=await Ur(T.hash.sha256,r,e.salt,a,t+i);r=n.subarray(0,t),f=n.subarray(t),f.fill(0,f.length-8),w=new DataView(f.buffer,f.byteOffset,f.byteLength)}else f=e.iv;const E=await s(e.cipherAlgorithm,r);return k(i,(async(r,i)=>{if("array"!==F.isStream(r)){const t=new TransformStream({},{highWaterMark:F.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});m(t.readable,i),i=t.writable}const n=x(r),s=C(i);try{for(;;){let e=await n.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let i,l,m;if(e=e.subarray(0,e.length-o),a)m=f;else{m=f.slice();for(let e=0;e<8;e++)m[f.length-8+e]^=g[e]}if(!b||e.length?(n.unshift(r),i=E[t](e,m,y),i.catch((()=>{})),A+=e.length-o+c):(d.setInt32(5+h+4,K),i=E[t](r,m,p),i.catch((()=>{})),A+=c,l=!0),K+=e.length-o,v=v.then((()=>i)).then((async e=>{await s.ready,await s.write(e),A-=e.length})).catch((e=>s.abort(e))),(l||A>s.desiredSize)&&await v,l){await s.close();break}a?w.setInt32(f.length-4,++b):d.setInt32(9,++b)}}catch(e){await s.ready.catch((()=>{})),await s.abort(e)}}))}const vs=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class Ks{static get tag(){return T.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=T.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await v(e,(async e=>{const t=await e.readByte();if(1!==t)throw new it(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=Ma(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=B){this.packets=await os.fromBinary(await ks(this,"decrypt",t,K(this.encrypted)),vs,r,new hs)}async encrypt(e,t,r=B){this.cipherAlgorithm=e;const{ivLength:i}=Ma(this.aeadAlgorithm,!0);this.iv=le(i),this.chunkSizeByte=r.aeadChunkSizeByte;const a=this.packets.write();this.encrypted=await ks(this,"encrypt",t,a)}}const As=new Set([T.publicKey.x25519,T.publicKey.x448,T.publicKey.pqc_mlkem_x25519]);class Es{static get tag(){return T.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new Zn,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:i,sessionKeyAlgorithm:a}){const n=new Es;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return n.version=e,6===e&&(n.publicKeyVersion=r?null:t.version,n.publicKeyFingerprint=r?null:t.getFingerprintBytes()),n.publicKeyID=r?Zn.wildcard():t.getKeyID(),n.publicKeyAlgorithm=t.algorithm,n.sessionKey=i,n.sessionKeyAlgorithm=a,n}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const i=r-1;this.publicKeyFingerprint=e.subarray(t,t+i),t+=i,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=Zn.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:return{c:F.readMPI(t.subarray(r))};case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:F.readMPI(t.subarray(r))}}case T.publicKey.ecdh:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=new _i;return i.read(t.subarray(r)),{V:e,C:i}}case T.publicKey.x25519:case T.publicKey.x448:{const i=Ha(e),a=F.readExactSubarray(t,r,r+i);r+=a.length;const n=new Hi;return n.read(t.subarray(r)),{ephemeralPublicKey:a,C:n}}case T.publicKey.aead:{const e=new Oi;r+=e.read(t.subarray(r));const{ivLength:i}=Ma(e.getValue()),a=t.subarray(r,r+i);r+=i;const n=new Ni;return r+=n.read(t.subarray(r)),{aeadMode:e,iv:a,c:n}}case T.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1088);r+=i.length;const a=new Hi;return a.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:i,C:a}}default:throw new it("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),As.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=T.write(T.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),Na(this.publicKeyAlgorithm,this.encrypted)),F.concatUint8Array(e)}async encrypt(e){const t=T.write(T.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=Ss(this.version,t,r,this.sessionKey),n=t===T.publicKey.aead?e.privateParams:null;this.encrypted=await Fa(t,r,e.publicParams,n,a,i)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ss(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=await La(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,i,r),{sessionKey:n,sessionKeyAlgorithm:s}=function(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.aead:{const t=r.subarray(0,r.length-2),a=r.subarray(r.length-2),n=F.writeChecksum(t.subarray(t.length%8)),s=n[0]===a[0]&n[1]===a[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(i){const t=s&o.sessionKeyAlgorithm===i.sessionKeyAlgorithm&o.sessionKey.length===i.sessionKey.length;return{sessionKey:F.selectUint8Array(t,o.sessionKey,i.sessionKey),sessionKeyAlgorithm:6===e?null:F.selectUint8(t,o.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(s&&(6===e||T.read(T.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,a,t);if(3===this.version){const e=!As.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?s:this.sessionKeyAlgorithm,n.length!==Ar(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=n}}function Ss(e,t,r,i){switch(t){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.aead:return F.concatUint8Array([new Uint8Array(6===e?[]:[r]),i,F.writeChecksum(i.subarray(i.length%8))]);case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return i;default:throw Error("Unsupported public key algorithm")}}class Ps{static get tag(){return T.packet.symEncryptedSessionKey}constructor(e=B){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=T.write(T.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new it(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const i=e[t++];if(this.s2k=en(i),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=Ma(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const i=r.length,a=3+i+this.iv.length;t=F.concatUint8Array([new Uint8Array([this.version,a,e,this.aeadAlgorithm,i]),r,this.iv,this.encrypted])}else 5===this.version?t=F.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=F.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=F.concatUint8Array([t,this.encrypted])));return t}async decrypt(e){const t=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:r,keySize:i}=Ar(t),a=await this.s2k.produceKey(e,i);if(this.version>=5){const e=Ma(this.aeadAlgorithm,!0),r=new Uint8Array([192|Ps.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),n=6===this.version?await Ur(T.hash.sha256,a,new Uint8Array,r,i):a,s=await e(t,n);this.sessionKey=await s.decrypt(this.encrypted,this.iv,r)}else if(null!==this.encrypted){const e=await Yi(t,a,this.encrypted,new Uint8Array(r));if(this.sessionKeyAlgorithm=T.write(T.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==Ar(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=a}async encrypt(e,t=B){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=tn(t),this.s2k.generateSalt();const{blockSize:i,keySize:a}=Ar(r),n=await this.s2k.produceKey(e,a);if(null===this.sessionKey&&(this.sessionKey=ja(this.sessionKeyAlgorithm)),this.version>=5){const e=Ma(this.aeadAlgorithm);this.iv=le(e.ivLength);const t=new Uint8Array([192|Ps.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await Ur(T.hash.sha256,n,new Uint8Array,t,a):n,s=await e(r,i);this.encrypted=await s.encrypt(this.sessionKey,this.iv,t)}else{const e=F.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await Xi(r,n,e,new Uint8Array(i))}}}class Us{static get tag(){return T.packet.publicKey}constructor(e=new Date,t=B){this.version=t.v6Keys?6:4,this.created=F.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Us,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}async read(e,t=B){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new it("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=F.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:i}=function(e,t){let r=0;switch(e){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case T.publicKey.dsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));r+=a.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,q:i,g:a,y:n}}}case T.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,g:i,y:a}}}case T.publicKey.ecdsa:{const e=new Qe;r+=e.read(t),qa(e);const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.eddsaLegacy:{const e=new Qe;if(r+=e.read(t),qa(e),e.getName()!==T.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let i=F.readMPI(t.subarray(r));return r+=i.length+2,i=F.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case T.publicKey.ecdh:{const e=new Qe;r+=e.read(t),qa(e);const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=new Ri;return r+=a.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:a}}}case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.x25519:case T.publicKey.x448:{const i=F.readExactSubarray(t,r,r+Ha(e));return r+=i.length,{read:r,publicParams:{A:i}}}case T.publicKey.hmac:case T.publicKey.aead:{const e=new ji;r+=e.read(t);const i=Te(T.hash.sha256),a=t.subarray(r,r+i);return r+=i,{read:r,publicParams:{cipher:e,digest:a}}}case T.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1184);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:i}}}case T.publicKey.pqc_mldsa_ed25519:{const e=F.readExactSubarray(t,r,r+Ha(T.publicKey.ed25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1952);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:i}}}default:throw new it("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&i.oid&&(i.oid.getName()===T.curve.curve25519Legacy||i.oid.getName()===T.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&this.algorithm===T.publicKey.pqc_mldsa_ed25519)throw Error("Unexpected key version: ML-DSA algorithms can only be used with v6 keys");return this.publicParams=i,r+=t,await this.computeFingerprintAndKeyID(),r}throw new it(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(F.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=Na(this.algorithm,this.publicParams);return this.version>=5&&e.push(F.writeNumber(t.length,4)),e.push(t),F.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,i=e>=5?4:2;return F.concatUint8Array([new Uint8Array([r]),F.writeNumber(t.length,i),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new Zn,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await Ie(T.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await Ie(T.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return F.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&F.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=T.read(T.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=F.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}Us.prototype.readPublicKey=Us.prototype.read,Us.prototype.writePublicKey=Us.prototype.write;const Ds=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,ns,rs]);class xs{static get tag(){return T.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=B){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:i}=Ar(e),a=await P(K(this.encrypted)),n=await Yi(e,t,a.subarray(i+2),a.subarray(2,i+2));this.packets=await os.fromBinary(n,Ds,r)}async encrypt(e,t,r=B){const i=this.packets.write(),{blockSize:a}=Ar(e),n=await Qi(e),s=await Xi(e,t,n,new Uint8Array(a)),o=await Xi(e,t,i,s.subarray(2));this.encrypted=F.concat([s,o])}}class Cs{static get tag(){return T.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Is extends Us{static get tag(){return T.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Is,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}}class Ts{static get tag(){return T.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=Xe(e.subarray(t,e.length));t+=r.offset,this.attributes.push(F.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(Ye(this.attributes[t].length)),e.push(F.stringToUint8Array(this.attributes[t]));return F.concatUint8Array(e)}equals(e){return!!(e&&e instanceof Ts)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class Bs extends Us{static get tag(){return T.packet.secretKey}constructor(e=new Date,t=B){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=B){let r=await this.readPublicKey(e,t);const i=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=en(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+Ar(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+Ma(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(i),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!F.equalsUint8Array(F.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await _a(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof it)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return F.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=Na(this.algorithm,this.privateParams)),5===this.version&&t.push(F.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(F.writeChecksum(this.keyMaterial))),F.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=B){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=en(T.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=T.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=B){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=tn(t),this.s2k.generateSalt();const r=Na(this.algorithm,this.privateParams);this.symmetric=T.symmetric.aes256;const{blockSize:i}=Ar(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const a=Ma(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const n=Je(this.constructor.tag),s=await Ms(this.version,this.s2k,e,this.symmetric,this.aead,n,this.isLegacyAEAD),o=await a(this.symmetric,s);this.iv=this.isLegacyAEAD?le(i):le(a.ivLength);const c=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([n,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,a.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const t=await Ms(this.version,this.s2k,e,this.symmetric);this.iv=le(i),this.keyMaterial=await Xi(this.symmetric,t,F.concatUint8Array([r,await Ie(T.hash.sha1,r)]),this.iv)}}async decrypt(e){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let t;const r=Je(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let i;if(t=await Ms(this.version,this.s2k,e,this.symmetric,this.aead,r,this.isLegacyAEAD),253===this.s2kUsage){const e=Ma(this.aead,!0),a=await e(this.symmetric,t);try{const t=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([r,this.writePublicKey()]);i=await a.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),t)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await Yi(this.symmetric,t,this.keyMaterial,this.iv);i=e.subarray(0,-20);const r=await Ie(T.hash.sha1,i);if(!F.equalsUint8Array(r,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await _a(this.algorithm,i,this.publicParams);this.privateParams=e}catch(e){throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await Oa(this.algorithm,this.publicParams,this.privateParams)}catch(t){e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===T.publicKey.ecdh&&t===T.curve.curve25519Legacy||this.algorithm===T.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&this.algorithm===T.publicKey.pqc_mldsa_ed25519)throw Error(`Cannot generate v${this.version} signing keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:i,publicParams:a}=await Ra(this.algorithm,e,t,r);this.privateParams=i,this.publicParams=a,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ms(e,t,r,i,a,n,s){if("argon2"===t.type&&!a)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:o}=Ar(i),c=await t.produceKey(r,o);if(!a||5===e||s)return c;const u=F.concatUint8Array([n,new Uint8Array([e,i,a])]);return Ur(T.hash.sha256,c,new Uint8Array,u,o)}class Fs{static get tag(){return T.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(F.isString(e)||e.name&&!F.isString(e.name)||e.email&&!F.isEmailAddress(e.email)||e.comment&&!F.isString(e.comment))throw Error("Invalid user ID format");const t=new Fs;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=B){const r=F.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const i=e=>/^[^\s@]+@[^\s@]+$/.test(e),a=r.indexOf("<"),n=r.lastIndexOf(">");if(-1!==a&&-1!==n&&n>a){const e=r.substring(a+1,n);if(i(e)){this.email=e;const t=r.substring(0,a).trim(),i=t.indexOf("("),n=t.lastIndexOf(")");-1!==i&&-1!==n&&n>i?(this.comment=t.substring(i+1,n).trim(),this.name=t.substring(0,i).trim()):(this.name=t,this.comment="")}}else i(r.trim())&&(this.email=r.trim(),this.name="",this.comment="");this.userID=r}write(){return F.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class Ls extends Bs{static get tag(){return T.packet.secretSubkey}constructor(e=new Date,t=B){super(e,t)}}class _s{static get tag(){return T.packet.trust}read(){throw new it("Trust packets are not supported")}write(){throw new it("Trust packets are not supported")}}class Ns{static get tag(){return T.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=await le(e)}}const Rs=/*#__PURE__*/F.constructAllowedPackets([rs]);class zs{constructor(e){this.packets=e||new os}write(){return this.packets.write()}armor(e=B){const t=this.packets.some((e=>e.constructor.tag===rs.tag&&6!==e.version));return Y(T.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function Os({armoredSignature:e,binarySignature:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!F.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!F.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:e,data:t}=await X(a);if(e!==T.armor.signature)throw Error("Armored text not of type signature");a=t}const s=await os.fromBinary(a,Rs,r);return new zs(s)}async function js(e,t){const r=new Ls(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function qs(e,t){const r=new Bs(e.date,t);return r.packets=null,r.algorithm=T.write(T.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Hs(e,t,r,i,a=new Date,n){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,a,void 0,n),s=e[c])}catch(e){o=e}if(!s)throw F.wrapError(`Could not find valid ${T.read(T.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Gs(e,t,r=new Date){const i=F.normalizeDate(r);if(null!==i){const r=Ys(e,t);return!(e.created<=i&&i<r)}return!1}async function Vs(e,t,r,i){const a={};a.key=t,a.bind=e;const n={signatureType:T.signature.subkeyBinding};r.sign?(n.keyFlags=[T.keyFlags.signData],n.embeddedSignature=await $s(a,[],e,{signatureType:T.signature.keyBinding},r.date,void 0,void 0,void 0,i)):n.keyFlags=r.forwarding?[T.keyFlags.forwardedCommunication]:[T.keyFlags.encryptCommunication|T.keyFlags.encryptStorage],r.keyExpirationTime>0&&(n.keyExpirationTime=r.keyExpirationTime,n.keyNeverExpires=!1);return await $s(a,[],t,n,r.date,void 0,void 0,void 0,i)}async function Ws(e,t,r=new Date,i=[],a){const n=T.hash.sha256,s=a.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,i[t],a)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=T.write(T.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===n,h=()=>{if(0===c.size)return n;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Te(e)-Te(t)))[0];return Te(e)>=Te(n)?e:n},l=new Set([T.publicKey.ecdsa,T.publicKey.eddsaLegacy,T.publicKey.ed25519,T.publicKey.ed448]),y=new Set([T.publicKey.pqc_mldsa_ed25519]);if(l.has(t.algorithm)){const e=function(e,t){switch(e){case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return Wr(t);case T.publicKey.ed25519:case T.publicKey.ed448:return yt(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(s),i=Te(s)>=Te(e);if(r&&i)return s;{const t=h();return Te(t)>=Te(e)?t:e}}if(y.has(t.algorithm)){if(u(s)&&Fi(t.algorithm,s))return s;{const e=h();return Fi(t.algorithm,e)?e:n}}return u(s)?s:h()}async function $s(e,t,r,i,a,n,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new rs;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await Ws(t,r,a,n,c),u.rawNotations=[...s],await u.sign(r,e,a,o,c),u}async function Qs(e,t,r,i=new Date,a){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||a&&!await a(e)||t[r].some((function(t){return F.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Xs(e,t,r,i,a,n,s=new Date,o){n=n||e;const c=[];return await Promise.all(i.map((async function(e){try{if(!a||e.issuerKeyID.equals(a.issuerKeyID)){const i=![T.reasonForRevocation.keyRetired,T.reasonForRevocation.keySuperseded,T.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(n,t,r,i?null:s,!1,o),c.push(e.issuerKeyID)}}catch(e){}}))),a?(a.revoked=!!c.some((e=>e.equals(a.issuerKeyID)))||(a.revoked||!1),a.revoked):c.length>0}function Ys(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function Zs(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=T.publicKey.pqc_mldsa_ed25519:e.algorithm=T.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=T.write(T.curve,e.curve)}catch(e){throw Error("Unknown curve")}e.curve!==T.curve.ed25519Legacy&&e.curve!==T.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?T.curve.ed25519Legacy:T.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===T.curve.ed25519Legacy?T.publicKey.eddsaLegacy:T.publicKey.ecdsa:e.algorithm=T.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?T.publicKey.ed25519:T.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?T.publicKey.ed448:T.publicKey.x448;break;case"rsa":e.algorithm=T.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=T.publicKey.hmac;try{e.symmetric=T.write(T.hash,e.symmetricHash)}catch(e){throw Error("Unknown hash algorithm")}}else{e.algorithm=T.publicKey.aead;try{e.symmetric=T.write(T.symmetric,e.symmetricCipher)}catch(e){throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function Js(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ed25519:case T.publicKey.ed448:case T.publicKey.hmac:case T.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData);default:return!1}}function eo(e,t,r){switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.aead:case T.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage);default:return!1}}function to(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaEncrypt:case T.publicKey.elgamal:case T.publicKey.ecdh:case T.publicKey.x25519:case T.publicKey.x448:case T.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&T.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&T.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&T.keyFlags.forwardedCommunication));default:return!1}}function ro(e,t){const r=T.write(T.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.rsaEncrypt:if(i.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:case T.publicKey.ecdh:if(t.rejectCurves.has(i.curve))throw Error(`Support for ${i.algorithm} keys using curve ${i.curve} is disabled.`)}}class io{constructor(e,t){this.userID=e.constructor.tag===T.packet.userID?e:null,this.userAttribute=e.constructor.tag===T.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new os;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new io(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i},n=new io(a.userID||a.userAttribute,this.mainKey);return n.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(i))throw Error("The user's own key can only be used for self-certifications");const n=await e.getSigningKey(void 0,t,void 0,r);return $s(a,[e],n.keyPacket,{signatureType:T.signature.certGeneric,keyFlags:[T.keyFlags.certifyKeys|T.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await n.update(this,t,r),n}async isRevoked(e,t,r=new Date,i=B){const a=this.mainKey.keyPacket;return Xs(a,T.signature.certRevocation,{key:a,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,i)}async verifyCertificate(e,t,r=new Date,i){const a=this,n=this.mainKey.keyPacket,s={userID:this.userID,userAttribute:this.userAttribute,key:n},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const n=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await a.isRevoked(e,n.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(n.keyPacket,T.signature.certGeneric,s,r,void 0,i)}catch(e){throw F.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,a=this.selfCertifications.concat(this.otherCertifications);return Promise.all(a.map((async a=>({keyID:a.issuerKeyID,valid:await i.verifyCertificate(a,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};let n;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const n=this.selfCertifications[s];if(n.revoked||await r.isRevoked(n,void 0,e,t))throw Error("Self-certification is revoked");try{await n.verify(i,T.signature.certGeneric,a,e,void 0,t)}catch(e){throw F.wrapError("Self-certification is invalid",e)}return!0}catch(e){n=e}throw n}async update(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};await Qs(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,T.signature.certGeneric,a,t,!1,r),!0}catch(e){return!1}})),await Qs(e,this,"otherCertifications",t),await Qs(e,this,"revocationSignatures",t,(function(e){return Xs(i,T.signature.certRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=B){const n={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new io(n.userID||n.userAttribute,this.mainKey);return s.revocationSignatures.push(await $s(n,[],e,{signatureType:T.signature.certRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}}class ao{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new os;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new ao(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=B){const a=this.mainKey.keyPacket;return Xs(a,T.signature.subkeyRevocation,{key:a,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=B){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},a=await Hs(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t);if(a.revoked||await this.isRevoked(a,null,e,t))throw Error("Subkey is revoked");if(Gs(this.keyPacket,a,e))throw Error("Subkey is expired");return a}async getExpirationTime(e=new Date,t=B){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let a;try{a=await Hs(this.bindingSignatures,r,T.signature.subkeyBinding,i,e,t)}catch(e){return null}const n=Ys(this.keyPacket,a),s=a.getExpirationTime();return n<s?n:s}async update(e,t=new Date,r=B){const i=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===T.packet.publicSubkey&&e.keyPacket.constructor.tag===T.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const a=this,n={key:i,bind:a.keyPacket};await Qs(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<a.bindingSignatures.length;t++)if(a.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>a.bindingSignatures[t].created&&(a.bindingSignatures[t]=e),!1;try{return await e.verify(i,T.signature.subkeyBinding,n,t,void 0,r),!0}catch(e){return!1}})),await Qs(e,this,"revocationSignatures",t,(function(e){return Xs(i,T.signature.subkeyRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=T.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=B){const n={key:e,bind:this.keyPacket},s=new ao(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await $s(n,[],e,{signatureType:T.signature.subkeyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{ao.prototype[e]=function(){return this.keyPacket[e]()}}));const no=/*#__PURE__*/F.constructAllowedPackets([rs]),so=new Set([T.packet.publicKey,T.packet.privateKey]),oo=new Set([T.packet.publicKey,T.packet.privateKey,T.packet.publicSubkey,T.packet.privateSubkey]);class co{packetListToStructure(e,t=new Set){let r,i,a,n;for(const s of e){if(s instanceof st){oo.has(s.tag)&&!n&&(n=so.has(s.tag)?so:oo);continue}const e=s.constructor.tag;if(n){if(!n.has(e))continue;n=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case T.packet.publicKey:case T.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case T.packet.userID:case T.packet.userAttribute:r=new io(s,this),this.users.push(r);break;case T.packet.publicSubkey:case T.packet.secretSubkey:r=null,a=new ao(s,this),this.subkeys.push(a);break;case T.packet.signature:switch(s.signatureType){case T.signature.certGeneric:case T.signature.certPersona:case T.signature.certCasual:case T.signature.certPositive:if(!r){F.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case T.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case T.signature.key:this.directSignatures.push(s);break;case T.signature.subkeyBinding:if(!a){F.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}a.bindingSignatures.push(s);break;case T.signature.keyRevocation:this.revocationSignatures.push(s);break;case T.signature.subkeyRevocation:if(!a){F.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}a.revocationSignatures.push(s)}}}}toPacketList(){const e=new os;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=B){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{ro(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Hs(r.bindingSignatures,a,T.signature.subkeyBinding,e,t,i);if(!Js(r.keyPacket,n,i))continue;if(!n.embeddedSignature)throw Error("Missing embedded signature");return await Hs([n.embeddedSignature],r.keyPacket,T.signature.keyBinding,e,t,i),ro(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&Js(a,n,i))return ro(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=B){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{ro(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Hs(r.bindingSignatures,a,T.signature.subkeyBinding,e,t,i);if(eo(r.keyPacket,n,i))return ro(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&eo(a,n,i))return ro(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=B){return Xs(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=B){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Gs(i,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==i.version){const t=await Hs(this.directSignatures,i,T.signature.key,{key:i},e,r).catch((()=>{}));if(t&&Gs(i,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=B){let r;try{const i=await this.getPrimarySelfSignature(null,e,t),a=Ys(this.keyPacket,i),n=i.getExpirationTime(),s=6!==this.keyPacket.version&&await Hs(this.directSignatures,this.keyPacket,T.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=Ys(this.keyPacket,s);r=Math.min(a,n,e)}else r=a<n?a:n}catch(e){r=null}return F.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=B){const i=this.keyPacket;if(6===i.version)return Hs(this.directSignatures,i,T.signature.key,{key:i},e,r);const{selfCertification:a}=await this.getPrimaryUser(e,t,r);return a}async getPrimaryUser(e=new Date,t={},r=B){const i=this.keyPacket,a=[];let n;for(let s=0;s<this.users.length;s++)try{const n=this.users[s];if(!n.userID)continue;if(void 0!==t.name&&n.userID.name!==t.name||void 0!==t.email&&n.userID.email!==t.email||void 0!==t.comment&&n.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:n.userID,key:i},c=await Hs(n.selfCertifications,i,T.signature.certGeneric,o,e,r);a.push({index:s,user:n,selfCertification:c})}catch(e){n=e}if(!a.length)throw n||Error("Could not find primary user");await Promise.all(a.map((async function(t){return t.selfCertification.revoked||t.user.isRevoked(t.selfCertification,null,e,r)})));const s=a.sort((function(e,t){const r=e.selfCertification,i=t.selfCertification;return i.revoked-r.revoked||r.isPrimaryUserID-i.isPrimaryUserID||r.created-i.created})).pop(),{user:o,selfCertification:c}=s;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return s}async update(e,t=new Date,r=B){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await Qs(e,i,"revocationSignatures",t,(a=>Xs(i.keyPacket,T.signature.keyRevocation,i,[a],null,e.keyPacket,t,r))),await Qs(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const a=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const a=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=B){const r={key:this.keyPacket},i=await Hs(this.revocationSignatures,this.keyPacket,T.signature.keyRevocation,r,e,t),a=new os;a.push(i);const n=6!==this.keyPacket.version;return Y(T.armor.publicKey,a.write(),null,null,"This is a revocation certificate",n,t)}async applyRevocationCertificate(e,t=new Date,r=B){const i=await X(e),a=(await os.fromBinary(i.data,no,r)).findPacket(T.packet.signature);if(!a||a.signatureType!==T.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!a.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await a.verify(this.keyPacket,T.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw F.wrapError("Could not verify revocation signature",e)}const n=this.clone();return n.revocationSignatures.push(a),n}async signPrimaryUser(e,t,r,i=B){const{index:a,user:n}=await this.getPrimaryUser(t,r,i),s=await n.certify(e,t,i),o=this.clone();return o.users[a]=s,o}async signAllUsers(e,t=new Date,r=B){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=B){const a=this.keyPacket,{user:n}=await this.getPrimaryUser(t,r,i);return e?await n.verifyAllCertifications(e,t,i):[{keyID:a.getKeyID(),valid:await n.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=B){const i=this.keyPacket,a=[];return await Promise.all(this.users.map((async n=>{const s=e?await n.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await n.verify(t,r).catch((()=>!1))}];a.push(...s.map((e=>({userID:n.userID?n.userID.userID:null,userAttribute:n.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),a}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{co.prototype[e]=ao.prototype[e]}));class uo extends co{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([T.packet.secretKey,T.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=B){const t=6!==this.keyPacket.version;return Y(T.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class ho extends uo{constructor(e){if(super(),this.packetListToStructure(e,new Set([T.packet.publicKey,T.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new os,t=this.toPacketList();let r=!1;for(const i of t)if(!r||i.constructor.tag!==T.packet.Signature)switch(r&&(r=!1),i.constructor.tag){case T.packet.secretKey:{if(i.algorithm===T.publicKey.aead||i.algorithm===T.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=Us.fromSecretKeyPacket(i);e.push(t);break}case T.packet.secretSubkey:{if(i.algorithm===T.publicKey.aead||i.algorithm===T.publicKey.hmac){r=!0;break}const t=Is.fromSecretSubkeyPacket(i);e.push(t);break}default:e.push(i)}return new uo(e)}armor(e=B){const t=6!==this.keyPacket.version;return Y(T.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},i=B){const a=this.keyPacket,n=[];let s=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){s=s||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:a,bind:this.subkeys[r].keyPacket},s=await Hs(this.subkeys[r].bindingSignatures,a,T.signature.subkeyBinding,e,t,i);to(this.subkeys[r].keyPacket,s,i)&&n.push(this.subkeys[r])}catch(e){s=e}}const o=await this.getPrimarySelfSignature(t,r,i);if(e&&!a.getKeyID().equals(e,!0)||!to(a,o,i)||(a.isDummy()?s=s||Error("Gnu-dummy key packets cannot be used for decryption"):n.push(this)),0===n.length)throw s||Error("No decryption key packets found");return n}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=B){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((async e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=T.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=B){if(!this.isPrivate())throw Error("Need private key for revoking");const a={key:this.keyPacket},n=this.clone();return n.revocationSignatures.push(await $s(a,[],this.keyPacket,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.write(T.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),n}async addSubkey(e={}){const t={...B,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const i=r.getAlgorithmInfo();i.type=function(e){switch(T.write(T.publicKey,e)){case T.publicKey.rsaEncrypt:case T.publicKey.rsaEncryptSign:case T.publicKey.rsaSign:case T.publicKey.dsa:return"rsa";case T.publicKey.ecdsa:case T.publicKey.eddsaLegacy:return"ecc";case T.publicKey.ed25519:return"curve25519";case T.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(i.algorithm),i.rsaBits=i.bits||4096,i.curve=i.curve||"curve25519Legacy",e=Zs(e,i);const a=await js(e,{...t,v6Keys:6===this.keyPacket.version});ro(a,t);const n=await Vs(a,r,e,t),s=this.toPacketList();return s.push(a,n),new ho(s)}}const lo=/*#__PURE__*/F.constructAllowedPackets([Us,Is,Bs,Ls,Fs,Ts,rs]);function yo(e){for(const t of e)switch(t.constructor.tag){case T.packet.secretKey:return new ho(e);case T.packet.publicKey:return new uo(e)}throw Error("No key packet found")}async function po(e,t,r,i){r.passphrase&&await e.encrypt(r.passphrase,i),await Promise.all(t.map((async function(e,t){const a=r.subkeys[t].passphrase;a&&await e.encrypt(a,i)})));const a=new os;function n(e,t){return[t,...e.filter((e=>e!==t))]}function s(){const t={};t.keyFlags=[T.keyFlags.certifyKeys|T.keyFlags.signData];const a=n([T.symmetric.aes256,T.symmetric.aes128],i.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=a,i.aeadProtect){const e=n([T.aead.gcm,T.aead.eax,T.aead.ocb],i.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>a.map((t=>[t,e]))))}return t.preferredHashAlgorithms=n([T.hash.sha512,T.hash.sha256,...6===e.version?[T.hash.sha3_512,T.hash.sha3_256]:[]],i.preferredHashAlgorithm),t.preferredCompressionAlgorithms=n([T.compression.uncompressed,T.compression.zlib,T.compression.zip],i.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=T.features.modificationDetection,i.aeadProtect&&(t.features[0]|=T.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(a.push(e),6===e.version){const t={key:e},n=s();n.signatureType=T.signature.key;const o=await $s(t,[],e,n,r.date,void 0,void 0,void 0,i);a.push(o)}await Promise.all(r.userIDs.map((async function(t,a){const n=Fs.fromObject(t),o={userID:n,key:e},c=6!==e.version?s():{};c.signatureType=T.signature.certPositive,0===a&&(c.isPrimaryUserID=!0);return{userIDPacket:n,signaturePacket:await $s(o,[],e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{a.push(e),a.push(t)}))})),await Promise.all(t.map((async function(t,a){const n=r.subkeys[a];return{secretSubkeyPacket:t,subkeySignaturePacket:await Vs(t,e,n,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{a.push(e),a.push(t)}))}));const o={key:e};return a.push(await $s(o,[],e,{signatureType:T.signature.keyRevocation,reasonForRevocationFlag:T.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),await Promise.all(t.map((async function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()}))),new ho(a)}async function go({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...B,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");n=r}else n=t;const s=await os.fromBinary(n,lo,r),o=s.