/** Encrypted payload state, used when restoring an encrypted wallet from serialized data. */
export interface EncryptedState {
    ciphertext: Uint8Array;
    iv: Uint8Array;
    salt: Uint8Array;
    /** Callback to prompt the user for the password. Return `null` to cancel. */
    askForPassword: () => Promise<string | null>;
}
/**
 * Base class for encryptable secret data ({@link Phrase}, {@link Seed}, {@link Xpriv}, {@link PrivateKey}).
 *
 * Supports password-based encryption, temporary decryption via {@link withDecrypted},
 * and memory cleanup via {@link zeroize}.
 */
export declare abstract class Secret {
    private _data;
    private encryption;
    /** @internal */
    constructor(dataOrEncrypted: Uint8Array | EncryptedState);
    /** @internal */
    protected static resolveInput(source: string | Uint8Array | EncryptedState, fromString: (s: string) => Uint8Array): Uint8Array | EncryptedState;
    /** @internal */
    protected get data(): Uint8Array;
    /** Zeros out the secret data in memory. Call when you no longer need this secret. */
    zeroize(): void;
    /** Whether this secret is currently encrypted. */
    get encrypted(): boolean;
    /**
     * Returns the encrypted data as hex strings, for serialization.
     *
     * @throws {@link NotEncryptedError} if not encrypted.
     */
    getEncryptedExport(): {
        ciphertext: string;
        iv: string;
        salt: string;
    };
    /**
     * Encrypts this secret with a password. The plaintext is zeroed after encryption.
     *
     * @param password - The encryption password.
     * @param askForPassword - Callback for future decryption prompts.
     * @throws {@link AlreadyEncryptedError} if already encrypted.
     */
    encrypt(password: string, askForPassword: () => Promise<string | null>): Promise<void>;
    /**
     * Temporarily decrypts the secret, runs `fn`, then re-encrypts automatically.
     *
     * If not encrypted, `fn` runs immediately. If a wrong password is entered,
     * the user is prompted again until correct or cancelled.
     *
     * @param fn - Callback with access to the decrypted data.
     * @throws {@link DecryptionCancelledError} if the user cancels the password prompt.
     *
     * @example
     * ```ts
     * const hex = await secret.withDecrypted(() => secret.hex);
     * ```
     */
    withDecrypted<R>(fn: () => R): Promise<R>;
}