/**
 * Represents binary input data that can be processed by AES APIs.
 * When providing a string, it must be base64-encoded.
 */
export type BinaryInput = string | Uint8Array | ArrayBuffer;
/**
 * AES key sizes in bits.
 */
export declare enum AESKeySize {
    /** 128-bit AES key */
    AES128 = 128,
    /** 192-bit AES key. It is unsupported on Web.
     * @platform apple
     * @platform android
     */
    AES192 = 192,
    /** 256-bit AES key */
    AES256 = 256
}
/**
 * Byte length of the GCM authentication tag, is a security parameter.
 * The AES-GCM specification recommends that it should be 16, 15, 14, 13, or 12 bytes,
 * although 8 or 4 bytes may be acceptable in some applications.
 * For additional guidance, see [Appendix C](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf) of the NIST Publication
 * on "Recommendation for Block Cipher Modes of Operation".
 *
 * Default and recommended value is 16. On Apple, the only supported value for encryption is 16.
 */
export type GCMTagByteLength = 16 | 15 | 14 | 13 | 12 | 8 | 4;
/**
 * Configuration for parsing sealed data from combined format.
 */
export interface AESSealedDataConfig {
    /**
     * The length of the initialization vector in bytes.
     * @default 12
     */
    ivLength: number;
    /**
     * The length of the authentication tag in bytes.
     * @default 16
     */
    tagLength: GCMTagByteLength;
}
/**
 * Options for the decryption process.
 */
export interface AESDecryptOptions {
    /**
     * Output format for the decrypted data.
     * @default 'bytes'
     */
    output?: 'bytes' | 'base64';
    /**
     * Additional authenticated data (AAD) for GCM mode.
     * When provided as a string, it must be base64-encoded.
     */
    additionalData?: BinaryInput;
}
/**
 * @hidden
 * Decrypt options that return the result as a `base64` string.
 */
export interface Base64DecryptOptions extends AESDecryptOptions {
    output: 'base64';
}
/**
 * @hidden
 * Decrypt options that return the result as a `Uint8Array`.
 */
export interface ArrayBufferDecryptOptions extends AESDecryptOptions {
    output?: 'bytes';
}
/**
 * Configuration for the nonce (initialization vector) during encryption.
 * Can specify either the byte length of the IV to generate or provide an IV directly.
 */
export type GCMNonceParam = {
    /**
     * Byte length of nonce to be generated.
     * @default 12
     */
    length: number;
} | {
    /**
     * Provided nonce bytes.
     */
    bytes: BinaryInput;
};
/**
 * Options for the encryption process.
 */
export interface AESEncryptOptions {
    /**
     * Parameters for nonce generation.
     * @default { length: 12 }
     */
    nonce?: GCMNonceParam;
    /**
     * The length of the authentication tag in bytes.
     *
     * > **Note:** On Apple, this option is ignored. The tag will always have 16 bytes.
     *
     * @platform android
     * @platform web
     * @default 16
     */
    tagLength?: GCMTagByteLength;
    /**
     * Additional authenticated data (AAD) for GCM mode.
     * When provided as a string, it must be base64-encoded.
     */
    additionalData?: BinaryInput;
}
//# sourceMappingURL=aes.types.d.ts.map