interface VerifyOptions {
    /** Maximum age of the signed response in seconds. Default: 300 (5 minutes). */
    maxAgeSeconds?: number;
}
/**
 * Verify a timestamp-protected KMS env-encrypt public key signature.
 *
 * Returns the signer's compressed secp256k1 public key on success, or `null`
 * on failure (bad length, expired timestamp, invalid signature).
 */
declare function verifyEnvEncryptPublicKey(publicKey: Uint8Array, signature: Uint8Array, appId: string, timestamp: bigint | number, options?: VerifyOptions): string | null;
/**
 * @deprecated Use {@link verifyEnvEncryptPublicKey} with timestamp. Legacy
 * signatures do not protect against replay attacks.
 */
declare function verifyEnvEncryptPublicKeyLegacy(publicKey: Uint8Array, signature: Uint8Array, appId: string): string | null;

export { type VerifyOptions, verifyEnvEncryptPublicKey, verifyEnvEncryptPublicKeyLegacy };