import type { JweCipher, JweDecryptOptions, JweEncryptOptions, JweHeaderParams } from './header.js'; import type { JweKeyManagementDecryptKey, JweKeyManagementEncryptKey } from './key-management.js'; /** * Parameters required for decrypting a flattened JWE. */ export interface FlattenedJweDecryptParams { /** The flattened JWE. */ jwe: FlattenedJweParams | FlattenedJwe; /** * The decryption key which can be a Key Identifier such as a KMS key URI, a JSON Web Key (JWK), * raw key material represented as a byte array, or an ECDH-ES key agreement input. */ key: JweKeyManagementDecryptKey; /** * Cipher used to decrypt the JWE payload when the Content Encryption Key is referenced by a * Key Identifier (e.g. a KMS URI) rather than provided as a JWK. Required only for * Key Identifier CEKs. */ keyManager?: JweCipher; /** {@inheritDoc JweDecryptOptions} */ options: JweDecryptOptions; } /** * Result of decrypting a flattened JWE, containing the plaintext and related information. */ export interface FlattenedJweDecryptResult { /** JWE Additional Authenticated Data (AAD). */ additionalAuthenticatedData?: Uint8Array; /** Plaintext. */ plaintext: Uint8Array; /** JWE Protected Header. */ protectedHeader?: Partial; /** JWE Shared Unprotected Header. */ sharedUnprotectedHeader?: Partial; /** JWE Per-Recipient Unprotected Header. */ unprotectedHeader?: Partial; } /** * Parameters for encrypting data into a flattened JWE format. */ export interface FlattenedJweEncryptParams extends FlattenedJweDecryptResult { /** * The encryption key which can be a Key Identifier such as a KMS key URI, a JSON Web Key (JWK), * raw key material represented as a byte array, or an ECDH-ES key agreement input. */ key: JweKeyManagementEncryptKey; /** * Cipher used to encrypt the JWE payload when the Content Encryption Key is referenced by a * Key Identifier (e.g. a KMS URI) rather than provided as a JWK. Required only for * Key Identifier CEKs. */ keyManager?: JweCipher; /** {@inheritDoc JweEncryptOptions} */ options?: JweEncryptOptions; } /** * Represents the parameters for a flattened JWE object, typically used in single-recipient * scenarios. */ export interface FlattenedJweParams { /** Base64URL encoded additional authenticated data. */ aad?: string; /** Base64URL encoded ciphertext. */ ciphertext: string; /** Base64URL encoded encrypted key. */ encrypted_key?: string; /** Per-Recipient Unprotected Header parameters. */ header?: Partial; /** Base64URL encoded initialization vector. */ iv?: string; /** Base64URL encoded string of the Protected Header. */ protected?: string; /** Base64URL encoded authentication tag. */ tag?: string; /** Shared Unprotected Header parameters. */ unprotected?: Partial; } /** * The `FlattenedJwe` class handles the encryption and decryption of JSON Web Encryption (JWE) * objects in the flattened serialization format. This format is a compact, URL-safe means of * representing encrypted content, typically used when dealing with a single recipient or when * bandwidth efficiency is important. * * This class provides methods to encrypt plaintext to a flattened JWE and decrypt a flattened JWE * back to plaintext, utilizing a variety of supported cryptographic algorithms as specified in the * JWE header parameters. * * @example * ```ts * // Example usage of encrypt method * const plaintext = new TextEncoder().encode("Secret Message"); * const key = { kty: "oct", k: "your-secret-key" }; // Example symmetric key * const protectedHeader = { alg: "dir", enc: "A256GCM" }; * const encryptedJwe = await FlattenedJwe.encrypt({ * plaintext, * protectedHeader, * key, * }); * ``` * * @example * // Decryption example * const { plaintext, protectedHeader } = await FlattenedJwe.decrypt({ * jwe: yourFlattenedJweObject, * key: yourDecryptionKey, * options: { allowedAlgs: ['dir'], allowedEncs: ['A256GCM'] }, * }); */ export declare class FlattenedJwe { /** Base64URL encoded additional authenticated data. */ aad?: string; /** Base64URL encoded ciphertext. */ ciphertext: string; /** Base64URL encoded encrypted key. */ encrypted_key?: string; /** Per-Recipient Unprotected Header parameters. */ header?: Partial; /** Base64URL encoded initialization vector. */ iv?: string; /** Base64URL encoded string of the Protected Header. */ protected?: string; /** Base64URL encoded authentication tag. */ tag?: string; /** Shared Unprotected Header parameters. */ unprotected?: Partial; constructor(params: FlattenedJweParams); static decrypt({ jwe, key, keyManager, options }: FlattenedJweDecryptParams): Promise; static encrypt({ key, plaintext, additionalAuthenticatedData, protectedHeader, sharedUnprotectedHeader, unprotectedHeader, keyManager, }: FlattenedJweEncryptParams): Promise; } //# sourceMappingURL=flattened.d.ts.map