@omnituum/pqc-shared 0.2.6

package/dist/decrypt-eSHlbh1j.d.cts

@@ -0,0 +1,321 @@
+/**
+ * Omnituum FS - File Encryption Types
+ *
+ * Type definitions for the .oqe (Omnituum Quantum Encrypted) file format.
+ * Supports two encryption modes:
+ * - Mode A: Hybrid (X25519 + Kyber768) - for identity-based encryption
+ * - Mode B: Password (Argon2id) - for standalone file protection
+ */
+/** Magic bytes: "OQEF" (Omnituum Quantum Encrypted File) */
+declare const OQE_MAGIC: Uint8Array<ArrayBuffer>;
+/** Current format version */
+declare const OQE_FORMAT_VERSION = 1;
+/** Supported encryption modes */
+type OQEMode = 'hybrid' | 'password';
+/** Algorithm suite identifiers */
+declare const ALGORITHM_SUITES: {
+    /** Hybrid: X25519 ECDH + Kyber768 KEM + AES-256-GCM */
+    readonly HYBRID_X25519_KYBER768_AES256GCM: 1;
+    /** Password: Argon2id + AES-256-GCM */
+    readonly PASSWORD_ARGON2ID_AES256GCM: 2;
+};
+type AlgorithmSuiteId = typeof ALGORITHM_SUITES[keyof typeof ALGORITHM_SUITES];
+interface Argon2idParams {
+    /** Memory cost in KiB (default: 65536 = 64MB) */
+    memoryCost: number;
+    /** Time cost / iterations (default: 3) */
+    timeCost: number;
+    /** Parallelism (default: 4) */
+    parallelism: number;
+    /** Output key length in bytes (default: 32 for AES-256) */
+    hashLength: number;
+    /** Salt length in bytes (default: 32) */
+    saltLength: number;
+}
+/** Default Argon2id parameters - OWASP 2024 recommended */
+declare const DEFAULT_ARGON2ID_PARAMS: Argon2idParams;
+/** Minimum Argon2id parameters for low-memory environments */
+declare const MIN_ARGON2ID_PARAMS: Argon2idParams;
+interface OQEMetadata {
+    /** Original filename (encrypted in file) */
+    filename: string;
+    /** Original file size in bytes */
+    originalSize: number;
+    /** Original MIME type (optional) */
+    mimeType?: string;
+    /** Encryption timestamp (ISO 8601) */
+    encryptedAt: string;
+    /** Encryptor identity hash (hybrid mode only) */
+    encryptorIdHash?: string;
+    /** Recipient identity hash (hybrid mode only) */
+    recipientIdHash?: string;
+    /** Custom metadata (optional) */
+    custom?: Record<string, string>;
+}
+/**
+ * OQE Binary Header Layout:
+ *
+ * Offset | Size | Description
+ * -------|------|------------
+ * 0      | 4    | Magic bytes "OQEF"
+ * 4      | 1    | Format version (1)
+ * 5      | 1    | Algorithm suite ID
+ * 6      | 4    | Flags (reserved)
+ * 10     | 4    | Metadata length (encrypted JSON)
+ * 14     | 4    | Key material length
+ * 18     | 12   | AES-GCM IV
+ * 30     | var  | Key material (mode-specific)
+ * ---    | var  | Encrypted metadata (JSON + auth tag)
+ * ---    | var  | Encrypted file content (with auth tag)
+ */
+interface OQEHeader {
+    /** Format version */
+    version: number;
+    /** Algorithm suite ID */
+    algorithmSuite: AlgorithmSuiteId;
+    /** Header flags (reserved for future use) */
+    flags: number;
+    /** Length of encrypted metadata */
+    metadataLength: number;
+    /** Length of key material section */
+    keyMaterialLength: number;
+    /** AES-GCM initialization vector */
+    iv: Uint8Array;
+}
+/** Fixed header size in bytes (before variable-length sections) */
+declare const OQE_HEADER_SIZE = 30;
+/**
+ * Hybrid Mode Key Material:
+ * - X25519 ephemeral public key (32 bytes)
+ * - X25519 wrapped content key (32 + 16 bytes auth tag = 48 bytes)
+ * - X25519 wrap nonce (24 bytes for XSalsa20-Poly1305)
+ * - Kyber KEM ciphertext (~1088 bytes for Kyber768)
+ * - Kyber wrapped content key (48 bytes)
+ * - Kyber wrap nonce (24 bytes)
+ */
+interface HybridKeyMaterial {
