@onekeyfe/react-native-bundle-update 1.1.21

package/ios/Frameworks/Gopenpgp.xcframework/ios-arm64_x86_64-simulator/Gopenpgp.framework/Headers/Crypto.objc.h

@@ -0,0 +1,1963 @@
+// Objective-C API for talking to github.com/ProtonMail/gopenpgp/v3/crypto Go package.
+//   gobind -lang=objc github.com/ProtonMail/gopenpgp/v3/crypto
+//
+// File is generated by gobind. Do not edit.
+
+#ifndef __Crypto_H__
+#define __Crypto_H__
+
+@import Foundation;
+#include "ref.h"
+#include "Universe.objc.h"
+
+#include "Profile.objc.h"
+#include "Constants.objc.h"
+#include "Armor.objc.h"
+
+@class CryptoDecryptionHandleBuilder;
+@class CryptoEncryptionHandleBuilder;
+@class CryptoIdentity;
+@class CryptoKey;
+@class CryptoKeyGenerationBuilder;
+@class CryptoKeyRing;
+@class CryptoLiteralMetadata;
+@class CryptoPGPHandle;
+@class CryptoPGPMessage;
+@class CryptoPGPMessageBuffer;
+@class CryptoSessionKey;
+@class CryptoSignHandleBuilder;
+@class CryptoSignatureVerificationError;
+@class CryptoSigningContext;
+@class CryptoVerificationContext;
+@class CryptoVerifiedDataResult;
+@class CryptoVerifiedSignature;
+@class CryptoVerifyCleartextResult;
+@class CryptoVerifyDataReader;
+@class CryptoVerifyHandleBuilder;
+@class CryptoVerifyResult;
+@protocol CryptoEncryptionProfile;
+@class CryptoEncryptionProfile;
+@protocol CryptoKeyEncryptionProfile;
+@class CryptoKeyEncryptionProfile;
+@protocol CryptoKeyGenerationProfile;
+@class CryptoKeyGenerationProfile;
+@protocol CryptoPGPDecryption;
+@class CryptoPGPDecryption;
+@protocol CryptoPGPEncryption;
+@class CryptoPGPEncryption;
+@protocol CryptoPGPKeyGeneration;
+@class CryptoPGPKeyGeneration;
+@protocol CryptoPGPSign;
+@class CryptoPGPSign;
+@protocol CryptoPGPSplitReader;
+@class CryptoPGPSplitReader;
+@protocol CryptoPGPSplitWriter;
+@class CryptoPGPSplitWriter;
+@protocol CryptoPGPVerify;
+@class CryptoPGPVerify;
+@protocol CryptoReader;
+@class CryptoReader;
+@protocol CryptoSignProfile;
+@class CryptoSignProfile;
+@protocol CryptoWriteCloser;
+@class CryptoWriteCloser;
+@protocol CryptoWriter;
+@class CryptoWriter;
+
+@protocol CryptoEncryptionProfile <NSObject>
+// skipped method EncryptionProfile.CompressionConfig with unsupported parameter or return types
+
+// skipped method EncryptionProfile.EncryptionConfig with unsupported parameter or return types
+
+@end
+
+@protocol CryptoKeyEncryptionProfile <NSObject>
+// skipped method KeyEncryptionProfile.KeyEncryptionConfig with unsupported parameter or return types
+
+@end
+
+@protocol CryptoKeyGenerationProfile <NSObject>
+// skipped method KeyGenerationProfile.KeyGenerationConfig with unsupported parameter or return types
+
+@end
+
+@protocol CryptoPGPDecryption <NSObject>
+/**
+ * ClearPrivateParams clears all private key material contained in EncryptionHandle from memory.
+ */
+- (void)clearPrivateParams;
+/**
+ * Decrypt decrypts an encrypted pgp message.
+Returns a VerifiedDataResult, which can be queried for potential signature verification errors,
+and the plaintext data. Note that on a signature error, the method does not return an error.
+Instead, the signature error is stored within the VerifiedDataResult.
+The encoding indicates if the input message should be unarmored or not, i.e., Bytes/Armor/Auto
+where Auto tries to detect automatically.
+ */
+- (CryptoVerifiedDataResult* _Nullable)decrypt:(NSData* _Nullable)pgpMessage encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * DecryptDetached provides the same functionality as Decrypt but allows
+to supply an encrypted detached signature that should be decrypted and verified
+against the data in the pgp message. If encDetachedSignature is nil, the behavior is similar
+to Decrypt. The encoding indicates if the input message should be unarmored or not,
+i.e., Bytes/Armor/Auto where Auto tries to detect automatically.
+ */
+- (CryptoVerifiedDataResult* _Nullable)decryptDetached:(NSData* _Nullable)pgpMessage encDetachedSignature:(NSData* _Nullable)encDetachedSignature encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * DecryptSessionKey decrypts an encrypted session key.
+To decrypt a session key, the decryption handle must contain either a decryption key or a password.
+ */
+- (CryptoSessionKey* _Nullable)decryptSessionKey:(NSData* _Nullable)keyPackets error:(NSError* _Nullable* _Nullable)error;
+/**
+ * DecryptingReader returns a wrapper around underlying encryptedMessage Reader,
+such that any read-operation via the wrapper results in a read from the decrypted pgp message.
+The returned VerifyDataReader has to be fully read before any potential signatures can be verified.
+Either read the message fully end then call VerifySignature or use the helper method ReadAllAndVerifySignature.
+The encoding indicates if the input message should be unarmored or not, i.e., Bytes/Armor/Auto
+where Auto tries to detect automatically.
+If encryptedMessage is of type PGPSplitReader, the method tries to verify an encrypted detached signature
+that is read from the separate reader.
+ */
+- (CryptoVerifyDataReader* _Nullable)decryptingReader:(id<CryptoReader> _Nullable)encryptedMessage encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@protocol CryptoPGPEncryption <NSObject>
+/**
+ * ClearPrivateParams clears all private key material contained in EncryptionHandle from memory.
+ */
+- (void)clearPrivateParams;
+/**
+ * Encrypt encrypts a plaintext message.
+ */
+- (CryptoPGPMessage* _Nullable)encrypt:(NSData* _Nullable)message error:(NSError* _Nullable* _Nullable)error;
+/**
+ * EncryptSessionKey encrypts a session key with the encryption handle.
+To encrypt a session key, the handle must contain either recipients or a password.
+ */
+- (NSData* _Nullable)encryptSessionKey:(CryptoSessionKey* _Nullable)sessionKey error:(NSError* _Nullable* _Nullable)error;
+/**
+ * EncryptingWriter returns a wrapper around underlying output Writer,
+such that any write-operation via the wrapper results in a write to an encrypted pgp message.
+If the output Writer is of type PGPSplitWriter, the output can be split to multiple writers
+for different parts of the message. For example to write key packets and encrypted data packets
+to different writers or to write a detached signature separately.
+The encoding argument defines the output encoding, i.e., Bytes or Armored
+The returned pgp message WriteCloser must be closed after the plaintext has been written.
+ */
+- (id<CryptoWriteCloser> _Nullable)encryptingWriter:(id<CryptoWriter> _Nullable)output encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * GenerateSessionKey generates a random session key for the given encryption handle
+considering the algorithm preferences of the recipient keys.
+ */
+- (CryptoSessionKey* _Nullable)generateSessionKey:(NSError* _Nullable* _Nullable)error;
+@end
+
+@protocol CryptoPGPKeyGeneration <NSObject>
+/**
+ * GenerateKey generates a pgp key with the standard security level.
+ */
+- (CryptoKey* _Nullable)generateKey:(NSError* _Nullable* _Nullable)error;
+/**
+ * GenerateKeyWithSecurity generates a pgp key with the given security level.
+The argument security allows to set the security level, either standard or high.
+ */
+- (CryptoKey* _Nullable)generateKeyWithSecurity:(int8_t)securityLevel error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@protocol CryptoPGPSign <NSObject>
+/**
+ * ClearPrivateParams clears all secret key material contained in the PGPSign from memory.
+ */
+- (void)clearPrivateParams;
+/**
+ * Sign creates a detached or inline signature from the provided byte slice.
+The encoding argument defines the output encoding, i.e., Bytes or Armored
+ */
+- (NSData* _Nullable)sign:(NSData* _Nullable)message encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * SignCleartext produces an armored cleartext message according to the specification.
+Returns an armored message even if the PGPSign is not configured for armored output.
