/** * Minified by jsDelivr using Terser v5.39.0. * Original file: /npm/age-encryption@0.3.0/dist/index.js * * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files */ import{hmac}from"@noble/hashes/hmac.js";import{hkdf}from"@noble/hashes/hkdf.js";import{sha256}from"@noble/hashes/sha2.js";import{randomBytes}from"@noble/hashes/utils.js";import{HybridIdentity,HybridRecipient}from"./recipients.js";import{ScryptIdentity,ScryptRecipient}from"./recipients.js";import{X25519Identity,X25519Recipient}from"./recipients.js";import{TagRecipient,HybridTagRecipient}from"./recipients.js";import{encodeHeader,encodeHeaderNoMAC,parseHeader,Stanza}from"./format.js";import{ciphertextSize,decryptSTREAM,encryptSTREAM,plaintextSize}from"./stream.js";import{readAll,stream,read,readAllString,prepend}from"./io.js";export*as armor from"./armor.js";export*as webauthn from"./webauthn.js";export{Stanza};export{generateIdentity,generateHybridIdentity,generateX25519Identity,identityToRecipient}from"./recipients.js";export class Encrypter{passphrase=null;scryptWorkFactor=18;recipients=[];setPassphrase(e){if(null!==this.passphrase)throw new Error("can encrypt to at most one passphrase");if(0!==this.recipients.length)throw new Error("can't encrypt to both recipients and passphrases");this.passphrase=e}setScryptWorkFactor(e){this.scryptWorkFactor=e}addRecipient(e){if(null!==this.passphrase)throw new Error("can't encrypt to both recipients and passphrases");if("string"==typeof e)if(e.startsWith("age1pq1"))this.recipients.push(new HybridRecipient(e));else if(e.startsWith("age1tag1"))this.recipients.push(new TagRecipient(e));else if(e.startsWith("age1tagpq1"))this.recipients.push(new HybridTagRecipient(e));else{if(!e.startsWith("age1"))throw new Error("unrecognized recipient type");this.recipients.push(new X25519Recipient(e))}else this.recipients.push(e)}async encrypt(e){const t=randomBytes(16),r=[];let i=this.recipients;null!==this.passphrase&&(i=[new ScryptRecipient(this.passphrase,this.scryptWorkFactor)]);for(const e of i)r.push(...await e.wrapFileKey(t));const s=(new TextEncoder).encode("header"),n=hkdf(sha256,t,void 0,s,32),a=hmac(sha256,n,encodeHeaderNoMAC(r)),p=encodeHeader(r,a),o=randomBytes(16),h=(new TextEncoder).encode("payload"),c=hkdf(sha256,t,o,h,32),d=encryptSTREAM(c);return e instanceof ReadableStream?Object.assign(prepend(e.pipeThrough(d),p,o),{size:e=>ciphertextSize(e)+p.length+o.length}):("string"==typeof e&&(e=(new TextEncoder).encode(e)),await readAll(prepend(stream(e).pipeThrough(d),p,o)))}}export class Decrypter{identities=[];addPassphrase(e){this.identities.push(new ScryptIdentity(e))}addIdentity(e){if(isCryptoKey(e))this.identities.push(new X25519Identity(e));else if("string"==typeof e)if(e.startsWith("AGE-SECRET-KEY-1"))this.identities.push(new X25519Identity(e));else{if(!e.startsWith("AGE-SECRET-KEY-PQ-1"))throw new Error("unrecognized identity type");this.identities.push(new HybridIdentity(e))}else this.identities.push(e)}async decrypt(e,t){const r=e instanceof ReadableStream?e:stream(e),{fileKey:i,headerSize:s,rest:n}=await this.decryptHeaderInternal(r),{data:a,rest:p}=await read(n,16),o=(new TextEncoder).encode("payload"),h=hkdf(sha256,i,a,o,32),c=decryptSTREAM(h),d=p.pipeThrough(c),y=Object.assign(d,{size:e=>plaintextSize(e-s-a.length)});return e instanceof ReadableStream?y:"text"===t?await readAllString(d):await readAll(d)}async decryptHeader(e){return(await this.decryptHeaderInternal(stream(e))).fileKey}async decryptHeaderInternal(e){const t=await parseHeader(e),r=await this.unwrapFileKey(t.stanzas);if(null===r)throw Error("no identity matched any of the file's recipients");const i=(new TextEncoder).encode("header"),s=hkdf(sha256,r,void 0,i,32),n=hmac(sha256,s,t.headerNoMAC);if(!compareBytes(t.MAC,n))throw Error("invalid header HMAC");return{fileKey:r,headerSize:t.headerSize,rest:t.rest}}async unwrapFileKey(e){for(const t of this.identities){const r=await t.unwrapFileKey(e);if(null!==r)return r}return null}}function compareBytes(e,t){if(e.length!==t.length)return!1;let r=0;for(let i=0;i