/** * Supported HMAC hash algorithms. */ type HmacAlgorithm = 'SHA-256' | 'SHA-384' | 'SHA-512'; /** * Supported AES algorithms. */ type AesAlgorithm = 'AES-GCM' | 'AES-CBC' | 'AES-CTR'; /** * Supported hash algorithms for content integrity. */ type HashAlgorithm = 'SHA-256' | 'SHA-384' | 'SHA-512'; /** * Configuration for HMAC signing operations. */ interface HmacSignerConfig { /** The raw key material (e.g., a secret string encoded as ArrayBuffer) */ keyMaterial: ArrayBuffer | Uint8Array; /** Hash algorithm to use (default: 'SHA-256') */ algorithm?: HmacAlgorithm; } /** * Configuration for AES encryption operations. */ interface AesEncryptorConfig { /** The raw key material */ keyMaterial: ArrayBuffer | Uint8Array; /** AES algorithm to use (default: 'AES-GCM') */ algorithm?: AesAlgorithm; /** Key length in bits (default: 256) */ keyLength?: 128 | 192 | 256; } /** * Result of an AES encryption operation. */ interface EncryptedPayload { /** The encrypted data */ ciphertext: ArrayBuffer; /** The initialization vector used */ iv: Uint8Array; /** The algorithm used */ algorithm: AesAlgorithm; } /** * Interface for HMAC signing and verification. */ interface HmacSigner { /** Sign data and return the signature as ArrayBuffer */ sign(data: string | ArrayBuffer | Uint8Array): Promise; /** Sign data and return the signature as hex string */ signHex(data: string | ArrayBuffer | Uint8Array): Promise; /** Verify a signature against data */ verify(data: string | ArrayBuffer | Uint8Array, signature: ArrayBuffer): Promise; } /** * Interface for AES encryption and decryption. */ interface AesEncryptor { /** Encrypt data */ encrypt(data: string | ArrayBuffer | Uint8Array): Promise; /** Decrypt data */ decrypt(payload: EncryptedPayload): Promise; } /** * Interface for content hashing. */ interface ContentHasher { /** Hash data and return as ArrayBuffer */ hash(data: string | ArrayBuffer | Uint8Array): Promise; /** Hash data and return as hex string */ hashHex(data: string | ArrayBuffer | Uint8Array): Promise; } /** * Creates an HMAC signer using the Web Crypto API. * * Works in both main thread and web workers. * Requires a secure context (HTTPS). * * @example * ```typescript * const signer = await createHmacSigner({ * keyMaterial: new TextEncoder().encode('my-secret-key'), * algorithm: 'SHA-256', * }); * * const signature = await signer.signHex('request-payload'); * const isValid = await signer.verify('request-payload', signatureBuffer); * ``` */ declare function createHmacSigner(config: HmacSignerConfig): Promise; /** * Creates an AES encryptor using the Web Crypto API. * * Works in both main thread and web workers. * Requires a secure context (HTTPS). * * @example * ```typescript * const encryptor = await createAesEncryptor({ * keyMaterial: new TextEncoder().encode('32-byte-secret-key-for-aes-256!'), * algorithm: 'AES-GCM', * }); * * const encrypted = await encryptor.encrypt('sensitive data'); * const decrypted = await encryptor.decrypt(encrypted); * ``` */ declare function createAesEncryptor(config: AesEncryptorConfig): Promise; /** * Creates a content hasher using the Web Crypto API. * * Works in both main thread and web workers. * Useful for content integrity verification (e.g., response body hashing). * * @example * ```typescript * const hasher = createContentHasher('SHA-256'); * const hex = await hasher.hashHex('response-body-content'); * ``` */ declare function createContentHasher(algorithm?: HashAlgorithm): ContentHasher; export { createAesEncryptor, createContentHasher, createHmacSigner }; export type { AesAlgorithm, AesEncryptor, AesEncryptorConfig, ContentHasher, EncryptedPayload, HashAlgorithm, HmacAlgorithm, HmacSigner, HmacSignerConfig };