/** * Options for cryptographic operations */ export interface SigningOptions { /** * Algorithm to use for signing * @default 'HMAC' */ algorithm?: 'HMAC' | 'RSA'; /** * Output encoding format * @default 'hex' */ encoding?: 'hex' | 'base64'; /** * Hash algorithm for HMAC * @default 'SHA-256' */ hash?: 'SHA-256' | 'SHA-384' | 'SHA-512'; } /** * Key validation options */ export interface KeyValidationOptions { /** * Minimum key length in characters * @default 32 */ minLength?: number; /** * Minimum entropy (unique characters) * @default 8 */ minEntropy?: number; /** * Check for weak patterns * @default true */ checkWeakPatterns?: boolean; } /** * Create an HMAC key from a secret string * * @param secret The secret key string * @param options Validation options * @returns A CryptoKey for HMAC operations * @throws Error if the secret doesn't meet security requirements * * @example * ```typescript * const key = await createHmacKey('your-secret-key-at-least-32-chars'); * ``` */ export declare function createHmacKey(secret: string, options?: KeyValidationOptions): Promise; /** * Sign data using HMAC or RSA * * @param key The CryptoKey to use for signing * @param data The data to sign * @param options Signing options * @returns The signature as a hex or base64 string * * @example * ```typescript * const signature = await signData(key, 'data-to-sign'); * ``` */ export declare function signData(key: CryptoKey, data: string, options?: SigningOptions): Promise; /** * Verify a signature using HMAC or RSA * * @param key The CryptoKey to use for verification * @param signature The signature to verify * @param data The original data that was signed * @param options Signing options (must match those used for signing) * @returns True if the signature is valid, false otherwise * * @example * ```typescript * const isValid = await verifySignature(key, signature, 'data-to-sign'); * ``` */ export declare function verifySignature(key: CryptoKey, signature: string, data: string, options?: SigningOptions): Promise; /** * Convert an ArrayBuffer to a hexadecimal string * * @param buffer The buffer to convert * @returns Hex string representation */ export declare function toHex(buffer: ArrayBuffer): string; /** * Convert a hexadecimal string to an ArrayBuffer * * @param hex The hex string to convert * @returns ArrayBuffer representation * @throws Error if the hex string is invalid */ export declare function fromHex(hex: string): ArrayBuffer; /** * Convert an ArrayBuffer to base64 * * @param buffer The buffer to convert * @returns Base64 string */ export declare function bufferToBase64(buffer: ArrayBuffer): string; /** * Convert a base64 string to ArrayBuffer * * @param base64 The base64 string to convert * @returns ArrayBuffer */ export declare function base64ToBuffer(base64: string): ArrayBuffer; /** * Constant-time string comparison to prevent timing attacks * * @param a First string * @param b Second string * @returns True if strings are equal */ export declare function constantTimeCompare(a: string, b: string): boolean; /** * Generate a cryptographically secure random string * * @param length The length of the string to generate * @param charset The character set to use * @returns Random string */ export declare function generateSecureRandomString(length: number, charset?: string): string; /** * Hash data using SHA-256 or other algorithms * * @param data The data to hash * @param algorithm The hash algorithm to use * @returns Hex-encoded hash */ export declare function hashData(data: string, algorithm?: 'SHA-256' | 'SHA-384' | 'SHA-512'): Promise; /** * Create a time-based signature with expiration * * @param key The signing key * @param data The data to sign * @param expiresIn Expiration time in seconds * @returns Signature with timestamp */ export declare function createTimedSignature(key: CryptoKey, data: string, expiresIn?: number): Promise<{ signature: string; expires: number; }>; /** * Verify a time-based signature * * @param key The signing key * @param signature The signature to verify * @param data The original data * @param expires The expiration timestamp * @returns True if valid and not expired */ export declare function verifyTimedSignature(key: CryptoKey, signature: string, data: string, expires: number): Promise;