import { type OutputResult } from '../output.js';
export declare const SIGN_PDF_NAME = "sign_pdf";
export declare const SIGN_PDF_INPUT_SCHEMA: {
    readonly type: "object";
    readonly additionalProperties: false;
    readonly properties: {
        readonly pdfBase64: {
            readonly type: "string";
            readonly description: "Base64-encoded PDF bytes. When the PDF already contains a /Sig placeholder it is signed in place; otherwise the placeholder is auto-injected (set autoInjectPlaceholder=false to opt out).";
            readonly minLength: 4;
        };
        readonly algorithm: {
            readonly type: "string";
            readonly enum: readonly ["rsa-sha256", "ecdsa-sha256"];
            readonly description: "Signature algorithm. ECDSA only supports P-256 in v1.0.0.";
        };
        readonly certDerBase64: {
            readonly type: "string";
            readonly description: "Base64 of the signer X.509 certificate in DER form. Convert from PEM with: openssl x509 -in cert.pem -outform DER | base64 -w0";
            readonly minLength: 4;
        };
        readonly rsaKeyPkcs1DerBase64: {
            readonly type: "string";
            readonly description: "Base64 of the RSA private key in PKCS#1 RSAPrivateKey DER (NOT PKCS#8, NOT PEM). Required when algorithm=rsa-sha256. Convert from PEM with: openssl rsa -in key.pem -outform DER -traditional | base64 -w0  (the -traditional flag forces PKCS#1).";
        };
        readonly ecPrivateScalarHex: {
            readonly type: "string";
            readonly description: "Hex-encoded P-256 private scalar `d` (exactly 64 lowercase or uppercase hex chars, no 0x prefix). Mutually exclusive with ecPrivateKeyDerBase64; either is accepted for ECDSA.";
            readonly pattern: "^[0-9a-fA-F]{64}$";
        };
        readonly ecPrivateKeyDerBase64: {
            readonly type: "string";
            readonly description: "Base64 of an ECDSA P-256 private key in SEC1 (RFC 5915) or PKCS#8 (RFC 5208) DER form. Convert from PEM with: openssl pkey -in key.pem -outform DER | base64 -w0  Mutually exclusive with ecPrivateScalarHex.";
            readonly minLength: 4;
        };
        readonly autoInjectPlaceholder: {
            readonly type: "boolean";
            readonly default: true;
            readonly description: "When true (default) and the input PDF has no /Sig widget, pdfnative.addSignaturePlaceholder is called before signing — enabling single-call signing of any PDF.";
        };
        readonly signerName: {
            readonly type: "string";
            readonly maxLength: 200;
        };
        readonly reason: {
            readonly type: "string";
            readonly maxLength: 500;
        };
        readonly location: {
            readonly type: "string";
            readonly maxLength: 200;
        };
        readonly contactInfo: {
            readonly type: "string";
            readonly maxLength: 200;
        };
        readonly signingTime: {
            readonly type: "string";
            readonly format: "date-time";
            readonly description: "ISO-8601 timestamp. Defaults to now.";
        };
        readonly outputMode: {
            readonly type: "string";
            readonly enum: readonly ["base64", "file"];
            readonly default: "base64";
        };
        readonly outputPath: {
            readonly type: "string";
        };
    };
    readonly required: readonly ["pdfBase64", "algorithm", "certDerBase64"];
};
export declare function signPdf(rawInput: unknown): Promise<OutputResult>;
//# sourceMappingURL=sign-pdf.d.ts.map