+ */
+- (NSData* _Nullable)signCleartext:(NSData* _Nullable)message error:(NSError* _Nullable* _Nullable)error;
+/**
+ * SigningWriter returns a wrapper around underlying output Writer,
+such that any write-operation via the wrapper results in a write to a detached or inline signature message.
+The encoding argument defines the output encoding, i.e., Bytes or Armored
+Once close is called on the returned WriteCloser the final signature is written to the output.
+Thus, the returned WriteCloser must be closed after the plaintext has been written.
+ */
+- (id<CryptoWriteCloser> _Nullable)signingWriter:(id<CryptoWriter> _Nullable)output encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@protocol CryptoPGPSplitReader <NSObject>
+- (BOOL)read:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+- (id<CryptoReader> _Nullable)signature;
+@end
+
+@protocol CryptoPGPSplitWriter <NSObject>
+/**
+ * Keys returns the Writer to which the key packets are written to.
+ */
+- (id<CryptoWriter> _Nullable)keys;
+/**
+ * Signature returns the Writer to which an encrypted detached signature is written to.
+ */
+- (id<CryptoWriter> _Nullable)signature;
+- (BOOL)write:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@protocol CryptoPGPVerify <NSObject>
+/**
+ * VerifyCleartext verifies an armored cleartext message
+and returns a VerifyCleartextResult. The VerifyCleartextResult can be checked for failure
+and allows access the contained message
+Note that an error is only returned if it is not a signature error.
+ */
+- (CryptoVerifyCleartextResult* _Nullable)verifyCleartext:(NSData* _Nullable)cleartext error:(NSError* _Nullable* _Nullable)error;
+/**
+ * VerifyDetached verifies a detached signature pgp message
+and returns a VerifyResult. The VerifyResult can be checked for failure
+and allows access to information about the signatures.
+Note that an error is only returned if it is not a signature error.
+The encoding indicates if the input signature message should be unarmored or not,
+i.e., Bytes/Armor/Auto where Auto tries to detect it automatically.
+ */
+- (CryptoVerifyResult* _Nullable)verifyDetached:(NSData* _Nullable)data signature:(NSData* _Nullable)signature encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * VerifyInline verifies an inline signed pgp message
+and returns a VerifiedDataResult. The VerifiedDataResult can be checked for failure,
+allows access to information about the signatures, and includes the plain message.
+Note that an error is only returned if it is not a signature error.
+The encoding indicates if the input message should be unarmored or not, i.e., Bytes/Armor/Auto
+where Auto tries to detect it automatically.
+ */
+- (CryptoVerifiedDataResult* _Nullable)verifyInline:(NSData* _Nullable)message encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * VerifyingReader wraps a reader with a signature verify reader.
+Once all data is read from the returned verify reader, the signature can be verified
+with (VerifyDataReader).VerifySignature().
+Note that an error is only returned if it is not a signature error.
+The encoding indicates if the input signature message should be unarmored or not,
+i.e., Bytes/Armor/Auto where Auto tries to detect it automatically.
+If detachedData is nil, signatureMessage is treated as an inline signature message.
+Thus, it is expected that signatureMessage contains the data to be verified.
+If detachedData is not nil, signatureMessage must contain a detached signature,
+which is verified against the detachedData.
+ */
+- (CryptoVerifyDataReader* _Nullable)verifyingReader:(id<CryptoReader> _Nullable)detachedData signatureMessage:(id<CryptoReader> _Nullable)signatureMessage encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@protocol CryptoReader <NSObject>
+- (BOOL)read:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@protocol CryptoSignProfile <NSObject>
+// skipped method SignProfile.SignConfig with unsupported parameter or return types
+
+@end
+
+@protocol CryptoWriteCloser <NSObject>
+- (BOOL)close:(NSError* _Nullable* _Nullable)error;
+- (BOOL)write:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@protocol CryptoWriter <NSObject>
+- (BOOL)write:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * DecryptionHandleBuilder allows to configure a decryption handle
+to decrypt a pgp message.
+ */
+@interface CryptoDecryptionHandleBuilder : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+- (CryptoDecryptionHandleBuilder* _Nullable)decryptionKey:(CryptoKey* _Nullable)decryptionKey;
+/**
+ * DecryptionKeys sets the secret keys for decrypting the pgp message.
+Assumes that the message was encrypted towards one of the secret keys.
+Triggers the hybrid decryption mode.
+If not set, set another field for the type of decryption: SessionKey or Password.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)decryptionKeys:(CryptoKeyRing* _Nullable)decryptionKeyRing;
+/**
+ * DisableAutomaticTextSanitize indicates that automatic text sanitization should be disabled.
+If not disabled, the output will be sanitized if a text signature is present.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)disableAutomaticTextSanitize;
+/**
+ * DisableIntendedRecipients indicates if the signature verification should not check if
+the decryption key matches the intended recipients of the message.
+If disabled, the decryption methods throw no error in a non-matching case.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)disableIntendedRecipients;
+/**
+ * DisableStrictMessageParsing disables the check that decryption inputs conform
+to the OpenPGP Message grammar.
+If set, the decryption methods return no error if the message does not conform to the
+OpenPGP message grammar.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)disableStrictMessageParsing;
+/**
+ * DisableVerifyTimeCheck disables the check for comparing the signature creation time
+against the verification time.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)disableVerifyTimeCheck;
+- (BOOL)error:(NSError* _Nullable* _Nullable)error;
+/**
+ * InsecureAllowDecryptionWithSigningKeys enables decryption of messages using keys
+that are designated solely as signing keys.
+While using the same key for both encryption and signing is discouraged
+due to reduced security, this flag is useful for decrypting legacy messages.
+This is because some older libraries did not respect key flags when
+selecting a key for encryption.
+SECURITY HAZARD: Use with care.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)insecureAllowDecryptionWithSigningKeys;
+/**
+ * InsecureDisableUnauthenticatedMessagesCheck enables to read
+encrypted messages without Modification Detection Code (MDC).
+MDC is mandated by the latest standard and has long been implemented
+in most OpenPGP implementations. Messages without MDC are considered unnecessarily
+insecure and should be prevented whenever possible.
+In case one needs to deal with messages from very old OpenPGP implementations, there
+might be no other way than to tolerate the missing MDC. Setting this flag, allows this
+mode of operation. It should be considered a measure of last resort.
+SECURITY HAZARD: Use with care.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)insecureDisableUnauthenticatedMessagesCheck;
+/**
+ * MaxDecompressedMessageSize defines the maximum number of bytes allowed for a message
+after decompression. An error is thrown if the decompressed data exceeds this limit.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)maxDecompressedMessageSize:(int64_t)size;
+/**
+ * New creates a DecryptionHandle and checks that the given
+combination of parameters is valid. If one of the parameters are invalid
+the latest error is returned.
+ */
+- (id<CryptoPGPDecryption> _Nullable)new:(NSError* _Nullable* _Nullable)error;
+/**
+ * Password sets a password that is used to derive a key to decrypt the pgp message.
+Assumes that the message was encrypted with a key derived from the password.
+Triggers the password decryption mode.
+If not set, set another field for the type of decryption: DecryptionKeys or SessionKey.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)password:(NSData* _Nullable)password;
+// skipped method DecryptionHandleBuilder.Passwords with unsupported parameter or return types
+
+/**
+ * PlainDetachedSignature indicates that the detached signature to verify is not decrypted
+and can be verified as is.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)plainDetachedSignature;
+/**
+ * RetrieveSessionKey sets the flag to indicate if the session key used for decryption
+should be returned to the caller of the decryption function.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)retrieveSessionKey;
+/**
+ * SessionKey sets a session key for decrypting the pgp message.
+Assumes that the message was encrypted with session key provided.
+Triggers the session key decryption mode.
+If not set, set another field for the type of decryption: DecryptionKeys or Password.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)sessionKey:(CryptoSessionKey* _Nullable)sessionKey;
+// skipped method DecryptionHandleBuilder.SessionKeys with unsupported parameter or return types
+
+/**
+ * Utf8 indicates if the output plaintext is Utf8 and
+should be sanitized from canonicalised line endings.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)utf8;
+/**
+ * VerificationContext sets a verification context for signatures of the pgp message, if any.
+Only considered if VerifyKeys are set.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)verificationContext:(CryptoVerificationContext* _Nullable)verifyContext;
+/**
+ * VerificationKey sets the public key for verifying the signatures of the pgp message, if any.
+If not set, the signatures cannot be verified.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)verificationKey:(CryptoKey* _Nullable)key;
+/**
+ * VerificationKeys sets the public keys for verifying the signatures of the pgp message, if any.