+    /** X25519 ephemeral public key */
+    x25519EphemeralPk: Uint8Array;
+    /** X25519 wrapped content key (NaCl secretbox) */
+    x25519WrappedKey: Uint8Array;
+    /** X25519 wrap nonce */
+    x25519Nonce: Uint8Array;
+    /** Kyber KEM ciphertext */
+    kyberCiphertext: Uint8Array;
+    /** Kyber wrapped content key (NaCl secretbox) */
+    kyberWrappedKey: Uint8Array;
+    /** Kyber wrap nonce */
+    kyberNonce: Uint8Array;
+}
+/**
+ * Password Mode Key Material:
+ * - Argon2id salt (32 bytes)
+ * - Argon2id parameters (encoded as 4 bytes each: mem, time, parallelism)
+ */
+interface PasswordKeyMaterial {
+    /** Argon2id salt */
+    salt: Uint8Array;
+    /** Argon2id memory cost in KiB */
+    memoryCost: number;
+    /** Argon2id time cost (iterations) */
+    timeCost: number;
+    /** Argon2id parallelism */
+    parallelism: number;
+}
+/** Options for hybrid mode encryption */
+interface HybridEncryptOptions {
+    mode: 'hybrid';
+    /** Recipient's public keys */
+    recipientPublicKeys: {
+        x25519PubHex: string;
+        kyberPubB64: string;
+    };
+    /** Sender identity (optional, for metadata) */
+    sender?: {
+        id: string;
+        name?: string;
+    };
+}
+/** Options for password mode encryption */
+interface PasswordEncryptOptions {
+    mode: 'password';
+    /** User password */
+    password: string;
+    /** Argon2id parameters (uses defaults if not specified) */
+    argon2Params?: Partial<Argon2idParams>;
+}
+type EncryptOptions = HybridEncryptOptions | PasswordEncryptOptions;
+/** Options for hybrid mode decryption */
+interface HybridDecryptOptions {
+    mode: 'hybrid';
+    /** Recipient's secret keys */
+    recipientSecretKeys: {
+        x25519SecHex: string;
+        kyberSecB64: string;
+    };
+}
+/** Options for password mode decryption */
+interface PasswordDecryptOptions {
+    mode: 'password';
+    /** User password */
+    password: string;
+}
+type DecryptOptions = HybridDecryptOptions | PasswordDecryptOptions;
+interface OQEEncryptResult {
+    /** Complete .oqe file as bytes */
+    data: Uint8Array;
+    /** Suggested filename with .oqe extension */
+    filename: string;
+    /** File metadata (for UI display) */
+    metadata: OQEMetadata;
+    /** Encryption mode used */
+    mode: OQEMode;
+}
+interface OQEDecryptResult {
+    /** Decrypted file content */
+    data: Uint8Array;
+    /** Original filename */
+    filename: string;
+    /** Original MIME type */
+    mimeType?: string;
+    /** Original file size */
+    originalSize: number;
+    /** File metadata */
+    metadata: OQEMetadata;
+    /** Decryption mode used */
+    mode: OQEMode;
+}
+type OQEErrorCode = 'INVALID_MAGIC' | 'UNSUPPORTED_VERSION' | 'UNSUPPORTED_ALGORITHM' | 'INVALID_HEADER' | 'DECRYPTION_FAILED' | 'PASSWORD_WRONG' | 'KEY_UNWRAP_FAILED' | 'INTEGRITY_CHECK_FAILED' | 'KYBER_UNAVAILABLE' | 'ARGON2_UNAVAILABLE' | 'FILE_TOO_LARGE' | 'ENCRYPTION_FAILED';
+declare class OQEError extends Error {
+    code: OQEErrorCode;
+    constructor(code: OQEErrorCode, message: string);
+}
+/** Progress callback for large file operations */
+type ProgressCallback = (progress: {
+    phase: 'reading' | 'encrypting' | 'decrypting' | 'writing';
+    bytesProcessed: number;
+    totalBytes: number;
+    percent: number;
+}) => void;
+/** File input types supported */
+type FileInput = File | Blob | Uint8Array | ArrayBuffer;
+/** Convert any file input to Uint8Array */
+declare function toUint8Array(input: FileInput): Promise<Uint8Array>;
+
+/**
+ * Omnituum FS - File Encryption
+ *
+ * Encrypt files using hybrid post-quantum cryptography or password-based encryption.
