import { type HashAlgorithm } from '@opentdf/sdk/singlecontainer';
type VirtruCryptoAlgorithm = {
    name: string;
    [key: string]: unknown;
};
type VirtruCryptoKeyLike = {
    release: () => void;
    [key: string]: unknown;
};
export type VirtruKeyUsage = 'encrypt' | 'decrypt' | 'sign' | 'verify';
type VirtruCryptoLike = {
    isInitialized?: boolean;
    generateKey: (algorithm: VirtruCryptoAlgorithm, extractable: boolean, usages: readonly VirtruKeyUsage[], internal?: boolean) => Promise<VirtruCryptoKeyLike>;
    digest: (algorithm: VirtruCryptoAlgorithm, data: Uint8Array) => Promise<Uint8Array | ArrayBuffer>;
    encrypt: (algorithm: VirtruCryptoAlgorithm, key: VirtruCryptoKeyLike, data: Uint8Array) => Promise<Uint8Array>;
    decrypt: (algorithm: VirtruCryptoAlgorithm, key: VirtruCryptoKeyLike, data: Uint8Array) => Promise<Uint8Array>;
    sign: (algorithm: VirtruCryptoAlgorithm, key: VirtruCryptoKeyLike, data: Uint8Array) => Promise<Uint8Array>;
    verify: (algorithm: VirtruCryptoAlgorithm, key: VirtruCryptoKeyLike, signature: Uint8Array, data: Uint8Array) => Promise<boolean>;
    importKey: (format: 'raw' | 'spki' | 'pkcs8', keyData: Uint8Array, algorithm: VirtruCryptoAlgorithm, extractable: boolean, usages: readonly VirtruKeyUsage[]) => Promise<VirtruCryptoKeyLike>;
    exportKey: (format: 'raw' | 'spki' | 'pkcs8', key: VirtruCryptoKeyLike) => Promise<Uint8Array>;
};
export declare const getVirtruCrypto: () => Promise<VirtruCryptoLike>;
/**
 * Eagerly initialize FIPS WASM (used by DSP when `useFips: true`).
 * Loaded dynamically so non-FIPS consumers do not require the optional peer.
 */
export declare const initializeFipsCrypto: () => void;
/**
 * Generate random bytes via WebCrypto CSPRNG.
 * fips-crypto-js only exposes fixed-length IV generation.
 *
 * Note: this does not route through the fips-crypto-js WASM boundary.
 * It should not be used when a strict "all cryptographic operations must be
 * performed inside the FIPS module" requirement applies.
 */
export declare function randomBytes(byteLength: number): Promise<Uint8Array>;
/**
 * Compute a hash digest. Only SHA-256 is supported by fips-crypto-js.
 */
export declare function digest(algorithm: HashAlgorithm, data: Uint8Array): Promise<Uint8Array>;
export {};