+If not set, the signatures cannot be verified.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)verificationKeys:(CryptoKeyRing* _Nullable)keys;
+/**
+ * VerifyTime sets the verification time to the provided timestamp.
+If not set, the systems current time is used for signature verification.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)verifyTime:(int64_t)unixTime;
+@end
+
+/**
+ * EncryptionHandleBuilder allows to configure a decryption handle to decrypt an OpenPGP message.
+ */
+@interface CryptoEncryptionHandleBuilder : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+/**
+ * Compress indicates if the plaintext should be compressed before encryption.
+Compression affects security and opens the door for side-channel attacks, which
+might allow to extract the plaintext data without a decryption key.
+RFC9580 recommends to not use compression.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)compress;
+/**
+ * CompressWith indicates if the plaintext should be compressed before encryption.
+Compression affects security and opens the door for side-channel attacks, which
+might allow to extract the plaintext data without a decryption key.
+RFC9580 recommends to not use compression.
+Allowed config options:
+constants.NoCompression: none, constants.DefaultCompression: profile default
+constants.ZIPCompression: zip, constants.ZLIBCompression: zlib.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)compressWith:(int8_t)config;
+/**
+ * DetachedSignature indicates that the message should be signed,
+but the signature should not be included in the same pgp message as the input data.
+Instead the detached signature is encrypted in a separate pgp message.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)detachedSignature;
+/**
+ * EncryptionTime allows to specify a separate time for selecting encryption keys
+instead of the internal clock (also used for signing). Note that the internal clock can be changed with SignTime.
+If the input unixTime is 0 no expiration checks are performed on the encryption keys.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)encryptionTime:(int64_t)unixTime;
+/**
+ * Error returns an errors that occurred within the builder.
+ */
+- (BOOL)error:(NSError* _Nullable* _Nullable)error;
+/**
+ * HiddenRecipient sets a public key to which the message should be encrypted to.
+Triggers hybrid encryption with public keys of the recipients and hidden recipients.
+The hidden recipients are NOT included in the intended recipient fingerprint list
+of the signature, if a signature is present.
+If not set, set another type of encryption: Recipients, SessionKey, or Password.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)hiddenRecipient:(CryptoKey* _Nullable)key;
+/**
+ * HiddenRecipients sets the public keys to which the message should be encrypted to.
+Triggers hybrid encryption with public keys of the recipients and hidden recipients.
+The hidden recipients are NOT included in the intended recipient fingerprint list
+of the signature, if a signature is present.
+If not set, set another type of encryption: Recipients, SessionKey, or Password.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)hiddenRecipients:(CryptoKeyRing* _Nullable)hiddenRecipients;
+/**
+ * IncludeExternalSignature indicates that the provided signature should be included
+in the produced encrypted message.
+Special feature: should not be used in normal use-cases,
+can lead to broken or invalid PGP messages.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)includeExternalSignature:(NSData* _Nullable)signature;
+/**
+ * New creates an EncryptionHandle and checks that the given
+combination of parameters is valid. If the parameters are invalid
+an error is returned.
+ */
+- (id<CryptoPGPEncryption> _Nullable)new:(NSError* _Nullable* _Nullable)error;
+/**
+ * Password sets a password the message should be encrypted with.
+Triggers password based encryption with a key derived from the password.
+If not set, set another the type of encryption: Recipients, HiddenRecipients, or SessionKey.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)password:(NSData* _Nullable)password;
+/**
+ * PlainDetachedSignature indicates that the message should be signed,
+but the signature should not be included in the same pgp message as the input data.
+Instead the detached signature is a separate signature pgp message.
+If DetachedSignature signature is set (i.e., the detached signature is encrypted), this option is ignored.
+NOTE: A plaintext detached signature might reveal information about the encrypted plaintext. Thus, use with care.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)plainDetachedSignature;
+/**
+ * Recipient sets the public key to which the message should be encrypted to.
+Triggers hybrid encryption with public keys of the recipients and hidden recipients.
+The recipients are included in the intended recipient fingerprint list
+of the signature, if a signature is present.
+If not set, set another type of encryption: HiddenRecipients, SessionKey, or Password.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)recipient:(CryptoKey* _Nullable)key;
+/**
+ * Recipients sets the public keys to which the message should be encrypted to.
+Triggers hybrid encryption with public keys of the recipients and hidden recipients.
+The recipients are included in the intended recipient fingerprint list
+of the signature, if a signature is present.
+If not set, set another type of encryption: HiddenRecipients, SessionKey, or Password.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)recipients:(CryptoKeyRing* _Nullable)recipients;
+/**
+ * SessionKey sets the session key the message should be encrypted with.
+Triggers session key encryption with the included session key.
+If not set, set another the type of encryption: Recipients, HiddenRecipients, or Password.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)sessionKey:(CryptoSessionKey* _Nullable)sessionKey;
+/**
+ * SignTime sets the internal clock to always return
+the supplied unix time for signing instead of the system time.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)signTime:(int64_t)unixTime;
+/**
+ * SigningContext provides a signing context for the signature in the message.
+Triggers that each signature includes the sining context.
+SigningKeys have to be set if a SigningContext is provided.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)signingContext:(CryptoSigningContext* _Nullable)siningContext;
+/**
+ * SigningKey sets the signing key that are used to create signature of the message.
+Triggers that signatures are created for each signing key.
+If not set, no signature is included.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)signingKey:(CryptoKey* _Nullable)key;
+/**
+ * SigningKeys sets the signing keys that are used to create signature of the message.
+Triggers that signatures are created for each signing key.
+If not set, no signature is included.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)signingKeys:(CryptoKeyRing* _Nullable)signingKeys;
+/**
+ * Utf8 indicates if the plaintext should be signed with a text type
+signature. If set, the plaintext is signed after canonicalising the line endings.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)utf8;
+@end
+
+/**
+ * Identity contains the name and the email of a key holder.
+ */
+@interface CryptoIdentity : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+@property (nonatomic) NSString* _Nonnull name;
+@property (nonatomic) NSString* _Nonnull email;
+@end
+
+/**
+ * Key contains a single private or public key.
+ */
+@interface CryptoKey : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * NewKey creates a new key from the first key in the unarmored or armored binary data.
+Clones the binKeys data for go-mobile compatibility.
+ */
+- (nullable instancetype)init:(NSData* _Nullable)binKeys;
+/**
+ * NewKeyFromArmored creates a new key from the first key in an armored string.
+ */
+- (nullable instancetype)initFromArmored:(NSString* _Nullable)armored;
+// skipped constructor Key.NewKeyFromEntity with unsupported parameter or return types
+
+// skipped constructor Key.NewKeyFromReader with unsupported parameter or return types
+
+// skipped constructor Key.NewKeyFromReaderExplicit with unsupported parameter or return types
+
+/**
+ * NewKeyWithCloneFlag creates a new key from the first key in the unarmored or armored binary data.
+ */
+- (nullable instancetype)initWithCloneFlag:(NSData* _Nullable)binKeys clone:(BOOL)clone;
+/**
+ * Armor returns the armored key as a string with default gopenpgp headers.
+ */
+- (NSString* _Nonnull)armor:(NSError* _Nullable* _Nullable)error;
+/**
+ * ArmorWithCustomHeaders returns the armored key as a string, with
+the given headers. Empty parameters are omitted from the headers.
+ */
+- (NSString* _Nonnull)armorWithCustomHeaders:(NSString* _Nullable)comment version:(NSString* _Nullable)version error:(NSError* _Nullable* _Nullable)error;
+/**
+ * CanEncrypt returns true if any of the subkeys can be used for encryption.
+ */
+- (BOOL)canEncrypt:(int64_t)unixTime;
+/**
+ * CanVerify returns true if any of the subkeys can be used for verification.
+ */
+- (BOOL)canVerify:(int64_t)unixTime;
+/**
+ * Check verifies if the public keys match the private key parameters by
+signing and verifying.
+Deprecated: all keys are now checked on parsing.
+ */
+- (BOOL)check:(BOOL* _Nullable)ret0_ error:(NSError* _Nullable* _Nullable)error;
+/**
+ * ClearPrivateParams zeroes the sensitive data in the key.
+ */
+- (BOOL)clearPrivateParams;
+/**
+ * Copy creates a deep copy of the key.
+ */
+- (CryptoKey* _Nullable)copy:(NSError* _Nullable* _Nullable)error;
+/**
+ * GetArmoredPublicKey returns the armored public keys from this keyring.