+ * Outputs .oqe (Omnituum Quantum Encrypted) files.
+ */
+
+interface EncryptFileInput {
+    /** File data */
+    data: FileInput;
+    /** Original filename */
+    filename: string;
+    /** Optional MIME type */
+    mimeType?: string;
+}
+/**
+ * Encrypt a file using hybrid PQC or password-based encryption.
+ *
+ * @param input - File data and metadata
+ * @param options - Encryption options (hybrid or password mode)
+ * @returns Encrypted .oqe file result
+ *
+ * @example
+ * // Hybrid mode (with identity)
+ * const result = await encryptFile(
+ *   { data: fileBytes, filename: 'secret.pdf' },
+ *   {
+ *     mode: 'hybrid',
+ *     recipientPublicKeys: identity.getPublicKeys(),
+ *   }
+ * );
+ *
+ * @example
+ * // Password mode
+ * const result = await encryptFile(
+ *   { data: fileBytes, filename: 'secret.pdf' },
+ *   {
+ *     mode: 'password',
+ *     password: 'my-secure-password',
+ *   }
+ * );
+ */
+declare function encryptFile(input: EncryptFileInput, options: EncryptOptions): Promise<OQEEncryptResult>;
+/**
+ * Encrypt a file for self (encrypt and decrypt with same identity).
+ * Convenience method for personal file encryption.
+ */
+declare function encryptFileForSelf(input: EncryptFileInput, identity: {
+    id: string;
+    name?: string;
+    x25519PubHex: string;
+    kyberPubB64: string;
+}): Promise<OQEEncryptResult>;
+/**
+ * Quick encrypt with password (simple API).
+ */
+declare function encryptFileWithPassword(input: EncryptFileInput, password: string): Promise<OQEEncryptResult>;
+
+/**
+ * Omnituum FS - File Decryption
+ *
+ * Decrypt .oqe (Omnituum Quantum Encrypted) files using hybrid PQC or password.
+ */
+
+/**
+ * Decrypt an OQE file.
+ *
+ * @param encryptedData - Encrypted .oqe file data
+ * @param options - Decryption options (hybrid or password mode)
+ * @returns Decrypted file result
+ *
+ * @example
+ * // Hybrid mode (with identity)
+ * const result = await decryptFile(oqeData, {
+ *   mode: 'hybrid',
+ *   recipientSecretKeys: identity.getSecretKeys(),
+ * });
+ *
+ * @example
+ * // Password mode
+ * const result = await decryptFile(oqeData, {
+ *   mode: 'password',
+ *   password: 'my-secure-password',
+ * });
+ */
+declare function decryptFile(encryptedData: FileInput, options: DecryptOptions): Promise<OQEDecryptResult>;
+/**
+ * Decrypt a file encrypted for self.
+ * Convenience method for personal file decryption.
