/**
 * @license
 * Copyright 2025 Steven Roussey <sroussey@gmail.com>
 * SPDX-License-Identifier: Apache-2.0
 */
/**
 * Derives a 256-bit AES-GCM key from a passphrase using PBKDF2.
 */
export declare function deriveKey(passphrase: string, salt: Uint8Array): Promise<CryptoKey>;
/**
 * Encrypts plaintext using AES-256-GCM with a random salt and IV.
 * The salt is prepended to the ciphertext bytes and stored in the `encrypted` field
 * so that decryption can reconstruct the same key.
 *
 * @param keyCache - Per-store cache of derived CryptoKey instances keyed by base64(salt).
 */
export declare function encrypt(plaintext: string, passphrase: string, keyCache: Map<string, CryptoKey>): Promise<{
    encrypted: string;
    iv: string;
}>;
/**
 * Decrypts ciphertext encrypted with {@link encrypt}.
 *
 * @param keyCache - Per-store cache of derived CryptoKey instances keyed by base64(salt).
 */
export declare function decrypt(encrypted: string, iv: string, passphrase: string, keyCache: Map<string, CryptoKey>): Promise<string>;
export declare function bufToBase64(buf: Uint8Array): string;
export declare function base64ToBuf(b64: string): Uint8Array;
//# sourceMappingURL=WebCrypto.d.ts.map