/**
 * Low-level primitive from EIP2333, generates key from bytes.
 * KeyGen from https://www.ietf.org/archive/id/draft-irtf-cfrg-bls-signature-05.html#name-keygen
 * @param ikm - secret octet string
 * @param keyInfo - additional key information
 */
export declare function hkdfModR(ikm: Uint8Array, keyInfo?: Uint8Array): Uint8Array;
export declare function deriveMaster(seed: Uint8Array): Uint8Array;
export declare function deriveChild(parentKey: Uint8Array, index: number): Uint8Array;
export declare function deriveSeedTree(seed: Uint8Array, path: string): Uint8Array;
export declare const EIP2334_KEY_TYPES: readonly ["withdrawal", "signing"];
export type EIP2334KeyType = (typeof EIP2334_KEY_TYPES)[number];
export declare function deriveEIP2334Key(seed: Uint8Array, type: EIP2334KeyType, index: number): {
    key: Uint8Array;
    path: string;
};
/**
 * Derives signing key from withdrawal key without access to seed
 * @param withdrawalKey - result of deriveEIP2334Key(seed, 'withdrawal', index)
 * @returns same as deriveEIP2334Key(seed, 'signing', index), but without access to seed
 * @example
 * const signing = bls.deriveEIP2334Key(seed, 'signing', 0);
 * const withdrawal = bls.deriveEIP2334Key(seed, 'withdrawal', 0);
 * const derivedSigning = bls.deriveEIP2334SigningKey(withdrawal.key);
 * deepStrictEqual(derivedSigning, signing.key);
 */
export declare function deriveEIP2334SigningKey(withdrawalKey: Uint8Array, index?: number): Uint8Array;
declare function normalizePassword(s: string): string;
declare const KDFS: {
    scrypt: {
        dklen: number;
        n: number;
        r: number;
        p: number;
    };
    pbkdf2: {
        dklen: number;
        c: number;
        prf: string;
    };
};
type KDFParams<T extends KDFType> = (typeof KDFS)[T];
type KDFType = keyof typeof KDFS;
export type Keystore<T extends KDFType> = {
    version: number;
    description?: string;
    pubkey?: string;
    path: string;
    uuid: string;
    crypto: {
        kdf: {
            function: T;
            params: KDFParams<T> & {
                salt: string;
            };
            message: '';
        };
        checksum: {
            function: 'sha256';
            params: {};
            message: string;
        };
        cipher: {
            function: 'aes-128-ctr';
            params: {
                iv: string;
            };
            message: string;
        };
    };
};
declare function deriveEIP2335Key(password: string, salt: Uint8Array, kdf: KDFType): Uint8Array;
/**
 * Decrypts EIP2335 Keystore
 * NOTE: it validates publicKey if present (which mean you can use it from store if decryption is success)
 * @param store - js object
 * @param password - password
 * @returns decrypted secret and optionally path
 * @example decryptEIP2335Keystore(JSON.parse(keystoreString), 'my_password');
 */
export declare function decryptEIP2335Keystore<T extends KDFType>(store: Keystore<T>, password: string): Uint8Array;
/**
 * Secure PRNG function like 'randomBytes' from '@noble/hashes/utils.js'
 */
export type RandFn = (bytes: number) => Uint8Array;
/**
 * Class for generation multiple keystores with same password
 * @example
 * const ctx = new EIP2335Keystore(password, 'scrypt');
 * const res = [0, 1, 2, 3].map((i) => ctx.createDerivedEIP2334(seed, keyType, i));
 * ctx.clean();
 * console.log(res); // res is array of encrypted keystores with same password
 */
export declare class EIP2335Keystore<T extends KDFType> {
    private destroyed;
    private readonly kdf;
    private readonly randomBytes;
    private readonly key;
    private readonly salt;
    /**
     * Creates context for EIP2335 Keystore generation
     * @param password - password
     * @param kdf - scrypt | pbkdf2
     * @param _random - (optional) secure PRNG function like 'randomBytes' from '@noble/hashes/utils.js'
     */
    constructor(password: string, kdf: T, _random?: RandFn);
    /**
     * Creates keystore in EIP2335 format.
     * @param secret - some secret value to encrypt (usually private keys)
     * @param path - optional derivation path if secret
     * @param description - optional description of secret
     * @param pubkey - optional public key. Required if secret is private key.
     */
    create(secret: Uint8Array, path?: string, // EIP2335 allows storing not derived keys
    description?: string, pubkey?: Uint8Array): Keystore<T>;
    /**
     * Creates keystore for derived private key (based on EIP2334 seed and index)
     * @param seed - EIP2334 seed to derive from
     * @param keyType - EIP2334 key type (withdrawal/signing)
     * @param index - account index
     * @param description - optional keystore description
     */
    createDerivedEIP2334(seed: Uint8Array, keyType: EIP2334KeyType, index: number, description?: string): Keystore<T>;
    /**
     * Clean internal key material
     */
    clean(): void;
}
/**
 * Exports multiple keystore from derived seed
 * @param password - password for file encryption
 * @param kdf - scrypt | pbkdf2
 * @param seed - result of mnemonicToSeed()
 * @param keyType - signing | withdrawal
 * @param indexes - array of account indeces
 * @example
 * createDerivedEIP2334Keystores('my_password', 'scrypt', await mnemonicToSeed(mnemonic, ''), 'signing', [0, 1, 2, 3])
 */
export declare function createDerivedEIP2334Keystores<T extends KDFType>(password: string, kdf: T, seed: Uint8Array, keyType: EIP2334KeyType, indexes: number[]): Keystore<T>[];
export declare const _TEST: {
    normalizePassword: typeof normalizePassword;
    deriveEIP2335Key: typeof deriveEIP2335Key;
};
export {};
//# sourceMappingURL=bls.d.ts.map