+ */
+declare function decryptFileForSelf(encryptedData: FileInput, identity: {
+    x25519SecHex: string;
+    kyberSecB64: string;
+}): Promise<OQEDecryptResult>;
+/**
+ * Quick decrypt with password (simple API).
+ */
+declare function decryptFileWithPassword(encryptedData: FileInput, password: string): Promise<OQEDecryptResult>;
+interface OQEFileInfo {
+    /** Format version */
+    version: number;
+    /** Encryption mode */
+    mode: 'hybrid' | 'password';
+    /** Algorithm name */
+    algorithm: string;
+    /** Can decrypt with Kyber (for hybrid mode) */
+    supportsKyber: boolean;
+    /** File size */
+    fileSize: number;
+}
+/**
+ * Inspect an OQE file without decrypting it.
+ * Useful for determining what credentials are needed.
+ */
+declare function inspectOQEFile(data: FileInput): Promise<OQEFileInfo>;
+
+export { type Argon2idParams as A, type DecryptOptions as D, type EncryptOptions as E, type FileInput as F, type HybridKeyMaterial as H, MIN_ARGON2ID_PARAMS as M, type OQEEncryptResult as O, type PasswordKeyMaterial as P, encryptFileWithPassword as a, decryptFileWithPassword as b, type OQEDecryptResult as c, decryptFile as d, encryptFile as e, type OQEHeader as f, type OQEMetadata as g, type AlgorithmSuiteId as h, DEFAULT_ARGON2ID_PARAMS as i, encryptFileForSelf as j, decryptFileForSelf as k, inspectOQEFile as l, type OQEMode as m, type HybridEncryptOptions as n, type PasswordEncryptOptions as o, type HybridDecryptOptions as p, type PasswordDecryptOptions as q, type OQEErrorCode as r, type ProgressCallback as s, OQEError as t, OQE_MAGIC as u, OQE_FORMAT_VERSION as v, ALGORITHM_SUITES as w, OQE_HEADER_SIZE as x, toUint8Array as y };

package/dist/decrypt-eSHlbh1j.d.ts

@@ -0,0 +1,321 @@
+/**
+ * Omnituum FS - File Encryption Types
+ *
+ * Type definitions for the .oqe (Omnituum Quantum Encrypted) file format.
+ * Supports two encryption modes:
+ * - Mode A: Hybrid (X25519 + Kyber768) - for identity-based encryption
+ * - Mode B: Password (Argon2id) - for standalone file protection
+ */
+/** Magic bytes: "OQEF" (Omnituum Quantum Encrypted File) */
+declare const OQE_MAGIC: Uint8Array<ArrayBuffer>;
+/** Current format version */
+declare const OQE_FORMAT_VERSION = 1;
+/** Supported encryption modes */
+type OQEMode = 'hybrid' | 'password';
+/** Algorithm suite identifiers */
+declare const ALGORITHM_SUITES: {
+    /** Hybrid: X25519 ECDH + Kyber768 KEM + AES-256-GCM */
+    readonly HYBRID_X25519_KYBER768_AES256GCM: 1;
+    /** Password: Argon2id + AES-256-GCM */
+    readonly PASSWORD_ARGON2ID_AES256GCM: 2;
+};
+type AlgorithmSuiteId = typeof ALGORITHM_SUITES[keyof typeof ALGORITHM_SUITES];
+interface Argon2idParams {
+    /** Memory cost in KiB (default: 65536 = 64MB) */
+    memoryCost: number;
+    /** Time cost / iterations (default: 3) */
+    timeCost: number;
+    /** Parallelism (default: 4) */
+    parallelism: number;
+    /** Output key length in bytes (default: 32 for AES-256) */
+    hashLength: number;
+    /** Salt length in bytes (default: 32) */
+    saltLength: number;
+}
+/** Default Argon2id parameters - OWASP 2024 recommended */
+declare const DEFAULT_ARGON2ID_PARAMS: Argon2idParams;
+/** Minimum Argon2id parameters for low-memory environments */
+declare const MIN_ARGON2ID_PARAMS: Argon2idParams;
+interface OQEMetadata {
+    /** Original filename (encrypted in file) */