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===o.length)throw Error("No key packet found");return yo(s.slice(o[0],o[1]))}async function mo({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...B,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");n=r}else n=t;const s=await os.fromBinary(n,lo,r),o=s.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e<o.length;e++){if(s[o[e]].constructor.tag===T.packet.publicKey)continue;const t=s.slice(o[e],o[e+1]);return new ho(t)}throw Error("No secret key packet found")}async function fo({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.publicKey&&t!==T.armor.privateKey)throw Error("Armored text not of type key");a=r}const s=[],o=await os.fromBinary(a,lo,r),c=o.indexOfTag(T.packet.publicKey,T.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=yo(o.slice(c[e],c[e+1]));s.push(t)}return s}async function wo({armoredKeys:e,binaryKeys:t,config:r}){r={...B,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await X(e);if(t!==T.armor.privateKey)throw Error("Armored text not of type private key");i=r}const a=[],n=await os.fromBinary(i,lo,r),s=n.indexOfTag(T.packet.publicKey,T.packet.secretKey);for(let e=0;e<s.length;e++){if(n[s[e]].constructor.tag===T.packet.publicKey)continue;const t=n.slice(s[e],s[e+1]),r=new ho(t);a.push(r)}if(0===a.length)throw Error("No secret key packet found");return a}const bo=/*#__PURE__*/F.constructAllowedPackets([Yn,ys,Ks,bs,xs,Es,Ps,ns,rs]),ko=/*#__PURE__*/F.constructAllowedPackets([Ps]),vo=/*#__PURE__*/F.constructAllowedPackets([rs]);class Ko{constructor(e){this.packets=e||new os}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(T.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(T.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,a=B){const n=this.packets.filterByTag(T.packet.symmetricallyEncryptedData,T.packet.symEncryptedIntegrityProtectedData,T.packet.aeadEncryptedData);if(0===n.length)throw Error("No encrypted data found");const s=n[0],o=s.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,i,a);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!F.isUint8Array(t)||!s.cipherAlgorithm&&!F.isString(e))throw Error("Invalid session key for decryption.");try{const r=s.cipherAlgorithm||T.write(T.symmetric,e);await s.decrypt(r,t,a)}catch(e){F.printDebugError(e),u=e}})));if(U(s.encrypted),s.encrypted=null,await h,!s.packets||!s.packets.length)throw u||Error("Decryption failed.");const l=new Ko(s.packets);return s.packets=new os,l}async decryptSessionKeys(e,t,r,i=new Date,a=B){let n,s=[];if(t){const e=this.packets.filterByTag(T.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await os.fromBinary(e.write(),ko,a):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t),s.push(e)}catch(e){F.printDebugError(e),e instanceof Wa&&(n=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(T.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,a)).map((e=>e.keyPacket))}catch(e){return void(n=e)}let c=[T.symmetric.aes256,T.symmetric.aes128,T.symmetric.tripledes,T.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(i,void 0,a);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch(e){}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(a.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===T.publicKey.rsaEncrypt||t.publicKeyAlgorithm===T.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===T.publicKey.rsaSign||t.publicKeyAlgorithm===T.publicKey.elgamal)){const i=t.write();await Promise.all((r?[r]:Array.from(a.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Es;r.read(i);const a={sessionKeyAlgorithm:t,sessionKey:ja(t)};try{await r.decrypt(e,a),s.push(r)}catch(e){F.printDebugError(e),n=e}})))}else try{await t.decrypt(e);const i=r||t.sessionKeyAlgorithm;if(i&&!c.includes(T.write(T.symmetric,i)))throw Error("A non-preferred symmetric algorithm was used.");s.push(t)}catch(e){F.printDebugError(e),n=e}})))}))),U(t.encrypted),t.encrypted=null})))}}if(s.length>0){if(s.length>1){const e=new Set;s=s.filter((t=>{const r=t.sessionKeyAlgorithm+F.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return s.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&T.read(T.symmetric,e.sessionKeyAlgorithm)})))}throw n||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(T.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=B){const{symmetricAlgo:a,aeadAlgo:n}=await async function(e=[],t=new Date,r=[],i=B){const a=await Promise.all(e.map(((e,a)=>e.getPrimarySelfSignature(t,r[a],i))));if(e.length?!i.ignoreSEIPDv2FeatureFlag&&a.every((e=>e.features&&e.features[0]&T.features.seipdv2)):i.aeadProtect){const e={symmetricAlgo:T.symmetric.aes128,aeadAlgo:T.aead.ocb},t=[{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:i.preferredAEADAlgorithm},{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:T.aead.ocb},{symmetricAlgo:T.symmetric.aes128,aeadAlgo:i.preferredAEADAlgorithm}];for(const e of t)if(a.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const n=T.symmetric.aes128,s=i.preferredSymmetricAlgorithm;return{symmetricAlgo:a.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(s)))?s:n,aeadAlgo:void 0}}(e,t,r,i),s=T.read(T.symmetric,a),o=n?T.read(T.aead,n):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===T.publicKey.x25519||e.keyPacket.algorithm===T.publicKey.x448)&&!o&&!F.isAES(a))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:ja(a),algorithm:s,aeadAlgorithm:o}}async encrypt(e,t,r,i=!1,a=[],n=new Date,s=[],o=B){if(r){if(!F.isUint8Array(r.data)||!F.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ko.generateSessionKey(e,n,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ko.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await Ko.encryptSessionKey(c,u,h,e,t,i,a,n,s,o),y=bs.fromObject({version:h?2:1,aeadAlgorithm:h?T.write(T.aead,h):null});y.packets=this.packets;const p=T.write(T.symmetric,u);return await y.encrypt(p,c,o),l.packets.push(y),y.packets=new os,l}static async encryptSessionKey(e,t,r,i,a,n=!1,s=[],o=new Date,c=[],u=B){const h=new os,l=T.write(T.symmetric,t),y=r&&T.write(T.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),a=Es.fromObject({version:y?6:3,encryptionKeyPacket:i.keyPacket,anonymousRecipient:n,sessionKey:e,sessionKeyAlgorithm:l});return await a.encrypt(i.keyPacket),delete a.sessionKey,a})));h.push(...t)}if(a){const t=async function(e,t){try{return await e.decrypt(t),1}catch(e){return 0}},r=(e,t)=>e+t,i=async function(e,n,s,o){const c=new Ps(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=n,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(a.map((e=>t(c,e))))).reduce(r))return i(e,n,o)}return delete c.sessionKey,c},n=await Promise.all(a.map((t=>i(e,l,y,t))));h.push(...n)}return new Ko(h)}async sign(e=[],t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=B){const u=new os,h=this.packets.findPacket(T.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await Ao(h,e,t,r,i,a,n,s,o,!1,c),y=l.map(((e,t)=>ns.fromSignaturePacket(e,0===t))).reverse();return u.push(...y),u.push(h),u.push(...l),new Ko(u)}compress(e,t=B){if(e===T.compression.uncompressed)return this;const r=new ys(t);r.algorithm=e,r.packets=this.packets;const i=new os;return i.push(r),new Ko(i)}async signDetached(e=[],t=[],r=null,i=[],a=[],n=new Date,s=[],o=[],c=B){const u=this.packets.findPacket(T.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new zs(await Ao(u,e,t,r,i,a,n,s,o,!0,c))}async verify(e,t=new Date,r=B){const i=this.unwrapCompressed(),a=i.packets.filterByTag(T.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");let s=i.packets;n(s.stream)&&(s=s.concat(await P(s.stream,(e=>e||[]))));const o=s.filterByTag(T.packet.onePassSignature).reverse(),c=s.filterByTag(T.packet.signature);return o.length&&!c.length&&F.isStream(s.stream)&&!n(s.stream)?(await Promise.all(o.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=D((async()=>(await e.correspondingSig).signatureData)),e.hashed=P(await e.hash(e.signatureType,a[0],void 0,!1)),e.hashed.catch((()=>{}))}))),s.stream=k(s.stream,(async(e,t)=>{const r=x(e),i=C(t);try{for(let e=0;e<o.length;e++){const{value:t}=await r.read();o[e].correspondingSigResolve(t)}await r.readToEnd(),await i.ready,await i.close()}catch(e){o.forEach((t=>{t.correspondingSigReject(e)})),await i.abort(e)}})),Eo(o,a,e,t,!1,r)):Eo(c,a,e,t,!1,r)}verifyDetached(e,t,r=new Date,i=B){const a=this.unwrapCompressed().packets.filterByTag(T.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");return Eo(e.packets.filterByTag(T.packet.signature),a,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(T.packet.compressedData);return e.length?new Ko(e[0].packets):this}async appendSignature(e,t=B){await this.packets.read(F.isUint8Array(e)?e:(await X(e)).data,vo,t)}write(){return this.packets.write()}armor(e=B){const t=this.packets[this.packets.length-1],r=t.constructor.tag===bs.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===rs.tag&&6!==e.version));return Y(T.armor.message,this.write(),null,null,null,r,e)}}async function Ao(e,t,r=[],i=null,a=[],n=new Date,s=[],o=[],c=[],u=!1,h=B){const l=new os,y=null===e.text?T.signature.binary:T.signature.text;if(await Promise.all(t.map((async(t,i)=>{const l=s[i];if(!t.isPrivate())throw Error("Need private key for signing");const p=await t.getSigningKey(a[i],n,l,h);return $s(e,r.length?r:[t],p.keyPacket,{signatureType:y},n,o,c,u,h)}))).then((e=>{l.push(...e)})),i){const e=i.packets.filterByTag(T.packet.signature);l.push(...e)}return l}async function Eo(e,t,r,i=new Date,a=!1,n=B){return Promise.all(e.filter((function(e){return["text","binary"].includes(T.read(T.signature,e.signatureType))})).map((async function(e){return async function(e,t,r,i=new Date,a=!1,n=B){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof ns?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,a,n);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,n)}catch(e){if(!n.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,n)}return!0})(),signature:(async()=>{const e=await c,t=new os;return e&&t.push(e),new zs(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,a,n)})))}async function So({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...B,...r};let a=e||t;if(!a)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const s=F.isStream(a);if(e){const{type:e,data:t}=await X(a);if(e!==T.armor.message)throw Error("Armored text not of type message");a=t}const o=await os.fromBinary(a,bo,r,new hs),c=new Ko(o);return c.fromStream=s,c}async function Po({text:e,binary:t,filename:r,date:i=new Date,format:a=(void 0!==e?"utf8":"binary"),...n}){const s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(n);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=F.isStream(s),u=new Yn(i);void 0!==e?u.setText(s,T.write(T.literal,a)):u.setBytes(s,T.write(T.literal,a)),void 0!==r&&u.setFilename(r);const h=new os;h.push(u);const l=new Ko(h);return l.fromStream=c,l}const Uo=/*#__PURE__*/F.constructAllowedPackets([rs]);class Do{constructor(e,t){if(this.text=F.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof zs))throw Error("Invalid signature input");this.signature=t||new zs(new os)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=B){const u=new Yn;u.setText(this.text);const h=new zs(await Ao(u,e,t,r,i,a,n,s,o,!0,c));return new Do(this.text,h)}verify(e,t=new Date,r=B){const i=this.signature.packets.filterByTag(T.packet.signature),a=new Yn;return a.setText(this.text),Eo(i,[a],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=B){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>T.read(T.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return Y(T.armor.signed,r,void 0,void 0,void 0,t,e)}}async function xo({cleartextMessage:e,config:t,...r}){if(t={...B,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!F.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const a=await X(e);if(a.type!==T.armor.signed)throw Error("No cleartext signed message.");const n=await os.fromBinary(a.data,Uo,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i<t.length;i++)if(t[i].constructor.tag===T.packet.signature&&!e.some(r(t[i])))return!1;return!0},i=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return T.write(T.hash,e.toLowerCase())}catch(t){throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));i.push(...e)}})),i.length&&!r(i))throw Error("Hash algorithm mismatch in armor header and signature")}(a.headers,n);const s=new zs(n);return new Do(a.text,s)}async function Co({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!F.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new Do(e)}async function Io({userIDs:e=[],passphrase:t,type:r,curve:i,rsaBits:a=4096,symmetricHash:n="sha256",symmetricCipher:s="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...y}){Wo(l={...B,...l}),r||i?(r=r||"ecc",i=i||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",i="curve25519Legacy"),e=$o(e);const p=Object.keys(y);if(p.length>0)throw Error("Unknown option: "+p.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&a<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${a}`);const d={userIDs:e,passphrase:t,type:r,rsaBits:a,curve:i,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:n,symmetricCipher:s};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=Zs(e)).subkeys=e.subkeys.map(((t,r)=>Zs(e.subkeys[r],e)));let r=[qs(e,t)];r=r.concat(e.subkeys.map((e=>js(e,t))));const i=await Promise.all(r),a=await po(i[0],i.slice(1),e,t),n=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:n}}(d,l);return e.getKeys().forEach((({keyPacket:e})=>ro(e,l))),{privateKey:Yo(e,h,l),publicKey:"symmetric"!==r?Yo(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw F.wrapError("Error generating keypair",e)}}async function To({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:a,format:n="armored",config:s,...o}){Wo(s={...B,...s}),t=$o(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:a};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,a={key:i,bind:r},n=await Hs(e.bindingSignatures,i,T.signature.subkeyBinding,a,null,t).catch((()=>({})));return{sign:n.keyFlags&&n.keyFlags[0]&T.keyFlags.signData,forwarding:n.keyFlags&&n.keyFlags[0]&T.keyFlags.forwardedCommunication}}))));const a=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==a.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const n=await po(i,a,e,t),s=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:Yo(e,n,s),publicKey:Yo(e.toPublic(),n,s),revocationCertificate:t}}catch(e){throw F.wrapError("Error reformatting keypair",e)}}async function Bo({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:a="armored",config:n,...s}){Wo(n={...B,...n});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,n):await e.revoke(r,i,n);return s.isPrivate()?{privateKey:Yo(s,a,n),publicKey:Yo(s.toPublic(),a,n)}:{privateKey:null,publicKey:Yo(s,a,n)}}catch(e){throw F.wrapError("Error revoking key",e)}}async function Mo({privateKey:e,passphrase:t,config:r,...i}){Wo(r={...B,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const n=e.clone(!0),s=F.isArray(t)?t:[t];try{return await Promise.all(n.getKeys().map((e=>F.anyPromise(s.map((t=>e.keyPacket.decrypt(t))))))),await n.validate(r),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error decrypting private key",e)}}async function Fo({privateKey:e,passphrase:t,config:r,...i}){Wo(r={...B,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const n=e.clone(!0),s=n.getKeys(),o=F.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error encrypting private key",e)}}async function Lo({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:a,format:n="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:p=[],config:d,...g}){if(Wo(d={...B,...d}),qo(e),Go(n),t=$o(t),r=$o(r),i=$o(i),c=$o(c),u=$o(u),l=$o(l),y=$o(y),p=$o(p),g.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(g.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(g.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==g.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const m=Object.keys(g);if(m.length>0)throw Error("Unknown option: "+m.join(", "));r||(r=[]);try{if((r.length||s)&&(e=await e.sign(r,t,s,c,h,l,u,p,d)),e=e.compress(await async function(e=[],t=new Date,r=[],i=B){const a=T.compression.uncompressed,n=i.preferredCompressionAlgorithm,s=await Promise.all(e.map((async function(e,a){const s=(await e.getPrimarySelfSignature(t,r[a],i)).preferredCompressionAlgorithms;return!!s&&s.indexOf(n)>=0})));return s.every(Boolean)?n:a}(t,h,y,d),d),e=await e.encrypt(t,i,a,o,u,h,y,d),"object"===n)return e;const g="armored"===n?e.armor(d):e.write();return await Qo(g)}catch(e){throw F.wrapError("Error encrypting message",e)}}async function _o({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:a,expectSigned:n=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if(Wo(u={...B,...u}),qo(e),a=$o(a),t=$o(t),r=$o(r),i=$o(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,i,c,u);a||(a=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,a,c,u):await h.verify(a,c,u),l.data="binary"===s?h.getLiteralData():h.getText(),l.filename=h.getFilename(),Xo(l,e,...new Set([h,h.unwrapCompressed()])),n){if(0===a.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=g([l.data,D((async()=>(await F.anyPromise(l.signatures.map((e=>e.verified))),"binary"===s?new Uint8Array:"")))])}return l.data=await Qo(l.data),l}catch(e){throw F.wrapError("Error decrypting message",e)}}async function No({message:e,signingKeys:t,recipientKeys:r=[],format:i="armored",detached:a=!1,signingKeyIDs:n=[],date:s=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if(Wo(h={...B,...h}),Ho(e),Go(i),t=$o(t),n=$o(n),o=$o(o),r=$o(r),c=$o(c),u=$o(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof Do&&"binary"===i)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof Do&&a)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=a?await e.signDetached(t,r,void 0,n,s,o,c,u,h):await e.sign(t,r,void 0,n,s,o,c,u,h),"object"===i)return l;return l="armored"===i?l.armor(h):l.write(),a&&(l=k(e.packets.write(),(async(e,t)=>{await Promise.all([m(l,t),P(e).catch((()=>{}))])}))),await Qo(l)}catch(e){throw F.wrapError("Error signing message",e)}}async function Ro({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:a=null,date:n=new Date,config:s,...o}){if(Wo(s={...B,...s}),Ho(e),t=$o(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof Do&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof Do&&a)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=a?await e.verifyDetached(a,t,n,s):await e.verify(t,n,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!a&&Xo(o,...new Set([e,e.unwrapCompressed()])),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=g([o.data,D((async()=>(await F.anyPromise(o.signatures.map((e=>e.verified))),"binary"===i?new Uint8Array:"")))])}return o.data=await Qo(o.data),o}catch(e){throw F.wrapError("Error verifying signed message",e)}}async function zo({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...a}){if(Wo(i={...B,...i}),e=$o(e),r=$o(r),a.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const n=Object.keys(a);if(n.length>0)throw Error("Unknown option: "+n.join(", "));try{return await Ko.generateSessionKey(e,t,r,i)}catch(e){throw F.wrapError("Error generating session key",e)}}async function Oo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:a,format:n="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if(Wo(h={...B,...h}),function(e){if(!F.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!F.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Go(n),i=$o(i),a=$o(a),o=$o(o),u=$o(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(i&&0!==i.length||a&&0!==a.length))throw Error("No encryption keys or passwords provided.");try{return Yo(await Ko.encryptSessionKey(e,t,r,i,a,s,o,c,u,h),n,h)}catch(e){throw F.wrapError("Error encrypting session key",e)}}async function jo({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:a,...n}){if(Wo(a={...B,...a}),qo(e),t=$o(t),r=$o(r),n.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,i,a)}catch(e){throw F.wrapError("Error decrypting session keys",e)}}function qo(e){if(!(e instanceof Ko))throw Error("Parameter [message] needs to be of type Message")}function Ho(e){if(!(e instanceof Do||e instanceof Ko))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Go(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Vo=Object.keys(B).length;function Wo(e){const t=Object.keys(e);if(t.length!==Vo)for(const e of t)if(void 0===B[e])throw Error("Unknown config property: "+e)}function $o(e){return e&&!F.isArray(e)&&(e=[e]),e}async function Qo(e){return"array"===F.isStream(e)?P(e):e}function Xo(e,t,...r){e.data=k(t.packets.stream,(async(t,i)=>{await m(e.data,i,{preventClose:!0});const a=C(i);try{await P(t,(e=>e)),await Promise.all(r.map((e=>P(e.packets.stream,(e=>e))))),await a.close()}catch(e){await a.abort(e)}}))}function Yo(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{Ks as AEADEncryptedDataPacket,Wa as Argon2OutOfMemoryError,Ya as Argon2S2K,Do as CleartextMessage,ys as CompressedDataPacket,cs as GrammarError,Ri as KDFParams,Yn as LiteralDataPacket,Cs as MarkerPacket,Ko as Message,ns as OnePassSignaturePacket,os as PacketList,Ns as PaddingPacket,ho as PrivateKey,uo as PublicKey,Es as PublicKeyEncryptedSessionKeyPacket,Us as PublicKeyPacket,Is as PublicSubkeyPacket,Bs as SecretKeyPacket,Ls as SecretSubkeyPacket,zs as Signature,rs as SignaturePacket,ao as Subkey,bs as SymEncryptedIntegrityProtectedDataPacket,Ps as SymEncryptedSessionKeyPacket,xs as SymmetricallyEncryptedDataPacket,_s as TrustPacket,st as UnparseablePacket,Ts as UserAttributePacket,Fs as UserIDPacket,Y as armor,B as config,Co as createCleartextMessage,Po as createMessage,_o as decrypt,Mo as decryptKey,jo as decryptSessionKeys,Lo as encrypt,Fo as encryptKey,Oo as encryptSessionKey,T as enums,Io as generateKey,zo as generateSessionKey,xo as readCleartextMessage,go as readKey,fo as readKeys,So as readMessage,mo as readPrivateKey,wo as readPrivateKeys,Os as readSignature,To as reformatKey,Bo as revokeKey,No as sign,X as unarmor,Ro as verify};
+/*! OpenPGP.js v6.3.0 - 2026-03-13 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+const e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},t=Symbol("doneWritingPromise"),r=Symbol("doneWritingResolve"),i=Symbol("doneWritingReject"),a=Symbol("readingIndex");class ArrayStream extends Array{constructor(){super(),Object.setPrototypeOf(this,ArrayStream.prototype),this[t]=new Promise(((e,t)=>{this[r]=e,this[i]=t})),this[t].catch((()=>{}))}}function n(e){return e&&e.getReader&&Array.isArray(e)}function s(e){if(!n(e)){const t=e.getWriter(),r=t.releaseLock;return t.releaseLock=()=>{t.closed.catch((function(){})),r.call(t)},t}this.stream=e}function o(t){if(n(t))return"array";if(e.ReadableStream&&e.ReadableStream.prototype.isPrototypeOf(t))return"web";if(t&&!(e.ReadableStream&&t instanceof e.ReadableStream)&&"function"==typeof t._read&&"object"==typeof t._readableState)throw Error("Native Node streams are no longer supported: please manually convert the stream to a WebStream, using e.g. `stream.Readable.toWeb`");return!(!t||!t.getReader)&&"web-like"}function c(e){return Uint8Array.prototype.isPrototypeOf(e)}function u(e){if(1===e.length)return e[0];let t=0;for(let r=0;r<e.length;r++){if(!c(e[r]))throw Error("concatUint8Array: Data must be in the form of a Uint8Array");t+=e[r].length}const r=new Uint8Array(t);let i=0;return e.forEach((function(e){r.set(e,i),i+=e.length})),r}ArrayStream.prototype.getReader=function(){return void 0===this[a]&&(this[a]=0),{read:async()=>(await this[t],this[a]===this.length?{value:void 0,done:!0}:{value:this[this[a]++],done:!1})}},ArrayStream.prototype.readToEnd=async function(e){await this[t];const r=e(this.slice(this[a]));return this.length=0,r},ArrayStream.prototype.clone=function(){const e=new ArrayStream;return e[t]=this[t].then((()=>{e.push(...this)})),e},s.prototype.write=async function(e){this.stream.push(e)},s.prototype.close=async function(){this.stream[r]()},s.prototype.abort=async function(e){return this.stream[i](e),e},s.prototype.releaseLock=function(){},"object"==typeof e.process&&e.process.versions;const h=new WeakSet,l=Symbol("externalBuffer");function y(e){if(this.stream=e,e[l]&&(this[l]=e[l].slice()),n(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{},void(this._cancel=()=>{})}if(o(e)){const t=e.getReader();return this._read=t.read.bind(t),this._releaseLock=()=>{t.closed.catch((function(){})),t.releaseLock()},void(this._cancel=t.cancel.bind(t))}let t=!1;this._read=async()=>t||h.has(e)?{value:void 0,done:!0}:(t=!0,{value:e,done:!1}),this._releaseLock=()=>{if(t)try{h.add(e)}catch(e){}}}function p(e){return o(e)?e:new ReadableStream({start(t){t.enqueue(e),t.close()}})}function d(e){const t=o(e);if(t){if("array"!==t)throw Error("Can't convert Stream to ArrayStream here, call `readToEnd` first");return e}const r=new ArrayStream;return(async()=>{const t=I(r);await t.write(e),await t.close()})(),r}function g(e){return e.some((e=>o(e)&&!n(e)))?function(e){e=e.map(p);const t=f((async function(e){await Promise.all(i.map((t=>D(t,e))))}));let r=Promise.resolve();const i=e.map(((i,a)=>v(i,((i,n)=>(r=r.then((()=>m(i,t.writable,{preventClose:a!==e.length-1}))),r)))));return t.readable}(e):e.some((e=>n(e)))?function(e){const t=new ArrayStream;let r=Promise.resolve();return e.forEach(((i,a)=>(r=r.then((()=>m(i,t,{preventClose:a!==e.length-1}))),r))),t}(e):"string"==typeof e[0]?e.join(""):u(e)}async function m(e,t,{preventClose:r=!1,preventAbort:i=!1,preventCancel:a=!1}={}){if(o(e)&&!n(e)&&!n(t)){e=p(e);try{if(e[l]){const r=I(t);for(let t=0;t<e[l].length;t++)await r.ready,await r.write(e[l][t]);r.releaseLock()}await e.pipeTo(t,{preventClose:r,preventAbort:i,preventCancel:a})}catch(e){}return}o(e)||(e=d(e));const s=C(e),c=I(t);try{for(;;){await c.ready;const{done:e,value:t}=await s.read();if(e){r||await c.close();break}await c.write(t)}}catch(e){i||await c.abort(e)}finally{s.releaseLock(),c.releaseLock()}}function f(e){let t,r,i,a=!1,n=!1;return{readable:new ReadableStream({start(e){i=e},pull(){t?t():a=!0},async cancel(t){n=!0,e&&await e(t),r&&r(t)}},{highWaterMark:0}),writable:new WritableStream({write:async function(e){if(n)throw Error("Stream is cancelled");i.enqueue(e),a?a=!1:(await new Promise(((e,i)=>{t=e,r=i})),t=null,r=null)},close:i.close.bind(i),abort:i.error.bind(i)})}}function w(e,t=()=>{},r=()=>{},i={highWaterMark:0}){if(o(e))return k(e,t,r,i);const a=t(e),n=r();return void 0!==a&&void 0!==n?g([a,n]):void 0!==a?a:n}async function b(e,t=async()=>{},r=async()=>{},i={highWaterMark:1}){if(o(e))return k(e,t,r,i);const a=await t(e),n=await r();return void 0!==a&&void 0!==n?g([a,n]):void 0!==a?a:n}function k(e,t,r,i){if(n(e)){const i=new ArrayStream;return(async()=>{const a=I(i);try{const i=await U(e),n=await t(i),s=await r();let o;o=void 0!==n&&void 0!==s?g([n,s]):void 0!==n?n:s,await a.write(o),await a.close()}catch(e){await a.abort(e)}})(),i}if(o(e)){let a,n=!1;return new ReadableStream({start(){a=e.getReader()},async pull(i){if(n)return i.close(),void e.releaseLock();try{for(;;){const{value:s,done:o}=await a.read();n=o;const c=await(o?r:t)(s);if(void 0!==c)return void i.enqueue(c);if(o)return i.close(),void e.releaseLock()}}catch(e){i.error(e)}},async cancel(e){await a.cancel(e)}},i)}throw Error("Unreachable")}function v(e,t){if(o(e)&&!n(e)){let r;const i=new TransformStream({start(e){r=e}}),a=m(e,i.writable),n=f((async function(e){r.error(e),await a,await new Promise((e=>setTimeout(e)))}));return t(i.readable,n.writable),n.readable}e=d(e);const r=new ArrayStream;return t(e,r),r}function K(e,t){let r;const i=v(e,((e,a)=>{const n=C(e);n.remainder=()=>(n.releaseLock(),m(e,a),i),r=t(n)}));return r}function A(e){if(n(e))return e.clone();if(o(e)){const t=function(e){if(n(e))throw Error("ArrayStream cannot be tee()d, use clone() instead");if(o(e)){const t=p(e).tee();return t[0][l]=t[1][l]=e[l],t}return[P(e),P(e)]}(e);return S(e,t[0]),t[1]}return P(e)}function E(e){return n(e)?A(e):o(e)?new ReadableStream({start(t){const r=v(e,(async(e,r)=>{const i=C(e),a=I(r);try{for(;;){await a.ready;const{done:e,value:r}=await i.read();if(e){try{t.close()}catch(e){}return void await a.close()}try{t.enqueue(r)}catch(e){}await a.write(r)}}catch(e){t.error(e),await a.abort(e)}}));S(e,r)}}):P(e)}function S(e,t){Object.entries(Object.getOwnPropertyDescriptors(e.constructor.prototype)).forEach((([r,i])=>{"constructor"!==r&&(i.value?i.value=i.value.bind(t):i.get=i.get.bind(t),Object.defineProperty(e,r,i))}))}function P(e,t=0,r=1/0){if(n(e))throw Error("Not implemented");if(o(e)){if(t>=0&&r>=0){let i,a=0;return new ReadableStream({start(){i=e.getReader()},async pull(n){try{for(;;){if(!(a<r))return n.close(),void e.releaseLock();{const{value:s,done:o}=await i.read();if(o)return n.close(),void e.releaseLock();let c;if(a+s.length>=t&&(c=P(s,Math.max(t-a,0),r-a)),a+=s.length,c)return void n.enqueue(c)}}}catch(e){n.error(e)}},async cancel(e){await i.cancel(e)}},{highWaterMark:0})}if(t<0&&(r<0||r===1/0)){let i=[];return w(e,(e=>{e.length>=-t?i=[e]:i.push(e)}),(()=>P(g(i),t,r)))}if(0===t&&r<0){let i;return w(e,(e=>{const a=i?g([i,e]):e;if(a.length>=-r)return i=P(a,r),P(a,t,r);i=a}))}return console.warn(`stream.slice(input, ${t}, ${r}) not implemented efficiently.`),x((async()=>P(await U(e),t,r)))}return e[l]&&(e=g(e[l].concat([e]))),c(e)?e.subarray(t,r===1/0?e.length:r):e.slice(t,r)}async function U(e,t=g){return n(e)?e.readToEnd(t):o(e)?C(e).readToEnd(t):e}async function D(e,t){if(o(e)){if(e.cancel){const r=await e.cancel(t);return await new Promise((e=>setTimeout(e))),r}if(e.destroy)return e.destroy(t),await new Promise((e=>setTimeout(e))),t}}function x(e){const t=new ArrayStream;return(async()=>{const r=I(t);try{await r.write(await e()),await r.close()}catch(e){await r.abort(e)}})(),t}function C(e){return new y(e)}function I(e){return new s(e)}y.prototype.read=async function(){if(this[l]&&this[l].length){return{done:!1,value:this[l].shift()}}return this._read()},y.prototype.releaseLock=function(){this[l]&&(this.stream[l]=this[l]),this._releaseLock()},y.prototype.cancel=function(e){return this._cancel(e)},y.prototype.readLine=async function(){let e,t=[];for(;!e;){let{done:r,value:i}=await this.read();if(i+="",r)return t.length?g(t):void 0;const a=i.indexOf("\n")+1;a&&(e=g(t.concat(i.substr(0,a))),t=[]),a!==i.length&&t.push(i.substr(a))}return this.unshift(...t),e},y.prototype.readByte=async function(){const{done:e,value:t}=await this.read();if(e)return;const r=t[0];return this.unshift(P(t,1)),r},y.prototype.readBytes=async function(e){const t=[];let r=0;for(;;){const{done:i,value:a}=await this.read();if(i)return t.length?g(t):void 0;if(t.push(a),r+=a.length,r>=e){const r=g(t);return this.unshift(P(r,e)),P(r,0,e)}}},y.prototype.peekBytes=async function(e){const t=await this.readBytes(e);return this.unshift(t),t},y.prototype.unshift=function(...e){this[l]||(this[l]=[]),1===e.length&&c(e[0])&&this[l].length&&e[0].length&&this[l][0].byteOffset>=e[0].length?this[l][0]=new Uint8Array(this[l][0].buffer,this[l][0].byteOffset-e[0].length,this[l][0].byteLength+e[0].length):this[l].unshift(...e.filter((e=>e&&e.length)))},y.prototype.readToEnd=async function(e=g){const t=[];for(;;){const{done:e,value:r}=await this.read();if(e)break;t.push(r)}return e(t)};const T=Symbol("byValue");var B={curve:{nistP256:"nistP256",p256:"nistP256",nistP384:"nistP384",p384:"nistP384",nistP521:"nistP521",p521:"nistP521",secp256k1:"secp256k1",ed25519Legacy:"ed25519Legacy",ed25519:"ed25519Legacy",curve25519Legacy:"curve25519Legacy",curve25519:"curve25519Legacy",brainpoolP256r1:"brainpoolP256r1",brainpoolP384r1:"brainpoolP384r1",brainpoolP512r1:"brainpoolP512r1"},kdfFlags:{replace_fingerprint:1,replace_kdf_params:2},s2k:{simple:0,salted:1,iterated:3,argon2:4,gnu:101},publicKey:{rsaEncryptSign:1,rsaEncrypt:2,rsaSign:3,elgamal:16,dsa:17,ecdh:18,ecdsa:19,eddsaLegacy:22,aedh:23,aedsa:24,x25519:25,x448:26,ed25519:27,ed448:28,pqc_mldsa_ed25519:30,pqc_mlkem_x25519:35,aead:100,hmac:101},symmetric:{idea:1,tripledes:2,cast5:3,blowfish:4,aes128:7,aes192:8,aes256:9,twofish:10},compression:{uncompressed:0,zip:1,zlib:2,bzip2:3},hash:{md5:1,sha1:2,ripemd:3,sha256:8,sha384:9,sha512:10,sha224:11,sha3_256:12,sha3_512:14},webHash:{"SHA-1":2,"SHA-256":8,"SHA-384":9,"SHA-512":10},aead:{eax:1,ocb:2,gcm:3,experimentalGCM:100},packet:{publicKeyEncryptedSessionKey:1,signature:2,symEncryptedSessionKey:3,onePassSignature:4,secretKey:5,publicKey:6,secretSubkey:7,compressedData:8,symmetricallyEncryptedData:9,marker:10,literalData:11,trust:12,userID:13,publicSubkey:14,userAttribute:17,symEncryptedIntegrityProtectedData:18,modificationDetectionCode:19,aeadEncryptedData:20,padding:21},literal:{binary:98,text:116,utf8:117,mime:109},signature:{binary:0,text:1,standalone:2,certGeneric:16,certPersona:17,certCasual:18,certPositive:19,certRevocation:48,subkeyBinding:24,keyBinding:25,key:31,keyRevocation:32,subkeyRevocation:40,timestamp:64,thirdParty:80},signatureSubpacket:{signatureCreationTime:2,signatureExpirationTime:3,exportableCertification:4,trustSignature:5,regularExpression:6,revocable:7,keyExpirationTime:9,placeholderBackwardsCompatibility:10,preferredSymmetricAlgorithms:11,revocationKey:12,issuerKeyID:16,notationData:20,preferredHashAlgorithms:21,preferredCompressionAlgorithms:22,keyServerPreferences:23,preferredKeyServer:24,primaryUserID:25,policyURI:26,keyFlags:27,signersUserID:28,reasonForRevocation:29,features:30,signatureTarget:31,embeddedSignature:32,issuerFingerprint:33,preferredAEADAlgorithms:34,preferredCipherSuites:39},keyFlags:{certifyKeys:1,signData:2,encryptCommunication:4,encryptStorage:8,splitPrivateKey:16,authentication:32,forwardedCommunication:64,sharedPrivateKey:128},armor:{multipartSection:0,multipartLast:1,signed:2,message:3,publicKey:4,privateKey:5,signature:6},reasonForRevocation:{noReason:0,keySuperseded:1,keyCompromised:2,keyRetired:3,userIDInvalid:32},features:{modificationDetection:1,aead:2,v5Keys:4,seipdv2:8},write:function(e,t){if("number"==typeof t&&(t=this.read(e,t)),void 0!==e[t])return e[t];throw Error("Invalid enum value.")},read:function(e,t){if(e[T]||(e[T]=[],Object.entries(e).forEach((([t,r])=>{e[T][r]=t}))),void 0!==e[T][t])return e[T][t];throw Error("Invalid enum value.")}},M={preferredHashAlgorithm:B.hash.sha512,preferredSymmetricAlgorithm:B.symmetric.aes256,preferredCompressionAlgorithm:B.compression.uncompressed,aeadProtect:!1,ignoreSEIPDv2FeatureFlag:!1,parseAEADEncryptedV4KeysAsLegacy:!1,preferredAEADAlgorithm:B.aead.gcm,aeadChunkSizeByte:12,v6Keys:!1,enableParsingV5Entities:!1,s2kType:B.s2k.iterated,s2kIterationCountByte:224,s2kArgon2Params:{passes:3,parallelism:4,memoryExponent:16},maxArgon2MemoryExponent:1/0,allowUnauthenticatedMessages:!1,allowUnauthenticatedStream:!1,allowForwardedMessages:!1,minRSABits:2047,passwordCollisionCheck:!1,allowInsecureDecryptionWithSigningKeys:!1,allowInsecureVerificationWithReformattedKeys:!1,allowMissingKeyFlags:!1,constantTimePKCS1Decryption:!1,constantTimePKCS1DecryptionSupportedSymmetricAlgorithms:new Set([B.symmetric.aes128,B.symmetric.aes192,B.symmetric.aes256]),ignoreUnsupportedPackets:!0,ignoreMalformedPackets:!1,enforceGrammar:!0,additionalAllowedPackets:[],showVersion:!1,showComment:!1,versionString:"OpenPGP.js 6.3.0",commentString:"https://openpgpjs.org",maxUserIDLength:5120,maxDecompressedMessageSize:1/0,knownNotations:[],nonDeterministicSignaturesViaNotation:!0,useEllipticFallback:!0,rejectHashAlgorithms:new Set([B.hash.md5,B.hash.ripemd]),rejectMessageHashAlgorithms:new Set([B.hash.md5,B.hash.ripemd,B.hash.sha1]),rejectPublicKeyAlgorithms:new Set([B.publicKey.elgamal,B.publicKey.dsa]),rejectCurves:new Set([B.curve.secp256k1])};const L=(()=>{try{return"development"===process.env.NODE_ENV}catch{}return!1})(),F={isString:function(e){return"string"==typeof e||e instanceof String},nodeRequire:()=>{},isArray:function(e){return e instanceof Array},isUint8Array:c,isStream:o,getNobleCurve:async(e,t)=>{if(!M.useEllipticFallback)throw Error("This curve is only supported in the full build of OpenPGP.js");const{nobleCurves:r}=await import("./noble_curves.min.mjs");switch(e){case B.publicKey.ecdh:case B.publicKey.ecdsa:{const e=r.get(t);if(!e)throw Error("Unsupported curve");return e}case B.publicKey.x448:return r.get("x448");case B.publicKey.ed448:return r.get("ed448");default:throw Error("Unsupported curve")}},readNumber:function(e){let t=0;for(let r=0;r<e.length;r++)t+=256**r*e[e.length-1-r];return t},writeNumber:function(e,t){const r=new Uint8Array(t);for(let i=0;i<t;i++)r[i]=e>>8*(t-i-1)&255;return r},readDate:function(e){const t=F.readNumber(e);return new Date(1e3*t)},writeDate:function(e){const t=Math.floor(e.getTime()/1e3);return F.writeNumber(t,4)},normalizeDate:function(e=Date.now()){return null===e||e===1/0?e:new Date(1e3*Math.floor(+e/1e3))},readMPI:function(e){const t=(e[0]<<8|e[1])+7>>>3;return F.readExactSubarray(e,2,2+t)},readExactSubarray:function(e,t,r){if(e.length<r-t)throw Error("Input array too short");return e.subarray(t,r)},leftPad(e,t){if(e.length>t)throw Error("Input array too long");const r=new Uint8Array(t),i=t-e.length;return r.set(e,i),r},uint8ArrayToMPI:function(e){const t=F.uint8ArrayBitLength(e);if(0===t)throw Error("Zero MPI");const r=e.subarray(e.length-Math.ceil(t/8)),i=new Uint8Array([(65280&t)>>8,255&t]);return F.concatUint8Array([i,r])},uint8ArrayBitLength:function(e){let t;for(t=0;t<e.length&&0===e[t];t++);if(t===e.length)return 0;const r=e.subarray(t);return 8*(r.length-1)+F.nbits(r[0])},hexToUint8Array:function(e){const t=new Uint8Array(e.length>>1);for(let r=0;r<e.length>>1;r++)t[r]=parseInt(e.substr(r<<1,2),16);return t},uint8ArrayToHex:function(e){const t="0123456789abcdef";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),r},stringToUint8Array:function(e){return w(e,(e=>{if(!F.isString(e))throw Error("stringToUint8Array: Data must be in the form of a string");const t=new Uint8Array(e.length);for(let r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}))},uint8ArrayToString:function(e){const t=[],r=16384,i=(e=new Uint8Array(e)).length;for(let a=0;a<i;a+=r)t.push(String.fromCharCode.apply(String,e.subarray(a,a+r<i?a+r:i)));return t.join("")},encodeUTF8:function(e){const t=new TextEncoder("utf-8");function r(e,r=!1){return t.encode(e,{stream:!r})}return w(e,r,(()=>r("",!0)))},decodeUTF8:function(e){const t=new TextDecoder("utf-8");function r(e,r=!1){return t.decode(e,{stream:!r})}return w(e,r,(()=>r(new Uint8Array,!0)))},concat:g,concatUint8Array:u,equalsUint8Array:function(e,t){if(!F.isUint8Array(e)||!F.isUint8Array(t))throw Error("Data must be in the form of a Uint8Array");if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0},findLastIndex:function(e,t){for(let r=e.length;r>=0;r--)if(t(e[r],r,e))return r;return-1},writeChecksum:function(e){let t=0;for(let r=0;r<e.length;r++)t=t+e[r]&65535;return F.writeNumber(t,2)},printDebug:function(e){L&&console.log("[OpenPGP.js debug]",e)},printDebugError:function(e){L&&console.error("[OpenPGP.js debug]",e)},nbits:function(e){let t=1,r=e>>>16;return 0!