/**
 * AES-256-GCM encryption for license keys at rest.
 *
 * Format: enc:<iv-hex>:<ciphertext-hex>:<auth-tag-hex>
 * Falls back to plaintext when REVEALUI_LICENSE_ENCRYPTION_KEY is not set.
 *
 * Edge-compatible: uses the Web Crypto API (`crypto.subtle`) exclusively.
 * Safe to import from any runtime (Node, Edge, browser, Workers).
 *
 * Note: AES-GCM via Web Crypto bundles the auth tag onto the ciphertext
 * (last 16 bytes). The on-wire format is kept identical to the previous
 * node:crypto implementation for backward compatibility, so decrypt still
 * accepts `enc:iv:ciphertext:tag` and recombines ciphertext||tag before
 * passing to `crypto.subtle.decrypt`.
 */
/**
 * Encrypt a plaintext license key.
 * Returns `enc:<iv>:<ciphertext>:<tag>` or the original plaintext if no key is configured.
 */
export declare function encryptLicenseKey(plaintext: string): Promise<string>;
/**
 * Decrypt a license key.
 * If the value doesn't start with `enc:`, returns it as-is (plaintext fallback).
 */
export declare function decryptLicenseKey(stored: string): Promise<string>;
/**
 * Check whether a stored license key value is encrypted.
 */
export declare function isEncryptedLicenseKey(value: string): boolean;
//# sourceMappingURL=license-encryption.d.ts.map