+    filename: string;
+    /** Original file size in bytes */
+    originalSize: number;
+    /** Original MIME type (optional) */
+    mimeType?: string;
+    /** Encryption timestamp (ISO 8601) */
+    encryptedAt: string;
+    /** Encryptor identity hash (hybrid mode only) */
+    encryptorIdHash?: string;
+    /** Recipient identity hash (hybrid mode only) */
+    recipientIdHash?: string;
+    /** Custom metadata (optional) */
+    custom?: Record<string, string>;
+}
+/**
+ * OQE Binary Header Layout:
+ *
+ * Offset | Size | Description
+ * -------|------|------------
+ * 0      | 4    | Magic bytes "OQEF"
+ * 4      | 1    | Format version (1)
+ * 5      | 1    | Algorithm suite ID
+ * 6      | 4    | Flags (reserved)
+ * 10     | 4    | Metadata length (encrypted JSON)
+ * 14     | 4    | Key material length
+ * 18     | 12   | AES-GCM IV
+ * 30     | var  | Key material (mode-specific)
+ * ---    | var  | Encrypted metadata (JSON + auth tag)
+ * ---    | var  | Encrypted file content (with auth tag)
+ */
+interface OQEHeader {
+    /** Format version */
+    version: number;
+    /** Algorithm suite ID */
+    algorithmSuite: AlgorithmSuiteId;
+    /** Header flags (reserved for future use) */
+    flags: number;
+    /** Length of encrypted metadata */
+    metadataLength: number;
+    /** Length of key material section */
+    keyMaterialLength: number;
+    /** AES-GCM initialization vector */
+    iv: Uint8Array;
+}
+/** Fixed header size in bytes (before variable-length sections) */
+declare const OQE_HEADER_SIZE = 30;
+/**
+ * Hybrid Mode Key Material:
+ * - X25519 ephemeral public key (32 bytes)
+ * - X25519 wrapped content key (32 + 16 bytes auth tag = 48 bytes)
+ * - X25519 wrap nonce (24 bytes for XSalsa20-Poly1305)
+ * - Kyber KEM ciphertext (~1088 bytes for Kyber768)
+ * - Kyber wrapped content key (48 bytes)
+ * - Kyber wrap nonce (24 bytes)
+ */
+interface HybridKeyMaterial {
+    /** X25519 ephemeral public key */
+    x25519EphemeralPk: Uint8Array;
+    /** X25519 wrapped content key (NaCl secretbox) */
+    x25519WrappedKey: Uint8Array;
+    /** X25519 wrap nonce */
+    x25519Nonce: Uint8Array;
+    /** Kyber KEM ciphertext */
+    kyberCiphertext: Uint8Array;
+    /** Kyber wrapped content key (NaCl secretbox) */
+    kyberWrappedKey: Uint8Array;
+    /** Kyber wrap nonce */
+    kyberNonce: Uint8Array;
+}
+/**
+ * Password Mode Key Material:
+ * - Argon2id salt (32 bytes)
+ * - Argon2id parameters (encoded as 4 bytes each: mem, time, parallelism)
+ */
+interface PasswordKeyMaterial {
+    /** Argon2id salt */
+    salt: Uint8Array;
+    /** Argon2id memory cost in KiB */
+    memoryCost: number;
+    /** Argon2id time cost (iterations) */
+    timeCost: number;
+    /** Argon2id parallelism */
+    parallelism: number;
+}
+/** Options for hybrid mode encryption */
+interface HybridEncryptOptions {
+    mode: 'hybrid';
+    /** Recipient's public keys */
+    recipientPublicKeys: {
+        x25519PubHex: string;
+        kyberPubB64: string;
+    };
+    /** Sender identity (optional, for metadata) */
+    sender?: {
+        id: string;
+        name?: string;
+    };
+}
+/** Options for password mode encryption */
+interface PasswordEncryptOptions {
+    mode: 'password';
+    /** User password */
+    password: string;
+    /** Argon2id parameters (uses defaults if not specified) */
