import { VetKey } from "@dfinity/vetkeys";
import { Announcement, AnnouncementInput, DecryptedAnnouncement } from "./types.js";
/**
 * Encryption and decryption helpers for stealth announcements.
 * @remarks
 * - Requires WebCrypto (AES-GCM). In Node.js this uses `node:crypto`'s `webcrypto`.
 * - Announcement payloads use:
 *   - IBE to encrypt the session key (`ibeCiphertext`)
 *   - AES-GCM to encrypt the plaintext (`ciphertext`, `nonce`)
 * - Decryption may throw {@link AnnouncementIgnoredError} for announcements not intended for the given view key.
 */
export interface EncryptPayloadOptions {
    /** Optional IBE identity bytes (defaults to empty). */
    identity?: Uint8Array;
    /** Optional seed bytes used by IBE encryption (defaults to random 32 bytes). */
    seed?: Uint8Array;
    /** Optional RNG for tests (must return the requested length). */
    randomBytes?: (length: number) => Uint8Array;
}
/**
 * Encrypt a plaintext announcement.
 * @param viewPublicKey - Recipient's view public key (vetKD derived public key bytes).
 * @param plaintext - Announcement plaintext bytes or UTF-8 string.
 * @returns Announcement input suitable for {@link StealthCanisterClient.submitAnnouncement}.
 * @throws {@link StealthError} if WebCrypto is unavailable or inputs are invalid.
 */
export declare function encryptAnnouncement(viewPublicKey: Uint8Array, plaintext: Uint8Array | string, options?: EncryptPayloadOptions): Promise<AnnouncementInput>;
/**
 * Encrypt a plaintext announcement and return the session key used.
 * @remarks The returned `sessionKey` is a copy; internal buffers are zeroed when possible.
 */
export declare function encryptAnnouncementWithArtifacts(viewPublicKey: Uint8Array, plaintextInput: Uint8Array | string, options?: EncryptPayloadOptions): Promise<{
    announcement: AnnouncementInput;
    sessionKey: Uint8Array;
}>;
/**
 * Decrypt an announcement using a vetKD view key.
 * @throws {@link AnnouncementIgnoredError} when the announcement cannot be decrypted for this key
 * (vet key mismatch, invalid ciphertext, invalid nonce length, or authentication failure).
 * @throws {@link StealthError} if WebCrypto is unavailable.
 */
export declare function decryptAnnouncement(vetKey: VetKey, announcement: Announcement): Promise<DecryptedAnnouncement>;
/**
 * Attempt to decrypt many announcements, ignoring those not intended for the provided key.
 * @remarks Only {@link AnnouncementIgnoredError} is swallowed; all other errors are rethrown.
 */
export declare function scanAnnouncements(vetKey: VetKey, announcements: Announcement[]): Promise<DecryptedAnnouncement[]>;
//# sourceMappingURL=encryption.d.ts.map