+ */
+- (NSString* _Nonnull)getArmoredPublicKey:(NSError* _Nullable* _Nullable)error;
+/**
+ * GetArmoredPublicKeyWithCustomHeaders returns the armored public key as a string, with
+the given headers. Empty parameters are omitted from the headers.
+ */
+- (NSString* _Nonnull)getArmoredPublicKeyWithCustomHeaders:(NSString* _Nullable)comment version:(NSString* _Nullable)version error:(NSError* _Nullable* _Nullable)error;
+// skipped method Key.GetEntity with unsupported parameter or return types
+
+/**
+ * GetFingerprint gets the fingerprint from the key.
+ */
+- (NSString* _Nonnull)getFingerprint;
+/**
+ * GetFingerprintBytes gets the fingerprint from the key as a byte slice.
+ */
+- (NSData* _Nullable)getFingerprintBytes;
+/**
+ * GetHexKeyID returns the key ID, hex encoded as a string.
+ */
+- (NSString* _Nonnull)getHexKeyID;
+/**
+ * GetJsonSHA256Fingerprints returns the SHA256 fingerprints of key and subkeys
+encoded in JSON, for gomobile clients that cannot handle arrays.
+ */
+- (NSData* _Nullable)getJsonSHA256Fingerprints:(NSError* _Nullable* _Nullable)error;
+// skipped method Key.GetKeyID with unsupported parameter or return types
+
+/**
+ * GetPublicKey returns the unarmored public keys from this keyring.
+ */
+- (NSData* _Nullable)getPublicKey:(NSError* _Nullable* _Nullable)error;
+/**
+ * GetSHA256Fingerprint computes the SHA256 fingerprint of the primary key.
+ */
+- (NSString* _Nonnull)getSHA256Fingerprint;
+// skipped method Key.GetSHA256Fingerprints with unsupported parameter or return types
+
+/**
+ * GetVersion returns the OpenPGP key packet version of this key.
+ */
+- (long)getVersion;
+/**
+ * IsExpired checks whether the key is expired.
+ */
+- (BOOL)isExpired:(int64_t)unixTime;
+/**
+ * IsLocked checks if a private key is locked.
+ */
+- (BOOL)isLocked:(BOOL* _Nullable)ret0_ error:(NSError* _Nullable* _Nullable)error;
+/**
+ * IsPrivate returns true if the key is private.
+ */
+- (BOOL)isPrivate;
+/**
+ * IsRevoked checks whether the key or the primary identity has a valid revocation signature.
+ */
+- (BOOL)isRevoked:(int64_t)unixTime;
+/**
+ * IsUnlocked checks if a private key is unlocked.
+ */
+- (BOOL)isUnlocked:(BOOL* _Nullable)ret0_ error:(NSError* _Nullable* _Nullable)error;
+/**
+ * PrintFingerprints is a debug helper function that prints the key and subkey fingerprints.
+ */
+- (void)printFingerprints;
+- (NSData* _Nullable)serialize:(NSError* _Nullable* _Nullable)error;
+/**
+ * ToPublic returns the corresponding public key of the given private key.
+ */
+- (CryptoKey* _Nullable)toPublic:(NSError* _Nullable* _Nullable)error;
+/**
+ * Unlock unlocks a copy of the key.
+ */
+- (CryptoKey* _Nullable)unlock:(NSData* _Nullable)passphrase error:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * KeyGenerationBuilder allows to configure a key generation handle to generate OpenPGP keys.
+ */
+@interface CryptoKeyGenerationBuilder : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+/**
+ * AddUserId adds the provided user identity to any generated key.
+ */
+- (CryptoKeyGenerationBuilder* _Nullable)addUserId:(NSString* _Nullable)name email:(NSString* _Nullable)email;
+/**
+ * GenerationTime sets the key generation time to the given unixTime.
+ */
+- (CryptoKeyGenerationBuilder* _Nullable)generationTime:(int64_t)unixTime;
+/**
+ * Lifetime sets the key lifetime to the given value in seconds.
+The lifetime defaults to zero i.e., infinite lifetime.
+ */
+- (CryptoKeyGenerationBuilder* _Nullable)lifetime:(int32_t)seconds;
+/**
+ * New creates a new key generation handle from the internal configuration
+that allows to generate pgp keys.
+ */
+- (id<CryptoPGPKeyGeneration> _Nullable)new;
+/**
+ * OverrideProfileAlgorithm allows to override the algorithm of the output key instead of using the profile's
+algorithm with the respective security level.
+
+Allowed inputs (integer enum for go-mobile compatibility):
+crypto.KeyGenerationRSA4096, crypto.KeyGenerationC25519, crypto.KeyGenerationC25519Refresh
+crypto.KeyGenerationC448, crypto.KeyGenerationC448Refresh.
+ */
+- (CryptoKeyGenerationBuilder* _Nullable)overrideProfileAlgorithm:(long)algorithm;
+@end
+
+/**
+ * KeyRing contains multiple private and public keys.
+ */
+@interface CryptoKeyRing : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * NewKeyRing creates a new KeyRing, empty if key is nil.
+ */
+- (nullable instancetype)init:(CryptoKey* _Nullable)key;
+/**
+ * NewKeyRingFromBinary creates a new keyring with all the keys contained in the unarmored binary data.
+Note that it accepts only unlocked or public keys, as KeyRing cannot contain locked keys.
+ */
+- (nullable instancetype)initFromBinary:(NSData* _Nullable)binKeys;
+/**
+ * FirstKeyID as obtained from API to match salt
+ */
+@property (nonatomic) NSString* _Nonnull firstKeyID;
+/**
+ * AddKey adds the given key to the keyring.
+ */
+- (BOOL)addKey:(CryptoKey* _Nullable)key error:(NSError* _Nullable* _Nullable)error;
+/**
+ * CanEncrypt returns true if any of the keys in the keyring can be used for encryption.
+ */
+- (BOOL)canEncrypt:(int64_t)unixTime;
+/**
+ * CanVerify returns true if any of the keys in the keyring can be used for verification.
+ */
+- (BOOL)canVerify:(int64_t)unixTime;
+- (void)clearPrivateParams;
+/**
+ * Copy creates a deep copy of the keyring.
+ */
+- (CryptoKeyRing* _Nullable)copy:(NSError* _Nullable* _Nullable)error;
+/**
+ * CountDecryptionEntities returns the number of entities in the keyring.
+Takes the current time for checking the keys in unix time format.
+If the unix time is zero, time checks are ignored.
+ */
+- (long)countDecryptionEntities:(int64_t)unixTime;
+/**
+ * CountEntities returns the number of entities in the keyring.
+ */
+- (long)countEntities;
+/**
+ * FirstKey returns a KeyRing with only the first key of the original one.
+ */
+- (CryptoKeyRing* _Nullable)firstKey:(NSError* _Nullable* _Nullable)error;
+/**
+ * GetHexKeyIDsJson returns an IDs of keys in this KeyRing as a json array.
+Key ids are encoded as hexadecimal and nil is returned if an error occurs.
+Helper function for go-mobile clients.
+ */
+- (NSData* _Nullable)getHexKeyIDsJson;
+// skipped method KeyRing.GetIdentities with unsupported parameter or return types
+
+/**
+ * GetIdentitiesJson returns the list of identities associated with this key ring encoded as json.
+Returns nil if an encoding error occurs.
+Helper function for go-mobile clients.
+ */
+- (NSData* _Nullable)getIdentitiesJson;
+/**
+ * GetKey returns the n-th openpgp key contained in this KeyRing.
+ */
+- (CryptoKey* _Nullable)getKey:(long)n error:(NSError* _Nullable* _Nullable)error;
+// skipped method KeyRing.GetKeyIDs with unsupported parameter or return types
+
+// skipped method KeyRing.GetKeys with unsupported parameter or return types
+
+/**
+ * Serialize serializes a KeyRing to binary data.
+ */
+- (NSData* _Nullable)serialize:(NSError* _Nullable* _Nullable)error;
+@end
+
+@interface CryptoLiteralMetadata : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+/**
+ * The file's latest modification time
+ */
+@property (nonatomic) int64_t modTime;
+/**
+ * Filename returns the filename of the literal metadata.
+ */
+- (NSString* _Nonnull)filename;
+/**
+ * IsUtf8 returns whether the literal metadata is annotated with utf-8.
+ */
+- (BOOL)isUtf8;
+- (int64_t)time;
+@end
+
+@interface CryptoPGPHandle : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+/**
+ * Decryption returns a builder to create a DecryptionHandle
+for decrypting pgp messages.