+    argon2Params?: Partial<Argon2idParams>;
+}
+type EncryptOptions = HybridEncryptOptions | PasswordEncryptOptions;
+/** Options for hybrid mode decryption */
+interface HybridDecryptOptions {
+    mode: 'hybrid';
+    /** Recipient's secret keys */
+    recipientSecretKeys: {
+        x25519SecHex: string;
+        kyberSecB64: string;
+    };
+}
+/** Options for password mode decryption */
+interface PasswordDecryptOptions {
+    mode: 'password';
+    /** User password */
+    password: string;
+}
+type DecryptOptions = HybridDecryptOptions | PasswordDecryptOptions;
+interface OQEEncryptResult {
+    /** Complete .oqe file as bytes */
+    data: Uint8Array;
+    /** Suggested filename with .oqe extension */
+    filename: string;
+    /** File metadata (for UI display) */
+    metadata: OQEMetadata;
+    /** Encryption mode used */
+    mode: OQEMode;
+}
+interface OQEDecryptResult {
+    /** Decrypted file content */
+    data: Uint8Array;
+    /** Original filename */
+    filename: string;
+    /** Original MIME type */
+    mimeType?: string;
+    /** Original file size */
+    originalSize: number;
+    /** File metadata */
+    metadata: OQEMetadata;
+    /** Decryption mode used */
+    mode: OQEMode;
+}
+type OQEErrorCode = 'INVALID_MAGIC' | 'UNSUPPORTED_VERSION' | 'UNSUPPORTED_ALGORITHM' | 'INVALID_HEADER' | 'DECRYPTION_FAILED' | 'PASSWORD_WRONG' | 'KEY_UNWRAP_FAILED' | 'INTEGRITY_CHECK_FAILED' | 'KYBER_UNAVAILABLE' | 'ARGON2_UNAVAILABLE' | 'FILE_TOO_LARGE' | 'ENCRYPTION_FAILED';
+declare class OQEError extends Error {
+    code: OQEErrorCode;
+    constructor(code: OQEErrorCode, message: string);
+}
+/** Progress callback for large file operations */
+type ProgressCallback = (progress: {
+    phase: 'reading' | 'encrypting' | 'decrypting' | 'writing';
+    bytesProcessed: number;
+    totalBytes: number;
+    percent: number;
+}) => void;
+/** File input types supported */
+type FileInput = File | Blob | Uint8Array | ArrayBuffer;
+/** Convert any file input to Uint8Array */
+declare function toUint8Array(input: FileInput): Promise<Uint8Array>;
+
+/**
+ * Omnituum FS - File Encryption
+ *
+ * Encrypt files using hybrid post-quantum cryptography or password-based encryption.
+ * Outputs .oqe (Omnituum Quantum Encrypted) files.
+ */
+
+interface EncryptFileInput {
+    /** File data */
+    data: FileInput;
+    /** Original filename */
+    filename: string;
+    /** Optional MIME type */
+    mimeType?: string;
+}
+/**
+ * Encrypt a file using hybrid PQC or password-based encryption.
+ *
+ * @param input - File data and metadata
+ * @param options - Encryption options (hybrid or password mode)
+ * @returns Encrypted .oqe file result
+ *
+ * @example
+ * // Hybrid mode (with identity)
+ * const result = await encryptFile(
+ *   { data: fileBytes, filename: 'secret.pdf' },
+ *   {
+ *     mode: 'hybrid',
+ *     recipientPublicKeys: identity.getPublicKeys(),
+ *   }
+ * );
+ *
+ * @example
+ * // Password mode
+ * const result = await encryptFile(
+ *   { data: fileBytes, filename: 'secret.pdf' },
+ *   {
+ *     mode: 'password',
+ *     password: 'my-secure-password',
+ *   }
+ * );
+ */
+declare function encryptFile(input: EncryptFileInput, options: EncryptOptions): Promise<OQEEncryptResult>;
+/**
+ * Encrypt a file for self (encrypt and decrypt with same identity).
