# PGP Limitations in Node.js/WASM
## Summary
The Node.js/WASM build does not include PGP signing. Proofs generated via the WASM library include all metadata (hashes, device info, timestamps, C2PA) but omit PGP signatures.
## Why
PGP support comes from `sequoia-openpgp`, which depends on `nettle` -- a native C cryptography library. Native C libraries cannot be compiled to WebAssembly, so the `wasm` feature does not include `sequoia-openpgp`.
This is the same reason the Android/iOS (`mobile`) builds also exclude `sequoia-openpgp` -- `nettle` cannot cross-compile for those targets either.
## What Works
The WASM module fully supports:
- Proof generation (without PGP signatures)
- Proof verification (C2PA, EXIF, OpenTimestamps, hash validation)
- File hashing (SHA-256)
- Metadata collection via callbacks
- The `polars` and `c2pa` features
## Possible Future Solutions
- Replace `sequoia-openpgp`/`nettle` with a pure-Rust PGP implementation that compiles to WASM
- Use a JavaScript PGP library (e.g., OpenPGP.js) alongside the WASM module