+ */
+- (CryptoDecryptionHandleBuilder* _Nullable)decryption;
+/**
+ * Encryption returns a builder to create an EncryptionHandle
+for encrypting messages.
+ */
+- (CryptoEncryptionHandleBuilder* _Nullable)encryption;
+/**
+ * GenerateSessionKey generates a random session key for the profile.
+Use GenerateSessionKey on the encryption handle, if the PGP encryption keys are known.
+This function only considers the profile to determine the session key type.
+ */
+- (CryptoSessionKey* _Nullable)generateSessionKey:(NSError* _Nullable* _Nullable)error;
+/**
+ * KeyGeneration returns a builder to create a KeyGeneration handle.
+ */
+- (CryptoKeyGenerationBuilder* _Nullable)keyGeneration;
+/**
+ * LockKey encrypts the private parts of a copy of the input key with the given passphrase.
+ */
+- (CryptoKey* _Nullable)lockKey:(CryptoKey* _Nullable)key passphrase:(NSData* _Nullable)passphrase error:(NSError* _Nullable* _Nullable)error;
+/**
+ * Sign returns a builder to create a SignHandle
+for signing messages.
+ */
+- (CryptoSignHandleBuilder* _Nullable)sign;
+/**
+ * Verify returns a builder to create an VerifyHandle
+for verifying signatures.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)verify;
+@end
+
+/**
+ * PGPMessage stores a PGP-encrypted message.
+ */
+@interface CryptoPGPMessage : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * NewPGPMessage generates a new PGPMessage from the unarmored binary data.
+Clones the data for go-mobile compatibility.
+ */
+- (nullable instancetype)init:(NSData* _Nullable)data;
+/**
+ * NewPGPMessageFromArmored generates a new PGPMessage from an armored string ready for decryption.
+ */
+- (nullable instancetype)initFromArmored:(NSString* _Nullable)armored;
+/**
+ * NewPGPMessageWithCloneFlag generates a new PGPMessage from the unarmored binary data.
+ */
+- (nullable instancetype)initWithCloneFlag:(NSData* _Nullable)data doClone:(BOOL)doClone;
+/**
+ * KeyPacket references the PKESK and SKESK packets of the message
+ */
+@property (nonatomic) NSData* _Nullable keyPacket;
+/**
+ * DataPacket references the SEIPD or AEAD protected packet of the message
+ */
+@property (nonatomic) NSData* _Nullable dataPacket;
+/**
+ * DetachedSignature stores the encrypted detached signature.
+Nil when the signature is embedded in the data packet or not present.
+ */
+@property (nonatomic) NSData* _Nullable detachedSignature;
+/**
+ * Armor returns the armored message as a string.
+ */
+- (NSString* _Nonnull)armor:(NSError* _Nullable* _Nullable)error;
+/**
+ * ArmorBytes returns the armored message as a string.
+ */
+- (NSData* _Nullable)armorBytes:(NSError* _Nullable* _Nullable)error;
+/**
+ * ArmorWithCustomHeaders returns the armored message as a string, with
+the given headers. Empty parameters are omitted from the headers.
+ */
+- (NSString* _Nonnull)armorWithCustomHeaders:(NSString* _Nullable)comment version:(NSString* _Nullable)version error:(NSError* _Nullable* _Nullable)error;
+/**
+ * BinaryDataPacket returns the unarmored binary datapacket as a []byte.
+ */
+- (NSData* _Nullable)binaryDataPacket;
+/**
+ * BinaryKeyPacket returns the unarmored binary keypacket as a []byte.
+ */
+- (NSData* _Nullable)binaryKeyPacket;
+/**
+ * Bytes returns the unarmored binary content of the message as a []byte.
+ */
+- (NSData* _Nullable)bytes;
+/**
+ * EncryptedDetachedSignature returns the encrypted detached signature of this message
+as a PGPMessage where the data is the encrypted signature.
+If no detached signature is present in this message, it returns nil.
+ */
+- (CryptoPGPMessage* _Nullable)encryptedDetachedSignature;
+// skipped method PGPMessage.EncryptionKeyIDs with unsupported parameter or return types
+
+/**
+ * GetNumberOfKeyPackets returns the number of keys packets in this message.
+ */
+- (BOOL)getNumberOfKeyPackets:(long* _Nullable)ret0_ error:(NSError* _Nullable* _Nullable)error;
+// skipped method PGPMessage.HexEncryptionKeyIDs with unsupported parameter or return types
+
+/**
+ * HexEncryptionKeyIDsJson returns the key IDs of the keys to which the session key is encrypted as a JSON array.
+If an error occurs it returns nil.
+Helper function for go-mobile clients.
+ */
+- (NSData* _Nullable)hexEncryptionKeyIDsJson;
+// skipped method PGPMessage.HexSignatureKeyIDs with unsupported parameter or return types
+
+/**
+ * HexSignatureKeyIDsJson returns the key IDs of the keys to which the session key is encrypted as a JSON array.
+If an error occurs it returns nil.
+Helper function for go-mobile clients.
+ */
+- (NSData* _Nullable)hexSignatureKeyIDsJson;
+// skipped method PGPMessage.NewReader with unsupported parameter or return types
+
+/**
+ * PlainDetachedSignature returns the plaintext detached signature of this message.
+If no plaintext detached signature is present in this message, it returns an error.
+ */
+- (NSData* _Nullable)plainDetachedSignature:(NSError* _Nullable* _Nullable)error;
+/**
+ * PlainDetachedSignatureArmor returns the armored plaintext detached signature of this message.
+If no plaintext detached signature is present or armoring fails it returns an error.
+ */
+- (NSData* _Nullable)plainDetachedSignatureArmor:(NSError* _Nullable* _Nullable)error;
+// skipped method PGPMessage.SignatureKeyIDs with unsupported parameter or return types
+
+@end
+
+@interface CryptoPGPMessageBuffer : NSObject <goSeqRefInterface, CryptoPGPSplitWriter, CryptoWriter> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * NewPGPMessageBuffer creates a message buffer.
+ */
+- (nullable instancetype)init;
+- (id<CryptoWriter> _Nullable)keys;
+/**
+ * PGPMessage returns the PGPMessage extracted from the internal buffers.
+ */
+- (CryptoPGPMessage* _Nullable)pgpMessage;
+/**
+ * PGPMessageWithOptions returns the PGPMessage extracted from the internal buffers.
+The isPlain flag indicates wether the detached signature is encrypted or plaintext, if any.
+ */
+- (CryptoPGPMessage* _Nullable)pgpMessageWithOptions:(BOOL)isPlain omitArmorChecksum:(BOOL)omitArmorChecksum;
+- (id<CryptoWriter> _Nullable)signature;
+- (BOOL)write:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * SessionKey stores a decrypted session key.
+ */
+@interface CryptoSessionKey : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * NewSessionKeyFromToken creates a SessionKey struct with the given token and algorithm.
+Clones the token for compatibility with go-mobile.
+ */
+- (nullable instancetype)initFromToken:(NSData* _Nullable)token algo:(NSString* _Nullable)algo;
+/**
+ * NewSessionKeyFromTokenWithAead creates a SessionKey struct with the given token and algorithm.
+If aead is set to true, the key is used with v6 PKESK or SKESK, and SEIPDv2 packets.
+ */
+- (nullable instancetype)initFromTokenWithAead:(NSData* _Nullable)token algo:(NSString* _Nullable)algo aead:(BOOL)aead;
+/**
+ * Key defines the decrypted binary session key.
+ */
+@property (nonatomic) NSData* _Nullable key;
+/**
+ * Algo defines the symmetric encryption algorithm used with this key.
+Only present if the key was not parsed from a v6 packet.
+ */
+@property (nonatomic) NSString* _Nonnull algo;
+- (BOOL)clear;
+/**
+ * GetBase64Key returns the session key as base64 encoded string.
+ */
+- (NSString* _Nonnull)getBase64Key;
+// skipped method SessionKey.GetCipherFunc with unsupported parameter or return types
+
+/**
+ * GetCipherFuncInt returns the cipher function as int8 corresponding to the algorithm used
+with this SessionKey.
+The int8 type is used for go-mobile clients, see constant.Cipher...
+ */
+- (BOOL)getCipherFuncInt:(int8_t* _Nullable)ret0_ error:(NSError* _Nullable* _Nullable)error;
+/**
+ * IsV6 indicates if the session key can be used with SEIPDv2, PKESKv6/SKESKv6.
+ */
+- (BOOL)isV6;
+@end
+
+/**
+ * SignHandleBuilder allows to configure a sign handle
+to sign data with OpenPGP.
