import { type ByteLike } from "./byte-like.js"; import { Cipher } from "./cipher.js"; import { Matter, type MatterInit } from "./matter.js"; import { type CipherHydratable } from "./primitive.js"; /** * Supported constructor inputs for one public-key encrypter. * * Accepted forms mirror KERIpy's two mental models: * - provide already-qualified X25519 public box material directly * - provide an Ed25519 verifier key through `verkey` and derive the matching * X25519 public box key during construction */ export interface EncrypterInit extends Omit { raw?: Uint8Array | ArrayBufferView; qb64b?: Uint8Array | ArrayBufferView; qb64?: ByteLike; qb2?: Uint8Array | ArrayBufferView; code?: string; verkey?: ByteLike; } /** * Plaintext inputs accepted by `Encrypter.encrypt(...)`. * * Precedence follows KERIpy: * - explicit raw serialization through `ser` * - otherwise one CESR primitive through `prim` * - optional `code` names the plaintext family the resulting `Cipher` should * preserve for later decryption/hydration */ export interface EncrypterEncryptOptions { ser?: ByteLike; prim?: CipherHydratable; code?: string; } /** * Public-key encryption primitive for asymmetric envelope encryption. * * KERIpy substance: `Encrypter` owns the public X25519 material and can derive * it from Ed25519 verifier keys used by non-transferable/basic AIDs. */ export declare class Encrypter extends Matter { /** * Construct one X25519 public-key encrypter. * * Default code remains the KERIpy public-box family `MtrDex.X25519`. */ constructor(init: Matter | EncrypterInit); /** * Confirm whether the supplied Ed25519 seed maps to this X25519 public key. * * Boundary contract: * - only Ed25519 signer seeds are accepted here * - the check proves that the seed belongs to the AEID/verkey that was used * to derive this encrypter's public box key */ verifySeed(seed: ByteLike): boolean; /** * Encrypt raw or primitive plaintext into one CESR `Cipher`. * * KERIpy parity: * - `ser` wins when supplied * - otherwise one primitive is required * - omitted `code` defaults to stream-family `L0` only for raw `ser` input * * Plaintext-family rules: * - `Salter` and `Signer` may infer fixed qb64 cipher families when `code` * is omitted * - other primitives require an explicit family so decrypt-time hydration * knows whether the plaintext was stored as qb64, qb2, or a sniffable * stream */ encrypt({ ser, prim, code }?: EncrypterEncryptOptions): Cipher; } //# sourceMappingURL=encrypter.d.ts.map