import { Proof } from "./proof.js";
import { KeysPayload } from "./types.js";
import { TokenParams, TokenVerifyOptions } from "../jwt/types.js";
/**
 * Login keys token -- able to sign login claims for the user
 *  - represents a user's login, signed by the user's passport
 *  - contains an ephemeral login keypair, used for signing claims on behalf of the user
 *  - you may save this token into your app's local storage, to maintain the user's login
 *  - NEVER distribute these login keys anywhere offsite
 *  	- don't even send these login keys to your own services
 *  	- instead, you can distribute the login proof token, available as `loginKeys.proof.token`
 *    - another good idea is to use the login to sign claim tokens via `login.signClaimToken(~)`
 *    - you can put any information into the claim token that you like
 *    - you can send a `claimToken` along with a `proofToken` and your services can verify them with `Claim.verify(~)`
 */
export declare class Keys {
    readonly proof: Proof;
    readonly token: string;
    readonly payload: KeysPayload;
    constructor(proof: Proof, token: string, payload: KeysPayload);
    get name(): string;
    get thumbprint(): string;
    get expiresAt(): number;
    isExpired(): boolean;
    static decode(token: string): import("../jwt/types.js").WebToken<KeysPayload>;
    static verify(proof: Proof, keysToken: string, options?: TokenVerifyOptions): Promise<Keys>;
    signClaimToken<D>({ data, ...requirements }: {
        data: D;
    } & TokenParams): Promise<string>;
}