/**
 * A wrapper around CryptoKey that uses non-extractable keys for security.
 * Keys are stored as HKDF base keys to enable ratcheting via deriveBits.
 */
export declare class CryptographyKey {
    private key;
    private constructor();
    /**
     * Create a CryptographyKey from raw bytes.
     * The key will be imported as a non-extractable HKDF key.
     */
    static fromBytes(keyMaterial: Uint8Array<ArrayBuffer>): Promise<CryptographyKey>;
    /**
     * Create a CryptographyKey from an existing CryptoKey.
     */
    static fromCryptoKey(key: CryptoKey): CryptographyKey;
    /**
     * Get the underlying CryptoKey object.
     */
    getCryptoKey(): CryptoKey;
    /**
     * Derive bytes from this key using HKDF.
     * Used for encryption key derivation and ratcheting.
     */
    deriveBits(salt: Uint8Array<ArrayBuffer>, info: Uint8Array<ArrayBuffer>, length: number): Promise<Uint8Array<ArrayBuffer>>;
    /**
     * Derive a new CryptographyKey from this key using HKDF.
     * Used for key ratcheting.
     */
    deriveKey(salt: Uint8Array<ArrayBuffer>, info: Uint8Array<ArrayBuffer>): Promise<CryptographyKey>;
    /**
     * Get raw bytes from this key for intermediate operations like concatenation.
     * Uses deriveBits with empty salt/info to extract the key material.
     * This is needed for X3DH handshake where multiple DH secrets are concatenated.
     */
    getBytes(length?: number): Promise<Uint8Array<ArrayBuffer>>;
}
/**
 * Interface for symmetric encryption classes supported by this library.
 */
export interface SymmetricEncryptionInterface {
    encrypt(message: string | Uint8Array, key: CryptographyKey, assocData?: string): Promise<string>;
    decrypt(message: string, key: CryptographyKey, assocData?: string): Promise<string | Uint8Array>;
}
/**
 * Default implementation for SymmetricEncryptionInterface.
 */
export declare class SymmetricCrypto implements SymmetricEncryptionInterface {
    encrypt(message: string | Uint8Array<ArrayBuffer>, key: CryptographyKey, assocData?: string): Promise<string>;
    decrypt(message: string, key: CryptographyKey, assocData?: string): Promise<string | Uint8Array>;
}
export type KeyDerivationFunction = (ikm: Uint8Array<ArrayBuffer>, salt?: Uint8Array<ArrayBuffer>, info?: Uint8Array<ArrayBuffer>) => Promise<Uint8Array<ArrayBuffer>>;
/**
 * Encrypt data using AES-GCM.
 * Provides key commitment.
 *
 * @param {string|Uint8Array} message
 * @param {CryptographyKey} key
 * @param {string|null} assocData
 * @returns {string}
 */
export declare function encryptData(message: string | Uint8Array<ArrayBuffer>, key: CryptographyKey, assocData?: string): Promise<string>;
/**
 * Decrypt data using AES-GCM.
 * Asserts key commitment.
 *
 * @param {string} encrypted
 * @param {CryptographyKey} key
 * @param {string|null} assocData
 * @returns {string|Uint8Array}
 */
export declare function decryptData(encrypted: string, key: CryptographyKey, assocData?: string): Promise<string | Uint8Array>;
/**
 * HKDF implementation using Web Crypto API
 *
 * @param ikm
 * @param salt
 * @param info
 */
export declare function blakeKdf(ikm: Uint8Array<ArrayBuffer>, salt?: Uint8Array<ArrayBuffer> | CryptographyKey, info?: Uint8Array<ArrayBuffer>): Promise<Uint8Array<ArrayBuffer>>;
/**
 * Derive an encryption key and a commitment hash using HKDF.
 *
 * @param {CryptographyKey} key
 * @param {Uint8Array} nonce
 * @returns {{encKeyBytes: Uint8Array, commitment: Uint8Array}}
 */
export declare function deriveKeys(key: CryptographyKey, nonce: Uint8Array<ArrayBuffer>): Promise<{
    encKeyBytes: Uint8Array<ArrayBuffer>;
    commitment: Uint8Array<ArrayBuffer>;
}>;
//# sourceMappingURL=symmetric.d.ts.map