/**
 * Runs Argon2id once on creation, then derives per-call AES-256-GCM keys via HKDF.
 * Use when encrypting or decrypting multiple values with the same password.
 *
 * Session envelopes are self-describing and can be decrypted standalone via decryptV2.
 * Call destroy() when done to clear the cached key from memory.
 */
export declare class EncryptionSession {
    private hkdfKey;
    private argon2SaltB64;
    private readonly memorySize;
    private readonly iterations;
    private readonly parallelism;
    /** Use createEncryptionSession() instead of calling this directly. */
    constructor(hkdfKey: CryptoKey, argon2SaltB64: string, params: {
        memorySize: number;
        iterations: number;
        parallelism: number;
    });
    encrypt(plaintext: string, adata?: string): Promise<string>;
    decrypt(ciphertext: string): Promise<string>;
    destroy(): void;
    private getKeyOrThrow;
    private getSaltOrThrow;
    private buildEnvelope;
}
/** Create an EncryptionSession. Runs Argon2id once; all subsequent calls derive keys via HKDF. */
export declare function createEncryptionSession(password: string, options?: {
    memorySize?: number;
    iterations?: number;
    parallelism?: number;
    salt?: Uint8Array;
}): Promise<EncryptionSession>;
//# sourceMappingURL=encryptionSession.d.ts.map