==r&&(e=r,t+=16),r=e>>8,0!==r&&(e=r,t+=8),r=e>>4,0!==r&&(e=r,t+=4),r=e>>2,0!==r&&(e=r,t+=2),r=e>>1,0!==r&&(e=r,t+=1),t},double:function(e){const t=new Uint8Array(e.length),r=e.length-1;for(let i=0;i<r;i++)t[i]=e[i]<<1^e[i+1]>>7;return t[r]=e[r]<<1^135*(e[0]>>7),t},shiftRight:function(e,t){if(t)for(let r=e.length-1;r>=0;r--)e[r]>>=t,r>0&&(e[r]|=e[r-1]<<8-t);return e},getWebCrypto:function(){const t=void 0!==e&&e.crypto&&e.crypto.subtle||this.getNodeCrypto()?.webcrypto.subtle;if(!t)throw Error("The WebCrypto API is not available");return t},getNodeCrypto:function(){return this.nodeRequire("crypto")},getNodeZlib:function(){return this.nodeRequire("zlib")},getNodeBuffer:function(){return(this.nodeRequire("buffer")||{}).Buffer},getHardwareConcurrency:function(){if("undefined"!=typeof navigator)return navigator.hardwareConcurrency||1;return this.nodeRequire("os").cpus().length},isEmailAddress:function(e){if(!F.isString(e))return!1;return/^[^\p{C}\p{Z}@<>\\]+@[^\p{C}\p{Z}@<>\\]+[^\p{C}\p{Z}\p{P}]$/u.test(e)},canonicalizeEOL:function(e){let t=!1;return w(e,(e=>{let r;t&&(e=F.concatUint8Array([new Uint8Array([13]),e])),13===e[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;const i=[];for(let t=0;r=e.indexOf(10,t)+1,r;t=r)13!==e[r-2]&&i.push(r);if(!i.length)return e;const a=new Uint8Array(e.length+i.length);let n=0;for(let t=0;t<i.length;t++){const r=e.subarray(i[t-1]||0,i[t]);a.set(r,n),n+=r.length,a[n-1]=13,a[n]=10,n++}return a.set(e.subarray(i[i.length-1]||0),n),a}),(()=>t?new Uint8Array([13]):void 0))},nativeEOL:function(e){let t=!1;return w(e,(e=>{let r;13===(e=t&&10!==e[0]?F.concatUint8Array([new Uint8Array([13]),e]):new Uint8Array(e))[e.length-1]?(t=!0,e=e.subarray(0,-1)):t=!1;let i=0;for(let t=0;t!==e.length;t=r){r=e.indexOf(13,t)+1,r||(r=e.length);const a=r-(10===e[r]?1:0);t&&e.copyWithin(i,t,a),i+=a-t}return e.subarray(0,i)}),(()=>t?new Uint8Array([13]):void 0))},removeTrailingSpaces:function(e){return e.split("\n").map((e=>{let t=e.length-1;for(;t>=0&&(" "===e[t]||"\t"===e[t]||"\r"===e[t]);t--);return e.substr(0,t+1)})).join("\n")},wrapError:function(e,t){if(!t)return e instanceof Error?e:Error(e);if(e instanceof Error){try{e.message+=": "+t.message,e.cause=t}catch{}return e}return Error(e+": "+t.message,{cause:t})},constructAllowedPackets:function(e){const t={};return e.forEach((e=>{if(!e.tag)throw Error("Invalid input: expected a packet class");t[e.tag]=e})),t},anyPromise:function(e){return new Promise(((t,r)=>{let i;Promise.all(e.map((async e=>{try{t(await e)}catch(e){i=e}}))).then((()=>{r(i)}))}))},selectUint8Array:function(e,t,r){const i=Math.max(t.length,r.length),a=new Uint8Array(i);let n=0;for(let i=0;i<a.length;i++)a[i]=t[i]&256-e|r[i]&255+e,n+=e&i<t.length|1-e&i<r.length;return a.subarray(0,n)},selectUint8:function(e,t,r){return t&256-e|r&255+e},isAES:function(e){return e===B.symmetric.aes128||e===B.symmetric.aes192||e===B.symmetric.aes256}},_=F.getNodeBuffer();let N,R;function z(e){let t=new Uint8Array;return w(e,(e=>{t=F.concatUint8Array([t,e]);const r=[],i=Math.floor(t.length/45),a=45*i,n=N(t.subarray(0,a));for(let e=0;e<i;e++)r.push(n.substr(60*e,60)),r.push("\n");return t=t.subarray(a),r.join("")}),(()=>t.length?N(t)+"\n":""))}function O(e){let t="";return w(e,(e=>{t+=e;let r=0;const i=[" ","\t","\r","\n"];for(let e=0;e<i.length;e++){const a=i[e];for(let e=t.indexOf(a);-1!==e;e=t.indexOf(a,e+1))r++}let a=t.length;for(;a>0&&(a-r)%4!=0;a--)i.includes(t[a])&&r--;const n=R(t.substr(0,a));return t=t.substr(a),n}),(()=>R(t)))}function j(e){return O(e.replace(/-/g,"+").replace(/_/g,"/"))}function q(e,t){let r=z(e).replace(/[\r\n]/g,"");return r=r.replace(/[+]/g,"-").replace(/[/]/g,"_").replace(/[=]/g,""),r}function H(e){const t=e.match(/^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$/m);if(!t)throw Error("Unknown ASCII armor type");return/MESSAGE, PART \d+\/\d+/.test(t[1])?B.armor.multipartSection:/MESSAGE, PART \d+/.test(t[1])?B.armor.multipartLast:/SIGNED MESSAGE/.test(t[1])?B.armor.signed:/MESSAGE/.test(t[1])?B.armor.message:/PUBLIC KEY BLOCK/.test(t[1])?B.armor.publicKey:/PRIVATE KEY BLOCK/.test(t[1])?B.armor.privateKey:/SIGNATURE/.test(t[1])?B.armor.signature:void 0}function G(e,t){let r="";return t.showVersion&&(r+="Version: "+t.versionString+"\n"),t.showComment&&(r+="Comment: "+t.commentString+"\n"),e&&(r+="Comment: "+e+"\n"),r+="\n",r}function V(e){const t=function(e){let t=13501623;return w(e,(e=>{const r=$?Math.floor(e.length/4):0,i=new Uint32Array(e.buffer,e.byteOffset,r);for(let e=0;e<r;e++)t^=i[e],t=W[0][t>>24&255]^W[1][t>>16&255]^W[2][t>>8&255]^W[3][255&t];for(let i=4*r;i<e.length;i++)t=t>>8^W[0][255&t^e[i]]}),(()=>new Uint8Array([t,t>>8,t>>16])))}(e);return z(t)}_?(N=e=>_.from(e).toString("base64"),R=e=>{const t=_.from(e,"base64");return new Uint8Array(t.buffer,t.byteOffset,t.byteLength)}):(N=e=>btoa(F.uint8ArrayToString(e)),R=e=>F.stringToUint8Array(atob(e)));const W=[Array(255),Array(255),Array(255),Array(255)];for(let e=0;e<=255;e++){let t=e<<16;for(let e=0;e<8;e++)t=t<<1^(8388608&t?8801531:0);W[0][e]=(16711680&t)>>16|65280&t|(255&t)<<16}for(let e=0;e<=255;e++)W[1][e]=W[0][e]>>8^W[0][255&W[0][e]];for(let e=0;e<=255;e++)W[2][e]=W[1][e]>>8^W[0][255&W[1][e]];for(let e=0;e<=255;e++)W[3][e]=W[2][e]>>8^W[0][255&W[2][e]];const $=function(){const e=new ArrayBuffer(2);return new DataView(e).setInt16(0,255,!0),255===new Int16Array(e)[0]}();function Q(e){for(let t=0;t<e.length;t++)/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(e[t])||F.printDebugError(Error("Improperly formatted armor header: "+e[t])),/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(e[t])||F.printDebugError(Error("Unknown header: "+e[t]))}function X(e){let t=e;const r=e.lastIndexOf("=");return r>=0&&r!==e.length-1&&(t=e.slice(0,r)),t}function Y(e){return new Promise(((t,r)=>{try{const i=/^-----[^-]+-----$/m,a=/^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*$/;let n;const s=[];let o,c,u=s,h=[];const l=O(v(e,(async(e,y)=>{const p=C(e);try{for(;;){let e=await p.readLine();if(void 0===e)throw Error("Misformed armored text");if(e=F.removeTrailingSpaces(e.replace(/[\r\n]/g,"")),n)if(o)c||n!==B.armor.signed||(i.test(e)?(h=h.join("\r\n"),c=!0,Q(u),u=[],o=!1):h.push(e.replace(/^- /,"")));else if(i.test(e)&&r(Error("Mandatory blank line missing between armor headers and armor data")),a.test(e)){if(Q(u),o=!0,c||n!==B.armor.signed){t({text:h,data:l,headers:s,type:n});break}}else u.push(e);else i.test(e)&&(n=H(e))}}catch(e){return void r(e)}const d=I(y);try{for(;;){await d.ready;const{done:e,value:t}=await p.read();if(e)throw Error("Misformed armored text");const r=t+"";if(-1!==r.indexOf("=")||-1!==r.indexOf("-")){let e=await p.readToEnd();e.length||(e=""),e=r+e,e=F.removeTrailingSpaces(e.replace(/\r/g,""));const t=e.split(i);if(1===t.length)throw Error("Misformed armored text");const a=X(t[0].slice(0,-1));await d.write(a);break}await d.write(r)}await d.ready,await d.close()}catch(e){await d.abort(e)}})))}catch(e){r(e)}})).then((async e=>(n(e.data)&&(e.data=await U(e.data)),e)))}function Z(e,t,r,i,a,n=!1,s=M){let o,c;e===B.armor.signed&&(o=t.text,c=t.hash,t=t.data);const u=n&&E(t),h=[];switch(e){case B.armor.multipartSection:h.push("-----BEGIN PGP MESSAGE, PART "+r+"/"+i+"-----\n"),h.push(G(a,s)),h.push(z(t)),u&&h.push("=",V(u)),h.push("-----END PGP MESSAGE, PART "+r+"/"+i+"-----\n");break;case B.armor.multipartLast:h.push("-----BEGIN PGP MESSAGE, PART "+r+"-----\n"),h.push(G(a,s)),h.push(z(t)),u&&h.push("=",V(u)),h.push("-----END PGP MESSAGE, PART "+r+"-----\n");break;case B.armor.signed:h.push("-----BEGIN PGP SIGNED MESSAGE-----\n"),h.push(c?`Hash: ${c}\n\n`:"\n"),h.push(o.replace(/^-/gm,"- -")),h.push("\n-----BEGIN PGP SIGNATURE-----\n"),h.push(G(a,s)),h.push(z(t)),u&&h.push("=",V(u)),h.push("-----END PGP SIGNATURE-----\n");break;case B.armor.message:h.push("-----BEGIN PGP MESSAGE-----\n"),h.push(G(a,s)),h.push(z(t)),u&&h.push("=",V(u)),h.push("-----END PGP MESSAGE-----\n");break;case B.armor.publicKey:h.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\n"),h.push(G(a,s)),h.push(z(t)),u&&h.push("=",V(u)),h.push("-----END PGP PUBLIC KEY BLOCK-----\n");break;case B.armor.privateKey:h.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\n"),h.push(G(a,s)),h.push(z(t)),u&&h.push("=",V(u)),h.push("-----END PGP PRIVATE KEY BLOCK-----\n");break;case B.armor.signature:h.push("-----BEGIN PGP SIGNATURE-----\n"),h.push(G(a,s)),h.push(z(t)),u&&h.push("=",V(u)),h.push("-----END PGP SIGNATURE-----\n")}return F.concat(h)}const J=BigInt(0),ee=BigInt(1);function te(e){const t="0123456789ABCDEF";let r="";return e.forEach((e=>{r+=t[e>>4]+t[15&e]})),BigInt("0x0"+r)}function re(e,t){const r=e%t;return r<J?r+t:r}function ie(e,t,r){if(r===J)throw Error("Modulo cannot be zero");if(r===ee)return BigInt(0);if(t<J)throw Error("Unsopported negative exponent");let i=t,a=e;a%=r;let n=BigInt(1);for(;i>J;){const e=i&ee;i>>=ee;n=e?n*a%r:n,a=a*a%r}return n}function ae(e){return e>=J?e:-e}function ne(e,t){const{gcd:r,x:i}=function(e,t){let r=BigInt(0),i=BigInt(1),a=BigInt(1),n=BigInt(0),s=ae(e),o=ae(t);const c=e<J,u=t<J;for(;o!==J;){const e=s/o;let t=r;r=a-e*r,a=t,t=i,i=n-e*i,n=t,t=o,o=s%o,s=t}return{x:c?-a:a,y:u?-n:n,gcd:s}}(e,t);if(r!==ee)throw Error("Inverse does not exist");return re(i+t,t)}function se(e){const t=Number(e);if(t>Number.MAX_SAFE_INTEGER)throw Error("Number can only safely store up to 53 bits");return t}function oe(e,t){return(e>>BigInt(t)&ee)===J?0:1}function ce(e){const t=e<J?BigInt(-1):J;let r=1,i=e;for(;(i>>=ee)!==t;)r++;return r}function ue(e){const t=e<J?BigInt(-1):J,r=BigInt(8);let i=1,a=e;for(;(a>>=r)!==t;)i++;return i}function he(e,t="be",r){let i=e.toString(16);i.length%2==1&&(i="0"+i);const a=i.length/2,n=new Uint8Array(r||a),s=r?r-a:0;let o=0;for(;o<a;)n[o+s]=parseInt(i.slice(2*o,2*o+2),16),o++;return"be"!==t&&n.reverse(),n}const le=F.getNodeCrypto();function ye(e){const t="undefined"!=typeof crypto?crypto:le?.webcrypto;if(t?.getRandomValues){const r=new Uint8Array(e);return t.getRandomValues(r)}throw Error("No secure random number generator available.")}function pe(e,t){if(t<e)throw Error("Illegal parameter value: max <= min");const r=t-e;return re(te(ye(ue(r)+8)),r)+e}const de=BigInt(1);function ge(e,t,r){const i=BigInt(30),a=de<<BigInt(e-1),n=[1,6,5,4,3,2,1,4,3,2,1,2,1,4,3,2,1,2,1,4,3,2,1,6,5,4,3,2,1,2];let s=pe(a,a<<de),o=se(re(s,i));do{s+=BigInt(n[o]),o=(o+n[o])%n.length,ce(s)>e&&(s=re(s,a<<de),s+=a,o=se(re(s,i)))}while(!me(s,t,r));return s}function me(e,t,r){return(!t||function(e,t){let r=e,i=t;for(;i!==J;){const e=i;i=r%i,r=e}return r}(e-de,t)===de)&&(!!function(e){const t=BigInt(0);return fe.every((r=>re(e,r)!==t))}(e)&&(!!function(e,t=BigInt(2)){return ie(t,e-de,e)===de}(e)&&!!function(e,t){const r=ce(e);t||(t=Math.max(1,r/48|0));const i=e-de;let a=0;for(;!oe(i,a);)a++;const n=e>>BigInt(a);for(;t>0;t--){let t,r=ie(pe(BigInt(2),i),n,e);if(r!==de&&r!==i){for(t=1;t<a;t++){if(r=re(r*r,e),r===de)return!1;if(r===i)break}if(t===a)return!1}}return!0}(e,r)))}const fe=[7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997,1009,1013,1019,1021,1031,1033,1039,1049,1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163,1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283,1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423,1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511,1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619,1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747,1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877,1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003,2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129,2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267,2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377,2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503,2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657,2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741,2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861,2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011,3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167,3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301,3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413,3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541,3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671,3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797,3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923,3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057,4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211,4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337,4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481,4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621,4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751,4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909,4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999].map((e=>BigInt(e)));const we=F.getWebCrypto(),be=F.getNodeCrypto(),ke=be&&be.getHashes();function ve(e){if(be&&ke.includes(e))return async function(t){const r=be.createHash(e);return w(t,(e=>{r.update(e)}),(()=>new Uint8Array(r.digest())))}}function Ke(e,t){const r=async()=>{const{nobleHashes:t}=await import("./noble_hashes.min.mjs"),r=t.get(e);if(!r)throw Error("Unsupported hash");return r};return async function(e){if(n(e)&&(e=await U(e)),F.isStream(e)){const t=(await r()).create();return w(e,(e=>{t.update(e)}),(()=>t.digest()))}if(we&&t)return new Uint8Array(await we.digest(t,e));return(await r())(e)}}const Ae=ve("md5")||Ke("md5"),Ee=ve("sha1")||Ke("sha1","SHA-1"),Se=ve("sha224")||Ke("sha224"),Pe=ve("sha256")||Ke("sha256","SHA-256"),Ue=ve("sha384")||Ke("sha384","SHA-384"),De=ve("sha512")||Ke("sha512","SHA-512"),xe=ve("ripemd160")||Ke("ripemd160"),Ce=ve("sha3-256")||Ke("sha3_256"),Ie=ve("sha3-512")||Ke("sha3_512");function Te(e,t){switch(e){case B.hash.md5:return Ae(t);case B.hash.sha1:return Ee(t);case B.hash.ripemd:return xe(t);case B.hash.sha256:return Pe(t);case B.hash.sha384:return Ue(t);case B.hash.sha512:return De(t);case B.hash.sha224:return Se(t);case B.hash.sha3_256:return Ce(t);case B.hash.sha3_512:return Ie(t);default:throw Error("Unsupported hash function")}}function Be(e){switch(e){case B.hash.md5:return 16;case B.hash.sha1:case B.hash.ripemd:return 20;case B.hash.sha256:return 32;case B.hash.sha384:return 48;case B.hash.sha512:return 64;case B.hash.sha224:return 28;case B.hash.sha3_256:return 32;case B.hash.sha3_512:return 64;default:throw Error("Invalid hash algorithm.")}}const Me=[];function Le(e,t){const r=e.length;if(r>t-11)throw Error("Message too long");const i=function(e){const t=new Uint8Array(e);let r=0;for(;r<e;){const i=ye(e-r);for(let e=0;e<i.length;e++)0!==i[e]&&(t[r++]=i[e])}return t}(t-r-3),a=new Uint8Array(t);return a[1]=2,a.set(i,2),a.set(e,t-r),a}function Fe(e,t){let r=2,i=1;for(let t=r;t<e.length;t++)i&=0!==e[t],r+=i;const a=r-2,n=e.subarray(r+1),s=0===e[0]&2===e[1]&a>=8&!i;if(t)return F.selectUint8Array(s,n,t);if(s)return n;throw Error("Decryption error")}function _e(e,t,r){let i;if(t.length!==Be(e))throw Error("Invalid hash length");const a=new Uint8Array(Me[e].length);for(i=0;i<Me[e].length;i++)a[i]=Me[e][i];const n=a.length+t.length;if(r<n+11)throw Error("Intended encoded message length too short");const s=new Uint8Array(r-n-3).fill(255),o=new Uint8Array(r);return o[1]=1,o.set(s,2),o.set(a,r-n),o.set(t,r-t.length),o}Me[1]=[48,32,48,12,6,8,42,134,72,134,247,13,2,5,5,0,4,16],Me[2]=[48,33,48,9,6,5,43,14,3,2,26,5,0,4,20],Me[3]=[48,33,48,9,6,5,43,36,3,2,1,5,0,4,20],Me[8]=[48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32],Me[9]=[48,65,48,13,6,9,96,134,72,1,101,3,4,2,2,5,0,4,48],Me[10]=[48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64],Me[11]=[48,45,48,13,6,9,96,134,72,1,101,3,4,2,4,5,0,4,28];const Ne=F.getWebCrypto(),Re=F.getNodeCrypto(),ze=BigInt(1);async function Oe(e,t,r,i,a,n,s,o,c){if(Be(e)>=r.length)throw Error("Digest size cannot exceed key modulus size");if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a,n,s,o){const c=Ge(r,i,a,n,s,o),u={name:"RSASSA-PKCS1-v1_5",hash:{name:e}},h=await Ne.importKey("jwk",c,u,!1,["sign"]);return new Uint8Array(await Ne.sign("RSASSA-PKCS1-v1_5",h,t))}(B.read(B.webHash,e),t,r,i,a,n,s,o)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return function(e,t,r,i,a,n,s,o){const c=Re.createSign(B.read(B.hash,e));c.write(t),c.end();const u=Ge(r,i,a,n,s,o);return new Uint8Array(c.sign({key:u,format:"jwk",type:"pkcs1"}))}(e,t,r,i,a,n,s,o);return function(e,t,r,i){t=te(t);const a=te(_e(e,i,ue(t)));return r=te(r),he(ie(a,r,t),"be",ue(t))}(e,r,a,c)}async function je(e,t,r,i,a,n){if(t&&!F.isStream(t))if(F.getWebCrypto())try{return await async function(e,t,r,i,a){const n=Ve(i,a),s=await Ne.importKey("jwk",n,{name:"RSASSA-PKCS1-v1_5",hash:{name:e}},!1,["verify"]);return Ne.verify("RSASSA-PKCS1-v1_5",s,r,t)}(B.read(B.webHash,e),t,r,i,a)}catch(e){F.printDebugError(e)}else if(F.getNodeCrypto())return function(e,t,r,i,a){const n=Ve(i,a),s={key:n,format:"jwk",type:"pkcs1"},o=Re.createVerify(B.read(B.hash,e));o.write(t),o.end();try{return o.verify(s,r)}catch{return!1}}(e,t,r,i,a);return function(e,t,r,i,a){if(r=te(r),t=te(t),i=te(i),t>=r)throw Error("Signature size cannot exceed modulus size");const n=he(ie(t,i,r),"be",ue(r)),s=_e(e,a,ue(r));return F.equalsUint8Array(n,s)}(e,r,i,a,n)}async function qe(e,t,r){return F.getNodeCrypto()?function(e,t,r){const i=Ve(t,r),a={key:i,format:"jwk",type:"pkcs1",padding:Re.constants.RSA_PKCS1_PADDING};return new Uint8Array(Re.publicEncrypt(a,e))}(e,t,r):function(e,t,r){if(t=te(t),e=te(Le(e,ue(t))),r=te(r),e>=t)throw Error("Message size cannot exceed modulus size");return he(ie(e,r,t),"be",ue(t))}(e,t,r)}async function He(e,t,r,i,a,n,s,o){if(F.getNodeCrypto()&&!o)try{return function(e,t,r,i,a,n,s){const o=Ge(t,r,i,a,n,s),c={key:o,format:"jwk",type:"pkcs1",padding:Re.constants.RSA_PKCS1_PADDING};try{return new Uint8Array(Re.privateDecrypt(c,e))}catch{throw Error("Decryption error")}}(e,t,r,i,a,n,s)}catch(e){F.printDebugError(e)}return function(e,t,r,i,a,n,s,o){if(e=te(e),t=te(t),r=te(r),i=te(i),a=te(a),n=te(n),s=te(s),e>=t)throw Error("Data too large.");const c=re(i,n-ze),u=re(i,a-ze),h=pe(BigInt(2),t),l=ie(ne(h,t),r,t);e=re(e*l,t);const y=ie(e,u,a),p=ie(e,c,n),d=re(s*(p-y),n);let g=d*a+y;return g=re(g*h,t),Fe(he(g,"be",ue(t)),o)}(e,t,r,i,a,n,s,o)}function Ge(e,t,r,i,a,n){const s=te(i),o=te(a),c=te(r);let u=re(c,o-ze),h=re(c,s-ze);return h=he(h),u=he(u),{kty:"RSA",n:q(e),e:q(t),d:q(r),p:q(a),q:q(i),dp:q(u),dq:q(h),qi:q(n),ext:!0}}function Ve(e,t){return{kty:"RSA",n:q(e),e:q(t),ext:!0}}function We(e,t){return{n:j(e.n),e:he(t),d:j(e.d),p:j(e.q),q:j(e.p),u:j(e.qi)}}const $e=BigInt(1);const Qe={"2a8648ce3d030107":B.curve.nistP256,"2b81040022":B.curve.nistP384,"2b81040023":B.curve.nistP521,"2b8104000a":B.curve.secp256k1,"2b06010401da470f01":B.curve.ed25519Legacy,"2b060104019755010501":B.curve.curve25519Legacy,"2b2403030208010107":B.curve.brainpoolP256r1,"2b240303020801010b":B.curve.brainpoolP384r1,"2b240303020801010d":B.curve.brainpoolP512r1};class Xe{constructor(e){if(e instanceof Xe)this.oid=e.oid;else if(F.isArray(e)||F.isUint8Array(e)){if(6===(e=new Uint8Array(e))[0]){if(e[1]!==e.length-2)throw Error("Length mismatch in DER encoded oid");e=e.subarray(2)}this.oid=e}else this.oid=""}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.oid=e.subarray(1,1+t),1+this.oid.length}throw Error("Invalid oid")}write(){return F.concatUint8Array([new Uint8Array([this.oid.length]),this.oid])}toHex(){return F.uint8ArrayToHex(this.oid)}getName(){const e=Qe[this.toHex()];if(!e)throw Error("Unknown curve object identifier.");return e}}function Ye(e){let t,r=0;const i=e[0];return i<192?([r]=e,t=1):i<255?(r=(e[0]-192<<8)+e[1]+192,t=2):255===i&&(r=F.readNumber(e.subarray(1,5)),t=5),{len:r,offset:t}}function Ze(e){return e<192?new Uint8Array([e]):e>191&&e<8384?new Uint8Array([192+(e-192>>8),e-192&255]):F.concatUint8Array([new Uint8Array([255]),F.writeNumber(e,4)])}function Je(e){if(e<0||e>30)throw Error("Partial Length power must be between 1 and 30");return new Uint8Array([224+e])}function et(e){return new Uint8Array([192|e])}function tt(e,t){return F.concatUint8Array([et(e),Ze(t)])}function rt(e){return[B.packet.literalData,B.packet.compressedData,B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData,B.packet.aeadEncryptedData].includes(e)}async function it(e,t,r){let i,a;try{const n=await e.peekBytes(2);if(!n||n.length<2||!(128&n[0]))throw Error("Error during parsing. This message / key probably does not conform to a valid OpenPGP format.");const s=await e.readByte();let o,c,u=-1,h=-1;h=0,64&s&&(h=1),h?u=63&s:(u=(63&s)>>2,c=3&s);const l=rt(u);let y,p=null;if(t&&l){if("array"===t){const e=new ArrayStream;i=I(e),p=e}else{const e=new TransformStream;i=I(e.writable),p=e.readable}a=r({tag:u,packet:p})}else p=[];do{if(h){const t=await e.readByte();if(y=!1,t<192)o=t;else if(t>=192&&t<224)o=(t-192<<8)+await e.readByte()+192;else if(t>223&&t<255){if(o=1<<(31&t),y=!0,!l)throw new TypeError("This packet type does not support partial lengths.")}else o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte()}else switch(c){case 0:o=await e.readByte();break;case 1:o=await e.readByte()<<8|await e.readByte();break;case 2:o=await e.readByte()<<24|await e.readByte()<<16|await e.readByte()<<8|await e.readByte();break;default:o=1/0}if(o>0){let t=0;for(;;){i&&await i.ready;const{done:r,value:a}=await e.read();if(r){if(o===1/0)break;throw Error("Unexpected end of packet")}const n=o===1/0?a:a.subarray(0,o-t);if(i?await i.write(n):p.push(n),t+=a.length,t>=o){e.unshift(a.subarray(o-t+a.length));break}}}}while(y);i?(await i.ready,await i.close()):(p=F.concatUint8Array(p),await r({tag:u,packet:p}))}catch(e){if(i)return await i.abort(e),!0;throw e}finally{i&&await a}}class at extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,at),this.name="UnsupportedError"}}class nt extends at{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,at),this.name="UnknownPacketError"}}class st extends at{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,at),this.name="MalformedPacketError"}}class ot{constructor(e,t){this.tag=e,this.rawContent=t}write(){return this.rawContent}}async function ct(e){switch(e){case B.publicKey.ed25519:try{const e=F.getWebCrypto(),t=await e.generateKey("Ed25519",!0,["sign","verify"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);return{A:new Uint8Array(j(i.x)),seed:j(r.d)}}catch(t){if("NotSupportedError"!==t.name)throw t;const{default:r}=await import("./nacl-fast.min.mjs"),i=ye(yt(e)),{publicKey:a}=r.sign.keyPair.fromSeed(i);return{A:a,seed:i}}case B.publicKey.ed448:{const e=await F.getNobleCurve(B.publicKey.ed448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,seed:t}}default:throw Error("Unsupported EdDSA algorithm")}}async function ut(e,t,r,i,a,n){switch(e){case B.publicKey.ed25519:try{const t=F.getWebCrypto(),r=gt(e,i,a),s=await t.importKey("jwk",r,"Ed25519",!1,["sign"]);return{RS:new Uint8Array(await t.sign("Ed25519",s,n))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),r=F.concatUint8Array([a,i]);return{RS:t.sign.detached(n,r)}}case B.publicKey.ed448:return{RS:(await F.getNobleCurve(B.publicKey.ed448)).sign(n,a)};default:throw Error("Unsupported EdDSA algorithm")}}async function ht(e,t,{RS:r},i,a,n){switch(e){case B.publicKey.ed25519:try{const t=F.getWebCrypto(),i=dt(e,a),s=await t.importKey("jwk",i,"Ed25519",!1,["verify"]);return await t.verify("Ed25519",s,r,n)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs");return t.sign.detached.verify(n,r,a)}case B.publicKey.ed448:return(await F.getNobleCurve(B.publicKey.ed448)).verify(r,n,a);default:throw Error("Unsupported EdDSA algorithm")}}async function lt(e,t,r){switch(e){case B.publicKey.ed25519:try{const i=F.getWebCrypto(),a=gt(e,t,r),n=dt(e,t),s=await i.importKey("jwk",a,"Ed25519",!1,["sign"]),o=await i.importKey("jwk",n,"Ed25519",!1,["verify"]),c=ye(8),u=new Uint8Array(await i.sign("Ed25519",s,c));return await i.verify("Ed25519",o,u,c)}catch(e){if("NotSupportedError"!==e.name)return!1;const{default:i}=await import("./nacl-fast.min.mjs"),{publicKey:a}=i.sign.keyPair.fromSeed(r);return F.equalsUint8Array(t,a)}case B.publicKey.ed448:{const e=(await F.getNobleCurve(B.publicKey.ed448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}function yt(e){switch(e){case B.publicKey.ed25519:return 32;case B.publicKey.ed448:return 57;default:throw Error("Unsupported EdDSA algorithm")}}function pt(e){switch(e){case B.publicKey.ed25519:return B.hash.sha256;case B.publicKey.ed448:return B.hash.sha512;default:throw Error("Unknown EdDSA algo")}}const dt=(e,t)=>{if(e===B.publicKey.ed25519){return{kty:"OKP",crv:"Ed25519",x:q(t),ext:!0}}throw Error("Unsupported EdDSA algorithm")},gt=(e,t,r)=>{if(e===B.publicKey.ed25519){const i=dt(e,t);return i.d=q(r),i}throw Error("Unsupported EdDSA algorithm")};var mt=/*#__PURE__*/Object.freeze({__proto__:null,generate:ct,getPayloadSize:yt,getPreferredHashAlgo:pt,sign:ut,validateParams:lt,verify:ht});
+/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */function ft(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&"Uint8Array"===e.constructor.name}function wt(e,...t){if(!ft(e))throw Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw Error("Uint8Array expected of length "+t+", got length="+e.length)}function bt(e,t=!0){if(e.destroyed)throw Error("Hash instance has been destroyed");if(t&&e.finished)throw Error("Hash#digest() has already been called")}function kt(e,t){wt(e);const r=t.outputLen;if(e.length<r)throw Error("digestInto() expects output buffer of length at least "+r)}function vt(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function Kt(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function At(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function Et(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}const St=/* @__PURE__ */(()=>68===new Uint8Array(new Uint32Array([287454020]).buffer)[0])();function Pt(e){if("string"==typeof e)e=function(e){if("string"!=typeof e)throw Error("string expected");return new Uint8Array((new TextEncoder).encode(e))}(e);else{if(!ft(e))throw Error("Uint8Array expected, got "+typeof e);e=Mt(e)}return e}function Ut(e,t){return e.buffer===t.buffer&&e.byteOffset<t.byteOffset+t.byteLength&&t.byteOffset<e.byteOffset+e.byteLength}function Dt(e,t){if(Ut(e,t)&&e.byteOffset<t.byteOffset)throw Error("complex overlap of input and output is not supported")}function xt(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i<e.length;i++)r|=e[i]^t[i];return 0===r}const Ct=(e,t)=>{function r(r,...i){if(wt(r),!St)throw Error("Non little-endian hardware is not yet supported");if(void 0!==e.nonceLength){const t=i[0];if(!t)throw Error("nonce / iv required");e.varSizeNonce?wt(t):wt(t,e.nonceLength)}const a=e.tagLength;a&&void 0!==i[1]&&wt(i[1]);const n=t(r,...i),s=(e,t)=>{if(void 0!==t){if(2!==e)throw Error("cipher output not supported");wt(t)}};let o=!1;return{encrypt(e,t){if(o)throw Error("cannot encrypt() twice with same key + nonce");return o=!0,wt(e),s(n.encrypt.length,t),n.encrypt(e,t)},decrypt(e,t){if(wt(e),a&&e.length<a)throw Error("invalid ciphertext length: smaller than tagLength="+a);return s(n.decrypt.length,t),n.decrypt(e,t)}}}return Object.assign(r,e),r};function It(e,t,r=!0){if(void 0===t)return new Uint8Array(e);if(t.length!==e)throw Error("invalid output length, expected "+e+", got: "+t.length);if(r&&!Bt(t))throw Error("invalid output, must be aligned");return t}function Tt(e,t,r,i){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,r,i);const a=BigInt(32),n=BigInt(4294967295),s=Number(r>>a&n),o=Number(r&n);e.setUint32(t+0,s,i),e.setUint32(t+4,o,i)}function Bt(e){return e.byteOffset%4==0}function Mt(e){return Uint8Array.from(e)}const Lt=16,Ft=/* @__PURE__ */new Uint8Array(16),_t=Kt(Ft),Nt=e=>(e>>>0&255)<<24|(e>>>8&255)<<16|(e>>>16&255)<<8|e>>>24&255;class Rt{constructor(e,t){this.blockLen=Lt,this.outputLen=Lt,this.s0=0,this.s1=0,this.s2=0,this.s3=0,this.finished=!1,wt(e=Pt(e),16);const r=Et(e);let i=r.getUint32(0,!1),a=r.getUint32(4,!1),n=r.getUint32(8,!1),s=r.getUint32(12,!1);const o=[];for(let e=0;e<128;e++)o.push({s0:Nt(i),s1:Nt(a),s2:Nt(n),s3:Nt(s)}),({s0:i,s1:a,s2:n,s3:s}={s3:(h=n)<<31|(l=s)>>>1,s2:(u=a)<<31|h>>>1,s1:(c=i)<<31|u>>>1,s0:c>>>1^225<<24&-(1&l)});var c,u,h,l;const y=(p=t||1024)>65536?8:p>1024?4:2;var p;if(![1,2,4,8].includes(y))throw Error("ghash: invalid window size, expected 2, 4 or 8");this.W=y;const d=128/y,g=this.windowSize=2**y,m=[];for(let e=0;e<d;e++)for(let t=0;t<g;t++){let r=0,i=0,a=0,n=0;for(let s=0;s<y;s++){if(!(t>>>y-s-1&1))continue;const{s0:c,s1:u,s2:h,s3:l}=o[y*e+s];r^=c,i^=u,a^=h,n^=l}m.push({s0:r,s1:i,s2:a,s3:n})}this.t=m}_updateBlock(e,t,r,i){e^=this.s0,t^=this.s1,r^=this.s2,i^=this.s3;const{W:a,t:n,windowSize:s}=this;let o=0,c=0,u=0,h=0;const l=(1<<a)-1;let y=0;for(const p of[e,t,r,i])for(let e=0;e<4;e++){const t=p>>>8*e&255;for(let e=8/a-1;e>=0;e--){const r=t>>>a*e&l,{s0:i,s1:p,s2:d,s3:g}=n[y*s+r];o^=i,c^=p,u^=d,h^=g,y+=1}}this.s0=o,this.s1=c,this.s2=u,this.s3=h}update(e){bt(this),wt(e=Pt(e));const t=Kt(e),r=Math.floor(e.length/Lt),i=e.length%Lt;for(let e=0;e<r;e++)this._updateBlock(t[4*e+0],t[4*e+1],t[4*e+2],t[4*e+3]);return i&&(Ft.set(e.subarray(r*Lt)),this._updateBlock(_t[0],_t[1],_t[2],_t[3]),At(_t)),this}destroy(){const{t:e}=this;for(const t of e)t.s0=0,t.s1=0,t.s2=0,t.s3=0}digestInto(e){bt(this),kt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=Kt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e}digest(){const e=new Uint8Array(Lt);return this.digestInto(e),this.destroy(),e}}class zt extends Rt{constructor(e,t){wt(e=Pt(e));const r=function(e){e.reverse();const t=1&e[15];let r=0;for(let t=0;t<e.length;t++){const i=e[t];e[t]=i>>>1|r,r=(1&i)<<7}return e[0]^=225&-t,e}(Mt(e));super(r,t),At(r)}update(e){e=Pt(e),bt(this);const t=Kt(e),r=e.length%Lt,i=Math.floor(e.length/Lt);for(let e=0;e<i;e++)this._updateBlock(Nt(t[4*e+3]),Nt(t[4*e+2]),Nt(t[4*e+1]),Nt(t[4*e+0]));return r&&(Ft.set(e.subarray(i*Lt)),this._updateBlock(Nt(_t[3]),Nt(_t[2]),Nt(_t[1]),Nt(_t[0])),At(_t)),this}digestInto(e){bt(this),kt(e,this),this.finished=!0;const{s0:t,s1:r,s2:i,s3:a}=this,n=Kt(e);return n[0]=t,n[1]=r,n[2]=i,n[3]=a,e.reverse()}}function Ot(e){const t=(t,r)=>e(r,t.length).update(Pt(t)).digest(),r=e(new Uint8Array(16),0);return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=(t,r)=>e(t,r),t}const jt=Ot(((e,t)=>new Rt(e,t)));Ot(((e,t)=>new zt(e,t)));const qt=16,Ht=/* @__PURE__ */new Uint8Array(qt);function Gt(e){return e<<1^283&-(e>>7)}function Vt(e,t){let r=0;for(;t>0;t>>=1)r^=e&-(1&t),e=Gt(e);return r}const Wt=/* @__PURE__ */(()=>{const e=new Uint8Array(256);for(let t=0,r=1;t<256;t++,r^=Gt(r))e[t]=r;const t=new Uint8Array(256);t[0]=99;for(let r=0;r<255;r++){let i=e[255-r];i|=i<<8,t[e[r]]=255&(i^i>>4^i>>5^i>>6^i>>7^99)}return At(e),t})(),$t=/* @__PURE__ */Wt.map(((e,t)=>Wt.indexOf(t))),Qt=e=>e<<8|e>>>24,Xt=e=>e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255;function Yt(e,t){if(256!==e.length)throw Error("Wrong sbox length");const r=new Uint32Array(256).map(((r,i)=>t(e[i]))),i=r.map(Qt),a=i.map(Qt),n=a.map(Qt),s=new Uint32Array(65536),o=new Uint32Array(65536),c=new Uint16Array(65536);for(let t=0;t<256;t++)for(let u=0;u<256;u++){const h=256*t+u;s[h]=r[t]^i[u],o[h]=a[t]^n[u],c[h]=e[t]<<8|e[u]}return{sbox:e,sbox2:c,T0:r,T1:i,T2:a,T3:n,T01:s,T23:o}}const Zt=/* @__PURE__ */Yt(Wt,(e=>Vt(e,3)<<24|e<<16|e<<8|Vt(e,2))),Jt=/* @__PURE__ */Yt($t,(e=>Vt(e,11)<<24|Vt(e,13)<<16|Vt(e,9)<<8|Vt(e,14))),er=/* @__PURE__ */(()=>{const e=new Uint8Array(16);for(let t=0,r=1;t<16;t++,r=Gt(r))e[t]=r;return e})();function tr(e){wt(e);const t=e.length;if(![16,24,32].includes(t))throw Error("aes: invalid key size, should be 16, 24 or 32, got "+t);const{sbox2:r}=Zt,i=[];Bt(e)||i.push(e=Mt(e));const a=Kt(e),n=a.length,s=e=>ar(r,e,e,e,e),o=new Uint32Array(t+28);o.set(a);for(let e=n;e<o.length;e++){let t=o[e-1];e%n==0?t=s((c=t)<<24|c>>>8)^er[e/n-1]:n>6&&e%n==4&&(t=s(t)),o[e]=o[e-n]^t}var c;return At(...i),o}function rr(e){const t=tr(e),r=t.slice(),i=t.length,{sbox2:a}=Zt,{T0:n,T1:s,T2:o,T3:c}=Jt;for(let e=0;e<i;e+=4)for(let a=0;a<4;a++)r[e+a]=t[i-e-4+a];At(t);for(let e=4;e<i-4;e++){const t=r[e],i=ar(a,t,t,t,t);r[e]=n[255&i]^s[i>>>8&255]^o[i>>>16&255]^c[i>>>24]}return r}function ir(e,t,r,i,a,n){return e[r<<8&65280|i>>>8&255]^t[a>>>8&65280|n>>>24&255]}function ar(e,t,r,i,a){return e[255&t|65280&r]|e[i>>>16&255|a>>>16&65280]<<16}function nr(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Zt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^ir(s,o,t,r,i,a),u=e[c++]^ir(s,o,r,i,a,t),h=e[c++]^ir(s,o,i,a,t,r),l=e[c++]^ir(s,o,a,t,r,i);t=n,r=u,i=h,a=l}return{s0:e[c++]^ar(n,t,r,i,a),s1:e[c++]^ar(n,r,i,a,t),s2:e[c++]^ar(n,i,a,t,r),s3:e[c++]^ar(n,a,t,r,i)}}function sr(e,t,r,i,a){const{sbox2:n,T01:s,T23:o}=Jt;let c=0;t^=e[c++],r^=e[c++],i^=e[c++],a^=e[c++];const u=e.length/4-2;for(let n=0;n<u;n++){const n=e[c++]^ir(s,o,t,a,i,r),u=e[c++]^ir(s,o,r,t,a,i),h=e[c++]^ir(s,o,i,r,t,a),l=e[c++]^ir(s,o,a,i,r,t);t=n,r=u,i=h,a=l}return{s0:e[c++]^ar(n,t,a,i,r),s1:e[c++]^ar(n,r,t,a,i),s2:e[c++]^ar(n,i,r,t,a),s3:e[c++]^ar(n,a,i,r,t)}}function or(e,t,r,i){wt(t,qt),wt(r);const a=r.length;Dt(r,i=It(a,i));const n=t,s=Kt(n);let{s0:o,s1:c,s2:u,s3:h}=nr(e,s[0],s[1],s[2],s[3]);const l=Kt(r),y=Kt(i);for(let t=0;t+4<=l.length;t+=4){y[t+0]=l[t+0]^o,y[t+1]=l[t+1]^c,y[t+2]=l[t+2]^u,y[t+3]=l[t+3]^h;let r=1;for(let e=n.length-1;e>=0;e--)r=r+(255&n[e])|0,n[e]=255&r,r>>>=8;({s0:o,s1:c,s2:u,s3:h}=nr(e,s[0],s[1],s[2],s[3]))}const p=qt*Math.floor(l.length/4);if(p<a){const e=new Uint32Array([o,c,u,h]),t=vt(e);for(let e=p,n=0;e<a;e++,n++)i[e]=r[e]^t[n];At(e)}return i}function cr(e,t,r,i,a){wt(r,qt),wt(i),a=It(i.length,a);const n=r,s=Kt(n),o=Et(n),c=Kt(i),u=Kt(a),h=t?0:12,l=i.length;let y=o.getUint32(h,t),{s0:p,s1:d,s2:g,s3:m}=nr(e,s[0],s[1],s[2],s[3]);for(let r=0;r+4<=c.length;r+=4)u[r+0]=c[r+0]^p,u[r+1]=c[r+1]^d,u[r+2]=c[r+2]^g,u[r+3]=c[r+3]^m,y=y+1>>>0,o.setUint32(h,y,t),({s0:p,s1:d,s2:g,s3:m}=nr(e,s[0],s[1],s[2],s[3]));const f=qt*Math.floor(c.length/4);if(f<l){const e=new Uint32Array([p,d,g,m]),t=vt(e);for(let e=f,r=0;e<l;e++,r++)a[e]=i[e]^t[r];At(e)}return a}const ur=/* @__PURE__ */Ct({blockSize:16,nonceLength:16},(function(e,t){function r(r,i){if(wt(r),void 0!==i&&(wt(i),!Bt(i)))throw Error("unaligned destination");const a=tr(e),n=Mt(t),s=[a,n];Bt(r)||s.push(r=Mt(r));const o=or(a,n,r,i);return At(...s),o}return{encrypt:(e,t)=>r(e,t),decrypt:(e,t)=>r(e,t)}}));const hr=/* @__PURE__ */Ct({blockSize:16,nonceLength:16},(function(e,t,r={}){const i=!r.disablePadding;return{encrypt(r,a){const n=tr(e),{b:s,o,out:c}=function(e,t,r){wt(e);let i=e.length;const a=i%qt;if(!t&&0!==a)throw Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");Bt(e)||(e=Mt(e));const n=Kt(e);if(t){let e=qt-a;e||(e=qt),i+=e}return Dt(e,r=It(i,r)),{b:n,o:Kt(r),out:r}}(r,i,a);let u=t;const h=[n];Bt(u)||h.push(u=Mt(u));const l=Kt(u);let y=l[0],p=l[1],d=l[2],g=l[3],m=0;for(;m+4<=s.length;)y^=s[m+0],p^=s[m+1],d^=s[m+2],g^=s[m+3],({s0:y,s1:p,s2:d,s3:g}=nr(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g;if(i){const e=function(e){const t=new Uint8Array(16),r=Kt(t);t.set(e);const i=qt-e.length;for(let e=qt-i;e<qt;e++)t[e]=i;return r}(r.subarray(4*m));y^=e[0],p^=e[1],d^=e[2],g^=e[3],({s0:y,s1:p,s2:d,s3:g}=nr(n,y,p,d,g)),o[m++]=y,o[m++]=p,o[m++]=d,o[m++]=g}return At(...h),c},decrypt(r,a){!function(e){if(wt(e),e.length%qt!=0)throw Error("aes-(cbc/ecb).decrypt ciphertext should consist of blocks with size 16")}(r);const n=rr(e);let s=t;const o=[n];Bt(s)||o.push(s=Mt(s));const c=Kt(s);a=It(r.length,a),Bt(r)||o.push(r=Mt(r)),Dt(r,a);const u=Kt(r),h=Kt(a);let l=c[0],y=c[1],p=c[2],d=c[3];for(let e=0;e+4<=u.length;){const t=l,r=y,i=p,a=d;l=u[e+0],y=u[e+1],p=u[e+2],d=u[e+3];const{s0:s,s1:o,s2:c,s3:g}=sr(n,l,y,p,d);h[e++]=s^t,h[e++]=o^r,h[e++]=c^i,h[e++]=g^a}return At(...o),function(e,t){if(!t)return e;const r=e.length;if(!r)throw Error("aes/pcks5: empty ciphertext not allowed");const i=e[r-1];if(i<=0||i>16)throw Error("aes/pcks5: wrong padding");const a=e.subarray(0,-i);for(let t=0;t<i;t++)if(e[r-t-1]!