import { Binary } from '@opentdf/sdk/singlecontainer';
import { type AsymmetricSigningAlgorithm, type ECCurve, type HkdfParams, type KeyPair, type PrivateKey, type PublicKey, type SymmetricKey } from '@opentdf/sdk/singlecontainer';
/**
 * Generate an RSA key pair for encryption/decryption (RSA-OAEP).
 *
 * VirtruCrypto generates a single combined keypair handle. Both the PublicKey
 * and PrivateKey opaque wrappers reference the same VirtruCryptoKey — the
 * handle already carries all necessary usages. No export/re-import needed.
 */
export declare function generateKeyPair(_size?: number): Promise<KeyPair>;
/**
 * Generate an RSA key pair for signing/verification (RSASSA-PKCS1-v1_5).
 */
export declare function generateSigningKeyPair(): Promise<KeyPair>;
/**
 * Encrypt with RSA-OAEP public key.
 * Accepts Binary payload or a SymmetricKey for key-wrapping.
 */
export declare function encryptWithPublicKey(payload: Binary | SymmetricKey, publicKey: PublicKey): Promise<Binary>;
/**
 * Decrypt with RSA-OAEP private key.
 */
export declare function decryptWithPrivateKey(encryptedPayload: Binary, privateKey: PrivateKey): Promise<Binary>;
/**
 * Sign data with an RSA private key (RS256 only).
 * VirtruCrypto requires pre-hashed data, so the data is SHA-256 hashed first.
 */
export declare function sign(data: Uint8Array, privateKey: PrivateKey, algorithm: AsymmetricSigningAlgorithm): Promise<Uint8Array>;
/**
 * Verify an RS256 signature.
 * VirtruCrypto requires pre-hashed data.
 */
export declare function verify(data: Uint8Array, signature: Uint8Array, publicKey: PublicKey, algorithm: AsymmetricSigningAlgorithm): Promise<boolean>;
export declare function generateECKeyPair(_curve?: ECCurve): Promise<KeyPair>;
export declare function deriveKeyFromECDH(_privateKey: PrivateKey, _publicKey: PublicKey, _hkdfParams: HkdfParams): Promise<SymmetricKey>;