/**
 * Crypto utilities for browser-compatible SDKs.
 *
 * These utilities handle HMAC signing, state parameter protection, and secure
 * token generation for client-side tamper resistance.
 *
 * IMPORTANT SECURITY NOTE:
 * Client-side cryptography provides defense-in-depth but cannot be considered
 * secure against determined attackers. Server-side validation is required for
 * real security.
 */
/**
 * Generate HMAC-SHA256 signature using Web Crypto API
 */
export declare function generateHMAC(data: string, secret: string): Promise<string>;
/**
 * Verify HMAC-SHA256 signature using Web Crypto API
 */
export declare function verifyHMAC(data: string, signature: string, secret: string): Promise<boolean>;
/**
 * Generate a secure random token for client-side use
 */
export declare function generateSecureToken(length?: number): string;
/**
 * Create signed state parameter with timestamp and integrity protection
 */
export declare function createSignedState(payload: unknown, hmacSecret: string): Promise<string>;
/**
 * Verify and parse signed state parameter
 */
export declare function parseSignedState(signedState: string, hmacSecret: string, maxAge?: number, logLabel?: string): Promise<unknown | null>;