import { type KeyOptions, type PrivateKey, type PublicKey, type PublicKeyInfo } from '@opentdf/sdk/singlecontainer'; /** * Import a PEM public key (SPKI) as an opaque PublicKey. * Only RSA keys are supported in FIPS mode. * * @param pem - PEM-encoded public key (`-----BEGIN PUBLIC KEY-----`) * @param options.usage - `'encrypt'` (RSA-OAEP) or `'sign'` (RS256 verify). Defaults to `'encrypt'`. * @param options.extractable - Defaults to `true`. * @param options.algorithmHint - Skips SPKI parsing when provided. */ export declare function importPublicKey(pem: string, options: KeyOptions): Promise; /** * Import a PEM private key (PKCS#8) as an opaque PrivateKey. * Only RSA keys are supported in FIPS mode. * * @param pem - PEM-encoded private key (`-----BEGIN PRIVATE KEY-----`) * @param options.usage - `'encrypt'` (RSA-OAEP decrypt) or `'sign'` (RS256). Defaults to `'encrypt'`. * @param options.extractable - Defaults to `false`. * @param options.algorithmHint - Algorithm label to attach. Defaults to `'rsa:2048'`. */ export declare function importPrivateKey(pem: string, options: KeyOptions): Promise; /** * Export an opaque public key to PEM (SPKI / `-----BEGIN PUBLIC KEY-----`). * Handles VirtruCrypto's PKCS#1 output for generated keys transparently. */ export declare function exportPublicKeyPem(key: PublicKey): Promise; /** * Export an opaque public key to JWK. * Uses WebCrypto for the JWK conversion after normalizing to SPKI. */ export declare function exportPublicKeyJwk(key: PublicKey): Promise; /** * Export an opaque private key to PEM (PKCS#8 / `-----BEGIN PRIVATE KEY-----`). * * FOR TESTING / DEVELOPMENT ONLY — not included in the CryptoService interface. * Only works for keys that were imported via importPrivateKey (PKCS#8 format). * Generated private keys cannot be exported from the FIPS keystore. */ export declare function exportPrivateKeyPem(key: PrivateKey): Promise; /** * Use the WebCrypto API to parse a PEM public key and extract its algorithm info. */ export declare function parsePublicKeyPem(pem: string): Promise; /** * Use the WebCrypto API to extract the public key PEM from a certificate or PEM string. */ export declare function extractPublicKeyPem(certOrPem: string): Promise; /** * Use the WebCrypto API to convert a JWK public key to PEM format. */ export declare function jwkToPublicKeyPem(jwk: JsonWebKey): Promise;