import { Buffer } from 'buffer/index.js'; export { Buffer } from 'buffer/index.js'; /** * seal() method options. */ interface SealOptionsSub { /** * The length of the salt (random buffer used to ensure that two identical objects will generate a different encrypted result). Defaults to 256. */ saltBits: number; /** * The algorithm used. Defaults to 'aes-256-cbc' for encryption and 'sha256' for integrity. */ algorithm: 'aes-128-ctr' | 'aes-256-cbc' | 'sha256'; /** * The number of iterations used to derive a key from the password. Defaults to 1. */ iterations: number; /** * Minimum password size. Defaults to 32. */ minPasswordlength: number; } /** * Options for customizing the key derivation algorithm used to generate encryption and integrity verification keys as well as the algorithms and salt sizes used. */ interface SealOptions { /** * Encryption step options. */ encryption: SealOptionsSub; /** * Integrity step options. */ integrity: SealOptionsSub; /** * Sealed object lifetime in milliseconds where 0 means forever. Defaults to 0. */ ttl: number; /** * Number of seconds of permitted clock skew for incoming expirations. Defaults to 60 seconds. */ timestampSkewSec: number; /** * Local clock time offset, expressed in number of milliseconds (positive or negative). Defaults to 0. */ localtimeOffsetMsec: number; } /** * Password secret string or buffer. */ type Password = Buffer | string; /** * generateKey() method options. */ type GenerateKeyOptions = Pick & { saltBits?: number | undefined; salt?: string | undefined; iv?: Buffer | undefined; hmac?: boolean | undefined; }; /** * Generated internal key object. */ interface Key { key: CryptoKey; salt: string; iv: Buffer; } /** * Generated HMAC internal results. */ interface HMacResult { digest: string; salt: string; } declare namespace password { /** * Secret object with optional id. */ interface Secret { id?: string | undefined; secret: Password; } /** * Secret object with optional id and specified password for each encryption and integrity. */ interface Specific { id?: string | undefined; encryption: Password; integrity: Password; } /** * Key-value pairs hash of password id to value. */ type Hash = Record; } type RawPassword = Password | password.Secret | password.Specific; declare const base64urlEncode: (value: Buffer | string) => string; /** * The default encryption and integrity settings. */ declare const defaults: SealOptions; declare const clone: (options: SealOptions) => SealOptions; /** * Configuration of each supported algorithm. */ declare const algorithms: { readonly 'aes-128-ctr': { readonly keyBits: 128; readonly ivBits: 128; readonly name: "AES-CTR"; }; readonly 'aes-256-cbc': { readonly keyBits: 256; readonly ivBits: 128; readonly name: "AES-CBC"; }; readonly sha256: { readonly keyBits: 256; readonly name: "SHA-256"; }; }; /** * MAC normalization format version. */ declare const macFormatVersion = "2"; /** * MAC normalization prefix. */ declare const macPrefix: string; /** * Generate cryptographically strong pseudorandom bits. * @param _crypto Custom WebCrypto implementation * @param bits Number of bits to generate * @returns Buffer */ declare const randomBits: (_crypto: Crypto, bits: number) => Buffer; /** * Generates a key from the password. * @param _crypto Custom WebCrypto implementation * @param password - A password string or buffer key * @param options - Object used to customize the key derivation algorithm * @returns An object with keys: key, salt, iv */ declare const generateKey: (_crypto: Crypto, password: Password, options: GenerateKeyOptions) => Promise; /** * Encrypts data. * @param _crypto Custom WebCrypto implementation * @param password A password string or buffer key * @param options Object used to customize the key derivation algorithm * @param data String to encrypt * @returns An object with keys: encrypted, key */ declare const encrypt: (_crypto: Crypto, password: Password, options: GenerateKeyOptions, data: string) => Promise<{ encrypted: Buffer; key: Key; }>; /** * Decrypts data. * @param _crypto Custom WebCrypto implementation * @param password A password string or buffer key * @param options Object used to customize the key derivation algorithm * @param data Buffer to decrypt * @returns Decrypted string */ declare const decrypt: (_crypto: Crypto, password: Password, options: GenerateKeyOptions, data: Buffer | string) => Promise; /** * Calculates a HMAC digest. * @param _crypto Custom WebCrypto implementation * @param password A password string or buffer * @param options Object used to customize the key derivation algorithm * @param data String to calculate the HMAC over * @returns An object with keys: digest, salt */ declare const hmacWithPassword: (_crypto: Crypto, password: Password, options: GenerateKeyOptions, data: string) => Promise; /** * Serializes, encrypts, and signs objects into an iron protocol string. * @param _crypto Custom WebCrypto implementation * @param object Data being sealed * @param password A string, buffer or object * @param options Object used to customize the key derivation algorithm * @returns Iron sealed string */ declare const seal: (_crypto: Crypto, object: unknown, password: RawPassword, options: SealOptions) => Promise; /** * Verifies, decrypts, and reconstruct an iron protocol string into an object. * @param _crypto Custom WebCrypto implementation * @param sealed The iron protocol string generated with seal() * @param password A string, buffer, or object * @param options Object used to customize the key derivation algorithm * @returns The verified decrypted object (can be null) */ declare const unseal: (_crypto: Crypto, sealed: string, password: Password | password.Hash, options: SealOptions) => Promise; export { GenerateKeyOptions, HMacResult, Key, Password, RawPassword, SealOptions, SealOptionsSub, algorithms, base64urlEncode, clone, decrypt, defaults, encrypt, generateKey, hmacWithPassword, macFormatVersion, macPrefix, password, randomBits, seal, unseal };