==i)throw Error("aes/pcks5: wrong padding");return a}(a,i)}}})),lr=/* @__PURE__ */Ct({blockSize:16,nonceLength:16},(function(e,t){function r(r,i,a){wt(r);const n=r.length;if(Ut(r,a=It(n,a)))throw Error("overlapping src and dst not supported.");const s=tr(e);let o=t;const c=[s];Bt(o)||c.push(o=Mt(o)),Bt(r)||c.push(r=Mt(r));const u=Kt(r),h=Kt(a),l=i?h:u,y=Kt(o);let p=y[0],d=y[1],g=y[2],m=y[3];for(let e=0;e+4<=u.length;){const{s0:t,s1:r,s2:i,s3:a}=nr(s,p,d,g,m);h[e+0]=u[e+0]^t,h[e+1]=u[e+1]^r,h[e+2]=u[e+2]^i,h[e+3]=u[e+3]^a,p=l[e++],d=l[e++],g=l[e++],m=l[e++]}const f=qt*Math.floor(u.length/4);if(f<n){({s0:p,s1:d,s2:g,s3:m}=nr(s,p,d,g,m));const e=vt(new Uint32Array([p,d,g,m]));for(let t=f,i=0;t<n;t++,i++)a[t]=r[t]^e[i];At(e)}return At(...c),a}return{encrypt:(e,t)=>r(e,!0,t),decrypt:(e,t)=>r(e,!1,t)}}));function yr(e,t,r,i,a){const n=a?a.length:0,s=e.create(r,i.length+n);a&&s.update(a);const o=function(e,t,r){const i=new Uint8Array(16),a=Et(i);return Tt(a,0,BigInt(t),r),Tt(a,8,BigInt(e),r),i}(8*i.length,8*n,t);s.update(i),s.update(o);const c=s.digest();return At(o),c}const pr=/* @__PURE__ */Ct({blockSize:16,nonceLength:12,tagLength:16,varSizeNonce:!0},(function(e,t,r){if(t.length<8)throw Error("aes/gcm: invalid nonce length");function i(e,t,i){const a=yr(jt,!1,e,i,r);for(let e=0;e<t.length;e++)a[e]^=t[e];return a}function a(){const r=tr(e),i=Ht.slice(),a=Ht.slice();if(cr(r,!1,a,a,i),12===t.length)a.set(t);else{const e=Ht.slice();Tt(Et(e),8,BigInt(8*t.length),!1);const r=jt.create(i).update(t).update(e);r.digestInto(a),r.destroy()}return{xk:r,authKey:i,counter:a,tagMask:cr(r,!1,a,Ht)}}return{encrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=new Uint8Array(e.length+16),c=[t,r,n,s];Bt(e)||c.push(e=Mt(e)),cr(t,!1,n,e,o.subarray(0,e.length));const u=i(r,s,o.subarray(0,o.length-16));return c.push(u),o.set(u,e.length),At(...c),o},decrypt(e){const{xk:t,authKey:r,counter:n,tagMask:s}=a(),o=[t,r,s,n];Bt(e)||o.push(e=Mt(e));const c=e.subarray(0,-16),u=e.subarray(-16),h=i(r,s,c);if(o.push(h),!xt(h,u))throw Error("aes/gcm: invalid ghash tag");const l=cr(t,!1,n,c);return At(...o),l}}}));function dr(e){return e instanceof Uint32Array||ArrayBuffer.isView(e)&&"Uint32Array"===e.constructor.name}function gr(e,t){if(wt(t,16),!dr(e))throw Error("_encryptBlock accepts result of expandKeyLE");const r=Kt(t);let{s0:i,s1:a,s2:n,s3:s}=nr(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}function mr(e,t){if(wt(t,16),!dr(e))throw Error("_decryptBlock accepts result of expandKeyLE");const r=Kt(t);let{s0:i,s1:a,s2:n,s3:s}=sr(e,r[0],r[1],r[2],r[3]);return r[0]=i,r[1]=a,r[2]=n,r[3]=s,t}const fr={encrypt(e,t){if(t.length>=2**32)throw Error("plaintext should be less than 4gb");const r=tr(e);if(16===t.length)gr(r,t);else{const e=Kt(t);let i=e[0],a=e[1];for(let t=0,n=1;t<6;t++)for(let t=2;t<e.length;t+=2,n++){const{s0:s,s1:o,s2:c,s3:u}=nr(r,i,a,e[t],e[t+1]);i=s,a=o^Xt(n),e[t]=c,e[t+1]=u}e[0]=i,e[1]=a}r.fill(0)},decrypt(e,t){if(t.length-8>=2**32)throw Error("ciphertext should be less than 4gb");const r=rr(e),i=t.length/8-1;if(1===i)mr(r,t);else{const e=Kt(t);let a=e[0],n=e[1];for(let t=0,s=6*i;t<6;t++)for(let t=2*i;t>=1;t-=2,s--){n^=Xt(s);const{s0:i,s1:o,s2:c,s3:u}=sr(r,a,n,e[t],e[t+1]);a=i,n=o,e[t]=c,e[t+1]=u}e[0]=a,e[1]=n}r.fill(0)}},wr=/* @__PURE__ */new Uint8Array(8).fill(166),br=/* @__PURE__ */Ct({blockSize:8},(e=>({encrypt(t){if(!t.length||t.length%8!=0)throw Error("invalid plaintext length");if(8===t.length)throw Error("8-byte keys not allowed in AESKW, use AESKWP instead");const r=function(...e){let t=0;for(let r=0;r<e.length;r++){const i=e[r];wt(i),t+=i.length}const r=new Uint8Array(t);for(let t=0,i=0;t<e.length;t++){const a=e[t];r.set(a,i),i+=a.length}return r}(wr,t);return fr.encrypt(e,r),r},decrypt(t){if(t.length%8!=0||t.length<24)throw Error("invalid ciphertext length");const r=Mt(t);if(fr.decrypt(e,r),!xt(r.subarray(0,8),wr))throw Error("integrity check failed");return r.subarray(0,8).fill(0),r.subarray(8)}}))),kr={expandKeyLE:tr,expandKeyDecLE:rr,encrypt:nr,decrypt:sr,encryptBlock:gr,decryptBlock:mr,ctrCounter:or,ctr32:cr};async function vr(e){switch(e){case B.symmetric.aes128:case B.symmetric.aes192:case B.symmetric.aes256:throw Error("Not a legacy cipher");case B.symmetric.cast5:case B.symmetric.blowfish:case B.symmetric.twofish:case B.symmetric.tripledes:{const{legacyCiphers:t}=await import("./legacy_ciphers.min.mjs"),r=B.read(B.symmetric,e),i=t.get(r);if(!i)throw Error("Unsupported cipher algorithm");return i}default:throw Error("Unsupported cipher algorithm")}}function Kr(e){switch(e){case B.symmetric.aes128:case B.symmetric.aes192:case B.symmetric.aes256:case B.symmetric.twofish:return 16;case B.symmetric.blowfish:case B.symmetric.cast5:case B.symmetric.tripledes:return 8;default:throw Error("Unsupported cipher")}}function Ar(e){switch(e){case B.symmetric.aes128:case B.symmetric.blowfish:case B.symmetric.cast5:return 16;case B.symmetric.aes192:case B.symmetric.tripledes:return 24;case B.symmetric.aes256:case B.symmetric.twofish:return 32;default:throw Error("Unsupported cipher")}}function Er(e){return{keySize:Ar(e),blockSize:Kr(e)}}const Sr=F.getWebCrypto();async function Pr(e,t,r){const{keySize:i}=Er(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");try{const e=await Sr.importKey("raw",t,{name:"AES-KW"},!1,["wrapKey"]),i=await Sr.importKey("raw",r,{name:"HMAC",hash:"SHA-256"},!0,["sign"]),a=await Sr.wrapKey("raw",i,e,{name:"AES-KW"});return new Uint8Array(a)}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return br(t).encrypt(r)}async function Ur(e,t,r){const{keySize:i}=Er(e);if(!F.isAES(e)||t.length!==i)throw Error("Unexpected algorithm or key size");let a;try{a=await Sr.importKey("raw",t,{name:"AES-KW"},!1,["unwrapKey"])}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;return F.printDebugError("Browser did not support operation: "+e.message),br(t).decrypt(r)}try{const e=await Sr.unwrapKey("raw",r,a,{name:"AES-KW"},{name:"HMAC",hash:"SHA-256"},!0,["sign"]);return new Uint8Array(await Sr.exportKey("raw",e))}catch(e){if("OperationError"===e.name)throw Error("Key Data Integrity failed");throw e}}async function Dr(e,t,r,i,a){const n=F.getWebCrypto(),s=B.read(B.webHash,e);if(!s)throw Error("Hash algo not supported with HKDF");const o=await n.importKey("raw",t,"HKDF",!1,["deriveBits"]),c=await n.deriveBits({name:"HKDF",hash:s,salt:r,info:i},o,8*a);return new Uint8Array(c)}const xr={x25519:F.encodeUTF8("OpenPGP X25519"),x448:F.encodeUTF8("OpenPGP X448")};async function Cr(e){switch(e){case B.publicKey.x25519:try{const e=F.getWebCrypto(),t=await e.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),r=await e.exportKey("jwk",t.privateKey),i=await e.exportKey("jwk",t.publicKey);if(r.x!==i.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}return{A:new Uint8Array(j(i.x)),k:j(r.d)}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:t}=await import("./nacl-fast.min.mjs"),{secretKey:r,publicKey:i}=t.box.keyPair();return{A:i,k:r}}case B.publicKey.x448:{const e=await F.getNobleCurve(B.publicKey.x448),{secretKey:t,publicKey:r}=e.keygen();return{A:r,k:t}}default:throw Error("Unsupported ECDH algorithm")}}async function Ir(e,t,r){switch(e){case B.publicKey.x25519:try{const{ephemeralPublicKey:i,sharedSecret:a}=await Lr(e,t),n=await Fr(e,i,t,r);return F.equalsUint8Array(a,n)}catch{return!1}case B.publicKey.x448:{const e=(await F.getNobleCurve(B.publicKey.x448)).getPublicKey(r);return F.equalsUint8Array(t,e)}default:return!1}}async function Tr(e,t,r){const{ephemeralPublicKey:i,sharedSecret:a}=await Lr(e,r),n=F.concatUint8Array([i,r,a]);switch(e){case B.publicKey.x25519:{const e=B.symmetric.aes128,{keySize:r}=Er(e),a=await Dr(B.hash.sha256,n,new Uint8Array,xr.x25519,r);return{ephemeralPublicKey:i,wrappedKey:await Pr(e,a,t)}}case B.publicKey.x448:{const e=B.symmetric.aes256,{keySize:r}=Er(B.symmetric.aes256),a=await Dr(B.hash.sha512,n,new Uint8Array,xr.x448,r);return{ephemeralPublicKey:i,wrappedKey:await Pr(e,a,t)}}default:throw Error("Unsupported ECDH algorithm")}}async function Br(e,t,r,i,a){const n=await Fr(e,t,i,a),s=F.concatUint8Array([t,i,n]);switch(e){case B.publicKey.x25519:{const e=B.symmetric.aes128,{keySize:t}=Er(e);return Ur(e,await Dr(B.hash.sha256,s,new Uint8Array,xr.x25519,t),r)}case B.publicKey.x448:{const e=B.symmetric.aes256,{keySize:t}=Er(B.symmetric.aes256);return Ur(e,await Dr(B.hash.sha512,s,new Uint8Array,xr.x448,t),r)}default:throw Error("Unsupported ECDH algorithm")}}function Mr(e){switch(e){case B.publicKey.x25519:return 32;case B.publicKey.x448:return 56;default:throw Error("Unsupported ECDH algorithm")}}async function Lr(e,t){switch(e){case B.publicKey.x25519:try{const r=F.getWebCrypto(),i=await r.generateKey("X25519",!0,["deriveKey","deriveBits"]).catch((e=>{if("OperationError"===e.name){const e=Error("Unexpected key generation issue");throw e.name="NotSupportedError",e}throw e})),a=await r.exportKey("jwk",i.publicKey);if((await r.exportKey("jwk",i.privateKey)).x!==a.x){const e=Error("Unexpected mismatching public point");throw e.name="NotSupportedError",e}const n=Nr(e,t),s=await r.importKey("jwk",n,"X25519",!1,[]),o=await r.deriveBits({name:"X25519",public:s},i.privateKey,8*Mr(e));return{sharedSecret:new Uint8Array(o),ephemeralPublicKey:new Uint8Array(j(a.x))}}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),{secretKey:i,publicKey:a}=r.box.keyPair(),n=r.scalarMult(i,t);return _r(n),{ephemeralPublicKey:a,sharedSecret:n}}case B.publicKey.x448:{const e=await F.getNobleCurve(B.publicKey.x448),{secretKey:r,publicKey:i}=e.keygen(),a=e.getSharedSecret(r,t);return _r(a),{ephemeralPublicKey:i,sharedSecret:a}}default:throw Error("Unsupported ECDH algorithm")}}async function Fr(e,t,r,i){switch(e){case B.publicKey.x25519:try{const a=F.getWebCrypto(),n=function(e,t,r){if(e===B.publicKey.x25519){const i=Nr(e,t);return i.d=q(r),i}throw Error("Unsupported ECDH algorithm")}(e,r,i),s=Nr(e,t),o=await a.importKey("jwk",n,"X25519",!1,["deriveKey","deriveBits"]),c=await a.importKey("jwk",s,"X25519",!1,[]),u=await a.deriveBits({name:"X25519",public:c},o,8*Mr(e));return new Uint8Array(u)}catch(e){if("NotSupportedError"!==e.name)throw e;const{default:r}=await import("./nacl-fast.min.mjs"),a=r.scalarMult(i,t);return _r(a),a}case B.publicKey.x448:{const e=(await F.getNobleCurve(B.publicKey.x448)).getSharedSecret(i,t);return _r(e),e}default:throw Error("Unsupported ECDH algorithm")}}function _r(e){let t=0;for(let r=0;r<e.length;r++)t|=e[r];if(0===t)throw Error("Unexpected low order point")}function Nr(e,t){if(e===B.publicKey.x25519){return{kty:"OKP",crv:"X25519",x:q(t),ext:!0}}throw Error("Unsupported ECDH algorithm")}var Rr=/*#__PURE__*/Object.freeze({__proto__:null,decrypt:Br,encrypt:Tr,generate:Cr,generateEphemeralEncryptionMaterial:Lr,getPayloadSize:Mr,recomputeSharedSecret:Fr,validateParams:Ir});const zr=F.getWebCrypto(),Or=F.getNodeCrypto(),jr={[B.curve.nistP256]:"P-256",[B.curve.nistP384]:"P-384",[B.curve.nistP521]:"P-521"},qr=Or?Or.getCurves():[],Hr=Or?{[B.curve.secp256k1]:qr.includes("secp256k1")?"secp256k1":void 0,[B.curve.nistP256]:qr.includes("prime256v1")?"prime256v1":void 0,[B.curve.nistP384]:qr.includes("secp384r1")?"secp384r1":void 0,[B.curve.nistP521]:qr.includes("secp521r1")?"secp521r1":void 0,[B.curve.ed25519Legacy]:qr.includes("ED25519")?"ED25519":void 0,[B.curve.curve25519Legacy]:qr.includes("X25519")?"X25519":void 0,[B.curve.brainpoolP256r1]:qr.includes("brainpoolP256r1")?"brainpoolP256r1":void 0,[B.curve.brainpoolP384r1]:qr.includes("brainpoolP384r1")?"brainpoolP384r1":void 0,[B.curve.brainpoolP512r1]:qr.includes("brainpoolP512r1")?"brainpoolP512r1":void 0}:{},Gr={[B.curve.nistP256]:{oid:[6,8,42,134,72,206,61,3,1,7],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:Hr[B.curve.nistP256],web:jr[B.curve.nistP256],payloadSize:32,sharedSize:256,wireFormatLeadingByte:4},[B.curve.nistP384]:{oid:[6,5,43,129,4,0,34],keyType:B.publicKey.ecdsa,hash:B.hash.sha384,cipher:B.symmetric.aes192,node:Hr[B.curve.nistP384],web:jr[B.curve.nistP384],payloadSize:48,sharedSize:384,wireFormatLeadingByte:4},[B.curve.nistP521]:{oid:[6,5,43,129,4,0,35],keyType:B.publicKey.ecdsa,hash:B.hash.sha512,cipher:B.symmetric.aes256,node:Hr[B.curve.nistP521],web:jr[B.curve.nistP521],payloadSize:66,sharedSize:528,wireFormatLeadingByte:4},[B.curve.secp256k1]:{oid:[6,5,43,129,4,0,10],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:Hr[B.curve.secp256k1],payloadSize:32,wireFormatLeadingByte:4},[B.curve.ed25519Legacy]:{oid:[6,9,43,6,1,4,1,218,71,15,1],keyType:B.publicKey.eddsaLegacy,hash:B.hash.sha512,node:!1,payloadSize:32,wireFormatLeadingByte:64},[B.curve.curve25519Legacy]:{oid:[6,10,43,6,1,4,1,151,85,1,5,1],keyType:B.publicKey.ecdh,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:!1,payloadSize:32,wireFormatLeadingByte:64},[B.curve.brainpoolP256r1]:{oid:[6,9,43,36,3,3,2,8,1,1,7],keyType:B.publicKey.ecdsa,hash:B.hash.sha256,cipher:B.symmetric.aes128,node:Hr[B.curve.brainpoolP256r1],payloadSize:32,wireFormatLeadingByte:4},[B.curve.brainpoolP384r1]:{oid:[6,9,43,36,3,3,2,8,1,1,11],keyType:B.publicKey.ecdsa,hash:B.hash.sha384,cipher:B.symmetric.aes192,node:Hr[B.curve.brainpoolP384r1],payloadSize:48,wireFormatLeadingByte:4},[B.curve.brainpoolP512r1]:{oid:[6,9,43,36,3,3,2,8,1,1,13],keyType:B.publicKey.ecdsa,hash:B.hash.sha512,cipher:B.symmetric.aes256,node:Hr[B.curve.brainpoolP512r1],payloadSize:64,wireFormatLeadingByte:4}};class Vr{constructor(e){try{this.name=e instanceof Xe?e.getName():B.write(B.curve,e)}catch{throw new at("Unknown curve")}const t=Gr[this.name];this.keyType=t.keyType,this.oid=t.oid,this.hash=t.hash,this.cipher=t.cipher,this.node=t.node,this.web=t.web,this.payloadSize=t.payloadSize,this.sharedSize=t.sharedSize,this.wireFormatLeadingByte=t.wireFormatLeadingByte,this.web&&F.getWebCrypto()?this.type="web":this.node&&F.getNodeCrypto()?this.type="node":this.name===B.curve.curve25519Legacy?this.type="curve25519Legacy":this.name===B.curve.ed25519Legacy&&(this.type="ed25519Legacy")}async genKeyPair(){switch(this.type){case"web":try{return await async function(e,t){const r=await zr.generateKey({name:"ECDSA",namedCurve:jr[e]},!0,["sign","verify"]),i=await zr.exportKey("jwk",r.privateKey);return{publicKey:Zr(await zr.exportKey("jwk",r.publicKey),t),privateKey:j(i.d)}}(this.name,this.wireFormatLeadingByte)}catch(e){return F.printDebugError("Browser did not support generating ec key "+e.message),Yr(this.name)}case"node":return function(e){const t=Or.createECDH(Hr[e]);return t.generateKeys(),{publicKey:new Uint8Array(t.getPublicKey()),privateKey:new Uint8Array(t.getPrivateKey())}}(this.name);case"curve25519Legacy":{const{k:e,A:t}=await Cr(B.publicKey.x25519),r=e.slice().reverse();r[0]=127&r[0]|64,r[31]&=248;return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:r}}case"ed25519Legacy":{const{seed:e,A:t}=await ct(B.publicKey.ed25519);return{publicKey:F.concatUint8Array([new Uint8Array([this.wireFormatLeadingByte]),t]),privateKey:e}}default:return Yr(this.name)}}}async function Wr(e){const t=new Vr(e),{oid:r,hash:i,cipher:a}=t,n=await t.genKeyPair();return{oid:r,Q:n.publicKey,secret:F.leftPad(n.privateKey,t.payloadSize),hash:i,cipher:a}}function $r(e){return Gr[e.getName()].hash}async function Qr(e,t,r,i){const a={[B.curve.nistP256]:!0,[B.curve.nistP384]:!0,[B.curve.nistP521]:!0,[B.curve.secp256k1]:!0,[B.curve.curve25519Legacy]:e===B.publicKey.ecdh,[B.curve.brainpoolP256r1]:!0,[B.curve.brainpoolP384r1]:!0,[B.curve.brainpoolP512r1]:!0},n=t.getName();if(!a[n])return!1;if(n===B.curve.curve25519Legacy){const e=i.slice().reverse();return!(r.length<1||64!==r[0])&&Ir(B.publicKey.x25519,r.subarray(1),e)}const s=(await F.getNobleCurve(B.publicKey.ecdsa,n)).getPublicKey(i,!1);return!!F.equalsUint8Array(s,r)}function Xr(e,t){const{payloadSize:r,wireFormatLeadingByte:i,name:a}=e,n=a===B.curve.curve25519Legacy||a===B.curve.ed25519Legacy?r:2*r;if(t[0]!==i||t.length!==n+1)throw Error("Invalid point encoding")}async function Yr(e){const t=await F.getNobleCurve(B.publicKey.ecdsa,e),{secretKey:r}=t.keygen();return{publicKey:t.getPublicKey(r,!1),privateKey:r}}function Zr(e,t){const r=j(e.x),i=j(e.y),a=new Uint8Array(r.length+i.length+1);return a[0]=t,a.set(r,1),a.set(i,r.length+1),a}function Jr(e,t,r){const i=e,a=r.slice(1,i+1),n=r.slice(i+1,2*i+1);return{kty:"EC",crv:t,x:q(a),y:q(n),ext:!0}}function ei(e,t,r,i){const a=Jr(e,t,r);return a.d=q(i),a}const ti=F.getWebCrypto(),ri=F.getNodeCrypto();async function ii(e,t,r,i,a,n){const s=new Vr(e);if(Xr(s,i),r&&!F.isStream(r)){const e={publicKey:i,privateKey:a};switch(s.type){case"web":try{return await async function(e,t,r,i){const a=e.payloadSize,n=ei(e.payloadSize,jr[e.name],i.publicKey,i.privateKey),s=await ti.importKey("jwk",n,{name:"ECDSA",namedCurve:jr[e.name],hash:{name:B.read(B.webHash,e.hash)}},!1,["sign"]),o=new Uint8Array(await ti.sign({name:"ECDSA",namedCurve:jr[e.name],hash:{name:B.read(B.webHash,t)}},s,r));return{r:o.slice(0,a),s:o.slice(a,a<<1)}}(s,t,r,e)}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support signing: "+e.message)}break;case"node":return function(e,t,r,i){const a=F.nodeRequire("eckey-utils"),n=F.getNodeBuffer(),{privateKey:s}=a.generateDer({curveName:Hr[e.name],privateKey:n.from(i)}),o=ri.createSign(B.read(B.hash,t));o.write(r),o.end();const c=new Uint8Array(o.sign({key:s,format:"der",type:"sec1",dsaEncoding:"ieee-p1363"})),u=e.payloadSize;return{r:c.subarray(0,u),s:c.subarray(u,u<<1)}}(s,t,r,a)}}const o=(await F.getNobleCurve(B.publicKey.ecdsa,s.name)).sign(n,a,{lowS:!1});return{r:he(o.r,"be",s.payloadSize),s:he(o.s,"be",s.payloadSize)}}async function ai(e,t,r,i,a,n){const s=new Vr(e);Xr(s,a);const o=async()=>0===n[0]&&ni(s,r,n.subarray(1),a);if(i&&!F.isStream(i))switch(s.type){case"web":try{const e=await async function(e,t,{r,s:i},a,n){const s=Jr(e.payloadSize,jr[e.name],n),o=await ti.importKey("jwk",s,{name:"ECDSA",namedCurve:jr[e.name],hash:{name:B.read(B.webHash,e.hash)}},!1,["verify"]),c=F.concatUint8Array([r,i]).buffer;return ti.verify({name:"ECDSA",namedCurve:jr[e.name],hash:{name:B.read(B.webHash,t)}},o,c,a)}(s,t,r,i,a);return e||o()}catch(e){if("nistP521"!==s.name&&("DataError"===e.name||"OperationError"===e.name))throw e;F.printDebugError("Browser did not support verifying: "+e.message)}break;case"node":{const e=function(e,t,{r,s:i},a,n){const s=F.nodeRequire("eckey-utils"),o=F.getNodeBuffer(),{publicKey:c}=s.generateDer({curveName:Hr[e.name],publicKey:o.from(n)}),u=ri.createVerify(B.read(B.hash,t));u.write(a),u.end();const h=F.concatUint8Array([r,i]);try{return u.verify({key:c,format:"der",type:"spki",dsaEncoding:"ieee-p1363"},h)}catch{return!1}}(s,t,r,i,a);return e||o()}}return await ni(s,r,n,a)||o()}async function ni(e,t,r,i){return(await F.getNobleCurve(B.publicKey.ecdsa,e.name)).verify(F.concatUint8Array([t.r,t.s]),r,i,{lowS:!1})}var si=/*#__PURE__*/Object.freeze({__proto__:null,sign:ii,validateParams:async function(e,t,r){const i=new Vr(e);if(i.keyType!==B.publicKey.ecdsa)return!1;switch(i.type){case"web":case"node":{const i=ye(8),a=B.hash.sha256,n=await Te(a,i);try{const s=await ii(e,a,i,t,r,n);return await ai(e,a,s,i,t,n)}catch{return!1}}default:return Qr(B.publicKey.ecdsa,e,t,r)}},verify:ai});async function oi(e,t,r,i,a,n){Xr(new Vr(e),i);const{RS:s}=await ut(B.publicKey.ed25519,0,0,i.subarray(1),a,n);return{r:s.subarray(0,32),s:s.subarray(32)}}async function ci(e,t,{r,s:i},a,n,s){Xr(new Vr(e),n);const o=F.concatUint8Array([r,i]);return ht(B.publicKey.ed25519,0,{RS:o},0,n.subarray(1),s)}async function ui(e,t,r){return e.getName()===B.curve.ed25519Legacy&&(!(t.length<1||64!==t[0])&&lt(B.publicKey.ed25519,t.subarray(1),r))}var hi=/*#__PURE__*/Object.freeze({__proto__:null,sign:oi,validateParams:ui,verify:ci});function li(e){const t=e.length;if(t>0){const r=e[t-1];if(r>=1){const i=e.subarray(t-r),a=new Uint8Array(r).fill(r);if(F.equalsUint8Array(i,a))return e.subarray(0,t-r)}}throw Error("Invalid padding")}function yi(e,t,r,i){return F.concatUint8Array([t.write(),new Uint8Array([e]),r.write(!0),F.stringToUint8Array("Anonymous Sender    "),r.replacementFingerprint||i])}async function pi(e,t,r,i,a=!1,n=!1){let s;if(a){for(s=0;s<t.length&&0===t[s];s++);t=t.subarray(s)}if(n){for(s=t.length-1;s>=0&&0===t[s];s--);t=t.subarray(0,s+1)}return(await Te(e,F.concatUint8Array([new Uint8Array([0,0,0,1]),t,i]))).subarray(0,r)}async function di(e,t){switch(e.type){case"curve25519Legacy":{const{sharedSecret:r,ephemeralPublicKey:i}=await Lr(B.publicKey.x25519,t.subarray(1));return{publicKey:F.concatUint8Array([new Uint8Array([e.wireFormatLeadingByte]),i]),sharedKey:r}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t){const r=F.getWebCrypto(),i=Jr(e.payloadSize,e.web,t);let a=r.generateKey({name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]),n=r.importKey("jwk",i,{name:"ECDH",namedCurve:e.web},!1,[]);[a,n]=await Promise.all([a,n]);let s=r.deriveBits({name:"ECDH",namedCurve:e.web,public:n},a.privateKey,e.sharedSize),o=r.exportKey("jwk",a.publicKey);[s,o]=await Promise.all([s,o]);const c=new Uint8Array(s),u=new Uint8Array(Zr(o,e.wireFormatLeadingByte));return{publicKey:u,sharedKey:c}}(e,t)}catch(r){return F.printDebugError(r),bi(e,t)}break;case"node":return function(e,t){const r=F.getNodeCrypto(),i=r.createECDH(e.node);i.generateKeys();const a=new Uint8Array(i.computeSecret(t));return{publicKey:new Uint8Array(i.getPublicKey()),sharedKey:a}}(e,t);default:return bi(e,t)}}async function gi(e,t,r,i,a){const n=function(e){const t=8-e.length%8,r=new Uint8Array(e.length+t).fill(t);return r.set(e),r}(r),s=new Vr(e);Xr(s,i);const{publicKey:o,sharedKey:c}=await di(s,i),u=yi(B.publicKey.ecdh,e,t,a),{keySize:h}=Er(t.cipher),l=await pi(t.hash,c,h,u);return{publicKey:o,wrappedKey:await Pr(t.cipher,l,n)}}async function mi(e,t,r,i){if(i.length!==e.payloadSize){const t=new Uint8Array(e.payloadSize);t.set(i,e.payloadSize-i.length),i=t}switch(e.type){case"curve25519Legacy":{const e=i.slice().reverse();return{secretKey:e,sharedKey:await Fr(B.publicKey.x25519,t.subarray(1),r.subarray(1),e)}}case"web":if(e.web&&F.getWebCrypto())try{return await async function(e,t,r,i){const a=F.getWebCrypto(),n=ei(e.payloadSize,e.web,r,i);let s=a.importKey("jwk",n,{name:"ECDH",namedCurve:e.web},!0,["deriveKey","deriveBits"]);const o=Jr(e.payloadSize,e.web,t);let c=a.importKey("jwk",o,{name:"ECDH",namedCurve:e.web},!0,[]);[s,c]=await Promise.all([s,c]);let u=a.deriveBits({name:"ECDH",namedCurve:e.web,public:c},s,e.sharedSize),h=a.exportKey("jwk",s);[u,h]=await Promise.all([u,h]);const l=new Uint8Array(u);return{secretKey:j(h.d),sharedKey:l}}(e,t,r,i)}catch(r){return F.printDebugError(r),wi(e,t,i)}break;case"node":return function(e,t,r){const i=F.getNodeCrypto(),a=i.createECDH(e.node);a.setPrivateKey(r);const n=new Uint8Array(a.computeSecret(t));return{secretKey:new Uint8Array(a.getPrivateKey()),sharedKey:n}}(e,t,i);default:return wi(e,t,i)}}async function fi(e,t,r,i,a,n,s){const o=new Vr(e);Xr(o,a),Xr(o,r);const{sharedKey:c}=await mi(o,r,a,n),u=yi(B.publicKey.ecdh,e,t,s),{keySize:h}=Er(t.cipher);let l;for(let e=0;e<3;e++)try{const r=await pi(t.hash,c,h,u,1===e,2===e);return li(await Ur(t.cipher,r,i))}catch(e){l=e}throw l}async function wi(e,t,r){return{secretKey:r,sharedKey:(await F.getNobleCurve(B.publicKey.ecdh,e.name)).getSharedSecret(r,t).subarray(1)}}async function bi(e,t){const r=await F.getNobleCurve(B.publicKey.ecdh,e.name),{publicKey:i,privateKey:a}=await e.genKeyPair();return{publicKey:i,sharedKey:r.getSharedSecret(a,t).subarray(1)}}var ki=/*#__PURE__*/Object.freeze({__proto__:null,CurveWithOID:Vr,ecdh:/*#__PURE__*/Object.freeze({__proto__:null,decrypt:fi,encrypt:gi,validateParams:async function(e,t,r){return Qr(B.publicKey.ecdh,e,t,r)}}),ecdhX:Rr,ecdsa:si,eddsa:mt,eddsaLegacy:hi,generate:Wr,getPreferredHashAlgo:$r});const vi=BigInt(0),Ki=BigInt(1);const Ai=new Set([B.hash.sha1,B.hash.sha256,B.hash.sha512]),Ei=F.getWebCrypto(),Si=F.getNodeCrypto();async function Pi(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{publicKey:r,secretKey:i}=e.keygen(t);return{mlkemPublicKey:r,mlkemSecretKey:i}}throw Error("Unsupported KEM algorithm")}async function Ui(e){const{eccPublicKey:t,eccSecretKey:r}=await async function(e){if(e===B.publicKey.pqc_mlkem_x25519){const{A:e,k:t}=await Cr(B.publicKey.x25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported KEM algorithm")}(e),{mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}=await async function(e){if(e===B.publicKey.pqc_mlkem_x25519){const t=ye(64),{mlkemSecretKey:r,mlkemPublicKey:i}=await Pi(e,t);return{mlkemSeed:t,mlkemSecretKey:r,mlkemPublicKey:i}}throw Error("Unsupported KEM algorithm")}(e);return{eccPublicKey:t,eccSecretKey:r,mlkemPublicKey:i,mlkemSeed:a,mlkemSecretKey:n}}async function Di(e,t,r,i){const{eccKeyShare:a,eccCipherText:n}=await async function(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ephemeralPublicKey:e,sharedSecret:r}=await Lr(B.publicKey.x25519,t);return{eccCipherText:e,eccKeyShare:r}}throw Error("Unsupported KEM algorithm")}(e,t),{mlkemKeyShare:s,mlkemCipherText:o}=await async function(e,t){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs"),{cipherText:r,sharedSecret:i}=e.encapsulate(t);return{mlkemCipherText:r,mlkemKeyShare:i}}throw Error("Unsupported KEM algorithm")}(e,r),c=await Ci(e,s,a,n,t);return{eccCipherText:n,mlkemCipherText:o,wrappedKey:await Pr(B.symmetric.aes256,c,i)}}async function xi(e,t,r,i,a,n,s,o){const c=await async function(e,t,r,i){if(e===B.publicKey.pqc_mlkem_x25519)return await Fr(B.publicKey.x25519,t,i,r);throw Error("Unsupported KEM algorithm")}(e,t,i,a),u=await async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519){const{ml_kem768:e}=await import("./noble_post_quantum.min.mjs");return e.decapsulate(t,r)}throw Error("Unsupported KEM algorithm")}(e,r,n),h=await Ci(e,u,c,t,a);return await Ur(B.symmetric.aes256,h,o)}async function Ci(e,t,r,i,a){const n=F.encodeUTF8("OpenPGPCompositeKDFv1"),s=F.concatUint8Array([t,r,i,a,new Uint8Array([e]),n,new Uint8Array([n.length])]);return await Te(B.hash.sha3_256,s)}async function Ii(e,t,r,i,a){const n=async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519)return Ir(B.publicKey.x25519,t,r);throw Error("Unsupported KEM algorithm")}(e,t,r),s=async function(e,t,r){if(e===B.publicKey.pqc_mlkem_x25519){const{mlkemPublicKey:i}=await Pi(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported KEM algorithm")}(e,i,a);return await n&&await s}async function Ti(e,t){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs"),{secretKey:r,publicKey:i}=e.keygen(t);return{mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}async function Bi(e){if(e===B.publicKey.pqc_mldsa_ed25519){const{eccSecretKey:t,eccPublicKey:r}=await async function(e){if(e===B.publicKey.pqc_mldsa_ed25519){const{A:e,seed:t}=await ct(B.publicKey.ed25519);return{eccPublicKey:e,eccSecretKey:t}}throw Error("Unsupported signature algorithm")}(e),{mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}=await async function(e){if(e===B.publicKey.pqc_mldsa_ed25519){const t=ye(32),{mldsaSecretKey:r,mldsaPublicKey:i}=await Ti(e,t);return{mldsaSeed:t,mldsaSecretKey:r,mldsaPublicKey:i}}throw Error("Unsupported signature algorithm")}(e);return{eccSecretKey:t,eccPublicKey:r,mldsaSeed:i,mldsaSecretKey:a,mldsaPublicKey:n}}throw Error("Unsupported signature algorithm")}async function Mi(e,t,r,i,a,n){if(e===B.publicKey.pqc_mldsa_ed25519){const{eccSignature:t}=await async function(e,t,r,i,a){if(e===B.publicKey.pqc_mldsa_ed25519){const{RS:e}=await ut(B.publicKey.ed25519,0,0,i,r,a);return{eccSignature:e}}throw Error("Unsupported signature algorithm")}(e,0,r,i,n),{mldsaSignature:s}=await async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return{mldsaSignature:e.sign(t,r)}}throw Error("Unsupported signature algorithm")}(e,a,n);return{eccSignature:t,mldsaSignature:s}}throw Error("Unsupported signature algorithm")}async function Li(e,t,r,i,a,{eccSignature:n,mldsaSignature:s}){if(e===B.publicKey.pqc_mldsa_ed25519){const t=async function(e,t,r,i,a){if(e===B.publicKey.pqc_mldsa_ed25519)return ht(B.publicKey.ed25519,0,{RS:a},0,r,i);throw Error("Unsupported signature algorithm")}(e,0,r,a,n),o=async function(e,t,r,i){if(e===B.publicKey.pqc_mldsa_ed25519){const{ml_dsa65:e}=await import("./noble_post_quantum.min.mjs");return e.verify(t,r,i)}throw Error("Unsupported signature algorithm")}(e,i,a,s);return await t&&await o}throw Error("Unsupported signature algorithm")}function Fi(e,t){if(e===B.publicKey.pqc_mldsa_ed25519)return Be(t)>=32;throw Error("Unsupported signature algorithm")}async function _i(e,t,r,i,a){const n=async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519)return lt(B.publicKey.ed25519,t,r);throw Error("Unsupported signature algorithm")}(e,t,r),s=async function(e,t,r){if(e===B.publicKey.pqc_mldsa_ed25519){const{mldsaPublicKey:i}=await Ti(e,r);return F.equalsUint8Array(t,i)}throw Error("Unsupported signature algorithm")}(e,i,a);return await n&&await s}class Ni{constructor(e){e&&(this.data=e)}read(e){if(e.length>=1){const t=e[0];if(e.length>=1+t)return this.data=e.subarray(1,1+t),1+this.data.length}throw Error("Invalid symmetric key")}write(){return F.concatUint8Array([new Uint8Array([this.data.length]),this.data])}}class Ri{constructor(e){if(void 0===e&&(e=new Uint8Array([])),!F.isUint8Array(e))throw Error("data must be in the form of a Uint8Array");this.data=e,this.length=this.data.byteLength}write(){return F.concatUint8Array([new Uint8Array([this.length]),this.data])}read(e){if(e.length>=1){const t=e[0];if(e.length>=t+1)return this.data=e.subarray(1,1+t),this.length=t,1+t}throw Error("Invalid octet string")}}class zi{constructor(e){if(e){const{version:t,hash:r,cipher:i,replacementFingerprint:a}=e;this.version=t||1,this.hash=r,this.cipher=i,this.replacementFingerprint=a}else this.version=null,this.hash=null,this.cipher=null,this.replacementFingerprint=null}read(e){if(e.length<4||1!==e[1]&&255!==e[1])throw new at("Cannot read KDFParams");const t=e[0];this.version=e[1],this.hash=e[2],this.cipher=e[3];let r=4;if(255===this.version){const i=t-r+1;this.replacementFingerprint=e.slice(r,r+i),r+=i}return r}write(e){if(!this.version||1===this.version||e)return new Uint8Array([3,1,this.hash,this.cipher]);return F.concatUint8Array([new Uint8Array([3+this.replacementFingerprint.length,this.version,this.hash,this.cipher]),this.replacementFingerprint])}}const Oi=e=>class{constructor(e){this.data=void 0===e?null:e}read(t){const r=t[0];return this.data=B.write(e,r),1}write(){return new Uint8Array([this.data])}getName(){return B.read(e,this.data)}getValue(){return this.data}},ji=Oi(B.aead),qi=Oi(B.symmetric),Hi=Oi(B.hash);class Gi{static fromObject({wrappedKey:e,algorithm:t}){const r=new Gi;return r.wrappedKey=e,r.algorithm=t,r}read(e){let t=0,r=e[t++];this.algorithm=r%2?e[t++]:null,r-=r%2,this.wrappedKey=F.readExactSubarray(e,t,t+r),t+=r}write(){return F.concatUint8Array([this.algorithm?new Uint8Array([this.wrappedKey.length+1,this.algorithm]):new Uint8Array([this.wrappedKey.length]),this.wrappedKey])}}const Vi=F.getWebCrypto(),Wi=F.getNodeCrypto(),$i=Wi?Wi.getCiphers():[],Qi={idea:$i.includes("idea-cfb")?"idea-cfb":void 0,tripledes:$i.includes("des-ede3-cfb")?"des-ede3-cfb":void 0,cast5:$i.includes("cast5-cfb")?"cast5-cfb":void 0,blowfish:$i.includes("bf-cfb")?"bf-cfb":void 0,aes128:$i.includes("aes-128-cfb")?"aes-128-cfb":void 0,aes192:$i.includes("aes-192-cfb")?"aes-192-cfb":void 0,aes256:$i.includes("aes-256-cfb")?"aes-256-cfb":void 0};function Xi(e){const{blockSize:t}=Er(e),r=ye(t),i=new Uint8Array([r[r.length-2],r[r.length-1]]);return F.concat([r,i])}async function Yi(e,t,r,i,a){const n=B.read(B.symmetric,e);if(F.getNodeCrypto()&&Qi[n])return function(e,t,r,i){const a=B.read(B.symmetric,e),n=new Wi.createCipheriv(Qi[a],t,i);return w(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return async function(e,t,r,i){if(Vi&&await Ji.isSupported(e)){const a=new Ji(e,t,i);return F.isStream(r)?b(r,(e=>a.encryptChunk(e)),(()=>a.finish())):a.encrypt(r)}if(F.isStream(r)){const a=new ea(!0,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return lr(t,i).encrypt(r)}(e,t,r,i);const s=new(await vr(e))(t),o=s.blockSize,c=i.slice();let u=new Uint8Array;const h=e=>{e&&(u=F.concatUint8Array([u,e]));const t=new Uint8Array(u.length);let r,i=0;for(;e?u.length>=o:u.length;){const e=s.encrypt(c);for(r=0;r<o;r++)c[r]=u[r]^e[r],t[i++]=c[r];u=u.subarray(o)}return t.subarray(0,i)};return w(r,h,h)}async function Zi(e,t,r,i){const a=B.read(B.symmetric,e);if(Wi&&Qi[a])return function(e,t,r,i){const a=B.read(B.symmetric,e),n=new Wi.createDecipheriv(Qi[a],t,i);return w(r,(e=>new Uint8Array(n.update(e))))}(e,t,r,i);if(F.isAES(e))return function(e,t,r,i){if(F.isStream(r)){const a=new ea(!1,e,t,i);return b(r,(e=>a.processChunk(e)),(()=>a.finish()))}return lr(t,i).decrypt(r)}(e,t,r,i);const n=new(await vr(e))(t),s=n.blockSize;let o=i,c=new Uint8Array;const u=e=>{e&&(c=F.concatUint8Array([c,e]));const t=new Uint8Array(c.length);let r,i=0;for(;e?c.length>=s:c.length;){const e=n.encrypt(o);for(o=c.subarray(0,s),r=0;r<s;r++)t[i++]=o[r]^e[r];c=c.subarray(s)}return t.subarray(0,i)};return w(r,u,u)}class Ji{constructor(e,t,r){const{blockSize:i}=Er(e);this.key=t,this.prevBlock=r,this.nextBlock=new Uint8Array(i),this.i=0,this.blockSize=i,this.zeroBlock=new Uint8Array(this.blockSize)}static isSupported(e){const{keySize:t}=Er(e);return Vi.importKey("raw",new Uint8Array(t),"aes-cbc",!1,["encrypt"]).then((()=>!0),(()=>!1))}async _runCBC(e,t){const r="AES-CBC";this.keyRef=this.keyRef||await Vi.importKey("raw",this.key,r,!1,["encrypt"]);const i=await Vi.encrypt({name:r,iv:t||this.zeroBlock},this.keyRef,e);return new Uint8Array(i).subarray(0,e.length)}async encryptChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=F.concatUint8Array([this.prevBlock,i.subarray(0,i.length-this.blockSize)]),n=await this._runCBC(a);return ta(n,i),this.prevBlock=n.slice(-this.blockSize),r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,n}let i;if(this.i+=r.length,this.i===this.nextBlock.length){const t=this.nextBlock;i=await this._runCBC(this.prevBlock),ta(i,t),this.prevBlock=i.slice(),this.i=0;const a=e.subarray(r.length);this.nextBlock.set(a,this.i),this.i+=a.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{this.nextBlock=this.nextBlock.subarray(0,this.i);const t=this.nextBlock,r=await this._runCBC(this.prevBlock);ta(r,t),e=r.subarray(0,t.length)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.keyRef=null,this.key=null}async encrypt(e){const t=(await this._runCBC(F.concatUint8Array([new Uint8Array(this.blockSize),e]),this.iv)).subarray(0,e.length);return ta(t,e),this.clearSensitiveData(),t}}class ea{constructor(e,t,r,i){this.forEncryption=e;const{blockSize:a}=Er(t);this.key=kr.expandKeyLE(r),i.byteOffset%4!=0&&(i=i.slice()),this.prevBlock=ra(i),this.nextBlock=new Uint8Array(a),this.i=0,this.blockSize=a}_runCFB(e){const t=ra(e),r=new Uint8Array(e.length),i=ra(r);for(let e=0;e+4<=i.length;e+=4){const{s0:r,s1:a,s2:n,s3:s}=kr.encrypt(this.key,this.prevBlock[0],this.prevBlock[1],this.prevBlock[2],this.prevBlock[3]);i[e+0]=t[e+0]^r,i[e+1]=t[e+1]^a,i[e+2]=t[e+2]^n,i[e+3]=t[e+3]^s,this.prevBlock=(this.forEncryption?i:t).slice(e,e+4)}return r}async processChunk(e){const t=this.nextBlock.length-this.i,r=e.subarray(0,t);if(this.nextBlock.set(r,this.i),this.i+e.length>=2*this.blockSize){const r=(e.length-t)%this.blockSize,i=F.concatUint8Array([this.nextBlock,e.subarray(t,e.length-r)]),a=this._runCFB(i);return r>0&&this.nextBlock.set(e.subarray(-r)),this.i=r,a}let i;if(this.i+=r.length,this.i===this.nextBlock.length){i=this._runCFB(this.nextBlock),this.i=0;const t=e.subarray(r.length);this.nextBlock.set(t,this.i),this.i+=t.length}else i=new Uint8Array;return i}async finish(){let e;if(0===this.i)e=new Uint8Array;else{e=this._runCFB(this.nextBlock).subarray(0,this.i)}return this.clearSensitiveData(),e}clearSensitiveData(){this.nextBlock.fill(0),this.prevBlock.fill(0),this.key.fill(0)}}function ta(e,t){const r=Math.min(e.length,t.length);for(let i=0;i<r;i++)e[i]=e[i]^t[i]}const ra=e=>new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4));const ia=F.getWebCrypto(),aa=F.getNodeCrypto(),na=16;function sa(e,t){const r=e.length-na;for(let i=0;i<na;i++)e[i+r]^=t[i];return e}const oa=new Uint8Array(na);async function ca(e){const t=await ua(e),r=F.double(await t(oa)),i=F.double(r);return async function(e){return(await t(function(e,t,r){if(e.length&&e.length%na==0)return sa(e,t);const i=new Uint8Array(e.length+(na-e.length%na));return i.set(e),i[e.length]=128,sa(i,r)}(e,r,i))).subarray(-16)}}async function ua(e){if(F.getNodeCrypto())return async function(t){const r=new aa.createCipheriv("aes-"+8*e.length+"-cbc",e,oa).update(t);return new Uint8Array(r)};if(F.getWebCrypto())try{return e=await ia.importKey("raw",e,{name:"AES-CBC",length:8*e.length},!1,["encrypt"]),async function(t){const r=await ia.encrypt({name:"AES-CBC",iv:oa,length:128},e,t);return new Uint8Array(r).subarray(0,r.byteLength-na)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t){return hr(e,oa,{disablePadding:!0}).encrypt(t)}}const ha=F.getWebCrypto(),la=F.getNodeCrypto(),ya=F.getNodeBuffer(),pa=16,da=pa,ga=new Uint8Array(pa),ma=new Uint8Array(pa);ma[15]=1;const fa=new Uint8Array(pa);async function wa(e){const t=await ca(e);return function(e,r){return t(F.concatUint8Array([e,r]))}}async function ba(e){if(F.getNodeCrypto())return async function(t,r){const i=new la.createCipheriv("aes-"+8*e.length+"-ctr",e,r),a=ya.concat([i.update(t),i.final()]);return new Uint8Array(a)};if(F.getWebCrypto())try{const t=await ha.importKey("raw",e,{name:"AES-CTR",length:8*e.length},!1,["encrypt"]);return async function(e,r){const i=await ha.encrypt({name:"AES-CTR",counter:r,length:128},t,e);return new Uint8Array(i)}}catch(t){if("NotSupportedError"!