+ */
+@interface CryptoSignHandleBuilder : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+/**
+ * ArmorHeader indicates that the produced signature should be armored
+with the given version and comment as header.
+Note that this option only affects the method SignHandle.SigningWriter
+and the headers in SignHandle.SignCleartext.
+ */
+- (CryptoSignHandleBuilder* _Nullable)armorHeader:(NSString* _Nullable)version comment:(NSString* _Nullable)comment;
+/**
+ * Detached indicates if a detached signature should be produced.
+The sign output will be a detached signature message without the data included.
+ */
+- (CryptoSignHandleBuilder* _Nullable)detached;
+/**
+ * Error returns any errors that occurred within the builder.
+ */
+- (BOOL)error:(NSError* _Nullable* _Nullable)error;
+/**
+ * New creates a SignHandle and checks that the given
+combination of parameters is valid. If the parameters are invalid
+an error is returned.
+ */
+- (id<CryptoPGPSign> _Nullable)new:(NSError* _Nullable* _Nullable)error;
+/**
+ * SignTime sets the internal clock to always return
+the supplied unix time for signing instead of the device time.
+ */
+- (CryptoSignHandleBuilder* _Nullable)signTime:(int64_t)unixTime;
+/**
+ * SigningContext provides a signing context for the signature in the message.
+Triggers that each signature includes the sining context.
+ */
+- (CryptoSignHandleBuilder* _Nullable)signingContext:(CryptoSigningContext* _Nullable)signingContext;
+/**
+ * SigningKey sets the signing key that is used to create signature of the message.
+ */
+- (CryptoSignHandleBuilder* _Nullable)signingKey:(CryptoKey* _Nullable)key;
+/**
+ * SigningKeys sets the signing keys that are used to create signature of the message.
+ */
+- (CryptoSignHandleBuilder* _Nullable)signingKeys:(CryptoKeyRing* _Nullable)signingKeys;
+/**
+ * Utf8 indicates if the plaintext should be signed with a text type
+signature. If set, the plaintext is signed after
+canonicalising the line endings.
+ */
+- (CryptoSignHandleBuilder* _Nullable)utf8;
+@end
+
+/**
+ * SignatureVerificationError is returned from Decrypt and VerifyDetached
+functions when signature verification fails.
+ */
+@interface CryptoSignatureVerificationError : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+@property (nonatomic) long status;
+@property (nonatomic) NSString* _Nonnull message;
+@property (nonatomic) NSError* _Nullable cause;
+/**
+ * Error is the base method for all errors.
+ */
+- (NSString* _Nonnull)error;
+/**
+ * Unwrap returns the cause of failure.
+ */
+- (BOOL)unwrap:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * SigningContext gives the context that will be
+included in the signature's notation data.
+ */
+@interface CryptoSigningContext : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * NewSigningContext creates a new signing context.
+The value is set to the notation data.
+isCritical controls whether the notation is flagged as a critical packet.
+ */
+- (nullable instancetype)init:(NSString* _Nullable)value isCritical:(BOOL)isCritical;
+@property (nonatomic) NSString* _Nonnull value;
+@property (nonatomic) BOOL isCritical;
+@end
+
+/**
+ * VerificationContext gives the context that will be
+used to verify the signature.
+ */
+@interface CryptoVerificationContext : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * NewVerificationContext creates a new verification context.
+The value is checked against the signature's notation data.
+If isRequired is false, the signature is allowed to have no context set.
+If requiredAfter is != 0, the signature is allowed to have no context set if it
+was created before the unix time set in requiredAfter.
+ */
+- (nullable instancetype)init:(NSString* _Nullable)value isRequired:(BOOL)isRequired requiredAfter:(int64_t)requiredAfter;
+@property (nonatomic) NSString* _Nonnull value;
+@property (nonatomic) BOOL isRequired;
+@property (nonatomic) int64_t requiredAfter;
+@end
+
+/**
+ * VerifiedDataResult is a result that contains data and
+the result of a potential signature verification on the data.
+ */
+@interface CryptoVerifiedDataResult : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+// skipped field VerifiedDataResult.VerifyResult with unsupported type: github.com/ProtonMail/gopenpgp/v3/crypto.VerifyResult
+
+/**
+ * Bytes returns the result data as bytes.
+ */
+- (NSData* _Nullable)bytes;
+- (void)constrainToTimeRange:(int64_t)unixFrom unixTo:(int64_t)unixTo;
+/**
+ * Metadata returns the associated literal metadata of the data.
+ */
+- (CryptoLiteralMetadata* _Nullable)metadata;
+/**
+ * SessionKey returns the session key the data is decrypted with.
+Returns nil, if the data was not encrypted or
+session key caching was not enabled.
+ */
+- (CryptoSessionKey* _Nullable)sessionKey;
+- (NSData* _Nullable)signature:(NSError* _Nullable* _Nullable)error;
+- (int64_t)signatureCreationTime;
+- (BOOL)signatureError:(NSError* _Nullable* _Nullable)error;
+- (CryptoSignatureVerificationError* _Nullable)signatureErrorExplicit;
+- (NSData* _Nullable)signedByFingerprint;
+- (CryptoKey* _Nullable)signedByKey;
+// skipped method VerifiedDataResult.SignedByKeyId with unsupported parameter or return types
+
+- (NSString* _Nonnull)signedByKeyIdHex;
+// skipped method VerifiedDataResult.SignedWithType with unsupported parameter or return types
+
+- (int8_t)signedWithTypeInt8;
+/**
+ * String returns the result data as string.
+ */
+- (NSString* _Nonnull)string;
+@end
+
+/**
+ * VerifiedSignature is a result of a signature verification.
+ */
+@interface CryptoVerifiedSignature : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+// skipped field VerifiedSignature.Signature with unsupported type: *github.com/ProtonMail/go-crypto/openpgp/packet.Signature
+
+@property (nonatomic) CryptoKey* _Nullable signedBy;
+@property (nonatomic) CryptoSignatureVerificationError* _Nullable signatureError;
+@end
+
+/**
+ * VerifyCleartextResult is a result of a cleartext message verification.
+ */
+@interface CryptoVerifyCleartextResult : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+// skipped field VerifyCleartextResult.VerifyResult with unsupported type: github.com/ProtonMail/gopenpgp/v3/crypto.VerifyResult
+
+/**
+ * Cleartext returns the parsed plain text of the result.
+ */
+- (NSData* _Nullable)cleartext;
+- (void)constrainToTimeRange:(int64_t)unixFrom unixTo:(int64_t)unixTo;
+- (NSData* _Nullable)signature:(NSError* _Nullable* _Nullable)error;
+- (int64_t)signatureCreationTime;
+- (BOOL)signatureError:(NSError* _Nullable* _Nullable)error;
+- (CryptoSignatureVerificationError* _Nullable)signatureErrorExplicit;
+- (NSData* _Nullable)signedByFingerprint;
+- (CryptoKey* _Nullable)signedByKey;
+// skipped method VerifyCleartextResult.SignedByKeyId with unsupported parameter or return types
+
+- (NSString* _Nonnull)signedByKeyIdHex;
+// skipped method VerifyCleartextResult.SignedWithType with unsupported parameter or return types
+
+- (int8_t)signedWithTypeInt8;
+@end
+
+/**
+ * VerifyDataReader is used for reading data that should be verified with a signature.
+It further contains additional information about the parsed pgp message where the read
+data stems from.
+ */
+@interface CryptoVerifyDataReader : NSObject <goSeqRefInterface, CryptoReader> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+/**
+ * DiscardAll reads all data from the reader and discards it.
+ */
+- (BOOL)discardAll:(NSError* _Nullable* _Nullable)error;
+/**
+ * DiscardAllAndVerifySignature reads all plaintext data from the reader but discards it.
+Returns a verification result for signature verification on the read data.
+ */
+- (CryptoVerifyResult* _Nullable)discardAllAndVerifySignature:(NSError* _Nullable* _Nullable)error;
+/**
+ * GetMetadata returns the metadata of the literal data packet that
+this reader reads from. Can be nil, if the data is not read from
+a literal data packet.
+ */
+- (CryptoLiteralMetadata* _Nullable)getMetadata;
+/**
+ * Read is used read data from the pgp message.
+Makes VerifyDataReader implement the Reader interface.
+ */
+- (BOOL)read:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+/**
+ * ReadAll reads all plaintext data from the reader
+and returns it as a byte slice.
+ */
+- (NSData* _Nullable)readAll:(NSError* _Nullable* _Nullable)error;
+/**
+ * ReadAllAndVerifySignature reads all plaintext data from the reader
+and tries to verify the signatures included in the message.
