/**
 * Sign a value using HMAC-SHA256.
 * @param value - The value to sign
 * @param secret - The secret key
 * @returns The signed value in format "value.signature"
 */
export declare function sign(value: string, secret: string): string;
/**
 * Verify and extract value from a signed string.
 * Uses timing-safe comparison to prevent timing attacks.
 * @param signedValue - The signed value in format "value.signature"
 * @param secrets - Array of secrets to try (for key rotation)
 * @returns The original value if signature is valid, false otherwise
 */
export declare function unsign(signedValue: string, secrets: string[]): string | false;
/**
 * Generate a cryptographically secure random token.
 * Default path uses base64url encoding (fastest). Custom charset uses direct string concat.
 * @param length - The length of the token
 * @param charset - Optional custom character set
 * @returns A random token string
 */
export declare function generateToken(length?: number, charset?: string): string;
/**
 * Generate a cryptographically secure session ID.
 * @returns A 48-character hex string
 */
export declare function generateSessionId(): string;
/**
 * Generate an ETag from file statistics.
 * @param size - File size in bytes
 * @param mtimeMs - File modification time in milliseconds
 * @returns A weak ETag string
 */
export declare function generateETag(size: number, mtimeMs: number): string;
/**
 * Generate a weak ETag from a response body string.
 */
export declare function generateBodyETag(body: string): string;
/**
 * Sign a session ID with "s:" prefix for session cookies.
 * @param sessionId - The session ID to sign
 * @param secret - The secret key
 * @returns The signed value in format "s:sessionId.signature"
 */
export declare function signSessionId(sessionId: string, secret: string): string;
/**
 * Verify and extract session ID from a signed session cookie.
 * @param signedValue - The signed value in format "s:sessionId.signature"
 * @param secret - The secret key
 * @returns The session ID if valid, false otherwise
 */
export declare function unsignSessionId(signedValue: string, secrets: string | string[]): string | false;
/**
 * Compare two strings in constant time to prevent timing attacks.
 * @param a - First string
 * @param b - Second string
 * @returns true if strings are equal, false otherwise
 */
export declare function timingSafeCompare(a: string, b: string): boolean;
//# sourceMappingURL=crypto.d.ts.map