/** * Wire-format types for JWE General JSON Serialization (RFC 7516 ยง7.2). */ export declare const ALG_ECDH_ES = "ECDH-ES"; export declare const ENC_A256GCM = "A256GCM"; /** * One recipient entry on the sender side. The registered alg handler * for `alg` interprets `publicKey` bytes (raw X25519 for ECDH-ES, * concatenated X25519||ML-KEM for pq-hybrid). */ export interface Recipient { kid: string; publicKey: Uint8Array; alg?: string; } /** * Output of an alg handler's sender-side step. * `encryptedKey` is empty for Direct Key Agreement (ECDH-ES); for * key-wrap algs it carries the per-recipient wrapped CEK. */ export interface KeyAgreementResult { cek: Uint8Array; encryptedKey: Uint8Array; headerExtra: Record; } /** Function signature for an alg handler's sender path. */ export type SenderFn = (args: { recipientPublicKey: Uint8Array; enc: string; apu: Uint8Array; apv: Uint8Array; }) => KeyAgreementResult; /** * Function signature for an alg handler's recipient path. * `recipientHeader` is the per-recipient header (with `epk` for * ECDH-ES, `encryptedKey` injected for key-wrap algs). */ export type RecipientFn = (args: { privateKey: Uint8Array; recipientHeader: Record; enc: string; apu: Uint8Array; apv: Uint8Array; }) => Uint8Array; /** JWE General JSON Serialization wire shape. */ export interface JweGeneralJson { protected: string; unprotected?: Record; recipients: Array<{ header?: Record; encrypted_key?: string; }>; iv: string; ciphertext: string; tag: string; aad?: string; } export declare class JweAlgUnsupportedError extends Error { constructor(message: string); } export declare class JweEncryptError extends Error { constructor(message: string); } export declare class JweDecryptError extends Error { constructor(message: string); } export declare class JweInvalidStructure extends Error { constructor(message: string); } export declare class JweRecipientNotFound extends Error { constructor(message: string); }