+ * Convenience method for personal file encryption.
+ */
+declare function encryptFileForSelf(input: EncryptFileInput, identity: {
+    id: string;
+    name?: string;
+    x25519PubHex: string;
+    kyberPubB64: string;
+}): Promise<OQEEncryptResult>;
+/**
+ * Quick encrypt with password (simple API).
+ */
+declare function encryptFileWithPassword(input: EncryptFileInput, password: string): Promise<OQEEncryptResult>;
+
+/**
+ * Omnituum FS - File Decryption
+ *
+ * Decrypt .oqe (Omnituum Quantum Encrypted) files using hybrid PQC or password.
+ */
+
+/**
+ * Decrypt an OQE file.
+ *
+ * @param encryptedData - Encrypted .oqe file data
+ * @param options - Decryption options (hybrid or password mode)
+ * @returns Decrypted file result
+ *
+ * @example
+ * // Hybrid mode (with identity)
+ * const result = await decryptFile(oqeData, {
+ *   mode: 'hybrid',
+ *   recipientSecretKeys: identity.getSecretKeys(),
+ * });
+ *
+ * @example
+ * // Password mode
+ * const result = await decryptFile(oqeData, {
+ *   mode: 'password',
+ *   password: 'my-secure-password',
+ * });
+ */
+declare function decryptFile(encryptedData: FileInput, options: DecryptOptions): Promise<OQEDecryptResult>;
+/**
+ * Decrypt a file encrypted for self.
+ * Convenience method for personal file decryption.
+ */
+declare function decryptFileForSelf(encryptedData: FileInput, identity: {
+    x25519SecHex: string;
+    kyberSecB64: string;
+}): Promise<OQEDecryptResult>;
+/**
+ * Quick decrypt with password (simple API).
+ */
+declare function decryptFileWithPassword(encryptedData: FileInput, password: string): Promise<OQEDecryptResult>;
+interface OQEFileInfo {
+    /** Format version */
+    version: number;
+    /** Encryption mode */
+    mode: 'hybrid' | 'password';
+    /** Algorithm name */
+    algorithm: string;
+    /** Can decrypt with Kyber (for hybrid mode) */
+    supportsKyber: boolean;
+    /** File size */
+    fileSize: number;
+}
+/**
+ * Inspect an OQE file without decrypting it.
+ * Useful for determining what credentials are needed.
+ */
+declare function inspectOQEFile(data: FileInput): Promise<OQEFileInfo>;
+
+export { type Argon2idParams as A, type DecryptOptions as D, type EncryptOptions as E, type FileInput as F, type HybridKeyMaterial as H, MIN_ARGON2ID_PARAMS as M, type OQEEncryptResult as O, type PasswordKeyMaterial as P, encryptFileWithPassword as a, decryptFileWithPassword as b, type OQEDecryptResult as c, decryptFile as d, encryptFile as e, type OQEHeader as f, type OQEMetadata as g, type AlgorithmSuiteId as h, DEFAULT_ARGON2ID_PARAMS as i, encryptFileForSelf as j, decryptFileForSelf as k, inspectOQEFile as l, type OQEMode as m, type HybridEncryptOptions as n, type PasswordEncryptOptions as o, type HybridDecryptOptions as p, type PasswordDecryptOptions as q, type OQEErrorCode as r, type ProgressCallback as s, OQEError as t, OQE_MAGIC as u, OQE_FORMAT_VERSION as v, ALGORITHM_SUITES as w, OQE_HEADER_SIZE as x, toUint8Array as y };