==t.name&&(24!==e.length||"OperationError"!==t.name))throw t;F.printDebugError("Browser did not support operation: "+t.message)}return async function(t,r){return ur(e,r).encrypt(t)}}async function ka(e,t){if(e!==B.symmetric.aes128&&e!==B.symmetric.aes192&&e!==B.symmetric.aes256)throw Error("EAX mode supports only AES cipher");const[r,i]=await Promise.all([wa(t),ba(t)]);return{encrypt:async function(e,t,a){const[n,s]=await Promise.all([r(ga,t),r(ma,a)]),o=await i(e,n),c=await r(fa,o);for(let e=0;e<da;e++)c[e]^=s[e]^n[e];return F.concatUint8Array([o,c])},decrypt:async function(e,t,a){if(e.length<da)throw Error("Invalid EAX ciphertext");const n=e.subarray(0,-16),s=e.subarray(-16),[o,c,u]=await Promise.all([r(ga,t),r(ma,a),r(fa,n)]),h=u;for(let e=0;e<da;e++)h[e]^=c[e]^o[e];if(!F.equalsUint8Array(s,h))throw Error("Authentication tag mismatch");return await i(n,o)}}}fa[15]=2,ka.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[8+e]^=t[e];return r},ka.blockLength=pa,ka.ivLength=16,ka.tagLength=da;const va=16,Ka=16;function Aa(e){let t=0;for(let r=1;!(e&r);r<<=1)t++;return t}function Ea(e,t){for(let r=0;r<e.length;r++)e[r]^=t[r];return e}function Sa(e,t){return Ea(e.slice(),t)}const Pa=new Uint8Array(va),Ua=new Uint8Array([1]);async function Da(e,t){const{keySize:r}=Er(e);if(!F.isAES(e)||t.length!==r)throw Error("Unexpected algorithm or key size");let i=0;const a=e=>hr(t,Pa,{disablePadding:!0}).encrypt(e),n=e=>hr(t,Pa,{disablePadding:!0}).decrypt(e);let s;function o(e,t,r,n){const o=t.length/va|0;!function(e,t){const r=F.nbits(Math.max(e.length,t.length)/va|0)-1;for(let e=i+1;e<=r;e++)s[e]=F.double(s[e-1]);i=r}(t,n);const c=F.concatUint8Array([Pa.subarray(0,15-r.length),Ua,r]),u=63&c[15];c[15]&=192;const h=a(c),l=F.concatUint8Array([h,Sa(h.subarray(0,8),h.subarray(1,9))]),y=F.shiftRight(l.subarray(0+(u>>3),17+(u>>3)),8-(7&u)).subarray(1),p=new Uint8Array(va),d=new Uint8Array(t.length+Ka);let g,m=0;for(g=0;g<o;g++)Ea(y,s[Aa(g+1)]),d.set(Ea(e(Sa(y,t)),y),m),Ea(p,e===a?t:d.subarray(m)),t=t.subarray(va),m+=va;if(t.length){Ea(y,s.x);const r=a(y);d.set(Sa(t,r),m);const i=new Uint8Array(va);i.set(e===a?t:d.subarray(m,-16),0),i[t.length]=128,Ea(p,i),m+=t.length}const f=Ea(a(Ea(Ea(p,y),s.$)),function(e){if(!e.length)return Pa;const t=e.length/va|0,r=new Uint8Array(va),i=new Uint8Array(va);for(let n=0;n<t;n++)Ea(r,s[Aa(n+1)]),Ea(i,a(Sa(r,e))),e=e.subarray(va);if(e.length){Ea(r,s.x);const t=new Uint8Array(va);t.set(e,0),t[e.length]=128,Ea(t,r),Ea(i,a(t))}return i}(n));return d.set(f,m),d}return function(){const e=a(Pa),t=F.double(e);s=[],s[0]=F.double(t),s.x=e,s.$=t}(),{encrypt:async function(e,t,r){return o(a,e,t,r)},decrypt:async function(e,t,r){if(e.length<Ka)throw Error("Invalid OCB ciphertext");const i=e.subarray(-16);e=e.subarray(0,-16);const a=o(n,e,t,r);if(F.equalsUint8Array(i,a.subarray(-16)))return a.subarray(0,-16);throw Error("Authentication tag mismatch")}}}Da.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[7+e]^=t[e];return r},Da.blockLength=va,Da.ivLength=15,Da.tagLength=Ka;const xa=F.getWebCrypto(),Ca=F.getNodeCrypto(),Ia=F.getNodeBuffer(),Ta=16,Ba="AES-GCM";async function Ma(e,t){if(e!==B.symmetric.aes128&&e!==B.symmetric.aes192&&e!==B.symmetric.aes256)throw Error("GCM mode supports only AES cipher");if(F.getNodeCrypto())return{encrypt:async function(e,r,i=new Uint8Array){const a=new Ca.createCipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i);const n=Ia.concat([a.update(e),a.final(),a.getAuthTag()]);return new Uint8Array(n)},decrypt:async function(e,r,i=new Uint8Array){const a=new Ca.createDecipheriv("aes-"+8*t.length+"-gcm",t,r);a.setAAD(i),a.setAuthTag(e.slice(e.length-Ta,e.length));const n=Ia.concat([a.update(e.slice(0,e.length-Ta)),a.final()]);return new Uint8Array(n)}};if(F.getWebCrypto())try{const e=await xa.importKey("raw",t,{name:Ba},!1,["encrypt","decrypt"]),r=navigator.userAgent.match(/Version\/13\.\d(\.\d)* Safari/)||navigator.userAgent.match(/Version\/(13|14)\.\d(\.\d)* Mobile\/\S* Safari/);return{encrypt:async function(i,a,n=new Uint8Array){if(r&&!i.length)return pr(t,a,n).encrypt(i);const s=await xa.encrypt({name:Ba,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(s)},decrypt:async function(i,a,n=new Uint8Array){if(r&&i.length===Ta)return pr(t,a,n).decrypt(i);try{const t=await xa.decrypt({name:Ba,iv:a,additionalData:n,tagLength:128},e,i);return new Uint8Array(t)}catch(e){if("OperationError"===e.name)throw Error("Authentication tag mismatch")}}}}catch(e){if("NotSupportedError"!==e.name&&(24!==t.length||"OperationError"!==e.name))throw e;F.printDebugError("Browser did not support operation: "+e.message)}return{encrypt:async function(e,r,i){return pr(t,r,i).encrypt(e)},decrypt:async function(e,r,i){return pr(t,r,i).decrypt(e)}}}function La(e,t=!1){switch(e){case B.aead.eax:return ka;case B.aead.ocb:return Da;case B.aead.gcm:return Ma;case B.aead.experimentalGCM:if(!t)throw Error("Unexpected non-standard `experimentalGCM` AEAD algorithm provided in `config.preferredAEADAlgorithm`: use `gcm` instead");return Ma;default:throw Error("Unsupported AEAD mode")}}async function Fa(e,t,r,i,a,n){switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:{const{n:e,e:t}=r;return{c:await qe(a,e,t)}}case B.publicKey.elgamal:{const{p:e,g:t,y:i}=r;return async function(e,t,r,i){t=te(t),r=te(r),i=te(i);const a=te(Le(e,ue(t))),n=pe($e,t-$e);return{c1:he(ie(r,n,t)),c2:he(re(ie(i,n,t)*a,t))}}(a,e,t,i)}case B.publicKey.ecdh:{const{oid:e,Q:t,kdfParams:i}=r,{publicKey:s,wrappedKey:o}=await gi(e,i,a,t,n);return{V:s,C:new Ni(o)}}case B.publicKey.x25519:case B.publicKey.x448:{if(t&&!F.isAES(t))throw Error("X25519 and X448 keys can only encrypt AES session keys");const{A:i}=r,{ephemeralPublicKey:n,wrappedKey:s}=await Tr(e,a,i);return{ephemeralPublicKey:n,C:Gi.fromObject({algorithm:t,wrappedKey:s})}}case B.publicKey.aead:{if(!i)throw Error("Cannot encrypt with symmetric key missing private parameters");const{cipher:e}=r,t=e.getValue(),{keyMaterial:n}=i,s=M.preferredAEADAlgorithm,o=La(M.preferredAEADAlgorithm),{ivLength:c}=o,u=ye(c),h=await o(t,n),l=await h.encrypt(a,u,new Uint8Array);return{aeadMode:new ji(s),iv:u,c:new Ri(l)}}case B.publicKey.pqc_mlkem_x25519:{const{eccPublicKey:i,mlkemPublicKey:n}=r,{eccCipherText:s,mlkemCipherText:o,wrappedKey:c}=await Di(e,i,n,a);return{eccCipherText:s,mlkemCipherText:o,C:Gi.fromObject({algorithm:t,wrappedKey:c})}}default:return[]}}async function _a(e,t,r,i,a,n){switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:{const{c:e}=i,{n:a,e:s}=t,{d:o,p:c,q:u,u:h}=r;return He(e,a,s,o,c,u,h,n)}case B.publicKey.elgamal:{const{c1:e,c2:a}=i;return async function(e,t,r,i,a){return e=te(e),t=te(t),r=te(r),Fe(he(re(ne(ie(e,i=te(i),r),r)*t,r),"be",ue(r)),a)}(e,a,t.p,r.x,n)}case B.publicKey.ecdh:{const{oid:e,Q:n,kdfParams:s}=t,{d:o}=r,{V:c,C:u}=i;return fi(e,s,c,u.data,n,o,a)}case B.publicKey.x25519:case B.publicKey.x448:{const{A:a}=t,{k:n}=r,{ephemeralPublicKey:s,C:o}=i;if(null!==o.algorithm&&!F.isAES(o.algorithm))throw Error("AES session key expected");return Br(e,s,o.wrappedKey,a,n)}case B.publicKey.aead:{const{cipher:e}=t,a=e.getValue(),{keyMaterial:n}=r,{aeadMode:s,iv:o,c}=i,u=La(s.getValue());return(await u(a,n)).decrypt(c.data,o,new Uint8Array)}case B.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:a,mlkemSecretKey:n}=r,{eccPublicKey:s,mlkemPublicKey:o}=t,{eccCipherText:c,mlkemCipherText:u,C:h}=i;return xi(e,c,u,a,s,n,0,h.wrappedKey)}default:throw Error("Unknown public key encryption algorithm.")}}async function Na(e,t,r){let i=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const e=F.readMPI(t.subarray(i));i+=e.length+2;const r=F.readMPI(t.subarray(i));i+=r.length+2;const a=F.readMPI(t.subarray(i));i+=a.length+2;const n=F.readMPI(t.subarray(i));return i+=n.length+2,{read:i,privateParams:{d:e,p:r,q:a,u:n}}}case B.publicKey.dsa:case B.publicKey.elgamal:{const e=F.readMPI(t.subarray(i));return i+=e.length+2,{read:i,privateParams:{x:e}}}case B.publicKey.ecdsa:case B.publicKey.ecdh:{const a=Ga(e,r.oid);let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{d:n}}}case B.publicKey.eddsaLegacy:{const a=Ga(e,r.oid);if(r.oid.getName()!==B.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let n=F.readMPI(t.subarray(i));return i+=n.length+2,n=F.leftPad(n,a),{read:i,privateParams:{seed:n}}}case B.publicKey.ed25519:case B.publicKey.ed448:{const r=Ga(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{seed:a}}}case B.publicKey.x25519:case B.publicKey.x448:{const r=Ga(e),a=F.readExactSubarray(t,i,i+r);return i+=a.length,{read:i,privateParams:{k:a}}}case B.publicKey.hmac:{const{cipher:e}=r,a=Be(e.getValue()),n=t.subarray(i,i+32);i+=32;const s=t.subarray(i,i+a);return i+=a,{read:i,privateParams:{hashSeed:n,keyMaterial:s}}}case B.publicKey.aead:{const{cipher:e}=r,a=t.subarray(i,i+32);i+=32;const{keySize:n}=Er(e.getValue()),s=t.subarray(i,i+n);return i+=n,{read:i,privateParams:{hashSeed:a,keyMaterial:s}}}case B.publicKey.pqc_mlkem_x25519:{const r=F.readExactSubarray(t,i,i+Ga(B.publicKey.x25519));i+=r.length;const a=F.readExactSubarray(t,i,i+64);i+=a.length;const{mlkemSecretKey:n}=await Pi(e,a);return{read:i,privateParams:{eccSecretKey:r,mlkemSecretKey:n,mlkemSeed:a}}}case B.publicKey.pqc_mldsa_ed25519:{const r=F.readExactSubarray(t,i,i+Ga(B.publicKey.ed25519));i+=r.length;const a=F.readExactSubarray(t,i,i+32);i+=a.length;const{mldsaSecretKey:n}=await Ti(e,a);return{read:i,privateParams:{eccSecretKey:r,mldsaSecretKey:n,mldsaSeed:a}}}default:throw new at("Unknown public key encryption algorithm.")}}function Ra(e,t){const r=new Set([B.publicKey.ed25519,B.publicKey.x25519,B.publicKey.ed448,B.publicKey.x448,B.publicKey.aead,B.publicKey.hmac,B.publicKey.pqc_mlkem_x25519,B.publicKey.pqc_mldsa_ed25519]),i={[B.publicKey.pqc_mlkem_x25519]:new Set(["mlkemSecretKey"]),[B.publicKey.pqc_mldsa_ed25519]:new Set(["mldsaSecretKey"])},a=Object.keys(t).map((a=>{if(i[e]?.has(a))return new Uint8Array;const n=t[a];return F.isUint8Array(n)?r.has(e)?n:F.uint8ArrayToMPI(n):n.write()}));return F.concatUint8Array(a)}async function za(e,t,r,i){switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:return async function(e,t){if(t=BigInt(t),F.getWebCrypto()){const r={name:"RSASSA-PKCS1-v1_5",modulusLength:e,publicExponent:he(t),hash:{name:"SHA-1"}},i=await Ne.generateKey(r,!0,["sign","verify"]);return We(await Ne.exportKey("jwk",i.privateKey),t)}if(F.getNodeCrypto()){const r={modulusLength:e,publicExponent:se(t),publicKeyEncoding:{type:"pkcs1",format:"jwk"},privateKeyEncoding:{type:"pkcs1",format:"jwk"}},i=await new Promise(((e,t)=>{Re.generateKeyPair("rsa",r,((r,i,a)=>{r?t(r):e(a)}))}));return We(i,t)}let r,i,a;do{i=ge(e-(e>>1),t,40),r=ge(e>>1,t,40),a=r*i}while(ce(a)!==e);const n=(r-ze)*(i-ze);return i<r&&([r,i]=[i,r]),{n:he(a),e:he(t),d:he(ne(t,n)),p:he(r),q:he(i),u:he(ne(r,i))}}(t,65537).then((({n:e,e:t,d:r,p:i,q:a,u:n})=>({privateParams:{d:r,p:i,q:a,u:n},publicParams:{n:e,e:t}})));case B.publicKey.ecdsa:return Wr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{d:r},publicParams:{oid:new Xe(e),Q:t}})));case B.publicKey.eddsaLegacy:return Wr(r).then((({oid:e,Q:t,secret:r})=>({privateParams:{seed:r},publicParams:{oid:new Xe(e),Q:t}})));case B.publicKey.ecdh:return Wr(r).then((({oid:e,Q:t,secret:r,hash:i,cipher:a})=>({privateParams:{d:r},publicParams:{oid:new Xe(e),Q:t,kdfParams:new zi({hash:i,cipher:a})}})));case B.publicKey.ed25519:case B.publicKey.ed448:return ct(e).then((({A:e,seed:t})=>({privateParams:{seed:t},publicParams:{A:e}})));case B.publicKey.x25519:case B.publicKey.x448:return Cr(e).then((({A:e,k:t})=>({privateParams:{k:t},publicParams:{A:e}})));case B.publicKey.hmac:return Oa(await async function(e){if(!Ai.has(e))throw Error("Unsupported hash algorithm.");const t=B.read(B.webHash,e),r=Ei||Si.webcrypto.subtle,i=await r.generateKey({name:"HMAC",hash:{name:t}},!0,["sign","verify"]),a=await r.exportKey("raw",i);return new Uint8Array(a)}(i),new Hi(i));case B.publicKey.aead:return Oa(qa(i),new qi(i));case B.publicKey.pqc_mlkem_x25519:return Ui(e).then((({eccSecretKey:e,eccPublicKey:t,mlkemSeed:r,mlkemSecretKey:i,mlkemPublicKey:a})=>({privateParams:{eccSecretKey:e,mlkemSeed:r,mlkemSecretKey:i},publicParams:{eccPublicKey:t,mlkemPublicKey:a}})));case B.publicKey.pqc_mldsa_ed25519:return Bi(e).then((({eccSecretKey:e,eccPublicKey:t,mldsaSeed:r,mldsaSecretKey:i,mldsaPublicKey:a})=>({privateParams:{eccSecretKey:e,mldsaSeed:r,mldsaSecretKey:i},publicParams:{eccPublicKey:t,mldsaPublicKey:a}})));case B.publicKey.dsa:case B.publicKey.elgamal:throw Error("Unsupported algorithm for key generation.");default:throw Error("Unknown public key algorithm.")}}async function Oa(e,t){const r=ye(32);return{privateParams:{hashSeed:r,keyMaterial:e},publicParams:{cipher:t,digest:await Te(B.hash.sha256,r)}}}async function ja(e,t,r){if(!t||!r)throw Error("Missing key parameters");switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const{n:e,e:i}=t,{d:a,p:n,q:s,u:o}=r;return async function(e,t,r,i,a,n){if(e=te(e),(i=te(i))*(a=te(a))!==e)return!1;const s=BigInt(2);if(re(i*(n=te(n)),a)!==BigInt(1))return!1;t=te(t),r=te(r);const o=pe(s,s<<BigInt(Math.floor(ce(e)/3))),c=o*r*t;return!(re(c,i-ze)!==o||re(c,a-ze)!==o)}(e,i,a,n,s,o)}case B.publicKey.dsa:{const{p:e,q:i,g:a,y:n}=t,{x:s}=r;return async function(e,t,r,i,a){const n=te(e),s=te(t),o=te(r),c=te(i);if(o<=Ki||o>=n)return!1;if(re(n-Ki,s)!==vi)return!1;if(ie(o,s,n)!==Ki)return!1;const u=BigInt(ce(s));if(u<BigInt(150)||!me(s,null,32))return!1;const h=te(a),l=BigInt(2);return c===ie(o,s*pe(l<<u-Ki,l<<u)+h,n)}(e,i,a,n,s)}case B.publicKey.elgamal:{const{p:e,g:i,y:a}=t,{x:n}=r;return async function(e,t,r,i){const a=te(e),n=te(t),s=te(r);if(n<=$e||n>=a)return!1;const o=BigInt(ce(a));if(o<BigInt(1023))return!1;if(ie(n,a-$e,a)!==$e)return!1;let c=n,u=BigInt(1);const h=BigInt(2),l=h<<BigInt(17);for(;u<l;){if(c=re(c*n,a),c===$e)return!1;u++}const y=te(i),p=pe(h<<o-$e,h<<o);return s===ie(n,(a-$e)*p+y,a)}(e,i,a,n)}case B.publicKey.ecdsa:case B.publicKey.ecdh:{const i=ki[B.read(B.publicKey,e)],{oid:a,Q:n}=t,{d:s}=r;return i.validateParams(a,n,s)}case B.publicKey.eddsaLegacy:{const{Q:e,oid:i}=t,{seed:a}=r;return ui(i,e,a)}case B.publicKey.ed25519:case B.publicKey.ed448:{const{A:i}=t,{seed:a}=r;return lt(e,i,a)}case B.publicKey.x25519:case B.publicKey.x448:{const{A:i}=t,{k:a}=r;return Ir(e,i,a)}case B.publicKey.hmac:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r;return Be(e.getValue())===n.length&&F.equalsUint8Array(i,await Te(B.hash.sha256,a))}case B.publicKey.aead:{const{cipher:e,digest:i}=t,{hashSeed:a,keyMaterial:n}=r,{keySize:s}=Er(e.getValue());return s===n.length&&F.equalsUint8Array(i,await Te(B.hash.sha256,a))}case B.publicKey.pqc_mlkem_x25519:{const{eccSecretKey:i,mlkemSeed:a}=r,{eccPublicKey:n,mlkemPublicKey:s}=t;return Ii(e,n,i,s,a)}case B.publicKey.pqc_mldsa_ed25519:{const{eccSecretKey:i,mldsaSeed:a}=r,{eccPublicKey:n,mldsaPublicKey:s}=t;return _i(e,n,i,s,a)}default:throw Error("Unknown public key algorithm.")}}function qa(e){const{keySize:t}=Er(e);return ye(t)}function Ha(e){try{e.getName()}catch{throw new at("Unknown curve OID")}}function Ga(e,t){switch(e){case B.publicKey.ecdsa:case B.publicKey.ecdh:case B.publicKey.eddsaLegacy:return new Vr(t).payloadSize;case B.publicKey.ed25519:case B.publicKey.ed448:return yt(e);case B.publicKey.x25519:case B.publicKey.x448:return Mr(e);default:throw Error("Unknown elliptic algo")}}async function Va(e,t,r,i,a,n,s){switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const{n:e,e:a}=i;return je(t,n,F.leftPad(r.s,e.length),e,a,s)}case B.publicKey.dsa:{const{g:e,p:t,q:a,y:n}=i,{r:o,s:c}=r;return async function(e,t,r,i,a,n,s,o){if(t=te(t),r=te(r),n=te(n),s=te(s),a=te(a),o=te(o),t<=vi||t>=s||r<=vi||r>=s)return F.printDebug("invalid DSA Signature"),!1;const c=re(te(i.subarray(0,ue(s))),s),u=ne(r,s);if(u===vi)return F.printDebug("invalid DSA Signature"),!1;a=re(a,n),o=re(o,n);const h=re(c*u,s),l=re(t*u,s);return re(re(ie(a,h,n)*ie(o,l,n),n),s)===t}(0,o,c,s,e,t,a,n)}case B.publicKey.ecdsa:{const{oid:e,Q:a}=i,o=new Vr(e).payloadSize;return ai(e,t,{r:F.leftPad(r.r,o),s:F.leftPad(r.s,o)},n,a,s)}case B.publicKey.eddsaLegacy:{if(Be(t)<Be(B.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=i,n=new Vr(e).payloadSize;return ci(e,0,{r:F.leftPad(r.r,n),s:F.leftPad(r.s,n)},0,a,s)}case B.publicKey.ed25519:case B.publicKey.ed448:{if(Be(t)<Be(pt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=i;return ht(e,0,r,0,a,s)}case B.publicKey.hmac:{if(!a)throw Error("Cannot verify HMAC signature with symmetric key missing private parameters");const{cipher:e}=i,{keyMaterial:t}=a;return async function(e,t,r,i){if(!Ai.has(e))throw Error("Unsupported hash algorithm.");const a=B.read(B.webHash,e),n=Ei||Si.webcrypto.subtle,s=await n.importKey("raw",t,{name:"HMAC",hash:{name:a}},!1,["verify"]);return n.verify("HMAC",s,r,i)}(e.getValue(),t,r.mac.data,s)}case B.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a,mldsaPublicKey:n}=i;return Li(e,0,a,n,s,r)}default:throw Error("Unknown signature algorithm.")}}async function Wa(e,t,r,i,a,n){if(!r||!i)throw Error("Missing key parameters");switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const{n:e,e:s}=r,{d:o,p:c,q:u,u:h}=i;return{s:await Oe(t,a,e,s,o,c,u,h,n)}}case B.publicKey.dsa:{const{g:e,p:t,q:a}=r,{x:s}=i;return async function(e,t,r,i,a,n){const s=BigInt(0);let o,c,u,h;i=te(i),a=te(a),r=te(r),n=te(n),r=re(r,i),n=re(n,a);const l=re(te(t.subarray(0,ue(a))),a);for(;;){if(o=pe(Ki,a),c=re(ie(r,o,i),a),c===s)continue;const e=re(n*c,a);if(h=re(l+e,a),u=re(ne(o,a)*h,a),u!==s)break}return{r:he(c,"be",ue(i)),s:he(u,"be",ue(i))}}(0,n,e,t,a,s)}case B.publicKey.elgamal:throw Error("Signing with Elgamal is not defined in the OpenPGP standard.");case B.publicKey.ecdsa:{const{oid:e,Q:s}=r,{d:o}=i;return ii(e,t,a,s,o,n)}case B.publicKey.eddsaLegacy:{if(Be(t)<Be(B.hash.sha256))throw Error("Hash algorithm too weak for EdDSALegacy.");const{oid:e,Q:a}=r,{seed:s}=i;return oi(e,0,0,a,s,n)}case B.publicKey.ed25519:case B.publicKey.ed448:{if(Be(t)<Be(pt(e)))throw Error("Hash algorithm too weak for EdDSA.");const{A:a}=r,{seed:s}=i;return ut(e,0,0,a,s,n)}case B.publicKey.hmac:{const{cipher:e}=r,{keyMaterial:t}=i,a=await async function(e,t,r){if(!Ai.has(e))throw Error("Unsupported hash algorithm.");const i=B.read(B.webHash,e),a=Ei||Si.webcrypto.subtle,n=await a.importKey("raw",t,{name:"HMAC",hash:{name:i}},!1,["sign"]),s=await a.sign("HMAC",n,r);return new Uint8Array(s)}(e.getValue(),t,n);return{mac:new Ri(a)}}case B.publicKey.pqc_mldsa_ed25519:{if(!Fi(e,t))throw Error("Unexpected hash algorithm for PQC signature: digest size too short");const{eccPublicKey:a}=r,{eccSecretKey:s,mldsaSecretKey:o}=i;return Mi(e,0,s,a,o,n)}default:throw Error("Unknown signature algorithm.")}}Ma.getNonce=function(e,t){const r=e.slice();for(let e=0;e<t.length;e++)r[4+e]^=t[e];return r},Ma.blockLength=16,Ma.ivLength=12,Ma.tagLength=Ta;class $a extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,$a),this.name="Argon2OutOfMemoryError"}}let Qa,Xa,Ya=2<<19;class Za{static get ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(){return Ya}static set ARGON2_WASM_MEMORY_THRESHOLD_RELOAD(e){Ya=e}static reloadWasmModule(){Qa&&(Xa=Qa(),Xa.catch((()=>{})))}constructor(e=M){const{passes:t,parallelism:r,memoryExponent:i}=e.s2kArgon2Params;this.type="argon2",this.salt=null,this.t=t,this.p=r,this.encodedM=i}generateSalt(){this.salt=ye(16)}read(e){let t=0;return this.salt=e.subarray(t,t+16),t+=16,this.t=e[t++],this.p=e[t++],this.encodedM=e[t++],t}write(){const e=[new Uint8Array([B.write(B.s2k,this.type)]),this.salt,new Uint8Array([this.t,this.p,this.encodedM])];return F.concatUint8Array(e)}async produceKey(e,t,r){if(this.encodedM>r.maxArgon2MemoryExponent)throw new $a("Argon2 required memory exceeds `config.maxArgon2MemoryExponent`");const i=2<<this.encodedM-1;try{Qa=Qa||(await import("./argon2id.min.mjs")).default,Xa=Xa||Qa();const r=await Xa,a=r({version:19,type:2,password:F.encodeUTF8(e),salt:this.salt,tagLength:t,memorySize:i,parallelism:this.p,passes:this.t});return i>Za.ARGON2_WASM_MEMORY_THRESHOLD_RELOAD&&Za.reloadWasmModule(),a}catch(e){throw e.message&&(e.message.includes("Unable to grow instance memory")||e.message.includes("failed to grow memory")||e.message.includes("WebAssembly.Memory.grow")||e.message.includes("Out of memory"))?new $a("Could not allocate required memory for Argon2"):e}}}class Ja{constructor(e,t=M){this.algorithm=B.hash.sha256,this.type=B.read(B.s2k,e),this.c=t.s2kIterationCountByte,this.salt=null}generateSalt(){switch(this.type){case"salted":case"iterated":this.salt=ye(8)}}getCount(){return 16+(15&this.c)<<6+(this.c>>4)}read(e){let t=0;switch(this.algorithm=e[t++],this.type){case"simple":break;case"salted":this.salt=e.subarray(t,t+8),t+=8;break;case"iterated":this.salt=e.subarray(t,t+8),t+=8,this.c=e[t++];break;case"gnu":if("GNU"!==F.uint8ArrayToString(e.subarray(t,t+3)))throw new at("Unknown s2k type.");t+=3;if(1001!==1e3+e[t++])throw new at("Unknown s2k gnu protection mode.");this.type="gnu-dummy";break;default:throw new at("Unknown s2k type.")}return t}write(){if("gnu-dummy"===this.type)return new Uint8Array([101,0,...F.stringToUint8Array("GNU"),1]);const e=[new Uint8Array([B.write(B.s2k,this.type),this.algorithm])];switch(this.type){case"simple":break;case"salted":e.push(this.salt);break;case"iterated":e.push(this.salt),e.push(new Uint8Array([this.c]));break;case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}return F.concatUint8Array(e)}async produceKey(e,t,r){e=F.encodeUTF8(e);const i=[];let a=0,n=0;for(;a<t;){let t;switch(this.type){case"simple":t=F.concatUint8Array([new Uint8Array(n),e]);break;case"salted":t=F.concatUint8Array([new Uint8Array(n),this.salt,e]);break;case"iterated":{const r=F.concatUint8Array([this.salt,e]);let i=r.length;const a=Math.max(this.getCount(),i);t=new Uint8Array(n+a),t.set(r,n);for(let e=n+i;e<a;e+=i,i*=2)t.copyWithin(e,n,e);break}case"gnu":throw Error("GNU s2k type not supported.");default:throw Error("Unknown s2k type.")}const r=await Te(this.algorithm,t);i.push(r),a+=r.length,n++}return F.concatUint8Array(i).subarray(0,t)}}const en=new Set([B.s2k.argon2,B.s2k.iterated]);function tn(e,t=M){switch(e){case B.s2k.argon2:return new Za(t);case B.s2k.iterated:case B.s2k.gnu:case B.s2k.salted:case B.s2k.simple:return new Ja(e,t);default:throw new at("Unsupported S2K type")}}function rn(e){const{s2kType:t}=e;if(!en.has(t))throw Error("The provided `config.s2kType` value is not allowed");return tn(t,e)}var an=Uint8Array,nn=Uint16Array,sn=Int32Array,on=new an([0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0,0]),cn=new an([0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13,0,0]),un=new an([16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15]),hn=function(e,t){for(var r=new nn(31),i=0;i<31;++i)r[i]=t+=1<<e[i-1];var a=new sn(r[30]);for(i=1;i<30;++i)for(var n=r[i];n<r[i+1];++n)a[n]=n-r[i]<<5|i;return{b:r,r:a}},ln=hn(on,2),yn=ln.b,pn=ln.r;yn[28]=258,pn[258]=28;for(var dn=hn(cn,0),gn=dn.b,mn=dn.r,fn=new nn(32768),wn=0;wn<32768;++wn){var bn=(43690&wn)>>1|(21845&wn)<<1;bn=(61680&(bn=(52428&bn)>>2|(13107&bn)<<2))>>4|(3855&bn)<<4,fn[wn]=((65280&bn)>>8|(255&bn)<<8)>>1}var kn=function(e,t,r){for(var i=e.length,a=0,n=new nn(t);a<i;++a)e[a]&&++n[e[a]-1];var s,o=new nn(t);for(a=1;a<t;++a)o[a]=o[a-1]+n[a-1]<<1;if(r){s=new nn(1<<t);var c=15-t;for(a=0;a<i;++a)if(e[a])for(var u=a<<4|e[a],h=t-e[a],l=o[e[a]-1]++<<h,y=l|(1<<h)-1;l<=y;++l)s[fn[l]>>c]=u}else for(s=new nn(i),a=0;a<i;++a)e[a]&&(s[a]=fn[o[e[a]-1]++]>>15-e[a]);return s},vn=new an(288);for(wn=0;wn<144;++wn)vn[wn]=8;for(wn=144;wn<256;++wn)vn[wn]=9;for(wn=256;wn<280;++wn)vn[wn]=7;for(wn=280;wn<288;++wn)vn[wn]=8;var Kn=new an(32);for(wn=0;wn<32;++wn)Kn[wn]=5;var An=/*#__PURE__*/kn(vn,9,0),En=/*#__PURE__*/kn(vn,9,1),Sn=/*#__PURE__*/kn(Kn,5,0),Pn=/*#__PURE__*/kn(Kn,5,1),Un=function(e){for(var t=e[0],r=1;r<e.length;++r)e[r]>t&&(t=e[r]);return t},Dn=function(e,t,r){var i=t/8|0;return(e[i]|e[i+1]<<8)>>(7&t)&r},xn=function(e,t){var r=t/8|0;return(e[r]|e[r+1]<<8|e[r+2]<<16)>>(7&t)},Cn=function(e){return(e+7)/8|0},In=function(e,t,r){return(null==t||t<0)&&(t=0),(null==r||r>e.length)&&(r=e.length),new an(e.subarray(t,r))},Tn=["unexpected EOF","invalid block type","invalid length/literal","invalid distance","stream finished","no stream handler",,"no callback","invalid UTF-8 data","extra field too long","date not in range 1980-2099","filename too long","stream finishing","invalid zip data"],Bn=function(e,t,r){var i=Error(t||Tn[e]);if(i.code=e,Error.captureStackTrace&&Error.captureStackTrace(i,Bn),!r)throw i;return i},Mn=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8},Ln=function(e,t,r){r<<=7&t;var i=t/8|0;e[i]|=r,e[i+1]|=r>>8,e[i+2]|=r>>16},Fn=function(e,t){for(var r=[],i=0;i<e.length;++i)e[i]&&r.push({s:i,f:e[i]});var a=r.length,n=r.slice();if(!a)return{t:qn,l:0};if(1==a){var s=new an(r[0].s+1);return s[r[0].s]=1,{t:s,l:1}}r.sort((function(e,t){return e.f-t.f})),r.push({s:-1,f:25001});var o=r[0],c=r[1],u=0,h=1,l=2;for(r[0]={s:-1,f:o.f+c.f,l:o,r:c};h!=a-1;)o=r[r[u].f<r[l].f?u++:l++],c=r[u!=h&&r[u].f<r[l].f?u++:l++],r[h++]={s:-1,f:o.f+c.f,l:o,r:c};var y=n[0].s;for(i=1;i<a;++i)n[i].s>y&&(y=n[i].s);var p=new nn(y+1),d=_n(r[h-1],p,0);if(d>t){i=0;var g=0,m=d-t,f=1<<m;for(n.sort((function(e,t){return p[t.s]-p[e.s]||e.f-t.f}));i<a;++i){var w=n[i].s;if(!(p[w]>t))break;g+=f-(1<<d-p[w]),p[w]=t}for(g>>=m;g>0;){var b=n[i].s;p[b]<t?g-=1<<t-p[b]++-1:++i}for(;i>=0&&g;--i){var k=n[i].s;p[k]==t&&(--p[k],++g)}d=t}return{t:new an(p),l:d}},_n=function(e,t,r){return-1==e.s?Math.max(_n(e.l,t,r+1),_n(e.r,t,r+1)):t[e.s]=r},Nn=function(e){for(var t=e.length;t&&!e[--t];);for(var r=new nn(++t),i=0,a=e[0],n=1,s=function(e){r[i++]=e},o=1;o<=t;++o)if(e[o]==a&&o!=t)++n;else{if(!a&&n>2){for(;n>138;n-=138)s(32754);n>2&&(s(n>10?n-11<<5|28690:n-3<<5|12305),n=0)}else if(n>3){for(s(a),--n;n>6;n-=6)s(8304);n>2&&(s(n-3<<5|8208),n=0)}for(;n--;)s(a);n=1,a=e[o]}return{c:r.subarray(0,i),n:t}},Rn=function(e,t){for(var r=0,i=0;i<t.length;++i)r+=e[i]*t[i];return r},zn=function(e,t,r){var i=r.length,a=Cn(t+2);e[a]=255&i,e[a+1]=i>>8,e[a+2]=255^e[a],e[a+3]=255^e[a+1];for(var n=0;n<i;++n)e[a+n+4]=r[n];return 8*(a+4+i)},On=function(e,t,r,i,a,n,s,o,c,u,h){Mn(t,h++,r),++a[256];for(var l=Fn(a,15),y=l.t,p=l.l,d=Fn(n,15),g=d.t,m=d.l,f=Nn(y),w=f.c,b=f.n,k=Nn(g),v=k.c,K=k.n,A=new nn(19),E=0;E<w.length;++E)++A[31&w[E]];for(E=0;E<v.length;++E)++A[31&v[E]];for(var S=Fn(A,7),P=S.t,U=S.l,D=19;D>4&&!P[un[D-1]];--D);var x,C,I,T,B=u+5<<3,M=Rn(a,vn)+Rn(n,Kn)+s,L=Rn(a,y)+Rn(n,g)+s+14+3*D+Rn(A,P)+2*A[16]+3*A[17]+7*A[18];if(c>=0&&B<=M&&B<=L)return zn(t,h,e.subarray(c,c+u));if(Mn(t,h,1+(L<M)),h+=2,L<M){x=kn(y,p,0),C=y,I=kn(g,m,0),T=g;var F=kn(P,U,0);Mn(t,h,b-257),Mn(t,h+5,K-1),Mn(t,h+10,D-4),h+=14;for(E=0;E<D;++E)Mn(t,h+3*E,P[un[E]]);h+=3*D;for(var _=[w,v],N=0;N<2;++N){var R=_[N];for(E=0;E<R.length;++E){var z=31&R[E];Mn(t,h,F[z]),h+=P[z],z>15&&(Mn(t,h,R[E]>>5&127),h+=R[E]>>12)}}}else x=An,C=vn,I=Sn,T=Kn;for(E=0;E<o;++E){var O=i[E];if(O>255){Ln(t,h,x[(z=O>>18&31)+257]),h+=C[z+257],z>7&&(Mn(t,h,O>>23&31),h+=on[z]);var j=31&O;Ln(t,h,I[j]),h+=T[j],j>3&&(Ln(t,h,O>>5&8191),h+=cn[j])}else Ln(t,h,x[O]),h+=C[O]}return Ln(t,h,x[256]),h+C[256]},jn=/*#__PURE__*/new sn([65540,131080,131088,131104,262176,1048704,1048832,2114560,2117632]),qn=/*#__PURE__*/new an(0),Hn=function(){var e=1,t=0;return{p:function(r){for(var i=e,a=t,n=0|r.length,s=0;s!=n;){for(var o=Math.min(s+2655,n);s<o;++s)a+=i+=r[s];i=(65535&i)+15*(i>>16),a=(65535&a)+15*(a>>16)}e=i,t=a},d:function(){return(255&(e%=65521))<<24|(65280&e)<<8|(255&(t%=65521))<<8|t>>8}}},Gn=function(e,t,r,i,a){if(!a&&(a={l:1},t.dictionary)){var n=t.dictionary.subarray(-32768),s=new an(n.length+e.length);s.set(n),s.set(e,n.length),e=s,a.w=n.length}return function(e,t,r,i,a,n){var s=n.z||e.length,o=new an(i+s+5*(1+Math.ceil(s/7e3))+a),c=o.subarray(i,o.length-a),u=n.l,h=7&(n.r||0);if(t){h&&(c[0]=n.r>>3);for(var l=jn[t-1],y=l>>13,p=8191&l,d=(1<<r)-1,g=n.p||new nn(32768),m=n.h||new nn(d+1),f=Math.ceil(r/3),w=2*f,b=function(t){return(e[t]^e[t+1]<<f^e[t+2]<<w)&d},k=new sn(25e3),v=new nn(288),K=new nn(32),A=0,E=0,S=n.i||0,P=0,U=n.w||0,D=0;S+2<s;++S){var x=b(S),C=32767&S,I=m[x];if(g[C]=I,m[x]=C,U<=S){var T=s-S;if((A>7e3||P>24576)&&(T>423||!u)){h=On(e,c,0,k,v,K,E,P,D,S-D,h),P=A=E=0,D=S;for(var B=0;B<286;++B)v[B]=0;for(B=0;B<30;++B)K[B]=0}var M=2,L=0,F=p,_=C-I&32767;if(T>2&&x==b(S-_))for(var N=Math.min(y,T)-1,R=Math.min(32767,S),z=Math.min(258,T);_<=R&&--F&&C!=I;){if(e[S+M]==e[S+M-_]){for(var O=0;O<z&&e[S+O]==e[S+O-_];++O);if(O>M){if(M=O,L=_,O>N)break;var j=Math.min(_,O-2),q=0;for(B=0;B<j;++B){var H=S-_+B&32767,G=H-g[H]&32767;G>q&&(q=G,I=H)}}}_+=(C=I)-(I=g[C])&32767}if(L){k[P++]=268435456|pn[M]<<18|mn[L];var V=31&pn[M],W=31&mn[L];E+=on[V]+cn[W],++v[257+V],++K[W],U=S+M,++A}else k[P++]=e[S],++v[e[S]]}}for(S=Math.max(S,U);S<s;++S)k[P++]=e[S],++v[e[S]];h=On(e,c,u,k,v,K,E,P,D,S-D,h),u||(n.r=7&h|c[h/8|0]<<3,h-=7,n.h=m,n.p=g,n.i=S,n.w=U)}else{for(S=n.w||0;S<s+u;S+=65535){var $=S+65535;$>=s&&(c[h/8|0]=u,$=s),h=zn(c,h+1,e.subarray(S,$))}n.i=s}return In(o,0,i+Cn(h)+a)}(e,null==t.level?6:t.level,null==t.mem?a.l?Math.ceil(1.5*Math.max(8,Math.min(13,Math.log(e.length)))):20:12+t.mem,r,i,a)},Vn=function(e,t,r){for(;r;++t)e[t]=r,r>>>=8},Wn=/*#__PURE__*/function(){function e(e,t){if("function"==typeof e&&(t=e,e={}),this.ondata=t,this.o=e||{},this.s={l:0,i:32768,w:32768,z:32768},this.b=new an(98304),this.o.dictionary){var r=this.o.dictionary.subarray(-32768);this.b.set(r,32768-r.length),this.s.i=32768-r.length}}return e.prototype.p=function(e,t){this.ondata(Gn(e,this.o,0,0,this.s),t)},e.prototype.push=function(e,t){this.ondata||Bn(5),this.s.l&&Bn(4);var r=e.length+this.s.z;if(r>this.b.length){if(r>2*this.b.length-32768){var i=new an(-32768&r);i.set(this.b.subarray(0,this.s.z)),this.b=i}var a=this.b.length-this.s.z;this.b.set(e.subarray(0,a),this.s.z),this.s.z=this.b.length,this.p(this.b,!1),this.b.set(this.b.subarray(-32768)),this.b.set(e.subarray(a),32768),this.s.z=e.length-a+32768,this.s.i=32766,this.s.w=32768}else this.b.set(e,this.s.z),this.s.z+=e.length;this.s.l=1&t,(this.s.z>this.s.w+8191||t)&&(this.p(this.b,t||!1),this.s.w=this.s.i,this.s.i-=2)},e.prototype.flush=function(){this.ondata||Bn(5),this.s.l&&Bn(4),this.p(this.b,!1),this.s.w=this.s.i,this.s.i-=2},e}(),$n=/*#__PURE__*/function(){function e(e,t){"function"==typeof e&&(t=e,e={}),this.ondata=t;var r=e&&e.dictionary&&e.dictionary.subarray(-32768);this.s={i:0,b:r?r.length:0},this.o=new an(32768),this.p=new an(0),r&&this.o.set(r)}return e.prototype.e=function(e){if(this.ondata||Bn(5),this.d&&Bn(4),this.p.length){if(e.length){var t=new an(this.p.length+e.length);t.set(this.p),t.set(e,this.p.length),this.p=t}}else this.p=e},e.prototype.c=function(e){this.s.i=+(this.d=e||!1);var t=this.s.b,r=function(e,t,r,i){var a=e.length;if(!a||t.f&&!t.l)return r||new an(0);var n=!r,s=n||2!=t.i,o=t.i;n&&(r=new an(3*a));var c=function(e){var t=r.length;if(e>t){var i=new an(Math.max(2*t,e));i.set(r),r=i}},u=t.f||0,h=t.p||0,l=t.b||0,y=t.l,p=t.d,d=t.m,g=t.n,m=8*a;do{if(!y){u=Dn(e,h,1);var f=Dn(e,h+1,3);if(h+=3,!f){var w=e[(x=Cn(h)+4)-4]|e[x-3]<<8,b=x+w;if(b>a){o&&Bn(0);break}s&&c(l+w),r.set(e.subarray(x,b),l),t.b=l+=w,t.p=h=8*b,t.f=u;continue}if(1==f)y=En,p=Pn,d=9,g=5;else if(2==f){var k=Dn(e,h,31)+257,v=Dn(e,h+10,15)+4,K=k+Dn(e,h+5,31)+1;h+=14;for(var A=new an(K),E=new an(19),S=0;S<v;++S)E[un[S]]=Dn(e,h+3*S,7);h+=3*v;var P=Un(E),U=(1<<P)-1,D=kn(E,P,1);for(S=0;S<K;){var x,C=D[Dn(e,h,U)];if(h+=15&C,(x=C>>4)<16)A[S++]=x;else{var I=0,T=0;for(16==x?(T=3+Dn(e,h,3),h+=2,I=A[S-1]):17==x?(T=3+Dn(e,h,7),h+=3):18==x&&(T=11+Dn(e,h,127),h+=7);T--;)A[S++]=I}}var B=A.subarray(0,k),M=A.subarray(k);d=Un(B),g=Un(M),y=kn(B,d,1),p=kn(M,g,1)}else Bn(1);if(h>m){o&&Bn(0);break}}s&&c(l+131072);for(var L=(1<<d)-1,F=(1<<g)-1,_=h;;_=h){var N=(I=y[xn(e,h)&L])>>4;if((h+=15&I)>m){o&&Bn(0);break}if(I||Bn(2),N<256)r[l++]=N;else{if(256==N){_=h,y=null;break}var R=N-254;if(N>264){var z=on[S=N-257];R=Dn(e,h,(1<<z)-1)+yn[S],h+=z}var O=p[xn(e,h)&F],j=O>>4;if(O||Bn(3),h+=15&O,M=gn[j],j>3&&(z=cn[j],M+=xn(e,h)&(1<<z)-1,h+=z),h>m){o&&Bn(0);break}s&&c(l+131072);var q=l+R;if(l<M){var H=0-M,G=Math.min(M,q);for(H+l<0&&Bn(3);l<G;++l)r[l]=i[H+l]}for(;l<q;++l)r[l]=r[l-M]}}t.l=y,t.p=_,t.b=l,t.f=u,y&&(u=1,t.m=d,t.d=p,t.n=g)}while(!u);return l!=r.length&&n?In(r,0,l):r.subarray(0,l)}(this.p,this.s,this.o);this.ondata(In(r,t,this.s.b),this.d),this.o=In(r,this.s.b-32768),this.s.b=this.o.length,this.p=In(this.p,this.s.p/8|0),this.s.p&=7},e.prototype.push=function(e,t){this.e(e),this.c(t)},e}(),Qn=/*#__PURE__*/function(){function e(e,t){this.c=Hn(),this.v=1,Wn.call(this,e,t)}return e.prototype.push=function(e,t){this.c.p(e),Wn.prototype.push.call(this,e,t)},e.prototype.p=function(e,t){var r=Gn(e,this.o,this.v&&(this.o.dictionary?6:2),t&&4,this.s);this.v&&(function(e,t){var r=t.level,i=0==r?0:r<6?1:9==r?3:2;if(e[0]=120,e[1]=i<<6|(t.dictionary&&32),e[1]|=31-(e[0]<<8|e[1])%31,t.dictionary){var a=Hn();a.p(t.dictionary),Vn(e,2,a.d())}}(r,this.o),this.v=0),t&&Vn(r,r.length-4,this.c.d()),this.ondata(r,t)},e.prototype.flush=function(){Wn.prototype.flush.call(this)},e}(),Xn=/*#__PURE__*/function(){function e(e,t){$n.call(this,e,t),this.v=e&&e.dictionary?2:1}return e.prototype.push=function(e,t){if($n.prototype.e.call(this,e),this.v){if(this.p.length<6&&!t)return;this.p=this.p.subarray((r=this.p,i=this.v-1,(8!=(15&r[0])||r[0]>>4>7||(r[0]<<8|r[1])%31)&&Bn(6,"invalid zlib data"),(r[1]>>5&1)==+!i&&Bn(6,"invalid zlib data: "+(32&r[1]?"need":"unexpected")+" dictionary"),2+(r[1]>>3&4))),this.v=0}var r,i;t&&(this.p.length<4&&Bn(6,"invalid zlib data"),this.p=this.p.subarray(0,-4)),$n.prototype.c.call(this,t)},e}(),Yn="undefined"!=typeof TextDecoder&&/*#__PURE__*/new TextDecoder;try{Yn.decode(qn,{stream:!0})}catch(e){}class Zn{static get tag(){return B.packet.literalData}constructor(e=new Date){this.format=B.literal.utf8,this.date=F.normalizeDate(e),this.text=null,this.data=null,this.filename=""}setText(e,t=B.literal.utf8){this.format=t,this.text=e,this.data=null}getText(e=!1){return(null===this.text||F.isStream(this.text))&&(this.text=F.decodeUTF8(F.nativeEOL(this.getBytes(e)))),this.text}setBytes(e,t){this.format=t,this.data=e,this.text=null}getBytes(e=!1){return null===this.data&&(this.data=F.canonicalizeEOL(F.encodeUTF8(this.text))),e?E(this.data):this.data}setFilename(e){this.filename=e}getFilename(){return this.filename}async read(e){await K(e,(async e=>{const t=await e.readByte(),r=await e.readByte();this.filename=F.decodeUTF8(await e.readBytes(r)),this.date=F.readDate(await e.readBytes(4));let i=e.remainder();n(i)&&(i=await U(i)),this.setBytes(i,t)}))}writeHeader(){const e=F.encodeUTF8(this.filename),t=new Uint8Array([e.length]),r=new Uint8Array([this.format]),i=F.writeDate(this.date);return F.concatUint8Array([r,t,e,i])}write(){const e=this.writeHeader(),t=this.getBytes();return F.concat([e,t])}}class Jn{constructor(){this.bytes=""}read(e){return this.bytes=F.uint8ArrayToString(e.subarray(0,8)),this.bytes.length}write(){return F.stringToUint8Array(this.bytes)}toHex(){return F.uint8ArrayToHex(F.stringToUint8Array(this.bytes))}equals(e,t=!1){return t&&(e.isWildcard()||this.isWildcard())||this.bytes===e.bytes}isNull(){return""===this.bytes}isWildcard(){return/^0+$/.test(this.toHex())}static mapToHex(e){return e.toHex()}static fromID(e){const t=new Jn;return t.read(F.hexToUint8Array(e)),t}static wildcard(){const e=new Jn;return e.read(new Uint8Array(8)),e}}const es=Symbol("verified"),ts="salt@notations.openpgpjs.org",rs=new Set([B.signatureSubpacket.issuerKeyID,B.signatureSubpacket.issuerFingerprint,B.signatureSubpacket.embeddedSignature]);class is{static get tag(){return B.packet.signature}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.signatureData=null,this.unhashedSubpackets=[],this.unknownSubpackets=[],this.signedHashValue=null,this.salt=null,this.created=null,this.signatureExpirationTime=null,this.signatureNeverExpires=!0,this.exportable=null,this.trustLevel=null,this.trustAmount=null,this.regularExpression=null,this.revocable=null,this.keyExpirationTime=null,this.keyNeverExpires=null,this.preferredSymmetricAlgorithms=null,this.revocationKeyClass=null,this.revocationKeyAlgorithm=null,this.revocationKeyFingerprint=null,this.issuerKeyID=new Jn,this.rawNotations=[],this.notations={},this.preferredHashAlgorithms=null,this.preferredCompressionAlgorithms=null,this.keyServerPreferences=null,this.preferredKeyServer=null,this.isPrimaryUserID=null,this.policyURI=null,this.keyFlags=null,this.signersUserID=null,this.reasonForRevocationFlag=null,this.reasonForRevocationString=null,this.features=null,this.signatureTargetPublicKeyAlgorithm=null,this.signatureTargetHashAlgorithm=null,this.signatureTargetHash=null,this.embeddedSignature=null,this.issuerKeyVersion=null,this.issuerFingerprint=null,this.preferredAEADAlgorithms=null,this.preferredCipherSuites=null,this.revoked=null,this[es]=null}read(e,t=M){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new at("Support for v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4!==this.version&&5!==this.version&&6!==this.version)throw new at(`Version ${this.version} of the signature packet is unsupported.