+Returns the data in a VerifiedDataResult struct, which can be checked for signature errors.
+ */
+- (CryptoVerifiedDataResult* _Nullable)readAllAndVerifySignature:(NSError* _Nullable* _Nullable)error;
+/**
+ * SessionKey returns the session key the data is decrypted with.
+Returns nil, if this reader does not read from an encrypted message or
+session key caching was not enabled.
+ */
+- (CryptoSessionKey* _Nullable)sessionKey;
+/**
+ * VerifySignature is used to verify that the embedded signatures are valid.
+This method needs to be called once all the data has been read.
+It will return an error if the signature is invalid, no verifying keys are accessible,
+or if the message hasn't been read entirely.
+ */
+- (CryptoVerifyResult* _Nullable)verifySignature:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * VerifyHandleBuilder configures a VerifyHandle handle.
+ */
+@interface CryptoVerifyHandleBuilder : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+/**
+ * DisableAutomaticTextSanitize indicates that automatic text sanitization should be disabled.
+If not disabled, the output will be sanitized if a text signature is present.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)disableAutomaticTextSanitize;
+/**
+ * DisableStrictMessageParsing disables the check that the inputs conform
+to the OpenPGP message grammar.
+If set, no error is thrown if the input message does not conform to the
+OpenPGP specification.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)disableStrictMessageParsing;
+/**
+ * DisableVerifyTimeCheck disables the check for comparing the signature expiration time
+against the verification time.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)disableVerifyTimeCheck;
+/**
+ * Error returns any errors that occurred within the builder.
+ */
+- (BOOL)error:(NSError* _Nullable* _Nullable)error;
+/**
+ * MaxDecompressedMessageSize specifies the maximum allowed size, in bytes,
+for a message after decompression within an inline-signed message.
+If the decompressed message exceeds this limit, an error is returned.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)maxDecompressedMessageSize:(int64_t)size;
+/**
+ * New creates a VerifyHandle and checks that the given
+combination of parameters is valid. If the parameters are invalid,
+an error is returned.
+ */
+- (id<CryptoPGPVerify> _Nullable)new:(NSError* _Nullable* _Nullable)error;
+/**
+ * Utf8 indicates if the output plaintext is Utf8 and
+should be sanitized from canonicalised line endings.
+If enabled for detached verification, it canonicalises the input
+before verification independent of the signature type.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)utf8;
+/**
+ * VerificationContext sets a verification context for signatures of the pgp message, if any.
+Only considered if VerifyKeys are set.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)verificationContext:(CryptoVerificationContext* _Nullable)verifyContext;
+/**
+ * VerificationKey sets the public key for verifying the signatures.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)verificationKey:(CryptoKey* _Nullable)key;
+/**
+ * VerificationKeys sets the public keys for verifying the signatures.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)verificationKeys:(CryptoKeyRing* _Nullable)keys;
+/**
+ * VerifyTime sets the verification time to the provided timestamp.
+If not set, the systems current time is used for signature verification.
+ */
+- (CryptoVerifyHandleBuilder* _Nullable)verifyTime:(int64_t)unixTime;
+@end
+
+/**
+ * VerifyResult is a result of a pgp message signature verification.
+ */
+@interface CryptoVerifyResult : NSObject <goSeqRefInterface> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (nonnull instancetype)init;
+// skipped field VerifyResult.Signatures with unsupported type: []*github.com/ProtonMail/gopenpgp/v3/crypto.VerifiedSignature
+
+/**
+ * ConstrainToTimeRange updates the signature result to only consider
+signatures with a creation time within the given time frame.
+unixFrom and unixTo are in unix time and are inclusive.
+ */
+- (void)constrainToTimeRange:(int64_t)unixFrom unixTo:(int64_t)unixTo;
+/**
+ * Signature returns the serialized openpgp signature packet of the selected signature.
+ */
+- (NSData* _Nullable)signature:(NSError* _Nullable* _Nullable)error;
+/**
+ * SignatureCreationTime returns the creation time of
+the selected verified signature if found, else returns 0.
+ */
+- (int64_t)signatureCreationTime;
+/**
+ * SignatureError returns nil if no signature err occurred else
+the signature error.
+ */
+- (BOOL)signatureError:(NSError* _Nullable* _Nullable)error;
+/**
+ * SignatureErrorExplicit returns nil if no signature err occurred else
+the explicit signature error.
+ */
+- (CryptoSignatureVerificationError* _Nullable)signatureErrorExplicit;
+/**
+ * SignedByFingerprint returns the key fingerprint of the key that was used to verify the selected signature,
+if found, else returns nil.
+ */
+- (NSData* _Nullable)signedByFingerprint;
+/**
+ * SignedByKey returns the key that was used to verify the selected signature,
+if found, else returns nil.
+ */
+- (CryptoKey* _Nullable)signedByKey;
+// skipped method VerifyResult.SignedByKeyId with unsupported parameter or return types
+
+/**
+ * SignedByKeyIdHex returns the key id of the key that was used to verify the selected signature
+as a hex encoded string.
+Helper for go-mobile.
+ */
+- (NSString* _Nonnull)signedByKeyIdHex;
+// skipped method VerifyResult.SignedWithType with unsupported parameter or return types
+
+/**
+ * SignedWithTypeInt8 returns the type of the signature as int8 type if found, else returns 0.
+See constants.SigType... for the different types.
+ */
+- (int8_t)signedWithTypeInt8;
+@end
+
+/**
+ * PGPEncoding determines the message encoding.
+The type is int8 for compatibility with gomobile.
+ */
+FOUNDATION_EXPORT const int8_t CryptoArmor;
+/**
+ * PGPEncoding determines the message encoding.
+The type is int8 for compatibility with gomobile.
+ */
+FOUNDATION_EXPORT const int8_t CryptoAuto;
+/**
+ * PGPEncoding determines the message encoding.
+The type is int8 for compatibility with gomobile.
+ */
+FOUNDATION_EXPORT const int8_t CryptoBytes;
+/**
+ * KeyGenerationCurve25519 allows to override the output key algorithm in key generation to curve25519 (as defined in RFC9580).
+ */
+FOUNDATION_EXPORT const long CryptoKeyGenerationCurve25519;
+/**
+ * KeyGenerationCurve25519Legacy allows to override the output key algorithm in key generation to curve25519 legacy (as defined in RFC4880bis).
+ */
+FOUNDATION_EXPORT const long CryptoKeyGenerationCurve25519Legacy;
+/**
+ * KeyGenerationCurve448 allows to override the output key algorithm in key generation to curve448 (as defined in RFC9580).
+ */
+FOUNDATION_EXPORT const long CryptoKeyGenerationCurve448;
+/**
+ * KeyGenerationRSA4096 allows to override the output key algorithm in key generation to rsa 4096.
+ */
+FOUNDATION_EXPORT const long CryptoKeyGenerationRSA4096;
+
+// skipped function FilterExpiredKeys with unsupported parameter or return types
+
+
+/**
+ * GenerateSessionKeyAlgo generates a random key of the correct length for the
+specified algorithm.
+ */
+FOUNDATION_EXPORT CryptoSessionKey* _Nullable CryptoGenerateSessionKeyAlgo(NSString* _Nullable algo, NSError* _Nullable* _Nullable error);
+
+/**
+ * IsPGPMessage checks if data if has armored PGP message format.
+ */
+FOUNDATION_EXPORT BOOL CryptoIsPGPMessage(NSString* _Nullable data);
+
+// skipped function NewConstantClock with unsupported parameter or return types
+
+
+/**
+ * NewFileMetadata creates literal metadata.
+ */
+FOUNDATION_EXPORT CryptoLiteralMetadata* _Nullable CryptoNewFileMetadata(BOOL isUTF8, NSString* _Nullable filename, int64_t modTime);
+
+/**
+ * NewKey creates a new key from the first key in the unarmored or armored binary data.
+Clones the binKeys data for go-mobile compatibility.
+ */
+FOUNDATION_EXPORT CryptoKey* _Nullable CryptoNewKey(NSData* _Nullable binKeys, NSError* _Nullable* _Nullable error);
+
+/**
+ * NewKeyFromArmored creates a new key from the first key in an armored string.
+ */
+FOUNDATION_EXPORT CryptoKey* _Nullable CryptoNewKeyFromArmored(NSString* _Nullable armored, NSError* _Nullable* _Nullable error);
+
+// skipped function NewKeyFromEntity with unsupported parameter or return types
+
+
+// skipped function NewKeyFromReader with unsupported parameter or return types
+
+
+// skipped function NewKeyFromReaderExplicit with unsupported parameter or return types
+
+
+/**
+ * NewKeyRing creates a new KeyRing, empty if key is nil.