`);if(this.signatureType=e[r++],this.publicKeyAlgorithm=e[r++],this.hashAlgorithm=e[r++],r+=this.readSubPackets(e.subarray(r,e.length),!0),!this.created)throw Error("Missing signature creation time subpacket.");if(this.signatureData=e.subarray(0,r),r+=this.readSubPackets(e.subarray(r,e.length),!1),this.signedHashValue=e.subarray(r,r+2),r+=2,6===this.version){const t=e[r++];this.salt=e.subarray(r,r+t),r+=t}const i=e.subarray(r,e.length),{read:a,signatureParams:n}=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{read:r,signatureParams:{s:e}}}case B.publicKey.dsa:case B.publicKey.ecdsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case B.publicKey.eddsaLegacy:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,signatureParams:{r:e,s:i}}}case B.publicKey.ed25519:case B.publicKey.ed448:{const i=2*yt(e),a=F.readExactSubarray(t,r,r+i);return r+=a.length,{read:r,signatureParams:{RS:a}}}case B.publicKey.hmac:{const e=new Ri;return r+=e.read(t.subarray(r)),{read:r,signatureParams:{mac:e}}}case B.publicKey.pqc_mldsa_ed25519:{const e=2*yt(B.publicKey.ed25519),i=F.readExactSubarray(t,r,r+e);r+=i.length;const a=F.readExactSubarray(t,r,r+3309);return r+=a.length,{read:r,signatureParams:{eccSignature:i,mldsaSignature:a}}}default:throw new at("Unknown signature algorithm.")}}(this.publicKeyAlgorithm,i);if(a<i.length)throw Error("Error reading MPIs");this.params=n}writeParams(){return this.params instanceof Promise?x((async()=>Ra(this.publicKeyAlgorithm,await this.params))):Ra(this.publicKeyAlgorithm,this.params)}write(){const e=[];return e.push(this.signatureData),e.push(this.writeUnhashedSubPackets()),e.push(this.signedHashValue),6===this.version&&(e.push(new Uint8Array([this.salt.length])),e.push(this.salt)),e.push(this.writeParams()),F.concat(e)}async sign(e,t,r=new Date,i=!1,a){this.version=e.version,this.created=F.normalizeDate(r),this.issuerKeyVersion=e.version,this.issuerFingerprint=e.getFingerprintBytes(),this.issuerKeyID=e.getKeyID();const n=[new Uint8Array([this.version,this.signatureType,this.publicKeyAlgorithm,this.hashAlgorithm])];if(6===this.version){const e=ns(this.hashAlgorithm);if(null===this.salt)this.salt=ye(e);else if(e!==this.salt.length)throw Error("Provided salt does not have the required length")}else if(a.nonDeterministicSignaturesViaNotation){if(0!==this.rawNotations.filter((({name:e})=>e===ts)).length)throw Error("Unexpected existing salt notation");{const e=ye(ns(this.hashAlgorithm));this.rawNotations.push({name:ts,value:e,humanReadable:!1,critical:!1})}}n.push(this.writeHashedSubPackets()),this.unhashedSubpackets=[],this.signatureData=F.concat(n);const s=this.toHash(this.signatureType,t,i),o=await this.hash(this.signatureType,t,s,i);this.signedHashValue=P(A(o),0,2);const c=async()=>Wa(this.publicKeyAlgorithm,this.hashAlgorithm,e.publicParams,e.privateParams,s,await U(o));F.isStream(o)?this.params=c():(this.params=await c(),this[es]=!0)}writeHashedSubPackets(){const e=B.signatureSubpacket,t=[];let r;if(null===this.created)throw Error("Missing signature creation time");t.push(as(e.signatureCreationTime,!0,F.writeDate(this.created))),null!==this.signatureExpirationTime&&t.push(as(e.signatureExpirationTime,!0,F.writeNumber(this.signatureExpirationTime,4))),null!==this.exportable&&t.push(as(e.exportableCertification,!0,new Uint8Array([this.exportable?1:0]))),null!==this.trustLevel&&(r=new Uint8Array([this.trustLevel,this.trustAmount]),t.push(as(e.trustSignature,!0,r))),null!==this.regularExpression&&t.push(as(e.regularExpression,!0,this.regularExpression)),null!==this.revocable&&t.push(as(e.revocable,!0,new Uint8Array([this.revocable?1:0]))),null!==this.keyExpirationTime&&t.push(as(e.keyExpirationTime,!0,F.writeNumber(this.keyExpirationTime,4))),null!==this.preferredSymmetricAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredSymmetricAlgorithms)),t.push(as(e.preferredSymmetricAlgorithms,!1,r))),null!==this.revocationKeyClass&&(r=new Uint8Array([this.revocationKeyClass,this.revocationKeyAlgorithm]),r=F.concat([r,this.revocationKeyFingerprint]),t.push(as(e.revocationKey,!1,r))),!this.issuerKeyID.isNull()&&this.issuerKeyVersion<5&&t.push(as(e.issuerKeyID,!1,this.issuerKeyID.write())),this.rawNotations.forEach((({name:i,value:a,humanReadable:n,critical:s})=>{r=[new Uint8Array([n?128:0,0,0,0])];const o=F.encodeUTF8(i);r.push(F.writeNumber(o.length,2)),r.push(F.writeNumber(a.length,2)),r.push(o),r.push(a),r=F.concat(r),t.push(as(e.notationData,s,r))})),null!==this.preferredHashAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredHashAlgorithms)),t.push(as(e.preferredHashAlgorithms,!1,r))),null!==this.preferredCompressionAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredCompressionAlgorithms)),t.push(as(e.preferredCompressionAlgorithms,!1,r))),null!==this.keyServerPreferences&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyServerPreferences)),t.push(as(e.keyServerPreferences,!1,r))),null!==this.preferredKeyServer&&t.push(as(e.preferredKeyServer,!1,F.encodeUTF8(this.preferredKeyServer))),null!==this.isPrimaryUserID&&t.push(as(e.primaryUserID,!1,new Uint8Array([this.isPrimaryUserID?1:0]))),null!==this.policyURI&&t.push(as(e.policyURI,!1,F.encodeUTF8(this.policyURI))),null!==this.keyFlags&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.keyFlags)),t.push(as(e.keyFlags,!0,r))),null!==this.signersUserID&&t.push(as(e.signersUserID,!1,F.encodeUTF8(this.signersUserID))),null!==this.reasonForRevocationFlag&&(r=F.stringToUint8Array(String.fromCharCode(this.reasonForRevocationFlag)+this.reasonForRevocationString),t.push(as(e.reasonForRevocation,!0,r))),null!==this.features&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.features)),t.push(as(e.features,!1,r))),null!==this.signatureTargetPublicKeyAlgorithm&&(r=[new Uint8Array([this.signatureTargetPublicKeyAlgorithm,this.signatureTargetHashAlgorithm])],r.push(F.stringToUint8Array(this.signatureTargetHash)),r=F.concat(r),t.push(as(e.signatureTarget,!0,r))),null!==this.embeddedSignature&&t.push(as(e.embeddedSignature,!0,this.embeddedSignature.write())),null!==this.issuerFingerprint&&(r=[new Uint8Array([this.issuerKeyVersion]),this.issuerFingerprint],r=F.concat(r),t.push(as(e.issuerFingerprint,this.version>=5,r))),null!==this.preferredAEADAlgorithms&&(r=F.stringToUint8Array(F.uint8ArrayToString(this.preferredAEADAlgorithms)),t.push(as(e.preferredAEADAlgorithms,!1,r))),null!==this.preferredCipherSuites&&(r=new Uint8Array([].concat(...this.preferredCipherSuites)),t.push(as(e.preferredCipherSuites,!1,r)));const i=F.concat(t),a=F.writeNumber(i.length,6===this.version?4:2);return F.concat([a,i])}writeUnhashedSubPackets(){const e=this.unhashedSubpackets.map((({type:e,critical:t,body:r})=>as(e,t,r))),t=F.concat(e),r=F.writeNumber(t.length,6===this.version?4:2);return F.concat([r,t])}readSubPacket(e,t=!0){let r=0;const i=!!(128&e[r]),a=127&e[r];if(r++,t||(this.unhashedSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)}),rs.has(a)))switch(a){case B.signatureSubpacket.signatureCreationTime:this.created=F.readDate(e.subarray(r,e.length));break;case B.signatureSubpacket.signatureExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.signatureNeverExpires=0===t,this.signatureExpirationTime=t;break}case B.signatureSubpacket.exportableCertification:this.exportable=1===e[r++];break;case B.signatureSubpacket.trustSignature:this.trustLevel=e[r++],this.trustAmount=e[r++];break;case B.signatureSubpacket.regularExpression:this.regularExpression=e[r];break;case B.signatureSubpacket.revocable:this.revocable=1===e[r++];break;case B.signatureSubpacket.keyExpirationTime:{const t=F.readNumber(e.subarray(r,e.length));this.keyExpirationTime=t,this.keyNeverExpires=0===t;break}case B.signatureSubpacket.preferredSymmetricAlgorithms:this.preferredSymmetricAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.revocationKey:this.revocationKeyClass=e[r++],this.revocationKeyAlgorithm=e[r++],this.revocationKeyFingerprint=e.subarray(r,r+20);break;case B.signatureSubpacket.issuerKeyID:if(4===this.version)this.issuerKeyID.read(e.subarray(r,e.length));else if(t)throw Error("Unexpected Issuer Key ID subpacket");break;case B.signatureSubpacket.notationData:{const t=!!(128&e[r]);r+=4;const a=F.readNumber(e.subarray(r,r+2));r+=2;const n=F.readNumber(e.subarray(r,r+2));r+=2;const s=F.decodeUTF8(e.subarray(r,r+a)),o=e.subarray(r+a,r+a+n);this.rawNotations.push({name:s,humanReadable:t,value:o,critical:i}),t&&(this.notations[s]=F.decodeUTF8(o));break}case B.signatureSubpacket.preferredHashAlgorithms:this.preferredHashAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredCompressionAlgorithms:this.preferredCompressionAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.keyServerPreferences:this.keyServerPreferences=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredKeyServer:this.preferredKeyServer=F.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.primaryUserID:this.isPrimaryUserID=0!==e[r++];break;case B.signatureSubpacket.policyURI:this.policyURI=F.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.keyFlags:this.keyFlags=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.signersUserID:this.signersUserID=F.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.reasonForRevocation:this.reasonForRevocationFlag=e[r++],this.reasonForRevocationString=F.decodeUTF8(e.subarray(r,e.length));break;case B.signatureSubpacket.features:this.features=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.signatureTarget:{this.signatureTargetPublicKeyAlgorithm=e[r++],this.signatureTargetHashAlgorithm=e[r++];const t=Be(this.signatureTargetHashAlgorithm);this.signatureTargetHash=F.uint8ArrayToString(e.subarray(r,r+t));break}case B.signatureSubpacket.embeddedSignature:this.embeddedSignature=new is,this.embeddedSignature.read(e.subarray(r,e.length));break;case B.signatureSubpacket.issuerFingerprint:this.issuerKeyVersion=e[r++],this.issuerFingerprint=e.subarray(r,e.length),this.issuerKeyVersion>=5?this.issuerKeyID.read(this.issuerFingerprint):this.issuerKeyID.read(this.issuerFingerprint.subarray(-8));break;case B.signatureSubpacket.preferredAEADAlgorithms:this.preferredAEADAlgorithms=[...e.subarray(r,e.length)];break;case B.signatureSubpacket.preferredCipherSuites:this.preferredCipherSuites=[];for(let t=r;t<e.length;t+=2)this.preferredCipherSuites.push([e[t],e[t+1]]);break;default:this.unknownSubpackets.push({type:a,critical:i,body:e.subarray(r,e.length)})}}readSubPackets(e,t=!0,r){const i=6===this.version?4:2,a=F.readNumber(e.subarray(0,i));let n=i;for(;n<2+a;){const i=Ye(e.subarray(n,e.length));n+=i.offset,this.readSubPacket(e.subarray(n,n+i.len),t,r),n+=i.len}return n}toSign(e,t){const r=B.signature;switch(e){case r.binary:return null!==t.text?F.encodeUTF8(t.getText(!0)):t.getBytes(!0);case r.text:{const e=t.getBytes(!0);return F.canonicalizeEOL(e)}case r.standalone:return new Uint8Array(0);case r.certGeneric:case r.certPersona:case r.certCasual:case r.certPositive:case r.certRevocation:{let e,i;if(t.userID)i=180,e=t.userID;else{if(!t.userAttribute)throw Error("Either a userID or userAttribute packet needs to be supplied for certification.");i=209,e=t.userAttribute}const a=e.write();return F.concat([this.toSign(r.key,t),new Uint8Array([i]),F.writeNumber(a.length,4),a])}case r.subkeyBinding:case r.subkeyRevocation:case r.keyBinding:return F.concat([this.toSign(r.key,t),this.toSign(r.key,{key:t.bind})]);case r.key:if(void 0===t.key)throw Error("Key packet is required for this signature.");return t.key.writeForHash(this.version);case r.keyRevocation:return this.toSign(r.key,t);case r.timestamp:return new Uint8Array(0);case r.thirdParty:throw Error("Not implemented");default:throw Error("Unknown signature type.")}}calculateTrailer(e,t){let r=0;return w(A(this.signatureData),(e=>{r+=e.length}),(()=>{const i=[];return 5!==this.version||this.signatureType!==B.signature.binary&&this.signatureType!==B.signature.text||(t?i.push(new Uint8Array(6)):i.push(e.writeHeader())),i.push(new Uint8Array([this.version,255])),5===this.version&&i.push(new Uint8Array(4)),i.push(F.writeNumber(r,4)),F.concat(i)}))}toHash(e,t,r=!1){const i=this.toSign(e,t);return F.concat([this.salt||new Uint8Array,i,this.signatureData,this.calculateTrailer(t,r)])}async hash(e,t,r,i=!1){if(6===this.version&&this.salt.length!==ns(this.hashAlgorithm))throw Error("Signature salt does not have the expected length");return r||(r=this.toHash(e,t,i)),Te(this.hashAlgorithm,r)}async verify(e,t,r,i=new Date,a=!1,n=M){if(!this.issuerKeyID.equals(e.getKeyID()))throw Error("Signature was not issued by the given public key");if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Public key algorithm used to sign signature does not match issuer key algorithm.");const s=t===B.signature.binary||t===B.signature.text;if(!(this[es]&&!s)){let i,n;if(this.hashed?n=await this.hashed:(i=this.toHash(t,r,a),n=await this.hash(t,r,i)),n=await U(n),this.signedHashValue[0]!==n[0]||this.signedHashValue[1]!==n[1])throw Error("Signed digest did not match");this.params=await this.params;const s=this.publicKeyAlgorithm===B.publicKey.hmac?e.privateParams:null;if(this[es]=await Va(this.publicKeyAlgorithm,this.hashAlgorithm,this.params,e.publicParams,s,i,n),!this[es])throw Error("Signature verification failed")}const o=F.normalizeDate(i);if(o&&this.created>o)throw Error("Signature creation time is in the future");if(o&&o>=this.getExpirationTime())throw Error("Signature is expired");if(n.rejectHashAlgorithms.has(this.hashAlgorithm))throw Error("Insecure hash algorithm: "+B.read(B.hash,this.hashAlgorithm).toUpperCase());if(n.rejectMessageHashAlgorithms.has(this.hashAlgorithm)&&[B.signature.binary,B.signature.text].includes(this.signatureType))throw Error("Insecure message hash algorithm: "+B.read(B.hash,this.hashAlgorithm).toUpperCase());if(this.unknownSubpackets.forEach((({type:e,critical:t})=>{if(t)throw Error("Unknown critical signature subpacket type "+e)})),this.rawNotations.forEach((({name:e,critical:t})=>{if(t&&n.knownNotations.indexOf(e)<0)throw Error("Unknown critical notation: "+e)})),null!==this.revocationKeyClass)throw Error("This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.")}isExpired(e=new Date){const t=F.normalizeDate(e);return null!==t&&!(this.created<=t&&t<this.getExpirationTime())}getExpirationTime(){return this.signatureNeverExpires?1/0:new Date(this.created.getTime()+1e3*this.signatureExpirationTime)}}function as(e,t,r){const i=[];return i.push(Ze(r.length+1)),i.push(new Uint8Array([(t?128:0)|e])),i.push(r),F.concat(i)}function ns(e){switch(e){case B.hash.sha256:return 16;case B.hash.sha384:return 24;case B.hash.sha512:return 32;case B.hash.sha224:case B.hash.sha3_256:return 16;case B.hash.sha3_512:return 32;default:throw Error("Unsupported hash function")}}class ss{static get tag(){return B.packet.onePassSignature}static fromSignaturePacket(e,t){const r=new ss;return r.version=6===e.version?6:3,r.signatureType=e.signatureType,r.hashAlgorithm=e.hashAlgorithm,r.publicKeyAlgorithm=e.publicKeyAlgorithm,r.issuerKeyID=e.issuerKeyID,r.salt=e.salt,r.issuerFingerprint=e.issuerFingerprint,r.flags=t?1:0,r}constructor(){this.version=null,this.signatureType=null,this.hashAlgorithm=null,this.publicKeyAlgorithm=null,this.salt=null,this.issuerKeyID=null,this.issuerFingerprint=null,this.flags=null}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new at(`Version ${this.version} of the one-pass signature packet is unsupported.`);if(this.signatureType=e[t++],this.hashAlgorithm=e[t++],this.publicKeyAlgorithm=e[t++],6===this.version){const r=e[t++];this.salt=e.subarray(t,t+r),t+=r,this.issuerFingerprint=e.subarray(t,t+32),t+=32,this.issuerKeyID=new Jn,this.issuerKeyID.read(this.issuerFingerprint)}else this.issuerKeyID=new Jn,this.issuerKeyID.read(e.subarray(t,t+8)),t+=8;return this.flags=e[t++],this}write(){const e=[new Uint8Array([this.version,this.signatureType,this.hashAlgorithm,this.publicKeyAlgorithm])];return 6===this.version?e.push(new Uint8Array([this.salt.length]),this.salt,this.issuerFingerprint):e.push(this.issuerKeyID.write()),e.push(new Uint8Array([this.flags])),F.concatUint8Array(e)}calculateTrailer(...e){return x((async()=>is.prototype.calculateTrailer.apply(await this.correspondingSig,e)))}async verify(){const e=await this.correspondingSig;if(!e||e.constructor.tag!==B.packet.signature)throw Error("Corresponding signature packet missing");if(e.signatureType!==this.signatureType||e.hashAlgorithm!==this.hashAlgorithm||e.publicKeyAlgorithm!==this.publicKeyAlgorithm||!e.issuerKeyID.equals(this.issuerKeyID)||3===this.version&&6===e.version||6===this.version&&6!==e.version||6===this.version&&!F.equalsUint8Array(e.issuerFingerprint,this.issuerFingerprint)||6===this.version&&!F.equalsUint8Array(e.salt,this.salt))throw Error("Corresponding signature packet does not match one-pass signature packet");return e.hashed=this.hashed,e.verify.apply(e,arguments)}}function os(e,t){if(!t[e]){let t;try{t=B.read(B.packet,e)}catch{throw new nt("Unknown packet type with tag: "+e)}throw Error("Packet not allowed in this context: "+t)}return new t[e]}ss.prototype.hash=is.prototype.hash,ss.prototype.toHash=is.prototype.toHash,ss.prototype.toSign=is.prototype.toSign;class cs extends Array{static async fromBinary(e,t,r=M,i=null,a=!1){const n=new cs;return await n.read(e,t,r,i,a),n}async read(e,t,r=M,i=null,a=!1){let n;r.additionalAllowedPackets.length&&(n=F.constructAllowedPackets(r.additionalAllowedPackets),t={...t,...n}),this.stream=v(e,(async(e,s)=>{const o=C(e),c=I(s);try{let s=F.isStream(e);for(;;){let e,u;if(await c.ready,await it(o,s,(async s=>{try{if(s.tag===B.packet.marker||s.tag===B.packet.trust||s.tag===B.packet.padding)return;const e=os(s.tag,t);try{i?.recordPacket(s.tag,n)}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}e.packets=new cs,e.fromStream=F.isStream(s.packet),u=e.fromStream;try{await e.read(s.packet,r)}catch(t){if(!(t instanceof at))throw F.wrapError(new st(`Parsing ${e.constructor.name} failed`),t);throw t}await c.write(e)}catch(t){const i=t instanceof nt&&s.tag<=39,n=t instanceof at&&!(t instanceof nt)&&!r.ignoreUnsupportedPackets,o=t instanceof st&&!r.ignoreMalformedPackets,u=rt(s.tag);if(i||n||o||u||!(t instanceof nt||t instanceof at||t instanceof st))a?e=t:await c.abort(t);else{const e=new ot(s.tag,s.packet);await c.write(e)}F.printDebugError(t)}})),u&&(s=null),e)throw await o.readToEnd(),e;const h=await o.peekBytes(2);if(!h||!h.length){try{i?.recordEnd()}catch(e){if(r.enforceGrammar)throw e;F.printDebugError(e)}return await c.ready,void await c.close()}}}catch(e){await c.abort(e)}}));const s=C(this.stream);for(;;){const{done:e,value:t}=await s.read();if(e?this.stream=null:this.push(t),e||rt(t.constructor.tag))break}s.releaseLock()}write(){const e=[];for(let t=0;t<this.length;t++){const r=this[t]instanceof ot?this[t].tag:this[t].constructor.tag,i=this[t].write();if(F.isStream(i)&&rt(this[t].constructor.tag)){let t=[],a=0;const n=512;e.push(et(r)),e.push(w(i,(e=>{if(t.push(e),a+=e.length,a>=n){const e=Math.min(Math.log(a)/Math.LN2|0,30),r=2**e,i=F.concat([Je(e)].concat(t));return t=[i.subarray(1+r)],a=t[0].length,i.subarray(0,1+r)}}),(()=>F.concat([Ze(a)].concat(t)))))}else{if(F.isStream(i)){let t=0;e.push(w(A(i),(e=>{t+=e.length}),(()=>tt(r,t))))}else e.push(tt(r,i.length));e.push(i)}}return F.concat(e)}filterByTag(...e){const t=new cs,r=e=>t=>e===t;for(let i=0;i<this.length;i++)e.some(r(this[i].constructor.tag))&&t.push(this[i]);return t}findPacket(e){return this.find((t=>t.constructor.tag===e))}indexOfTag(...e){const t=[],r=this,i=e=>t=>e===t;for(let a=0;a<this.length;a++)e.some(i(r[a].constructor.tag))&&t.push(a);return t}}class us extends Error{constructor(...e){super(...e),Error.captureStackTrace&&Error.captureStackTrace(this,us),this.name="GrammarError"}}var hs;!function(e){e[e.EmptyMessage=0]="EmptyMessage",e[e.PlaintextOrEncryptedData=1]="PlaintextOrEncryptedData",e[e.EncryptedSessionKeys=2]="EncryptedSessionKeys",e[e.StandaloneAdditionalAllowedData=3]="StandaloneAdditionalAllowedData"}(hs||(hs={}));class ls{constructor(){this.state=hs.EmptyMessage,this.leadingOnePassSignatureCounter=0}recordPacket(e,t){switch(this.state){case hs.EmptyMessage:case hs.StandaloneAdditionalAllowedData:switch(e){case B.packet.literalData:case B.packet.compressedData:case B.packet.aeadEncryptedData:case B.packet.symEncryptedIntegrityProtectedData:case B.packet.symmetricallyEncryptedData:return void(this.state=hs.PlaintextOrEncryptedData);case B.packet.signature:if(this.state===hs.StandaloneAdditionalAllowedData&&--this.leadingOnePassSignatureCounter<0)throw new us("Trailing signature packet without OPS");return;case B.packet.onePassSignature:if(this.state===hs.StandaloneAdditionalAllowedData)throw new us("OPS following StandaloneAdditionalAllowedData");return void this.leadingOnePassSignatureCounter++;case B.packet.publicKeyEncryptedSessionKey:case B.packet.symEncryptedSessionKey:return void(this.state=hs.EncryptedSessionKeys);default:if(!t?.[e])throw new us(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=hs.StandaloneAdditionalAllowedData)}case hs.PlaintextOrEncryptedData:if(e===B.packet.signature){if(--this.leadingOnePassSignatureCounter<0)throw new us("Trailing signature packet without OPS");return void(this.state=hs.PlaintextOrEncryptedData)}if(!t?.[e])throw new us(`Unexpected packet ${e} in state ${this.state}`);return void(this.state=hs.PlaintextOrEncryptedData);case hs.EncryptedSessionKeys:switch(e){case B.packet.publicKeyEncryptedSessionKey:case B.packet.symEncryptedSessionKey:return void(this.state=hs.EncryptedSessionKeys);case B.packet.symEncryptedIntegrityProtectedData:case B.packet.aeadEncryptedData:case B.packet.symmetricallyEncryptedData:return void(this.state=hs.PlaintextOrEncryptedData);case B.packet.signature:if(--this.leadingOnePassSignatureCounter<0)throw new us("Trailing signature packet without OPS");return void(this.state=hs.PlaintextOrEncryptedData);default:if(!t?.[e])throw new us(`Unexpected packet ${e} in state ${this.state}`);this.state=hs.EncryptedSessionKeys}}}recordEnd(){switch(this.state){case hs.EmptyMessage:case hs.PlaintextOrEncryptedData:case hs.EncryptedSessionKeys:case hs.StandaloneAdditionalAllowedData:if(this.leadingOnePassSignatureCounter>0)throw new us("Missing trailing signature packets")}}}const ys=/*#__PURE__*/F.constructAllowedPackets([Zn,ss,is]);class ps{static get tag(){return B.packet.compressedData}constructor(e=M){this.packets=null,this.algorithm=e.preferredCompressionAlgorithm,this.compressed=null}async read(e,t=M){await K(e,(async e=>{this.algorithm=await e.readByte(),this.compressed=e.remainder(),await this.decompress(t)}))}write(){return null===this.compressed&&this.compress(),F.concat([new Uint8Array([this.algorithm]),this.compressed])}async decompress(e=M){const t=B.read(B.compression,this.algorithm),r=ws[t];if(!r)throw Error(t+" decompression not supported");let i=await r(this.compressed);if(e.maxDecompressedMessageSize!==1/0){let t=0;i=w(i,(r=>{if(t+=r.length,t>e.maxDecompressedMessageSize)throw Error("Maximum decompressed message size exceeded");return r}))}o(this.compressed)&&!n(this.compressed)||(i=await U(i)),this.packets=await cs.fromBinary(i,ys,e,new ls)}compress(){const e=B.read(B.compression,this.algorithm),t=fs[e];if(!t)throw Error(e+" compression not supported");const r=this.packets.write();let i=t(r);o(r)&&!n(r)||(i=x((()=>U(i)))),this.compressed=i}}function ds(e,t){return r=>{let i;if(i=n(r)?new ReadableStream({async start(e){try{e.enqueue(await U(r)),e.close()}catch(t){e.error(t)}}}):o(r)?r:p(r),i=function(e){const t=C(e);return new ReadableStream({async pull(e){try{const{value:r,done:i}=await t.read();if(i)return void e.close();for(let t=0;t<=r.length;t+=65536)(!t||t<r.length)&&e.enqueue(r.subarray(t,t+65536))}catch(t){e.error(t)}}},{highWaterMark:0})}(i),e)try{const t=e();return i.pipeThrough(t)}catch(e){if("TypeError"!==e.name)throw e}const a=C(i),s=new t;let c=!1,u=!1;return new ReadableStream({start(e){s.ondata=(t,r)=>{e.enqueue(t),c=!0,r&&(e.close(),u=!0)}},async pull(){for(c=!1;!c&&!u;){const{done:e,value:t}=await a.read();if(e)return void s.push(new Uint8Array,!0);t.length&&s.push(t)}}},{highWaterMark:0})}}function gs(){return async function(e){const{default:t}=await import("./unbzip2-stream.min.mjs").then((function(e){return e.i}));return t(p(e))}}const ms=e=>({compressor:"undefined"!=typeof CompressionStream&&(()=>new CompressionStream(e)),decompressor:"undefined"!=typeof DecompressionStream&&(()=>new DecompressionStream(e))}),fs={zip:/*#__PURE__*/ds(ms("deflate-raw").compressor,Wn),zlib:/*#__PURE__*/ds(ms("deflate").compressor,Qn)},ws={uncompressed:e=>e,zip:/*#__PURE__*/ds(ms("deflate-raw").decompressor,$n),zlib:/*#__PURE__*/ds(ms("deflate").decompressor,Xn),bzip2:/*#__PURE__*/gs()},bs=/*#__PURE__*/F.constructAllowedPackets([Zn,ps,ss,is]);class ks{static get tag(){return B.packet.symEncryptedIntegrityProtectedData}static fromObject({version:e,aeadAlgorithm:t}){if(1!==e&&2!==e)throw Error("Unsupported SEIPD version");const r=new ks;return r.version=e,2===e&&(r.aeadAlgorithm=t),r}constructor(){this.version=null,this.cipherAlgorithm=null,this.aeadAlgorithm=null,this.chunkSizeByte=null,this.salt=null,this.encrypted=null,this.packets=null}async read(e){await K(e,(async e=>{if(this.version=await e.readByte(),1!==this.version&&2!==this.version)throw new at(`Version ${this.version} of the SEIP packet is unsupported.`);2===this.version&&(this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte(),this.salt=await e.readBytes(32)),this.encrypted=e.remainder()}))}write(){return 2===this.version?F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.salt,this.encrypted]):F.concat([new Uint8Array([this.version]),this.encrypted])}async encrypt(e,t,r=M){const{blockSize:i,keySize:a}=Er(e);if(t.length!==a)throw Error("Unexpected session key size");let s=this.packets.write();if(n(s)&&(s=await U(s)),2===this.version)this.cipherAlgorithm=e,this.salt=ye(32),this.chunkSizeByte=r.aeadChunkSizeByte,this.encrypted=await vs(this,"encrypt",t,s);else{const r=await Xi(e),a=new Uint8Array([211,20]),n=F.concat([r,s,a]),o=await Te(B.hash.sha1,E(n)),c=F.concat([n,o]);this.encrypted=await Yi(e,t,c,new Uint8Array(i))}return!0}async decrypt(e,t,r=M){if(t.length!==Er(e).keySize)throw Error("Unexpected session key size");let i,a=A(this.encrypted);n(a)&&(a=await U(a));let s=!1;if(2===this.version){if(this.cipherAlgorithm!==e)throw Error("Unexpected session key algorithm");i=await vs(this,"decrypt",t,a)}else{const{blockSize:n}=Er(e),o=await Zi(e,t,a,new Uint8Array(n)),c=P(E(o),-20),u=P(o,0,-20),h=Promise.all([U(await Te(B.hash.sha1,E(u))),U(c)]).then((([e,t])=>{if(!F.equalsUint8Array(e,t))throw Error("Modification detected.");return new Uint8Array})),l=P(u,n+2);i=P(l,0,-2),i=g([i,x((()=>h))]),F.isStream(a)&&r.allowUnauthenticatedStream?s=!0:i=await U(i)}return this.packets=await cs.fromBinary(i,bs,r,new ls,s),!0}}async function vs(e,t,r,i){const a=e instanceof ks&&2===e.version,n=!a&&e.constructor.tag===B.packet.aeadEncryptedData;if(!a&&!n)throw Error("Unexpected packet type");const s=La(e.aeadAlgorithm,n),o="decrypt"===t?s.tagLength:0,c="encrypt"===t?s.tagLength:0,u=2**(e.chunkSizeByte+6)+o,h=n?8:0,l=new ArrayBuffer(13+h),y=new Uint8Array(l,0,5+h),p=new Uint8Array(l),d=new DataView(l),g=new Uint8Array(l,5,8);y.set([192|e.constructor.tag,e.version,e.cipherAlgorithm,e.aeadAlgorithm,e.chunkSizeByte],0);let f,w,b=0,k=Promise.resolve(),K=0,A=0;if(a){const{keySize:t}=Er(e.cipherAlgorithm),{ivLength:i}=s,a=new Uint8Array(l,0,5),n=await Dr(B.hash.sha256,r,e.salt,a,t+i);r=n.subarray(0,t),f=n.subarray(t),f.fill(0,f.length-8),w=new DataView(f.buffer,f.byteOffset,f.byteLength)}else f=e.iv;const E=await s(e.cipherAlgorithm,r);return v(i,(async(r,i)=>{if("array"!==F.isStream(r)){const t=new TransformStream({},{highWaterMark:F.getHardwareConcurrency()*2**(e.chunkSizeByte+6),size:e=>e.length});m(t.readable,i),i=t.writable}const n=C(r),s=I(i);try{for(;;){let e=await n.readBytes(u+o)||new Uint8Array;const r=e.subarray(e.length-o);let i,l,m;if(e=e.subarray(0,e.length-o),a)m=f;else{m=f.slice();for(let e=0;e<8;e++)m[f.length-8+e]^=g[e]}if(!b||e.length?(n.unshift(r),i=E[t](e,m,y),i.catch((()=>{})),A+=e.length-o+c):(d.setInt32(5+h+4,K),i=E[t](r,m,p),i.catch((()=>{})),A+=c,l=!0),K+=e.length-o,k=k.then((()=>i)).then((async e=>{await s.ready,await s.write(e),A-=e.length})).catch((e=>s.abort(e))),(l||A>s.desiredSize)&&await k,l){await s.close();break}a?w.setInt32(f.length-4,++b):d.setInt32(9,++b)}}catch(e){await s.ready.catch((()=>{})),await s.abort(e)}}))}const Ks=/*#__PURE__*/F.constructAllowedPackets([Zn,ps,ss,is]);class As{static get tag(){return B.packet.aeadEncryptedData}constructor(){this.version=1,this.cipherAlgorithm=null,this.aeadAlgorithm=B.aead.eax,this.chunkSizeByte=null,this.iv=null,this.encrypted=null,this.packets=null}async read(e){await K(e,(async e=>{const t=await e.readByte();if(1!==t)throw new at(`Version ${t} of the AEAD-encrypted data packet is not supported.`);this.cipherAlgorithm=await e.readByte(),this.aeadAlgorithm=await e.readByte(),this.chunkSizeByte=await e.readByte();const r=La(this.aeadAlgorithm,!0);this.iv=await e.readBytes(r.ivLength),this.encrypted=e.remainder()}))}write(){return F.concat([new Uint8Array([this.version,this.cipherAlgorithm,this.aeadAlgorithm,this.chunkSizeByte]),this.iv,this.encrypted])}async decrypt(e,t,r=M){this.packets=await cs.fromBinary(await vs(this,"decrypt",t,A(this.encrypted)),Ks,r,new ls)}async encrypt(e,t,r=M){this.cipherAlgorithm=e;const{ivLength:i}=La(this.aeadAlgorithm,!0);this.iv=ye(i),this.chunkSizeByte=r.aeadChunkSizeByte;const a=this.packets.write();this.encrypted=await vs(this,"encrypt",t,a)}}const Es=new Set([B.publicKey.x25519,B.publicKey.x448,B.publicKey.pqc_mlkem_x25519]);class Ss{static get tag(){return B.packet.publicKeyEncryptedSessionKey}constructor(){this.version=null,this.publicKeyID=new Jn,this.publicKeyVersion=null,this.publicKeyFingerprint=null,this.publicKeyAlgorithm=null,this.sessionKey=null,this.sessionKeyAlgorithm=null,this.encrypted={}}static fromObject({version:e,encryptionKeyPacket:t,anonymousRecipient:r,sessionKey:i,sessionKeyAlgorithm:a}){const n=new Ss;if(3!==e&&6!==e)throw Error("Unsupported PKESK version");return n.version=e,6===e&&(n.publicKeyVersion=r?null:t.version,n.publicKeyFingerprint=r?null:t.getFingerprintBytes()),n.publicKeyID=r?Jn.wildcard():t.getKeyID(),n.publicKeyAlgorithm=t.algorithm,n.sessionKey=i,n.sessionKeyAlgorithm=a,n}read(e){let t=0;if(this.version=e[t++],3!==this.version&&6!==this.version)throw new at(`Version ${this.version} of the PKESK packet is unsupported.`);if(6===this.version){const r=e[t++];if(r){this.publicKeyVersion=e[t++];const i=r-1;this.publicKeyFingerprint=e.subarray(t,t+i),t+=i,this.publicKeyVersion>=5?this.publicKeyID.read(this.publicKeyFingerprint):this.publicKeyID.read(this.publicKeyFingerprint.subarray(-8))}else this.publicKeyID=Jn.wildcard()}else t+=this.publicKeyID.read(e.subarray(t,t+8));if(this.publicKeyAlgorithm=e[t++],this.encrypted=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:return{c:F.readMPI(t.subarray(r))};case B.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));return r+=e.length+2,{c1:e,c2:F.readMPI(t.subarray(r))}}case B.publicKey.ecdh:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=new Ni;return i.read(t.subarray(r)),{V:e,C:i}}case B.publicKey.x25519:case B.publicKey.x448:{const i=Ga(e),a=F.readExactSubarray(t,r,r+i);r+=a.length;const n=new Gi;return n.read(t.subarray(r)),{ephemeralPublicKey:a,C:n}}case B.publicKey.aead:{const e=new ji;r+=e.read(t.subarray(r));const{ivLength:i}=La(e.getValue()),a=t.subarray(r,r+i);r+=i;const n=new Ri;return r+=n.read(t.subarray(r)),{aeadMode:e,iv:a,c:n}}case B.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ga(B.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1088);r+=i.length;const a=new Gi;return a.read(t.subarray(r)),{eccCipherText:e,mlkemCipherText:i,C:a}}default:throw new at("Unknown public key encryption algorithm.")}}(this.publicKeyAlgorithm,e.subarray(t)),Es.has(this.publicKeyAlgorithm))if(3===this.version)this.sessionKeyAlgorithm=B.write(B.symmetric,this.encrypted.C.algorithm);else if(null!==this.encrypted.C.algorithm)throw Error("Unexpected cleartext symmetric algorithm")}write(){const e=[new Uint8Array([this.version])];return 6===this.version?null!==this.publicKeyFingerprint?(e.push(new Uint8Array([this.publicKeyFingerprint.length+1,this.publicKeyVersion])),e.push(this.publicKeyFingerprint)):e.push(new Uint8Array([0])):e.push(this.publicKeyID.write()),e.push(new Uint8Array([this.publicKeyAlgorithm]),Ra(this.publicKeyAlgorithm,this.encrypted)),F.concatUint8Array(e)}async encrypt(e){const t=B.write(B.publicKey,this.publicKeyAlgorithm),r=3===this.version?this.sessionKeyAlgorithm:null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=Ps(this.version,t,r,this.sessionKey),n=t===B.publicKey.aead?e.privateParams:null;this.encrypted=await Fa(t,r,e.publicParams,n,a,i)}async decrypt(e,t){if(this.publicKeyAlgorithm!==e.algorithm)throw Error("Decryption error");const r=t?Ps(this.version,this.publicKeyAlgorithm,t.sessionKeyAlgorithm,t.sessionKey):null,i=5===e.version?e.getFingerprintBytes().subarray(0,20):e.getFingerprintBytes(),a=await _a(this.publicKeyAlgorithm,e.publicParams,e.privateParams,this.encrypted,i,r),{sessionKey:n,sessionKeyAlgorithm:s}=function(e,t,r,i){switch(t){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.aead:{const t=r.subarray(0,r.length-2),a=r.subarray(r.length-2),n=F.writeChecksum(t.subarray(t.length%8)),s=n[0]===a[0]&n[1]===a[1],o=6===e?{sessionKeyAlgorithm:null,sessionKey:t}:{sessionKeyAlgorithm:t[0],sessionKey:t.subarray(1)};if(i){const t=s&o.sessionKeyAlgorithm===i.sessionKeyAlgorithm&o.sessionKey.length===i.sessionKey.length;return{sessionKey:F.selectUint8Array(t,o.sessionKey,i.sessionKey),sessionKeyAlgorithm:6===e?null:F.selectUint8(t,o.sessionKeyAlgorithm,i.sessionKeyAlgorithm)}}if(s&&(6===e||B.read(B.symmetric,o.sessionKeyAlgorithm)))return o;throw Error("Decryption error")}case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return{sessionKeyAlgorithm:null,sessionKey:r};default:throw Error("Unsupported public key algorithm")}}(this.version,this.publicKeyAlgorithm,a,t);if(3===this.version){const e=!Es.has(this.publicKeyAlgorithm);if(this.sessionKeyAlgorithm=e?s:this.sessionKeyAlgorithm,n.length!==Er(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}this.sessionKey=n}}function Ps(e,t,r,i){switch(t){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.aead:return F.concatUint8Array([new Uint8Array(6===e?[]:[r]),i,F.writeChecksum(i.subarray(i.length%8))]);case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return i;default:throw Error("Unsupported public key algorithm")}}class Us{static get tag(){return B.packet.symEncryptedSessionKey}constructor(e=M){this.version=e.aeadProtect?6:4,this.sessionKey=null,this.sessionKeyEncryptionAlgorithm=null,this.sessionKeyAlgorithm=null,this.aeadAlgorithm=B.write(B.aead,e.preferredAEADAlgorithm),this.encrypted=null,this.s2k=null,this.iv=null}read(e){let t=0;if(this.version=e[t++],4!==this.version&&5!==this.version&&6!==this.version)throw new at(`Version ${this.version} of the SKESK packet is unsupported.`);6===this.version&&t++;const r=e[t++];this.version>=5&&(this.aeadAlgorithm=e[t++],6===this.version&&t++);const i=e[t++];if(this.s2k=tn(i),t+=this.s2k.read(e.subarray(t,e.length)),this.version>=5){const r=La(this.aeadAlgorithm,!0);this.iv=e.subarray(t,t+=r.ivLength)}this.version>=5||t<e.length?(this.encrypted=e.subarray(t,e.length),this.sessionKeyEncryptionAlgorithm=r):this.sessionKeyAlgorithm=r}write(){const e=null===this.encrypted?this.sessionKeyAlgorithm:this.sessionKeyEncryptionAlgorithm;let t;const r=this.s2k.write();if(6===this.version){const i=r.length,a=3+i+this.iv.length;t=F.concatUint8Array([new Uint8Array([this.version,a,e,this.aeadAlgorithm,i]),r,this.iv,this.encrypted])}else 5===this.version?t=F.concatUint8Array([new Uint8Array([this.version,e,this.aeadAlgorithm]),r,this.iv,this.encrypted]):(t=F.concatUint8Array([new Uint8Array([this.version,e]),r]),null!==this.encrypted&&(t=F.concatUint8Array([t,this.encrypted])));return t}async decrypt(e,t=M){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm,{blockSize:i,keySize:a}=Er(r),n=await this.s2k.produceKey(e,a,t);if(this.version>=5){const e=La(this.aeadAlgorithm,!0),t=new Uint8Array([192|Us.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await Dr(B.hash.sha256,n,new Uint8Array,t,a):n,s=await e(r,i);this.sessionKey=await s.decrypt(this.encrypted,this.iv,t)}else if(null!==this.encrypted){const e=await Zi(r,n,this.encrypted,new Uint8Array(i));if(this.sessionKeyAlgorithm=B.write(B.symmetric,e[0]),this.sessionKey=e.subarray(1,e.length),this.sessionKey.length!==Er(this.sessionKeyAlgorithm).keySize)throw Error("Unexpected session key size")}else this.sessionKey=n}async encrypt(e,t=M){const r=null!==this.sessionKeyEncryptionAlgorithm?this.sessionKeyEncryptionAlgorithm:this.sessionKeyAlgorithm;this.sessionKeyEncryptionAlgorithm=r,this.s2k=rn(t),this.s2k.generateSalt();const{blockSize:i,keySize:a}=Er(r),n=await this.s2k.produceKey(e,a,t);if(null===this.sessionKey&&(this.sessionKey=qa(this.sessionKeyAlgorithm)),this.version>=5){const e=La(this.aeadAlgorithm);this.iv=ye(e.ivLength);const t=new Uint8Array([192|Us.tag,this.version,this.sessionKeyEncryptionAlgorithm,this.aeadAlgorithm]),i=6===this.version?await Dr(B.hash.sha256,n,new Uint8Array,t,a):n,s=await e(r,i);this.encrypted=await s.encrypt(this.sessionKey,this.iv,t)}else{const e=F.concatUint8Array([new Uint8Array([this.sessionKeyAlgorithm]),this.sessionKey]);this.encrypted=await Yi(r,n,e,new Uint8Array(i))}}}class Ds{static get tag(){return B.packet.publicKey}constructor(e=new Date,t=M){this.version=t.v6Keys?6:4,this.created=F.normalizeDate(e),this.algorithm=null,this.publicParams=null,this.expirationTimeV3=0,this.fingerprint=null,this.keyID=null}static fromSecretKeyPacket(e){const t=new Ds,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}async read(e,t=M){let r=0;if(this.version=e[r++],5===this.version&&!t.enableParsingV5Entities)throw new at("Support for parsing v5 entities is disabled; turn on `config.enableParsingV5Entities` if needed");if(4===this.version||5===this.version||6===this.version){this.created=F.readDate(e.subarray(r,r+4)),r+=4,this.algorithm=e[r++],this.version>=5&&(r+=4);const{read:t,publicParams:i}=function(e,t){let r=0;switch(e){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{n:e,e:i}}}case B.publicKey.dsa:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));r+=a.length+2;const n=F.readMPI(t.subarray(r));return r+=n.length+2,{read:r,publicParams:{p:e,q:i,g:a,y:n}}}case B.publicKey.elgamal:{const e=F.readMPI(t.subarray(r));r+=e.length+2;const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=F.readMPI(t.subarray(r));return r+=a.length+2,{read:r,publicParams:{p:e,g:i,y:a}}}case B.publicKey.ecdsa:{const e=new Xe;r+=e.read(t),Ha(e);const i=F.readMPI(t.subarray(r));return r+=i.length+2,{read:r,publicParams:{oid:e,Q:i}}}case B.publicKey.eddsaLegacy:{const e=new Xe;if(r+=e.read(t),Ha(e),e.getName()!==B.curve.ed25519Legacy)throw Error("Unexpected OID for eddsaLegacy");let i=F.readMPI(t.subarray(r));return r+=i.length+2,i=F.leftPad(i,33),{read:r,publicParams:{oid:e,Q:i}}}case B.publicKey.ecdh:{const e=new Xe;r+=e.read(t),Ha(e);const i=F.readMPI(t.subarray(r));r+=i.length+2;const a=new zi;return r+=a.read(t.subarray(r)),{read:r,publicParams:{oid:e,Q:i,kdfParams:a}}}case B.publicKey.ed25519:case B.publicKey.ed448:case B.publicKey.x25519:case B.publicKey.x448:{const i=F.readExactSubarray(t,r,r+Ga(e));return r+=i.length,{read:r,publicParams:{A:i}}}case B.publicKey.hmac:case B.publicKey.aead:{const e=new qi;r+=e.read(t);const i=Be(B.hash.sha256),a=t.subarray(r,r+i);return r+=i,{read:r,publicParams:{cipher:e,digest:a}}}case B.publicKey.pqc_mlkem_x25519:{const e=F.readExactSubarray(t,r,r+Ga(B.publicKey.x25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1184);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mlkemPublicKey:i}}}case B.publicKey.pqc_mldsa_ed25519:{const e=F.readExactSubarray(t,r,r+Ga(B.publicKey.ed25519));r+=e.length;const i=F.readExactSubarray(t,r,r+1952);return r+=i.length,{read:r,publicParams:{eccPublicKey:e,mldsaPublicKey:i}}}default:throw new at("Unknown public key encryption algorithm.")}}(this.algorithm,e.subarray(r));if(6===this.version&&i.oid&&(i.oid.getName()===B.curve.curve25519Legacy||i.oid.getName()===B.curve.ed25519Legacy))throw Error("Legacy curve25519 cannot be used with v6 keys");if(6!==this.version&&this.algorithm===B.publicKey.pqc_mldsa_ed25519)throw Error("Unexpected key version: ML-DSA algorithms can only be used with v6 keys");return this.publicParams=i,r+=t,await this.computeFingerprintAndKeyID(),r}throw new at(`Version ${this.version} of the key packet is unsupported.`)}write(){const e=[];e.push(new Uint8Array([this.version])),e.push(F.writeDate(this.created)),e.push(new Uint8Array([this.algorithm]));const t=Ra(this.algorithm,this.publicParams);return this.version>=5&&e.push(F.writeNumber(t.length,4)),e.push(t),F.concatUint8Array(e)}writeForHash(e){const t=this.writePublicKey(),r=149+e,i=e>=5?4:2;return F.concatUint8Array([new Uint8Array([r]),F.writeNumber(t.length,i),t])}isDecrypted(){return null}getCreationTime(){return this.created}getKeyID(){return this.keyID}async computeFingerprintAndKeyID(){if(await this.computeFingerprint(),this.keyID=new Jn,this.version>=5)this.keyID.read(this.fingerprint.subarray(0,8));else{if(4!==this.version)throw Error("Unsupported key version");this.keyID.read(this.fingerprint.subarray(12,20))}}async computeFingerprint(){const e=this.writeForHash(this.version);if(this.version>=5)this.fingerprint=await Te(B.hash.sha256,e);else{if(4!==this.version)throw Error("Unsupported key version");this.fingerprint=await Te(B.hash.sha1,e)}}getFingerprintBytes(){return this.fingerprint}getFingerprint(){return F.uint8ArrayToHex(this.getFingerprintBytes())}hasSameFingerprintAs(e){return this.version===e.version&&F.equalsUint8Array(this.writePublicKey(),e.writePublicKey())}getAlgorithmInfo(){const e={};e.algorithm=B.read(B.publicKey,this.algorithm);const t=this.publicParams.n||this.publicParams.p;return t?e.bits=F.uint8ArrayBitLength(t):this.publicParams.oid?e.curve=this.publicParams.oid.getName():this.publicParams.cipher&&(e.symmetric=this.publicParams.cipher.getName()),e}}Ds.prototype.readPublicKey=Ds.prototype.read,Ds.prototype.writePublicKey=Ds.prototype.write;const xs=/*#__PURE__*/F.constructAllowedPackets([Zn,ps,ss,is]);class Cs{static get tag(){return B.packet.symmetricallyEncryptedData}constructor(){this.encrypted=null,this.packets=null}read(e){this.encrypted=e}write(){return this.encrypted}async decrypt(e,t,r=M){if(!r.allowUnauthenticatedMessages)throw Error("Message is not authenticated.");const{blockSize:i}=Er(e),a=await U(A(this.encrypted)),n=await Zi(e,t,a.subarray(i+2),a.subarray(2,i+2));this.packets=await cs.fromBinary(n,xs,r)}async encrypt(e,t,r=M){const i=this.packets.write(),{blockSize:a}=Er(e),n=await Xi(e),s=await Yi(e,t,n,new Uint8Array(a)),o=await Yi(e,t,i,s.subarray(2));this.encrypted=F.concat([s,o])}}class Is{static get tag(){return B.packet.marker}read(e){return 80===e[0]&&71===e[1]&&80===e[2]}write(){return new Uint8Array([80,71,80])}}class Ts extends Ds{static get tag(){return B.packet.publicSubkey}constructor(e,t){super(e,t)}static fromSecretSubkeyPacket(e){const t=new Ts,{version:r,created:i,algorithm:a,publicParams:n,keyID:s,fingerprint:o}=e;return t.version=r,t.created=i,t.algorithm=a,t.publicParams=n,t.keyID=s,t.fingerprint=o,t}}class Bs{static get tag(){return B.packet.userAttribute}constructor(){this.attributes=[]}read(e){let t=0;for(;t<e.length;){const r=Ye(e.subarray(t,e.length));t+=r.offset,this.attributes.push(F.uint8ArrayToString(e.subarray(t,t+r.len))),t+=r.len}}write(){const e=[];for(let t=0;t<this.attributes.length;t++)e.push(Ze(this.attributes[t].length)),e.push(F.stringToUint8Array(this.attributes[t]));return F.concatUint8Array(e)}equals(e){return!!(e&&e instanceof Bs)&&this.attributes.every((function(t,r){return t===e.attributes[r]}))}}class Ms extends Ds{static get tag(){return B.packet.secretKey}constructor(e=new Date,t=M){super(e,t),this.keyMaterial=null,this.isEncrypted=null,this.s2kUsage=0,this.s2k=null,this.symmetric=null,this.aead=null,this.isLegacyAEAD=null,this.privateParams=null,this.usedModernAEAD=null}async read(e,t=M){let r=await this.readPublicKey(e,t);const i=r;this.s2kUsage=e[r++],5===this.version&&r++,6===this.version&&this.s2kUsage&&r++;try{if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){this.symmetric=e[r++],253===this.s2kUsage&&(this.aead=e[r++]),6===this.version&&r++;const t=e[r++];if(this.s2k=tn(t),r+=this.s2k.read(e.subarray(r,e.length)),"gnu-dummy"===this.s2k.type)return}else this.s2kUsage&&(this.symmetric=this.s2kUsage);this.s2kUsage&&(this.isLegacyAEAD=253===this.s2kUsage&&(5===this.version||4===this.version&&t.parseAEADEncryptedV4KeysAsLegacy),253!==this.s2kUsage||this.isLegacyAEAD?(this.iv=e.subarray(r,r+Er(this.symmetric).blockSize),this.usedModernAEAD=!1):(this.iv=e.subarray(r,r+La(this.aead).ivLength),this.usedModernAEAD=!0),r+=this.iv.length)}catch(t){if(!this.s2kUsage)throw t;this.unparseableKeyMaterial=e.subarray(i),this.isEncrypted=!0}if(5===this.version&&(r+=4),this.keyMaterial=e.subarray(r),this.isEncrypted=!!this.s2kUsage,!this.isEncrypted){let e;if(6===this.version)e=this.keyMaterial;else if(e=this.keyMaterial.subarray(0,-2),!F.equalsUint8Array(F.writeChecksum(e),this.keyMaterial.subarray(-2)))throw Error("Key checksum mismatch");try{const{read:t,privateParams:r}=await Na(this.algorithm,e,this.publicParams);if(t<e.length)throw Error("Error reading MPIs");this.privateParams=r}catch(e){if(e instanceof at)throw e;throw Error("Error reading MPIs")}}}write(){const e=this.writePublicKey();if(this.unparseableKeyMaterial)return F.concatUint8Array([e,this.unparseableKeyMaterial]);const t=[e];t.push(new Uint8Array([this.s2kUsage]));const r=[];if(255===this.s2kUsage||254===this.s2kUsage||253===this.s2kUsage){r.push(this.symmetric),253===this.s2kUsage&&r.push(this.aead);const e=this.s2k.write();6===this.version&&r.push(e.length),r.push(...e)}return this.s2kUsage&&"gnu-dummy"!==this.s2k.type&&r.push(...this.iv),(5===this.version||6===this.version&&this.s2kUsage)&&t.push(new Uint8Array([r.length])),t.push(new Uint8Array(r)),this.isDummy()||(this.s2kUsage||(this.keyMaterial=Ra(this.algorithm,this.privateParams)),5===this.version&&t.push(F.writeNumber(this.keyMaterial.length,4)),t.push(this.keyMaterial),this.s2kUsage||6===this.version||t.push(F.writeChecksum(this.keyMaterial))),F.concatUint8Array(t)}isDecrypted(){return!1===this.isEncrypted}isMissingSecretKeyMaterial(){return void 0!==this.unparseableKeyMaterial||this.isDummy()}isDummy(){return!(!this.s2k||"gnu-dummy"!==this.s2k.type)}makeDummy(e=M){this.isDummy()||(this.isDecrypted()&&this.clearPrivateParams(),delete this.unparseableKeyMaterial,this.isEncrypted=null,this.keyMaterial=null,this.s2k=tn(B.s2k.gnu,e),this.s2k.algorithm=0,this.s2k.c=0,this.s2k.type="gnu-dummy",this.s2kUsage=254,this.symmetric=B.symmetric.aes256,this.isLegacyAEAD=null,this.usedModernAEAD=null)}async encrypt(e,t=M){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key packet is already encrypted");if(!e)throw Error("A non-empty passphrase is required for key encryption.");this.s2k=rn(t),this.s2k.generateSalt();const r=Ra(this.algorithm,this.privateParams);this.symmetric=B.symmetric.aes256;const{blockSize:i}=Er(this.symmetric);if(t.aeadProtect){this.s2kUsage=253,this.aead=t.preferredAEADAlgorithm;const a=La(this.aead);this.isLegacyAEAD=5===this.version,this.usedModernAEAD=!this.isLegacyAEAD;const n=et(this.constructor.tag),s=await Ls(this.version,this.s2k,e,this.symmetric,this.aead,n,this.isLegacyAEAD,t),o=await a(this.symmetric,s);this.iv=this.isLegacyAEAD?ye(i):ye(a.ivLength);const c=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([n,this.writePublicKey()]);this.keyMaterial=await o.encrypt(r,this.iv.subarray(0,a.ivLength),c)}else{this.s2kUsage=254,this.usedModernAEAD=!1;const a=await Ls(this.version,this.s2k,e,this.symmetric,void 0,void 0,void 0,t);this.iv=ye(i),this.keyMaterial=await Yi(this.symmetric,a,F.concatUint8Array([r,await Te(B.hash.sha1,r)]),this.iv)}}async decrypt(e,t=M){if(this.isDummy())return!1;if(this.unparseableKeyMaterial)throw Error("Key packet cannot be decrypted: unsupported S2K or cipher algo");if(this.isDecrypted())throw Error("Key packet is already decrypted.");let r;const i=et(this.constructor.tag);if(254!==this.s2kUsage&&253!==this.s2kUsage)throw 255===this.s2kUsage?Error("Encrypted private key is authenticated using an insecure two-byte hash"):Error("Private key is encrypted using an insecure S2K function: unsalted MD5");let a;if(r=await Ls(this.version,this.s2k,e,this.symmetric,this.aead,i,this.isLegacyAEAD,t),253===this.s2kUsage){const e=La(this.aead,!0),t=await e(this.symmetric,r);try{const r=this.isLegacyAEAD?new Uint8Array:F.concatUint8Array([i,this.writePublicKey()]);a=await t.decrypt(this.keyMaterial,this.iv.subarray(0,e.ivLength),r)}catch(e){if("Authentication tag mismatch"===e.message)throw Error("Incorrect key passphrase: "+e.message);throw e}}else{const e=await Zi(this.symmetric,r,this.keyMaterial,this.iv);a=e.subarray(0,-20);const t=await Te(B.hash.sha1,a);if(!F.equalsUint8Array(t,e.subarray(-20)))throw Error("Incorrect key passphrase")}try{const{privateParams:e}=await Na(this.algorithm,a,this.publicParams);this.privateParams=e}catch{throw Error("Error reading MPIs")}this.isEncrypted=!1,this.keyMaterial=null,this.s2kUsage=0,this.aead=null,this.symmetric=null,this.isLegacyAEAD=null}async validate(){if(this.isDummy())return;if(!this.isDecrypted())throw Error("Key is not decrypted");if(this.usedModernAEAD)return;let e;try{e=await ja(this.algorithm,this.publicParams,this.privateParams)}catch{e=!1}if(!e)throw Error("Key is invalid")}async generate(e,t,r){if(6===this.version&&(this.algorithm===B.publicKey.ecdh&&t===B.curve.curve25519Legacy||this.algorithm===B.publicKey.eddsaLegacy))throw Error(`Cannot generate v6 keys of type 'ecc' with curve ${t}. Generate a key of type 'curve25519' instead`);if(6!==this.version&&this.algorithm===B.publicKey.pqc_mldsa_ed25519)throw Error(`Cannot generate v${this.version} signing keys of type 'pqc'. Generate a v6 key instead`);const{privateParams:i,publicParams:a}=await za(this.algorithm,e,t,r);this.privateParams=i,this.publicParams=a,this.isEncrypted=!1}clearPrivateParams(){this.isMissingSecretKeyMaterial()||(Object.keys(this.privateParams).forEach((e=>{this.privateParams[e].fill(0),delete this.privateParams[e]})),this.privateParams=null,this.isEncrypted=!0)}}async function Ls(e,t,r,i,a,n,s,o){if("argon2"===t.type&&!a)throw Error("Using Argon2 S2K without AEAD is not allowed");if("simple"===t.type&&6===e)throw Error("Using Simple S2K with version 6 keys is not allowed");const{keySize:c}=Er(i),u=await t.produceKey(r,c,o);if(!a||5===e||s)return u;const h=F.concatUint8Array([n,new Uint8Array([e,i,a])]);return Dr(B.hash.sha256,u,new Uint8Array,h,c)}class Fs{static get tag(){return B.packet.userID}constructor(){this.userID="",this.name="",this.email="",this.comment=""}static fromObject(e){if(F.isString(e)||e.name&&!F.isString(e.name)||e.email&&!F.isEmailAddress(e.email)||e.comment&&!F.isString(e.comment))throw Error("Invalid user ID format");const t=new Fs;Object.assign(t,e);const r=[];return t.name&&r.push(t.name),t.comment&&r.push(`(${t.comment})`),t.email&&r.push(`<${t.email}>`),t.userID=r.join(" "),t}read(e,t=M){const r=F.decodeUTF8(e);if(r.length>t.maxUserIDLength)throw Error("User ID string is too long");const i=e=>/^[^\s@]+@[^\s@]+$/.test(e),a=r.indexOf("<"),n=r.lastIndexOf(">");if(-1!==a&&-1!==n&&n>a){const e=r.substring(a+1,n);if(i(e)){this.email=e;const t=r.substring(0,a).trim(),i=t.indexOf("("),n=t.lastIndexOf(")");-1!==i&&-1!==n&&n>i?(this.comment=t.substring(i+1,n).trim(),this.name=t.substring(0,i).trim()):(this.name=t,this.comment="")}}else i(r.trim())&&(this.email=r.trim(),this.name="",this.comment="");this.userID=r}write(){return F.encodeUTF8(this.userID)}equals(e){return e&&e.userID===this.userID}}class _s extends Ms{static get tag(){return B.packet.secretSubkey}constructor(e=new Date,t=M){super(e,t)}}class Ns{static get tag(){return B.packet.trust}read(){throw new at("Trust packets are not supported")}write(){throw new at("Trust packets are not supported")}}class Rs{static get tag(){return B.packet.padding}constructor(){this.padding=null}read(e){}write(){return this.padding}async createPadding(e){this.padding=ye(e)}}const zs=/*#__PURE__*/F.constructAllowedPackets([is]);class Os{constructor(e){this.packets=e||new cs}write(){return this.packets.write()}armor(e=M){const t=this.packets.some((e=>e.constructor.tag===is.tag&&6!==e.version));return Z(B.armor.signature,this.write(),void 0,void 0,void 0,t,e)}getSigningKeyIDs(){return this.packets.map((e=>e.issuerKeyID))}}async function js({armoredSignature:e,binarySignature:t,config:r,...i}){r={...M,...r};let a=e||t;if(!a)throw Error("readSignature: must pass options object containing `armoredSignature` or `binarySignature`");if(e&&!F.isString(e))throw Error("readSignature: options.armoredSignature must be a string");if(t&&!F.isUint8Array(t))throw Error("readSignature: options.binarySignature must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:e,data:t}=await Y(a);if(e!==B.armor.signature)throw Error("Armored text not of type signature");a=t}const s=await cs.fromBinary(a,zs,r);return new Os(s)}async function qs(e,t){const r=new _s(e.date,t);return r.packets=null,r.algorithm=B.write(B.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Hs(e,t){const r=new Ms(e.date,t);return r.packets=null,r.algorithm=B.write(B.publicKey,e.algorithm),await r.generate(e.rsaBits,e.curve,e.symmetric),await r.computeFingerprintAndKeyID(),r}async function Gs(e,t,r,i,a=new Date,n){let s,o;for(let c=e.length-1;c>=0;c--)try{(!s||e[c].created>=s.created)&&(await e[c].verify(t,r,i,a,void 0,n),s=e[c])}catch(e){o=e}if(!s)throw F.wrapError(`Could not find valid ${B.read(B.signature,r)} signature in key ${t.getKeyID().toHex()}`.replace("certGeneric ","self-").replace(/([a-z])([A-Z])/g,((e,t,r)=>t+" "+r.toLowerCase())),o);return s}function Vs(e,t,r=new Date){const i=F.normalizeDate(r);if(null!==i){const r=Zs(e,t);return!(e.created<=i&&i<r)}return!1}async function Ws(e,t,r,i){const a={};a.key=t,a.bind=e;const n={signatureType:B.signature.subkeyBinding};r.sign?(n.keyFlags=[B.keyFlags.signData],n.embeddedSignature=await Qs(a,[],e,{signatureType:B.signature.keyBinding},r.date,void 0,void 0,void 0,i)):n.keyFlags=r.forwarding?[B.keyFlags.forwardedCommunication]:[B.keyFlags.encryptCommunication|B.keyFlags.encryptStorage],r.keyExpirationTime>0&&(n.keyExpirationTime=r.keyExpirationTime,n.keyNeverExpires=!1);return await Qs(a,[],t,n,r.date,void 0,void 0,void 0,i)}async function $s(e,t,r=new Date,i=[],a){const n=B.hash.sha256,s=a.preferredHashAlgorithm,o=await Promise.all(e.map((async(e,t)=>(await e.getPrimarySelfSignature(r,i[t],a)).preferredHashAlgorithms||[]))),c=new Map;for(const e of o)for(const t of e)try{const e=B.write(B.hash,t);c.set(e,c.has(e)?c.get(e)+1:1)}catch{}const u=t=>0===e.length||c.get(t)===e.length||t===n,h=()=>{if(0===c.size)return n;const e=Array.from(c.keys()).filter((e=>u(e))).sort(((e,t)=>Be(e)-Be(t)))[0];return Be(e)>=Be(n)?e:n},l=new Set([B.publicKey.ecdsa,B.publicKey.eddsaLegacy,B.publicKey.ed25519,B.publicKey.ed448]),y=new Set([B.publicKey.pqc_mldsa_ed25519]);if(l.has(t.algorithm)){const e=function(e,t){switch(e){case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:return $r(t);case B.publicKey.ed25519:case B.publicKey.ed448:return pt(e);default:throw Error("Unknown elliptic signing algo")}}(t.algorithm,t.publicParams.oid),r=u(s),i=Be(s)>=Be(e);if(r&&i)return s;{const t=h();return Be(t)>=Be(e)?t:e}}if(y.has(t.algorithm)){if(u(s)&&Fi(t.algorithm,s))return s;{const e=h();return Fi(t.algorithm,e)?e:n}}return u(s)?s:h()}async function Qs(e,t,r,i,a,n,s=[],o=!1,c){if(r.isDummy())throw Error("Cannot sign with a gnu-dummy key.");if(!r.isDecrypted())throw Error("Signing key is not decrypted.");const u=new is;return Object.assign(u,i),u.publicKeyAlgorithm=r.algorithm,u.hashAlgorithm=await $s(t,r,a,n,c),u.rawNotations=[...s],await u.sign(r,e,a,o,c),u}async function Xs(e,t,r,i=new Date,a){(e=e[r])&&(t[r].length?await Promise.all(e.map((async function(e){e.isExpired(i)||a&&!await a(e)||t[r].some((function(t){return F.equalsUint8Array(t.writeParams(),e.writeParams())}))||t[r].push(e)}))):t[r]=e)}async function Ys(e,t,r,i,a,n,s=new Date,o){n=n||e;const c=[];return await Promise.all(i.map((async function(e){try{if(!a||e.issuerKeyID.equals(a.issuerKeyID)){const i=![B.reasonForRevocation.keyRetired,B.reasonForRevocation.keySuperseded,B.reasonForRevocation.userIDInvalid].includes(e.reasonForRevocationFlag);await e.verify(n,t,r,i?null:s,!1,o),c.push(e.issuerKeyID)}}catch{}}))),a?(a.revoked=!!c.some((e=>e.equals(a.issuerKeyID)))||(a.revoked||!1),a.revoked):c.length>0}function Zs(e,t){let r;return!1===t.keyNeverExpires&&(r=e.created.getTime()+1e3*t.keyExpirationTime),r?new Date(r):1/0}function Js(e,t={}){if(e.type=e.type||t.type,e.curve=e.curve||t.curve,e.rsaBits=e.rsaBits||t.rsaBits,e.symmetricHash=e.symmetricHash||t.symmetricHash,e.symmetricCipher=e.symmetricCipher||t.symmetricCipher,e.keyExpirationTime=void 0!==e.keyExpirationTime?e.keyExpirationTime:t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e.sign=e.sign||!1,e.forwarding=e.forwarding||!1,e.sign&&e.forwarding)throw Error('Incompatible options: "sign" and "forwarding" cannot be set together');switch(e.type){case"pqc":e.sign?e.algorithm=B.publicKey.pqc_mldsa_ed25519:e.algorithm=B.publicKey.pqc_mlkem_x25519;break;case"ecc":try{e.curve=B.write(B.curve,e.curve)}catch{throw Error("Unknown curve")}e.curve!==B.curve.ed25519Legacy&&e.curve!==B.curve.curve25519Legacy&&"ed25519"!==e.curve&&"curve25519"!==e.curve||(e.curve=e.sign?B.curve.ed25519Legacy:B.curve.curve25519Legacy),e.sign?e.algorithm=e.curve===B.curve.ed25519Legacy?B.publicKey.eddsaLegacy:B.publicKey.ecdsa:e.algorithm=B.publicKey.ecdh;break;case"curve25519":e.algorithm=e.sign?B.publicKey.ed25519:B.publicKey.x25519;break;case"curve448":e.algorithm=e.sign?B.publicKey.ed448:B.publicKey.x448;break;case"rsa":e.algorithm=B.publicKey.rsaEncryptSign;break;case"symmetric":if(e.sign){e.algorithm=B.publicKey.hmac;try{e.symmetric=B.write(B.hash,e.symmetricHash)}catch{throw Error("Unknown hash algorithm")}}else{e.algorithm=B.publicKey.aead;try{e.symmetric=B.write(B.symmetric,e.symmetricCipher)}catch{throw Error("Unknown symmetric algorithm")}}break;default:throw Error("Unsupported key type "+e.type)}return e}function eo(e,t,r){switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.dsa:case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:case B.publicKey.ed25519:case B.publicKey.ed448:case B.publicKey.hmac:case B.publicKey.pqc_mldsa_ed25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.signData);default:return!1}}function to(e,t,r){switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.aead:case B.publicKey.pqc_mlkem_x25519:if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");return!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&B.keyFlags.encryptStorage);default:return!1}}function ro(e,t,r){if(!t.keyFlags&&!r.allowMissingKeyFlags)throw Error("None of the key flags is set: consider passing `config.allowMissingKeyFlags`");switch(e.algorithm){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaEncrypt:case B.publicKey.elgamal:case B.publicKey.ecdh:case B.publicKey.x25519:case B.publicKey.x448:case B.publicKey.pqc_mlkem_x25519:return!(!(!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.signData))||!r.allowInsecureDecryptionWithSigningKeys)||(!t.keyFlags||!!(t.keyFlags[0]&B.keyFlags.encryptCommunication)||!!(t.keyFlags[0]&B.keyFlags.encryptStorage)||r.allowForwardedMessages&&!!(t.keyFlags[0]&B.keyFlags.forwardedCommunication));default:return!1}}function io(e,t){const r=B.write(B.publicKey,e.algorithm),i=e.getAlgorithmInfo();if(t.rejectPublicKeyAlgorithms.has(r))throw Error(i.algorithm+" keys are considered too weak.");switch(r){case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.rsaEncrypt:if(i.bits<t.minRSABits)throw Error(`RSA keys shorter than ${t.minRSABits} bits are considered too weak.`);break;case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:case B.publicKey.ecdh:if(t.rejectCurves.has(i.curve))throw Error(`Support for ${i.algorithm} keys using curve ${i.curve} is disabled.`)}}class ao{constructor(e,t){this.userID=e.constructor.tag===B.packet.userID?e:null,this.userAttribute=e.constructor.tag===B.packet.userAttribute?e:null,this.selfCertifications=[],this.otherCertifications=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new cs;return e.push(this.userID||this.userAttribute),e.push(...this.revocationSignatures),e.push(...this.selfCertifications),e.push(...this.otherCertifications),e}clone(){const e=new ao(this.userID||this.userAttribute,this.mainKey);return e.selfCertifications=[...this.selfCertifications],e.otherCertifications=[...this.otherCertifications],e.revocationSignatures=[...this.revocationSignatures],e}async certify(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i},n=new ao(a.userID||a.userAttribute,this.mainKey);return n.otherCertifications=await Promise.all(e.map((async function(e){if(!e.isPrivate())throw Error("Need private key for signing");if(e.hasSameFingerprintAs(i))throw Error("The user's own key can only be used for self-certifications");const n=await e.getSigningKey(void 0,t,void 0,r);return Qs(a,[e],n.keyPacket,{signatureType:B.signature.certGeneric,keyFlags:[B.keyFlags.certifyKeys|B.keyFlags.signData]},t,void 0,void 0,void 0,r)}))),await n.update(this,t,r),n}async isRevoked(e,t,r=new Date,i=M){const a=this.mainKey.keyPacket;return Ys(a,B.signature.certRevocation,{key:a,userID:this.userID,userAttribute:this.userAttribute},this.revocationSignatures,e,t,r,i)}async verifyCertificate(e,t,r=new Date,i){const a=this,n=this.mainKey.keyPacket,s={userID:this.userID,userAttribute:this.userAttribute,key:n},{issuerKeyID:o}=e,c=t.filter((e=>e.getKeys(o).length>0));return 0===c.length?null:(await Promise.all(c.map((async t=>{const n=await t.getSigningKey(o,e.created,void 0,i);if(e.revoked||await a.isRevoked(e,n.keyPacket,r,i))throw Error("User certificate is revoked");try{await e.verify(n.keyPacket,B.signature.certGeneric,s,r,void 0,i)}catch(e){throw F.wrapError("User certificate is invalid",e)}}))),!0)}async verifyAllCertifications(e,t=new Date,r){const i=this,a=this.selfCertifications.concat(this.otherCertifications);return Promise.all(a.map((async a=>({keyID:a.issuerKeyID,valid:await i.verifyCertificate(a,e,t,r).catch((()=>!1))}))))}async verify(e=new Date,t){if(!this.selfCertifications.length)throw Error("No self-certifications found");const r=this,i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};let n;for(let s=this.selfCertifications.length-1;s>=0;s--)try{const n=this.selfCertifications[s];if(n.revoked||await r.isRevoked(n,void 0,e,t))throw Error("Self-certification is revoked");try{await n.verify(i,B.signature.certGeneric,a,e,void 0,t)}catch(e){throw F.wrapError("Self-certification is invalid",e)}return!0}catch(e){n=e}throw n}async update(e,t,r){const i=this.mainKey.keyPacket,a={userID:this.userID,userAttribute:this.userAttribute,key:i};await Xs(e,this,"selfCertifications",t,(async function(e){try{return await e.verify(i,B.signature.certGeneric,a,t,!1,r),!0}catch{return!1}})),await Xs(e,this,"otherCertifications",t),await Xs(e,this,"revocationSignatures",t,(function(e){return Ys(i,B.signature.certRevocation,a,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=B.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=M){const n={userID:this.userID,userAttribute:this.userAttribute,key:e},s=new ao(n.userID||n.userAttribute,this.mainKey);return s.revocationSignatures.push(await Qs(n,[],e,{signatureType:B.signature.certRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}}class no{constructor(e,t){this.keyPacket=e,this.bindingSignatures=[],this.revocationSignatures=[],this.mainKey=t}toPacketList(){const e=new cs;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.bindingSignatures),e}clone(){const e=new no(this.keyPacket,this.mainKey);return e.bindingSignatures=[...this.bindingSignatures],e.revocationSignatures=[...this.revocationSignatures],e}async isRevoked(e,t,r=new Date,i=M){const a=this.mainKey.keyPacket;return Ys(a,B.signature.subkeyRevocation,{key:a,bind:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verify(e=new Date,t=M){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket},a=await Gs(this.bindingSignatures,r,B.signature.subkeyBinding,i,e,t);if(a.revoked||await this.isRevoked(a,null,e,t))throw Error("Subkey is revoked");if(Vs(this.keyPacket,a,e))throw Error("Subkey is expired");return a}async getExpirationTime(e=new Date,t=M){const r=this.mainKey.keyPacket,i={key:r,bind:this.keyPacket};let a;try{a=await Gs(this.bindingSignatures,r,B.signature.subkeyBinding,i,e,t)}catch{return null}const n=Zs(this.keyPacket,a),s=a.getExpirationTime();return n<s?n:s}async update(e,t=new Date,r=M){const i=this.mainKey.keyPacket;if(!this.hasSameFingerprintAs(e))throw Error("Subkey update method: fingerprints of subkeys not equal");this.keyPacket.constructor.tag===B.packet.publicSubkey&&e.keyPacket.constructor.tag===B.packet.secretSubkey&&(this.keyPacket=e.keyPacket);const a=this,n={key:i,bind:a.keyPacket};await Xs(e,this,"bindingSignatures",t,(async function(e){for(let t=0;t<a.bindingSignatures.length;t++)if(a.bindingSignatures[t].issuerKeyID.equals(e.issuerKeyID))return e.created>a.bindingSignatures[t].created&&(a.bindingSignatures[t]=e),!1;try{return await e.verify(i,B.signature.subkeyBinding,n,t,void 0,r),!0}catch{return!1}})),await Xs(e,this,"revocationSignatures",t,(function(e){return Ys(i,B.signature.subkeyRevocation,n,[e],void 0,void 0,t,r)}))}async revoke(e,{flag:t=B.reasonForRevocation.noReason,string:r=""}={},i=new Date,a=M){const n={key:e,bind:this.keyPacket},s=new no(this.keyPacket,this.mainKey);return s.revocationSignatures.push(await Qs(n,[],e,{signatureType:B.signature.subkeyRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,t),reasonForRevocationString:r},i,void 0,void 0,!1,a)),await s.update(this),s}hasSameFingerprintAs(e){return this.keyPacket.hasSameFingerprintAs(e.keyPacket||e)}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","isDecrypted"].forEach((e=>{no.prototype[e]=function(){return this.keyPacket[e]()}}));const so=/*#__PURE__*/F.constructAllowedPackets([is]),oo=new Set([B.packet.publicKey,B.packet.privateKey]),co=new Set([B.packet.publicKey,B.packet.privateKey,B.packet.publicSubkey,B.packet.privateSubkey]);class uo{packetListToStructure(e,t=new Set){let r,i,a,n;for(const s of e){if(s instanceof ot){co.has(s.tag)&&!n&&(n=oo.has(s.tag)?oo:co);continue}const e=s.constructor.tag;if(n){if(!n.has(e))continue;n=null}if(t.has(e))throw Error("Unexpected packet type: "+e);switch(e){case B.packet.publicKey:case B.packet.secretKey:if(this.keyPacket)throw Error("Key block contains multiple keys");if(this.keyPacket=s,i=this.getKeyID(),!i)throw Error("Missing Key ID");break;case B.packet.userID:case B.packet.userAttribute:r=new ao(s,this),this.users.push(r);break;case B.packet.publicSubkey:case B.packet.secretSubkey:r=null,a=new no(s,this),this.subkeys.push(a);break;case B.packet.signature:switch(s.signatureType){case B.signature.certGeneric:case B.signature.certPersona:case B.signature.certCasual:case B.signature.certPositive:if(!r){F.printDebug("Dropping certification signatures without preceding user packet");continue}s.issuerKeyID.equals(i)?r.selfCertifications.push(s):r.otherCertifications.push(s);break;case B.signature.certRevocation:r?r.revocationSignatures.push(s):this.directSignatures.push(s);break;case B.signature.key:this.directSignatures.push(s);break;case B.signature.subkeyBinding:if(!a){F.printDebug("Dropping subkey binding signature without preceding subkey packet");continue}a.bindingSignatures.push(s);break;case B.signature.keyRevocation:this.revocationSignatures.push(s);break;case B.signature.subkeyRevocation:if(!a){F.printDebug("Dropping subkey revocation signature without preceding subkey packet");continue}a.revocationSignatures.push(s)}}}}toPacketList(){const e=new cs;return e.push(this.keyPacket),e.push(...this.revocationSignatures),e.push(...this.directSignatures),this.users.map((t=>e.push(...t.toPacketList()))),this.subkeys.map((t=>e.push(...t.toPacketList()))),e}clone(e=!1){const t=new this.constructor(this.toPacketList());return e&&t.getKeys().forEach((e=>{if(e.keyPacket=Object.create(Object.getPrototypeOf(e.keyPacket),Object.getOwnPropertyDescriptors(e.keyPacket)),!e.keyPacket.isDecrypted())return;const t={};Object.keys(e.keyPacket.privateParams).forEach((r=>{t[r]=new Uint8Array(e.keyPacket.privateParams[r])})),e.keyPacket.privateParams=t})),t}getSubkeys(e=null){return this.subkeys.filter((t=>!e||t.getKeyID().equals(e,!0)))}getKeys(e=null){const t=[];return e&&!this.getKeyID().equals(e,!0)||t.push(this),t.concat(this.getSubkeys(e))}getKeyIDs(){return this.getKeys().map((e=>e.getKeyID()))}getUserIDs(){return this.users.map((e=>e.userID?e.userID.userID:null)).filter((e=>null!==e))}write(){return this.toPacketList().write()}async getSigningKey(e=null,t=new Date,r={},i=M){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{io(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Gs(r.bindingSignatures,a,B.signature.subkeyBinding,e,t,i);if(!eo(r.keyPacket,n,i))continue;if(!n.embeddedSignature)throw Error("Missing embedded signature");return await Gs([n.embeddedSignature],r.keyPacket,B.signature.keyBinding,e,t,i),io(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&eo(a,n,i))return io(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid signing key packet in key "+this.getKeyID().toHex(),s)}async getEncryptionKey(e,t=new Date,r={},i=M){await this.verifyPrimaryKey(t,r,i);const a=this.keyPacket;try{io(a,i)}catch(e){throw F.wrapError("Could not verify primary key",e)}const n=this.subkeys.slice().sort(((e,t)=>t.keyPacket.created-e.keyPacket.created||t.keyPacket.algorithm-e.keyPacket.algorithm));let s;for(const r of n)if(!e||r.getKeyID().equals(e))try{await r.verify(t,i);const e={key:a,bind:r.keyPacket},n=await Gs(r.bindingSignatures,a,B.signature.subkeyBinding,e,t,i);if(to(r.keyPacket,n,i))return io(r.keyPacket,i),r}catch(e){s=e}try{const n=await this.getPrimarySelfSignature(t,r,i);if((!e||a.getKeyID().equals(e))&&to(a,n,i))return io(a,i),this}catch(e){s=e}throw F.wrapError("Could not find valid encryption key packet in key "+this.getKeyID().toHex(),s)}async isRevoked(e,t,r=new Date,i=M){return Ys(this.keyPacket,B.signature.keyRevocation,{key:this.keyPacket},this.revocationSignatures,e,t,r,i)}async verifyPrimaryKey(e=new Date,t={},r=M){const i=this.keyPacket;if(await this.isRevoked(null,null,e,r))throw Error("Primary key is revoked");if(Vs(i,await this.getPrimarySelfSignature(e,t,r),e))throw Error("Primary key is expired");if(6!==i.version){const t=await Gs(this.directSignatures,i,B.signature.key,{key:i},e,r).catch((()=>{}));if(t&&Vs(i,t,e))throw Error("Primary key is expired")}}async getExpirationTime(e,t=M){let r;try{const i=await this.getPrimarySelfSignature(null,e,t),a=Zs(this.keyPacket,i),n=i.getExpirationTime(),s=6!==this.keyPacket.version&&await Gs(this.directSignatures,this.keyPacket,B.signature.key,{key:this.keyPacket},null,t).catch((()=>{}));if(s){const e=Zs(this.keyPacket,s);r=Math.min(a,n,e)}else r=a<n?a:n}catch{r=null}return F.normalizeDate(r)}async getPrimarySelfSignature(e=new Date,t={},r=M){const i=this.keyPacket;if(6===i.version)return Gs(this.directSignatures,i,B.signature.key,{key:i},e,r);const{selfCertification:a}=await this.getPrimaryUser(e,t,r);return a}async getPrimaryUser(e=new Date,t={},r=M){const i=this.keyPacket,a=[];let n;for(let s=0;s<this.users.length;s++)try{const n=this.users[s];if(!n.userID)continue;if(void 0!==t.name&&n.userID.name!==t.name||void 0!==t.email&&n.userID.email!==t.email||void 0!==t.comment&&n.userID.comment!==t.comment)throw Error("Could not find user that matches that user ID");const o={userID:n.userID,key:i},c=await Gs(n.selfCertifications,i,B.signature.certGeneric,o,e,r);a.push({index:s,user:n,selfCertification:c})}catch(e){n=e}if(!a.length)throw n||Error("Could not find primary user");await Promise.all(a.map((async t=>{t.selfCertification.revoked||await t.user.isRevoked(t.selfCertification,null,e,r)})));const s=a.sort((function(e,t){const r=e.selfCertification,i=t.selfCertification;return i.revoked-r.revoked||r.isPrimaryUserID-i.isPrimaryUserID||r.created-i.created})).pop(),{user:o,selfCertification:c}=s;if(c.revoked||await o.isRevoked(c,null,e,r))throw Error("Primary user is revoked");return s}async update(e,t=new Date,r=M){if(!this.hasSameFingerprintAs(e))throw Error("Primary key fingerprints must be equal to update the key");if(!this.isPrivate()&&e.isPrivate()){if(!(this.subkeys.length===e.subkeys.length&&this.subkeys.every((t=>e.subkeys.some((e=>t.hasSameFingerprintAs(e)))))))throw Error("Cannot update public key with private key if subkeys mismatch");return e.update(this,r)}const i=this.clone();return await Xs(e,i,"revocationSignatures",t,(a=>Ys(i.keyPacket,B.signature.keyRevocation,i,[a],null,e.keyPacket,t,r))),await Xs(e,i,"directSignatures",t),await Promise.all(e.users.map((async e=>{const a=i.users.filter((t=>e.userID&&e.userID.equals(t.userID)||e.userAttribute&&e.userAttribute.equals(t.userAttribute)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.users.push(t)}}))),await Promise.all(e.subkeys.map((async e=>{const a=i.subkeys.filter((t=>t.hasSameFingerprintAs(e)));if(a.length>0)await Promise.all(a.map((i=>i.update(e,t,r))));else{const t=e.clone();t.mainKey=i,i.subkeys.push(t)}}))),i}async getRevocationCertificate(e=new Date,t=M){const r={key:this.keyPacket},i=await Gs(this.revocationSignatures,this.keyPacket,B.signature.keyRevocation,r,e,t),a=new cs;a.push(i);const n=6!==this.keyPacket.version;return Z(B.armor.publicKey,a.write(),null,null,"This is a revocation certificate",n,t)}async applyRevocationCertificate(e,t=new Date,r=M){const i=await Y(e),a=(await cs.fromBinary(i.data,so,r)).findPacket(B.packet.signature);if(!a||a.signatureType!==B.signature.keyRevocation)throw Error("Could not find revocation signature packet");if(!a.issuerKeyID.equals(this.getKeyID()))throw Error("Revocation signature does not match key");try{await a.verify(this.keyPacket,B.signature.keyRevocation,{key:this.keyPacket},t,void 0,r)}catch(e){throw F.wrapError("Could not verify revocation signature",e)}const n=this.clone();return n.revocationSignatures.push(a),n}async signPrimaryUser(e,t,r,i=M){const{index:a,user:n}=await this.getPrimaryUser(t,r,i),s=await n.certify(e,t,i),o=this.clone();return o.users[a]=s,o}async signAllUsers(e,t=new Date,r=M){const i=this.clone();return i.users=await Promise.all(this.users.map((function(i){return i.certify(e,t,r)}))),i}async verifyPrimaryUser(e,t=new Date,r,i=M){const a=this.keyPacket,{user:n}=await this.getPrimaryUser(t,r,i);return e?await n.verifyAllCertifications(e,t,i):[{keyID:a.getKeyID(),valid:await n.verify(t,i).catch((()=>!1))}]}async verifyAllUsers(e,t=new Date,r=M){const i=this.keyPacket,a=[];return await Promise.all(this.users.map((async n=>{const s=e?await n.verifyAllCertifications(e,t,r):[{keyID:i.getKeyID(),valid:await n.verify(t,r).catch((()=>!1))}];a.push(...s.map((e=>({userID:n.userID?n.userID.userID:null,userAttribute:n.userAttribute,keyID:e.keyID,valid:e.valid}))))}))),a}}["getKeyID","getFingerprint","getAlgorithmInfo","getCreationTime","hasSameFingerprintAs"].forEach((e=>{uo.prototype[e]=no.prototype[e]}));class ho extends uo{constructor(e){if(super(),this.keyPacket=null,this.revocationSignatures=[],this.directSignatures=[],this.users=[],this.subkeys=[],e&&(this.packetListToStructure(e,new Set([B.packet.secretKey,B.packet.secretSubkey])),!this.keyPacket))throw Error("Invalid key: missing public-key packet")}isPrivate(){return!1}toPublic(){return this}armor(e=M){const t=6!==this.keyPacket.version;return Z(B.armor.publicKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}}class lo extends ho{constructor(e){if(super(),this.packetListToStructure(e,new Set([B.packet.publicKey,B.packet.publicSubkey])),!this.keyPacket)throw Error("Invalid key: missing private-key packet")}isPrivate(){return!0}toPublic(){const e=new cs,t=this.toPacketList();let r=!1;for(const i of t)if(!r||i.constructor.tag!==B.packet.Signature)switch(r&&(r=!1),i.constructor.tag){case B.packet.secretKey:{if(i.algorithm===B.publicKey.aead||i.algorithm===B.publicKey.hmac)throw Error("Cannot create public key from symmetric private");const t=Ds.fromSecretKeyPacket(i);e.push(t);break}case B.packet.secretSubkey:{if(i.algorithm===B.publicKey.aead||i.algorithm===B.publicKey.hmac){r=!0;break}const t=Ts.fromSecretSubkeyPacket(i);e.push(t);break}default:e.push(i)}return new ho(e)}armor(e=M){const t=6!==this.keyPacket.version;return Z(B.armor.privateKey,this.toPacketList().write(),void 0,void 0,void 0,t,e)}async getDecryptionKeys(e,t=new Date,r={},i=M){const a=this.keyPacket,n=[];let s=null;for(let r=0;r<this.subkeys.length;r++)if(!e||this.subkeys[r].getKeyID().equals(e,!0)){if(this.subkeys[r].keyPacket.isDummy()){s=s||Error("Gnu-dummy key packets cannot be used for decryption");continue}try{const e={key:a,bind:this.subkeys[r].keyPacket},s=await Gs(this.subkeys[r].bindingSignatures,a,B.signature.subkeyBinding,e,t,i);ro(this.subkeys[r].keyPacket,s,i)&&n.push(this.subkeys[r])}catch(e){s=e}}const o=await this.getPrimarySelfSignature(t,r,i);if(e&&!a.getKeyID().equals(e,!0)||!ro(a,o,i)||(a.isDummy()?s=s||Error("Gnu-dummy key packets cannot be used for decryption"):n.push(this)),0===n.length)throw s||Error("No decryption key packets found");return n}isDecrypted(){return this.getKeys().some((({keyPacket:e})=>e.isDecrypted()))}async validate(e=M){if(!this.isPrivate())throw Error("Cannot validate a public key");let t;if(this.keyPacket.isDummy()){const r=await this.getSigningKey(null,null,void 0,{...e,rejectPublicKeyAlgorithms:new Set,minRSABits:0});r&&!r.keyPacket.isDummy()&&(t=r.keyPacket)}else t=this.keyPacket;if(t)return t.validate();{const e=this.getKeys();if(e.map((e=>e.keyPacket.isDummy())).every(Boolean))throw Error("Cannot validate an all-gnu-dummy key");return Promise.all(e.map((e=>e.keyPacket.validate())))}}clearPrivateParams(){this.getKeys().forEach((({keyPacket:e})=>{e.isDecrypted()&&e.clearPrivateParams()}))}async revoke({flag:e=B.reasonForRevocation.noReason,string:t=""}={},r=new Date,i=M){if(!this.isPrivate())throw Error("Need private key for revoking");const a={key:this.keyPacket},n=this.clone();return n.revocationSignatures.push(await Qs(a,[],this.keyPacket,{signatureType:B.signature.keyRevocation,reasonForRevocationFlag:B.write(B.reasonForRevocation,e),reasonForRevocationString:t},r,void 0,void 0,void 0,i)),n}async addSubkey(e={}){const t={...M,...e.config};if(e.passphrase)throw Error("Subkey could not be encrypted here, please encrypt whole key");if(e.rsaBits<t.minRSABits)throw Error(`rsaBits should be at least ${t.minRSABits}, got: ${e.rsaBits}`);const r=this.keyPacket;if(r.isDummy())throw Error("Cannot add subkey to gnu-dummy primary key");if(!r.isDecrypted())throw Error("Key is not decrypted");const i=r.getAlgorithmInfo();i.type=function(e){switch(B.write(B.publicKey,e)){case B.publicKey.rsaEncrypt:case B.publicKey.rsaEncryptSign:case B.publicKey.rsaSign:case B.publicKey.dsa:return"rsa";case B.publicKey.ecdsa:case B.publicKey.eddsaLegacy:return"ecc";case B.publicKey.ed25519:return"curve25519";case B.publicKey.ed448:return"curve448";default:throw Error("Unsupported algorithm")}}(i.algorithm),i.rsaBits=i.bits||4096,i.curve=i.curve||"curve25519Legacy",e=Js(e,i);const a=await qs(e,{...t,v6Keys:6===this.keyPacket.version});io(a,t);const n=await Ws(a,r,e,t),s=this.toPacketList();return s.push(a,n),new lo(s)}}const yo=/*#__PURE__*/F.constructAllowedPackets([Ds,Ts,Ms,_s,Fs,Bs,is]);function po(e){for(const t of e)switch(t.constructor.tag){case B.packet.secretKey:return new lo(e);case B.packet.publicKey:return new ho(e)}throw Error("No key packet found")}async function go(e,t,r,i){r.passphrase&&await e.encrypt(r.passphrase,i),await Promise.all(t.map((async function(e,t){const a=r.subkeys[t].passphrase;a&&await e.encrypt(a,i)})));const a=new cs;function n(e,t){return[t,...e.filter((e=>e!==t))]}function s(){const t={};t.keyFlags=[B.keyFlags.certifyKeys|B.keyFlags.signData];const a=n([B.symmetric.aes256,B.symmetric.aes128],i.preferredSymmetricAlgorithm);if(t.preferredSymmetricAlgorithms=a,i.aeadProtect){const e=n([B.aead.gcm,B.aead.eax,B.aead.ocb],i.preferredAEADAlgorithm);t.preferredCipherSuites=e.flatMap((e=>a.map((t=>[t,e]))))}return t.preferredHashAlgorithms=n([B.hash.sha512,B.hash.sha256,...6===e.version?[B.hash.sha3_512,B.hash.sha3_256]:[]],i.preferredHashAlgorithm),t.preferredCompressionAlgorithms=n([B.compression.uncompressed,B.compression.zlib,B.compression.zip],i.preferredCompressionAlgorithm),t.features=[0],t.features[0]|=B.features.modificationDetection,i.aeadProtect&&(t.features[0]|=B.features.seipdv2),r.keyExpirationTime>0&&(t.keyExpirationTime=r.keyExpirationTime,t.keyNeverExpires=!1),t}if(a.push(e),6===e.version){const t={key:e},n=s();n.signatureType=B.signature.key;const o=await Qs(t,[],e,n,r.date,void 0,void 0,void 0,i);a.push(o)}await Promise.all(r.userIDs.map((async function(t,a){const n=Fs.fromObject(t),o={userID:n,key:e},c=6!==e.version?s():{};c.signatureType=B.signature.certPositive,0===a&&(c.isPrimaryUserID=!0);return{userIDPacket:n,signaturePacket:await Qs(o,[],e,c,r.date,void 0,void 0,void 0,i)}}))).then((e=>{e.forEach((({userIDPacket:e,signaturePacket:t})=>{a.push(e),a.push(t)}))})),await Promise.all(t.map((async function(t,a){const n=r.subkeys[a];return{secretSubkeyPacket:t,subkeySignaturePacket:await Ws(t,e,n,i)}}))).then((e=>{e.forEach((({secretSubkeyPacket:e,subkeySignaturePacket:t})=>{a.push(e),a.push(t)}))}));const o={key:e};return a.push(await Qs(o,[],e,{signatureType:B.signature.keyRevocation,reasonForRevocationFlag:B.reasonForRevocation.noReason,reasonForRevocationString:""},r.date,void 0,void 0,void 0,i)),r.passphrase&&e.clearPrivateParams(),t.map((function(e,t){r.subkeys[t].passphrase&&e.clearPrivateParams()})),new lo(a)}async function mo({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...M,...r},!e&&!t)throw Error("readKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await Y(e);if(t!==B.armor.publicKey&&t!==B.armor.privateKey)throw Error("Armored text not of type key");n=r}else n=t;const s=await cs.fromBinary(n,yo,r),o=s.indexOfTag(B.packet.publicKey,B.packet.secretKey);if(0===o.length)throw Error("No key packet found");return po(s.slice(o[0],o[1]))}async function fo({armoredKey:e,binaryKey:t,config:r,...i}){if(r={...M,...r},!e&&!t)throw Error("readPrivateKey: must pass options object containing `armoredKey` or `binaryKey`");if(e&&!F.isString(e))throw Error("readPrivateKey: options.armoredKey must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKey: options.binaryKey must be a Uint8Array");const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));let n;if(e){const{type:t,data:r}=await Y(e);if(t!==B.armor.privateKey)throw Error("Armored text not of type private key");n=r}else n=t;const s=await cs.fromBinary(n,yo,r),o=s.indexOfTag(B.packet.publicKey,B.packet.secretKey);for(let e=0;e<o.length;e++){if(s[o[e]].constructor.tag===B.packet.publicKey)continue;const t=s.slice(o[e],o[e+1]);return new lo(t)}throw Error("No secret key packet found")}async function wo({armoredKeys:e,binaryKeys:t,config:r,...i}){r={...M,...r};let a=e||t;if(!a)throw Error("readKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readKeys: options.binaryKeys must be a Uint8Array");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));if(e){const{type:t,data:r}=await Y(e);if(t!==B.armor.publicKey&&t!==B.armor.privateKey)throw Error("Armored text not of type key");a=r}const s=[],o=await cs.fromBinary(a,yo,r),c=o.indexOfTag(B.packet.publicKey,B.packet.secretKey);if(0===c.length)throw Error("No key packet found");for(let e=0;e<c.length;e++){const t=po(o.slice(c[e],c[e+1]));s.push(t)}return s}async function bo({armoredKeys:e,binaryKeys:t,config:r}){r={...M,...r};let i=e||t;if(!i)throw Error("readPrivateKeys: must pass options object containing `armoredKeys` or `binaryKeys`");if(e&&!F.isString(e))throw Error("readPrivateKeys: options.armoredKeys must be a string");if(t&&!F.isUint8Array(t))throw Error("readPrivateKeys: options.binaryKeys must be a Uint8Array");if(e){const{type:t,data:r}=await Y(e);if(t!==B.armor.privateKey)throw Error("Armored text not of type private key");i=r}const a=[],n=await cs.fromBinary(i,yo,r),s=n.indexOfTag(B.packet.publicKey,B.packet.secretKey);for(let e=0;e<s.length;e++){if(n[s[e]].constructor.tag===B.packet.publicKey)continue;const t=n.slice(s[e],s[e+1]),r=new lo(t);a.push(r)}if(0===a.length)throw Error("No secret key packet found");return a}const ko=/*#__PURE__*/F.constructAllowedPackets([Zn,ps,As,ks,Cs,Ss,Us,ss,is]),vo=/*#__PURE__*/F.constructAllowedPackets([Us]),Ko=/*#__PURE__*/F.constructAllowedPackets([is]);class Ao{constructor(e){this.packets=e||new cs}getEncryptionKeyIDs(){const e=[];return this.packets.filterByTag(B.packet.publicKeyEncryptedSessionKey).forEach((function(t){e.push(t.publicKeyID)})),e}getSigningKeyIDs(){const e=this.unwrapCompressed(),t=e.packets.filterByTag(B.packet.onePassSignature);if(t.length>0)return t.map((e=>e.issuerKeyID));return e.packets.filterByTag(B.packet.signature).map((e=>e.issuerKeyID))}async decrypt(e,t,r,i=new Date,a=M){const n=this.packets.filterByTag(B.packet.symmetricallyEncryptedData,B.packet.symEncryptedIntegrityProtectedData,B.packet.aeadEncryptedData);if(0===n.length)throw Error("No encrypted data found");const s=n[0],o=s.cipherAlgorithm,c=r||await this.decryptSessionKeys(e,t,o,i,a);let u=null;const h=Promise.all(c.map((async({algorithm:e,data:t})=>{if(!F.isUint8Array(t)||!s.cipherAlgorithm&&!F.isString(e))throw Error("Invalid session key for decryption.");try{const r=s.cipherAlgorithm||B.write(B.symmetric,e);await s.decrypt(r,t,a)}catch(e){F.printDebugError(e),u=e}})));if(D(s.encrypted),s.encrypted=null,await h,!s.packets||!s.packets.length)throw u||Error("Decryption failed.");const l=new Ao(s.packets);return s.packets=new cs,l}async decryptSessionKeys(e,t,r,i=new Date,a=M){let n,s=[];if(t){const e=this.packets.filterByTag(B.packet.symEncryptedSessionKey);if(0===e.length)throw Error("No symmetrically encrypted session key packet found.");await Promise.all(t.map((async function(t,r){let i;i=r?await cs.fromBinary(e.write(),vo,a):e,await Promise.all(i.map((async function(e){try{await e.decrypt(t,a),s.push(e)}catch(e){F.printDebugError(e),e instanceof $a&&(n=e)}})))})))}else{if(!e)throw Error("No key or password specified.");{const t=this.packets.filterByTag(B.packet.publicKeyEncryptedSessionKey);if(0===t.length)throw Error("No public key encrypted session key packet found.");await Promise.all(t.map((async function(t){await Promise.all(e.map((async function(e){let o;try{o=(await e.getDecryptionKeys(t.publicKeyID,null,void 0,a)).map((e=>e.keyPacket))}catch(e){return void(n=e)}let c=[B.symmetric.aes256,B.symmetric.aes128,B.symmetric.tripledes,B.symmetric.cast5];try{const t=await e.getPrimarySelfSignature(i,void 0,a);t.preferredSymmetricAlgorithms&&(c=c.concat(t.preferredSymmetricAlgorithms))}catch{}await Promise.all(o.map((async function(e){if(!e.isDecrypted())throw Error("Decryption key is not decrypted.");if(a.constantTimePKCS1Decryption&&(t.publicKeyAlgorithm===B.publicKey.rsaEncrypt||t.publicKeyAlgorithm===B.publicKey.rsaEncryptSign||t.publicKeyAlgorithm===B.publicKey.rsaSign||t.publicKeyAlgorithm===B.publicKey.elgamal)){const i=t.write();await Promise.all((r?[r]:Array.from(a.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)).map((async t=>{const r=new Ss;r.read(i);const a={sessionKeyAlgorithm:t,sessionKey:qa(t)};try{await r.decrypt(e,a),s.push(r)}catch(e){F.printDebugError(e),n=e}})))}else try{await t.decrypt(e);const i=r||t.sessionKeyAlgorithm;if(i&&!c.includes(B.write(B.symmetric,i)))throw Error("A non-preferred symmetric algorithm was used.");s.push(t)}catch(e){F.printDebugError(e),n=e}})))}))),D(t.encrypted),t.encrypted=null})))}}if(s.length>0){if(s.length>1){const e=new Set;s=s.filter((t=>{const r=t.sessionKeyAlgorithm+F.uint8ArrayToString(t.sessionKey);return!e.has(r)&&(e.add(r),!0)}))}return s.map((e=>({data:e.sessionKey,algorithm:e.sessionKeyAlgorithm&&B.read(B.symmetric,e.sessionKeyAlgorithm)})))}throw n||Error("Session key decryption failed.")}getLiteralData(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e&&e.getBytes()||null}getFilename(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e&&e.getFilename()||null}getText(){const e=this.unwrapCompressed().packets.findPacket(B.packet.literalData);return e?e.getText():null}static async generateSessionKey(e=[],t=new Date,r=[],i=M){const{symmetricAlgo:a,aeadAlgo:n}=await async function(e=[],t=new Date,r=[],i=M){const a=await Promise.all(e.map(((e,a)=>e.getPrimarySelfSignature(t,r[a],i))));if(e.length?!i.ignoreSEIPDv2FeatureFlag&&a.every((e=>e.features&&e.features[0]&B.features.seipdv2)):i.aeadProtect){const e={symmetricAlgo:B.symmetric.aes128,aeadAlgo:B.aead.ocb},t=[{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:i.preferredAEADAlgorithm},{symmetricAlgo:i.preferredSymmetricAlgorithm,aeadAlgo:B.aead.ocb},{symmetricAlgo:B.symmetric.aes128,aeadAlgo:i.preferredAEADAlgorithm}];for(const e of t)if(a.every((t=>t.preferredCipherSuites&&t.preferredCipherSuites.some((t=>t[0]===e.symmetricAlgo&&t[1]===e.aeadAlgo)))))return e;return e}const n=B.symmetric.aes128,s=i.preferredSymmetricAlgorithm;return{symmetricAlgo:a.every((e=>e.preferredSymmetricAlgorithms&&e.preferredSymmetricAlgorithms.includes(s)))?s:n,aeadAlgo:void 0}}(e,t,r,i),s=B.read(B.symmetric,a),o=n?B.read(B.aead,n):void 0;await Promise.all(e.map((e=>e.getEncryptionKey().catch((()=>null)).then((e=>{if(e&&(e.keyPacket.algorithm===B.publicKey.x25519||e.keyPacket.algorithm===B.publicKey.x448)&&!o&&!F.isAES(a))throw Error("Could not generate a session key compatible with the given `encryptionKeys`: X22519 and X448 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.")})))));return{data:qa(a),algorithm:s,aeadAlgorithm:o}}async encrypt(e,t,r,i=!1,a=[],n=new Date,s=[],o=M){if(r){if(!F.isUint8Array(r.data)||!F.isString(r.algorithm))throw Error("Invalid session key for encryption.")}else if(e&&e.length)r=await Ao.generateSessionKey(e,n,s,o);else{if(!t||!t.length)throw Error("No keys, passwords, or session key provided.");r=await Ao.generateSessionKey(void 0,void 0,void 0,o)}const{data:c,algorithm:u,aeadAlgorithm:h}=r,l=await Ao.encryptSessionKey(c,u,h,e,t,i,a,n,s,o),y=ks.fromObject({version:h?2:1,aeadAlgorithm:h?B.write(B.aead,h):null});y.packets=this.packets;const p=B.write(B.symmetric,u);return await y.encrypt(p,c,o),l.packets.push(y),y.packets=new cs,l}static async encryptSessionKey(e,t,r,i,a,n=!1,s=[],o=new Date,c=[],u=M){const h=new cs,l=B.write(B.symmetric,t),y=r&&B.write(B.aead,r);if(i){const t=await Promise.all(i.map((async function(t,r){const i=await t.getEncryptionKey(s[r],o,c,u),a=Ss.fromObject({version:y?6:3,encryptionKeyPacket:i.keyPacket,anonymousRecipient:n,sessionKey:e,sessionKeyAlgorithm:l});return await a.encrypt(i.keyPacket),delete a.sessionKey,a})));h.push(...t)}if(a){const t=async function(e,t){try{return await e.decrypt(t,u),1}catch{return 0}},r=(e,t)=>e+t,i=async function(e,n,s,o){const c=new Us(u);if(c.sessionKey=e,c.sessionKeyAlgorithm=n,s&&(c.aeadAlgorithm=s),await c.encrypt(o,u),u.passwordCollisionCheck){if(1!==(await Promise.all(a.map((e=>t(c,e))))).reduce(r))return i(e,n,o)}return delete c.sessionKey,c},n=await Promise.all(a.map((t=>i(e,l,y,t))));h.push(...n)}return new Ao(h)}async sign(e=[],t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=M){const u=new cs,h=this.packets.findPacket(B.packet.literalData);if(!h)throw Error("No literal data packet to sign.");const l=await Eo(h,e,t,r,i,a,n,s,o,!1,c),y=l.map(((e,t)=>ss.fromSignaturePacket(e,0===t))).reverse();return u.push(...y),u.push(h),u.push(...l),new Ao(u)}compress(e,t=M){if(e===B.compression.uncompressed)return this;const r=new ps(t);r.algorithm=e,r.packets=this.packets;const i=new cs;return i.push(r),new Ao(i)}async signDetached(e=[],t=[],r=null,i=[],a=[],n=new Date,s=[],o=[],c=M){const u=this.packets.findPacket(B.packet.literalData);if(!u)throw Error("No literal data packet to sign.");return new Os(await Eo(u,e,t,r,i,a,n,s,o,!0,c))}async verify(e,t=new Date,r=M){const i=this.unwrapCompressed(),a=i.packets.filterByTag(B.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");let s=i.packets;n(s.stream)&&(s=s.concat(await U(s.stream,(e=>e||[]))));const o=s.filterByTag(B.packet.onePassSignature).reverse(),c=s.filterByTag(B.packet.signature);return o.length&&!c.length&&F.isStream(s.stream)&&!n(s.stream)?(await Promise.all(o.map((async e=>{e.correspondingSig=new Promise(((t,r)=>{e.correspondingSigResolve=t,e.correspondingSigReject=r})),e.signatureData=x((async()=>(await e.correspondingSig).signatureData)),e.hashed=U(await e.hash(e.signatureType,a[0],void 0,!1)),e.hashed.catch((()=>{}))}))),s.stream=v(s.stream,(async(e,t)=>{const r=C(e),i=I(t);try{for(let e=0;e<o.length;e++){const{value:t}=await r.read();o[e].correspondingSigResolve(t)}await r.readToEnd(),await i.ready,await i.close()}catch(e){o.forEach((t=>{t.correspondingSigReject(e)})),await i.abort(e)}})),So(o,a,e,t,!1,r)):So(c,a,e,t,!1,r)}async verifyDetached(e,t,r=new Date,i=M){const a=this.unwrapCompressed().packets.filterByTag(B.packet.literalData);if(1!==a.length)throw Error("Can only verify message with one literal data packet.");return So(e.packets.filterByTag(B.packet.signature),a,t,r,!0,i)}unwrapCompressed(){const e=this.packets.filterByTag(B.packet.compressedData);return e.length?new Ao(e[0].packets):this}async appendSignature(e,t=M){await this.packets.read(F.isUint8Array(e)?e:(await Y(e)).data,Ko,t)}write(){return this.packets.write()}armor(e=M){const t=this.packets[this.packets.length-1],r=t.constructor.tag===ks.tag?2!==t.version:this.packets.some((e=>e.constructor.tag===is.tag&&6!==e.version));return Z(B.armor.message,this.write(),null,null,null,r,e)}}async function Eo(e,t,r=[],i=null,a=[],n=new Date,s=[],o=[],c=[],u=!1,h=M){const l=new cs,y=null===e.text?B.signature.binary:B.signature.text;if(await Promise.all(t.map((async(t,i)=>{const l=s[i];if(!t.isPrivate())throw Error("Need private key for signing");const p=await t.getSigningKey(a[i],n,l,h);return Qs(e,r.length?r:[t],p.keyPacket,{signatureType:y},n,o,c,u,h)}))).then((e=>{l.push(...e)})),i){const e=i.packets.filterByTag(B.packet.signature);l.push(...e)}return l}function So(e,t,r,i=new Date,a=!1,n=M){return e.filter((e=>["text","binary"].includes(B.read(B.signature,e.signatureType)))).map((e=>function(e,t,r,i=new Date,a=!1,n=M){let s,o;for(const t of r){const r=t.getKeys(e.issuerKeyID);if(r.length>0){s=t,o=r[0];break}}const c=e instanceof ss?e.correspondingSig:e,u={keyID:e.issuerKeyID,verified:(async()=>{if(!o)throw Error("Could not find signing key with key ID "+e.issuerKeyID.toHex());await e.verify(o.keyPacket,e.signatureType,t[0],i,a,n);const r=await c;if(o.getCreationTime()>r.created)throw Error("Key is newer than the signature");try{await s.getSigningKey(o.getKeyID(),r.created,void 0,n)}catch(e){if(!n.allowInsecureVerificationWithReformattedKeys||!e.message.match(/Signature creation time is in the future/))throw e;await s.getSigningKey(o.getKeyID(),i,void 0,n)}return!0})(),signature:(async()=>{const e=await c,t=new cs;return e&&t.push(e),new Os(t)})()};return u.signature.catch((()=>{})),u.verified.catch((()=>{})),u}(e,t,r,i,a,n)))}async function Po({armoredMessage:e,binaryMessage:t,config:r,...i}){r={...M,...r};let a=e||t;if(!a)throw Error("readMessage: must pass options object containing `armoredMessage` or `binaryMessage`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("readMessage: options.armoredMessage must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("readMessage: options.binaryMessage must be a Uint8Array or stream");const n=Object.keys(i);if(n.length>0)throw Error("Unknown option: "+n.join(", "));const s=F.isStream(a);if(e){const{type:e,data:t}=await Y(a);if(e!==B.armor.message)throw Error("Armored text not of type message");a=t}const o=await cs.fromBinary(a,ko,r,new ls),c=new Ao(o);return c.fromStream=s,c}async function Uo({text:e,binary:t,filename:r,date:i=new Date,format:a=(void 0!==e?"utf8":"binary"),...n}){const s=void 0!==e?e:t;if(void 0===s)throw Error("createMessage: must pass options object containing `text` or `binary`");if(e&&!F.isString(e)&&!F.isStream(e))throw Error("createMessage: options.text must be a string or stream");if(t&&!F.isUint8Array(t)&&!F.isStream(t))throw Error("createMessage: options.binary must be a Uint8Array or stream");const o=Object.keys(n);if(o.length>0)throw Error("Unknown option: "+o.join(", "));const c=F.isStream(s),u=new Zn(i);void 0!==e?u.setText(s,B.write(B.literal,a)):u.setBytes(s,B.write(B.literal,a)),void 0!==r&&u.setFilename(r);const h=new cs;h.push(u);const l=new Ao(h);return l.fromStream=c,l}const Do=/*#__PURE__*/F.constructAllowedPackets([is]);class xo{constructor(e,t){if(this.text=F.removeTrailingSpaces(e).replace(/\r?\n/g,"\r\n"),t&&!(t instanceof Os))throw Error("Invalid signature input");this.signature=t||new Os(new cs)}getSigningKeyIDs(){const e=[];return this.signature.packets.forEach((function(t){e.push(t.issuerKeyID)})),e}async sign(e,t=[],r=null,i=[],a=new Date,n=[],s=[],o=[],c=M){const u=new Zn;u.setText(this.text);const h=new Os(await Eo(u,e,t,r,i,a,n,s,o,!0,c));return new xo(this.text,h)}verify(e,t=new Date,r=M){const i=this.signature.packets.filterByTag(B.packet.signature),a=new Zn;return a.setText(this.text),So(i,[a],e,t,!0,r)}getText(){return this.text.replace(/\r\n/g,"\n")}armor(e=M){const t=this.signature.packets.some((e=>6!==e.version)),r={hash:t?Array.from(new Set(this.signature.packets.map((e=>B.read(B.hash,e.hashAlgorithm).toUpperCase())))).join():null,text:this.text,data:this.signature.packets.write()};return Z(B.armor.signed,r,void 0,void 0,void 0,t,e)}}async function Co({cleartextMessage:e,config:t,...r}){if(t={...M,...t},!e)throw Error("readCleartextMessage: must pass options object containing `cleartextMessage`");if(!F.isString(e))throw Error("readCleartextMessage: options.cleartextMessage must be a string");const i=Object.keys(r);if(i.length>0)throw Error("Unknown option: "+i.join(", "));const a=await Y(e);if(a.type!==B.armor.signed)throw Error("No cleartext signed message.");const n=await cs.fromBinary(a.data,Do,t);!function(e,t){const r=function(e){const r=e=>t=>e.hashAlgorithm===t;for(let i=0;i<t.length;i++)if(t[i].constructor.tag===B.packet.signature&&!e.some(r(t[i])))return!1;return!0},i=[];if(e.forEach((e=>{const t=e.match(/^Hash: (.+)$/);if(!t)throw Error('Only "Hash" header allowed in cleartext signed message');{const e=t[1].replace(/\s/g,"").split(",").map((e=>{try{return B.write(B.hash,e.toLowerCase())}catch{throw Error("Unknown hash algorithm in armor header: "+e.toLowerCase())}}));i.push(...e)}})),i.length&&!r(i))throw Error("Hash algorithm mismatch in armor header and signature")}(a.headers,n);const s=new Os(n);return new xo(a.text,s)}async function Io({text:e,...t}){if(!e)throw Error("createCleartextMessage: must pass options object containing `text`");if(!F.isString(e))throw Error("createCleartextMessage: options.text must be a string");const r=Object.keys(t);if(r.length>0)throw Error("Unknown option: "+r.join(", "));return new xo(e)}async function To({userIDs:e=[],passphrase:t,type:r,curve:i,rsaBits:a=4096,symmetricHash:n="sha256",symmetricCipher:s="aes256",keyExpirationTime:o=0,date:c=new Date,subkeys:u=[{}],format:h="armored",config:l,...y}){$o(l={...M,...l}),r||i?(r=r||"ecc",i=i||"curve25519Legacy"):(r=l.v6Keys?"curve25519":"ecc",i="curve25519Legacy"),e=Qo(e);const p=Object.keys(y);if(p.length>0)throw Error("Unknown option: "+p.join(", "));if(0===e.length&&!l.v6Keys)throw Error("UserIDs are required for V4 keys");if("rsa"===r&&a<l.minRSABits)throw Error(`rsaBits should be at least ${l.minRSABits}, got: ${a}`);const d={userIDs:e,passphrase:t,type:r,rsaBits:a,curve:i,keyExpirationTime:o,date:c,subkeys:u,symmetricHash:n,symmetricCipher:s};try{const{key:e,revocationCertificate:t}=await async function(e,t){e.sign=!0,(e=Js(e)).subkeys=e.subkeys.map(((t,r)=>Js(e.subkeys[r],e)));let r=[Hs(e,t)];r=r.concat(e.subkeys.map((e=>qs(e,t))));const i=await Promise.all(r),a=await go(i[0],i.slice(1),e,t),n=await a.getRevocationCertificate(e.date,t);return a.revocationSignatures=[],{key:a,revocationCertificate:n}}(d,l);return e.getKeys().forEach((({keyPacket:e})=>io(e,l))),{privateKey:Zo(e,h,l),publicKey:"symmetric"!==r?Zo(e.toPublic(),h,l):null,revocationCertificate:t}}catch(e){throw F.wrapError("Error generating keypair",e)}}async function Bo({privateKey:e,userIDs:t=[],passphrase:r,keyExpirationTime:i=0,date:a,format:n="armored",config:s,...o}){$o(s={...M,...s}),t=Qo(t);const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(0===t.length&&6!==e.keyPacket.version)throw Error("UserIDs are required for V4 keys");const u={privateKey:e,userIDs:t,passphrase:r,keyExpirationTime:i,date:a};try{const{key:e,revocationCertificate:t}=await async function(e,t){e=o(e);const{privateKey:r}=e;if(!r.isPrivate())throw Error("Cannot reformat a public key");if(r.keyPacket.isDummy())throw Error("Cannot reformat a gnu-dummy primary key");if(!r.getKeys().every((({keyPacket:e})=>e.isDecrypted())))throw Error("Key is not decrypted");const i=r.keyPacket;e.subkeys||(e.subkeys=await Promise.all(r.subkeys.map((async e=>{const r=e.keyPacket,a={key:i,bind:r},n=await Gs(e.bindingSignatures,i,B.signature.subkeyBinding,a,null,t).catch((()=>({})));return{sign:n.keyFlags&&n.keyFlags[0]&B.keyFlags.signData,forwarding:n.keyFlags&&n.keyFlags[0]&B.keyFlags.forwardedCommunication}}))));const a=r.subkeys.map((e=>e.keyPacket));if(e.subkeys.length!==a.length)throw Error("Number of subkey options does not match number of subkeys");e.subkeys=e.subkeys.map((t=>o(t,e)));const n=await go(i,a,e,t),s=await n.getRevocationCertificate(e.date,t);return n.revocationSignatures=[],{key:n,revocationCertificate:s};function o(e,t={}){return e.keyExpirationTime=e.keyExpirationTime||t.keyExpirationTime,e.passphrase=F.isString(e.passphrase)?e.passphrase:t.passphrase,e.date=e.date||t.date,e}}(u,s);return{privateKey:Zo(e,n,s),publicKey:Zo(e.toPublic(),n,s),revocationCertificate:t}}catch(e){throw F.wrapError("Error reformatting keypair",e)}}async function Mo({key:e,revocationCertificate:t,reasonForRevocation:r,date:i=new Date,format:a="armored",config:n,...s}){$o(n={...M,...n});const o=Object.keys(s);if(o.length>0)throw Error("Unknown option: "+o.join(", "));try{const s=t?await e.applyRevocationCertificate(t,i,n):await e.revoke(r,i,n);return s.isPrivate()?{privateKey:Zo(s,a,n),publicKey:Zo(s.toPublic(),a,n)}:{privateKey:null,publicKey:Zo(s,a,n)}}catch(e){throw F.wrapError("Error revoking key",e)}}async function Lo({privateKey:e,passphrase:t,config:r,...i}){$o(r={...M,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot decrypt a public key");const n=e.clone(!0),s=F.isArray(t)?t:[t];try{return await Promise.all(n.getKeys().map((e=>F.anyPromise(s.map((t=>e.keyPacket.decrypt(t,r))))))),await n.validate(r),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error decrypting private key",e)}}async function Fo({privateKey:e,passphrase:t,config:r,...i}){$o(r={...M,...r});const a=Object.keys(i);if(a.length>0)throw Error("Unknown option: "+a.join(", "));if(!e.isPrivate())throw Error("Cannot encrypt a public key");const n=e.clone(!0),s=n.getKeys(),o=F.isArray(t)?t:Array(s.length).fill(t);if(o.length!==s.length)throw Error("Invalid number of passphrases given for key encryption");try{return await Promise.all(s.map((async(e,t)=>{const{keyPacket:i}=e;await i.encrypt(o[t],r),i.clearPrivateParams()}))),n}catch(e){throw n.clearPrivateParams(),F.wrapError("Error encrypting private key",e)}}async function _o({message:e,encryptionKeys:t,signingKeys:r,passwords:i,sessionKey:a,format:n="armored",signature:s=null,wildcard:o=!1,signingKeyIDs:c=[],encryptionKeyIDs:u=[],date:h=new Date,signingUserIDs:l=[],encryptionUserIDs:y=[],signatureNotations:p=[],config:d,...g}){if($o(d={...M,...d}),Ho(e),Vo(n),t=Qo(t),r=Qo(r),i=Qo(i),c=Qo(c),u=Qo(u),l=Qo(l),y=Qo(y),p=Qo(p),g.detached)throw Error("The `detached` option has been removed from openpgp.encrypt, separately call openpgp.sign instead. Don't forget to remove the `privateKeys` option as well.");if(g.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encrypt, pass `encryptionKeys` instead");if(g.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.encrypt, pass `signingKeys` instead");if(void 0!==g.armor)throw Error("The `armor` option has been removed from openpgp.encrypt, pass `format` instead.");const m=Object.keys(g);if(m.length>0)throw Error("Unknown option: "+m.join(", "));r||(r=[]);try{if((r.length||s)&&(e=await e.sign(r,t,s,c,h,l,u,p,d)),e=e.compress(await async function(e=[],t=new Date,r=[],i=M){const a=B.compression.uncompressed,n=i.preferredCompressionAlgorithm,s=await Promise.all(e.map((async function(e,a){const s=(await e.getPrimarySelfSignature(t,r[a],i)).preferredCompressionAlgorithms;return!!s&&s.indexOf(n)>=0})));return s.every(Boolean)?n:a}(t,h,y,d),d),e=await e.encrypt(t,i,a,o,u,h,y,d),"object"===n)return e;const g="armored"===n?e.armor(d):e.write();return await Xo(g)}catch(e){throw F.wrapError("Error encrypting message",e)}}async function No({message:e,decryptionKeys:t,passwords:r,sessionKeys:i,verificationKeys:a,expectSigned:n=!1,format:s="utf8",signature:o=null,date:c=new Date,config:u,...h}){if($o(u={...M,...u}),Ho(e),a=Qo(a),t=Qo(t),r=Qo(r),i=Qo(i),h.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decrypt, pass `decryptionKeys` instead");if(h.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.decrypt, pass `verificationKeys` instead");const l=Object.keys(h);if(l.length>0)throw Error("Unknown option: "+l.join(", "));try{const h=await e.decrypt(t,r,i,c,u);a||(a=[]);const l={};if(l.signatures=o?await h.verifyDetached(o,a,c,u):await h.verify(a,c,u),l.data="binary"===s?h.getLiteralData():h.getText(),l.filename=h.getFilename(),Yo(l,e,...new Set([h,h.unwrapCompressed()])),n){if(0===a.length)throw Error("Verification keys are required to verify message signatures");if(0===l.signatures.length)throw Error("Message is not signed");l.data=g([l.data,x((async()=>(await F.anyPromise(l.signatures.map((e=>e.verified))),"binary"===s?new Uint8Array:"")))])}return l.data=await Xo(l.data),l}catch(e){throw F.wrapError("Error decrypting message",e)}}async function Ro({message:e,signingKeys:t,recipientKeys:r=[],format:i="armored",detached:a=!1,signingKeyIDs:n=[],date:s=new Date,signingUserIDs:o=[],recipientUserIDs:c=[],signatureNotations:u=[],config:h,...l}){if($o(h={...M,...h}),Go(e),Vo(i),t=Qo(t),n=Qo(n),o=Qo(o),r=Qo(r),c=Qo(c),u=Qo(u),l.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.sign, pass `signingKeys` instead");if(void 0!==l.armor)throw Error("The `armor` option has been removed from openpgp.sign, pass `format` instead.");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(e instanceof xo&&"binary"===i)throw Error("Cannot return signed cleartext message in binary format");if(e instanceof xo&&a)throw Error("Cannot detach-sign a cleartext message");if(!t||0===t.length)throw Error("No signing keys provided");try{let l;if(l=a?await e.signDetached(t,r,void 0,n,s,o,c,u,h):await e.sign(t,r,void 0,n,s,o,c,u,h),"object"===i)return l;return l="armored"===i?l.armor(h):l.write(),a&&(l=v(e.packets.write(),(async(e,t)=>{await Promise.all([m(l,t),U(e).catch((()=>{}))])}))),await Xo(l)}catch(e){throw F.wrapError("Error signing message",e)}}async function zo({message:e,verificationKeys:t,expectSigned:r=!1,format:i="utf8",signature:a=null,date:n=new Date,config:s,...o}){if($o(s={...M,...s}),Go(e),t=Qo(t),o.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.verify, pass `verificationKeys` instead");const c=Object.keys(o);if(c.length>0)throw Error("Unknown option: "+c.join(", "));if(e instanceof xo&&"binary"===i)throw Error("Can't return cleartext message data as binary");if(e instanceof xo&&a)throw Error("Can't verify detached cleartext signature");try{const o={};if(o.signatures=a?await e.verifyDetached(a,t,n,s):await e.verify(t,n,s),o.data="binary"===i?e.getLiteralData():e.getText(),e.fromStream&&!a&&Yo(o,...new Set([e,e.unwrapCompressed()])),r){if(0===o.signatures.length)throw Error("Message is not signed");o.data=g([o.data,x((async()=>(await F.anyPromise(o.signatures.map((e=>e.verified))),"binary"===i?new Uint8Array:"")))])}return o.data=await Xo(o.data),o}catch(e){throw F.wrapError("Error verifying signed message",e)}}async function Oo({encryptionKeys:e,date:t=new Date,encryptionUserIDs:r=[],config:i,...a}){if($o(i={...M,...i}),e=Qo(e),r=Qo(r),a.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.generateSessionKey, pass `encryptionKeys` instead");const n=Object.keys(a);if(n.length>0)throw Error("Unknown option: "+n.join(", "));try{return await Ao.generateSessionKey(e,t,r,i)}catch(e){throw F.wrapError("Error generating session key",e)}}async function jo({data:e,algorithm:t,aeadAlgorithm:r,encryptionKeys:i,passwords:a,format:n="armored",wildcard:s=!1,encryptionKeyIDs:o=[],date:c=new Date,encryptionUserIDs:u=[],config:h,...l}){if($o(h={...M,...h}),function(e){if(!F.isUint8Array(e))throw Error("Parameter [data] must be of type Uint8Array")}(e),function(e,t){if(!F.isString(e))throw Error("Parameter ["+t+"] must be of type String")}(t,"algorithm"),Vo(n),i=Qo(i),a=Qo(a),o=Qo(o),u=Qo(u),l.publicKeys)throw Error("The `publicKeys` option has been removed from openpgp.encryptSessionKey, pass `encryptionKeys` instead");const y=Object.keys(l);if(y.length>0)throw Error("Unknown option: "+y.join(", "));if(!(i&&0!==i.length||a&&0!==a.length))throw Error("No encryption keys or passwords provided.");try{return Zo(await Ao.encryptSessionKey(e,t,r,i,a,s,o,c,u,h),n,h)}catch(e){throw F.wrapError("Error encrypting session key",e)}}async function qo({message:e,decryptionKeys:t,passwords:r,date:i=new Date,config:a,...n}){if($o(a={...M,...a}),Ho(e),t=Qo(t),r=Qo(r),n.privateKeys)throw Error("The `privateKeys` option has been removed from openpgp.decryptSessionKeys, pass `decryptionKeys` instead");const s=Object.keys(n);if(s.length>0)throw Error("Unknown option: "+s.join(", "));try{return await e.decryptSessionKeys(t,r,void 0,i,a)}catch(e){throw F.wrapError("Error decrypting session keys",e)}}function Ho(e){if(!(e instanceof Ao))throw Error("Parameter [message] needs to be of type Message")}function Go(e){if(!(e instanceof xo||e instanceof Ao))throw Error("Parameter [message] needs to be of type Message or CleartextMessage")}function Vo(e){if("armored"!==e&&"binary"!==e&&"object"!==e)throw Error("Unsupported format "+e)}const Wo=Object.keys(M).length;function $o(e){const t=Object.keys(e);if(t.length!==Wo)for(const e of t)if(void 0===M[e])throw Error("Unknown config property: "+e)}function Qo(e){return e&&!F.isArray(e)&&(e=[e]),e}async function Xo(e){return"array"===F.isStream(e)?U(e):e}function Yo(e,t,...r){e.data=v(t.packets.stream,(async(t,i)=>{await m(e.data,i,{preventClose:!0});const a=I(i);try{await U(t,(e=>e)),await Promise.all(r.map((e=>U(e.packets.stream,(e=>e))))),await a.close()}catch(e){await a.abort(e)}}))}function Zo(e,t,r){switch(t){case"object":return e;case"armored":return e.armor(r);case"binary":return e.write();default:throw Error("Unsupported format "+t)}}export{As as AEADEncryptedDataPacket,$a as Argon2OutOfMemoryError,Za as Argon2S2K,xo as CleartextMessage,ps as CompressedDataPacket,us as GrammarError,zi as KDFParams,Zn as LiteralDataPacket,Is as MarkerPacket,Ao as Message,ss as OnePassSignaturePacket,cs as PacketList,Rs as PaddingPacket,lo as PrivateKey,ho as PublicKey,Ss as PublicKeyEncryptedSessionKeyPacket,Ds as PublicKeyPacket,Ts as PublicSubkeyPacket,Ms as SecretKeyPacket,_s as SecretSubkeyPacket,Os as Signature,is as SignaturePacket,no as Subkey,ks as SymEncryptedIntegrityProtectedDataPacket,Us as SymEncryptedSessionKeyPacket,Cs as SymmetricallyEncryptedDataPacket,Ns as TrustPacket,ot as UnparseablePacket,Bs as UserAttributePacket,Fs as UserIDPacket,Z as armor,M as config,Io as createCleartextMessage,Uo as createMessage,No as decrypt,Lo as decryptKey,qo as decryptSessionKeys,_o as encrypt,Fo as encryptKey,jo as encryptSessionKey,B as enums,To as generateKey,Oo as generateSessionKey,Co as readCleartextMessage,mo as readKey,wo as readKeys,Po as readMessage,fo as readPrivateKey,bo as readPrivateKeys,js as readSignature,Bo as reformatKey,Mo as revokeKey,Ro as sign,Y as unarmor,zo as verify};
 //# sourceMappingURL=openpgp.min.mjs.map