+ */
+FOUNDATION_EXPORT CryptoKeyRing* _Nullable CryptoNewKeyRing(CryptoKey* _Nullable key, NSError* _Nullable* _Nullable error);
+
+/**
+ * NewKeyRingFromBinary creates a new keyring with all the keys contained in the unarmored binary data.
+Note that it accepts only unlocked or public keys, as KeyRing cannot contain locked keys.
+ */
+FOUNDATION_EXPORT CryptoKeyRing* _Nullable CryptoNewKeyRingFromBinary(NSData* _Nullable binKeys, NSError* _Nullable* _Nullable error);
+
+/**
+ * NewKeyWithCloneFlag creates a new key from the first key in the unarmored or armored binary data.
+ */
+FOUNDATION_EXPORT CryptoKey* _Nullable CryptoNewKeyWithCloneFlag(NSData* _Nullable binKeys, BOOL clone, NSError* _Nullable* _Nullable error);
+
+/**
+ * NewMetadata creates new default literal metadata with utf-8 set to isUTF8.
+ */
+FOUNDATION_EXPORT CryptoLiteralMetadata* _Nullable CryptoNewMetadata(BOOL isUTF8);
+
+/**
+ * NewPGPMessage generates a new PGPMessage from the unarmored binary data.
+Clones the data for go-mobile compatibility.
+ */
+FOUNDATION_EXPORT CryptoPGPMessage* _Nullable CryptoNewPGPMessage(NSData* _Nullable data);
+
+/**
+ * NewPGPMessageBuffer creates a message buffer.
+ */
+FOUNDATION_EXPORT CryptoPGPMessageBuffer* _Nullable CryptoNewPGPMessageBuffer(void);
+
+/**
+ * NewPGPMessageFromArmored generates a new PGPMessage from an armored string ready for decryption.
+ */
+FOUNDATION_EXPORT CryptoPGPMessage* _Nullable CryptoNewPGPMessageFromArmored(NSString* _Nullable armored, NSError* _Nullable* _Nullable error);
+
+/**
+ * NewPGPMessageWithCloneFlag generates a new PGPMessage from the unarmored binary data.
+ */
+FOUNDATION_EXPORT CryptoPGPMessage* _Nullable CryptoNewPGPMessageWithCloneFlag(NSData* _Nullable data, BOOL doClone);
+
+/**
+ * NewPGPSplitMessage generates a new PGPSplitMessage from the binary unarmored keypacket and datapacket.
+Clones the slices for go-mobile compatibility.
+ */
+FOUNDATION_EXPORT CryptoPGPMessage* _Nullable CryptoNewPGPSplitMessage(NSData* _Nullable keyPacket, NSData* _Nullable dataPacket);
+
+/**
+ * NewPGPSplitWriter creates a type that implements the PGPSplitWriter interface
+for encrypting a plaintext where the output PGP packets should be written to the different streams provided.
+Key packets are written to keyPackets whereas the encrypted data packets are written to encPackets.
+The encrypted detached signature data is written to encSigPacket.
+ */
+FOUNDATION_EXPORT id<CryptoPGPSplitWriter> _Nullable CryptoNewPGPSplitWriter(id<CryptoWriter> _Nullable keyPackets, id<CryptoWriter> _Nullable encPackets, id<CryptoWriter> _Nullable encSigPacket);
+
+/**
+ * NewPGPSplitWriterDetachedSignature creates a type that implements the PGPSplitWriter interface
+for encrypting a plaintext where the output PGP messages should be written to the different streams provided.
+The encrypted data message is written to encMessage whereas the encrypted detached signature is written to
+encSigMessage.
+ */
+FOUNDATION_EXPORT id<CryptoPGPSplitWriter> _Nullable CryptoNewPGPSplitWriterDetachedSignature(id<CryptoWriter> _Nullable encMessage, id<CryptoWriter> _Nullable encSigMessage);
+
+/**
+ * NewPGPSplitWriterFromWriter creates a type that implements the PGPSplitWriter interface
+for encrypting a plaintext where the output PGP messages to the provided Writer.
+ */
+FOUNDATION_EXPORT id<CryptoPGPSplitWriter> _Nullable CryptoNewPGPSplitWriterFromWriter(id<CryptoWriter> _Nullable writer);
+
+/**
+ * NewPGPSplitWriterKeyAndData creates a type that implements the PGPSplitWriter interface
+for encrypting a plaintext where the output PGP packets should be written to the different streams provided.
+Key packets are written to keyPackets whereas the encrypted data packets are written to encPackets.
+ */
+FOUNDATION_EXPORT id<CryptoPGPSplitWriter> _Nullable CryptoNewPGPSplitWriterKeyAndData(id<CryptoWriter> _Nullable keyPackets, id<CryptoWriter> _Nullable encPackets);
+
+/**
+ * NewPrivateKeyFromArmored creates a new secret key from the first key in an armored string
+and unlocks it with the password.
+ */
+FOUNDATION_EXPORT CryptoKey* _Nullable CryptoNewPrivateKeyFromArmored(NSString* _Nullable armored, NSData* _Nullable password, NSError* _Nullable* _Nullable error);
+
+/**
+ * NewSessionKeyFromToken creates a SessionKey struct with the given token and algorithm.
+Clones the token for compatibility with go-mobile.
+ */
+FOUNDATION_EXPORT CryptoSessionKey* _Nullable CryptoNewSessionKeyFromToken(NSData* _Nullable token, NSString* _Nullable algo);
+
+/**
+ * NewSessionKeyFromTokenWithAead creates a SessionKey struct with the given token and algorithm.
+If aead is set to true, the key is used with v6 PKESK or SKESK, and SEIPDv2 packets.
+ */
+FOUNDATION_EXPORT CryptoSessionKey* _Nullable CryptoNewSessionKeyFromTokenWithAead(NSData* _Nullable token, NSString* _Nullable algo, BOOL aead);
+
+/**
+ * NewSigningContext creates a new signing context.
+The value is set to the notation data.
+isCritical controls whether the notation is flagged as a critical packet.
+ */
+FOUNDATION_EXPORT CryptoSigningContext* _Nullable CryptoNewSigningContext(NSString* _Nullable value, BOOL isCritical);
+
+/**
+ * NewVerificationContext creates a new verification context.
+The value is checked against the signature's notation data.
+If isRequired is false, the signature is allowed to have no context set.
+If requiredAfter is != 0, the signature is allowed to have no context set if it
+was created before the unix time set in requiredAfter.
+ */
+FOUNDATION_EXPORT CryptoVerificationContext* _Nullable CryptoNewVerificationContext(NSString* _Nullable value, BOOL isRequired, int64_t requiredAfter);
+
+/**
+ * PGP creates a PGPHandle to interact with the API.
+Uses the default profile for configuration.
+ */
+FOUNDATION_EXPORT CryptoPGPHandle* _Nullable CryptoPGP(void);
+
+/**
+ * PGPWithProfile creates a PGPHandle to interact with the API.
+Uses the provided profile for configuration.
+ */
+FOUNDATION_EXPORT CryptoPGPHandle* _Nullable CryptoPGPWithProfile(ProfileCustom* _Nullable profile);
+
+/**
+ * RandomToken generates a random token with the specified key size.
+ */
+FOUNDATION_EXPORT NSData* _Nullable CryptoRandomToken(long size, NSError* _Nullable* _Nullable error);
+
+// skipped function SignatureHexKeyIDs with unsupported parameter or return types
+
+
+// skipped function SignatureKeyIDs with unsupported parameter or return types
+
+
+// skipped function ZeroClock with unsupported parameter or return types
+
+
+@class CryptoEncryptionProfile;
+
+@class CryptoKeyEncryptionProfile;
+
+@class CryptoKeyGenerationProfile;
+
+@class CryptoPGPDecryption;
+
+@class CryptoPGPEncryption;
+
+@class CryptoPGPKeyGeneration;
+
+@class CryptoPGPSign;
+
+@class CryptoPGPSplitReader;
+
+@class CryptoPGPSplitWriter;
+
+@class CryptoPGPVerify;
+
+@class CryptoReader;
+
+@class CryptoSignProfile;
+
+@class CryptoWriteCloser;
+
+@class CryptoWriter;
+
+@interface CryptoEncryptionProfile : NSObject <goSeqRefInterface, CryptoEncryptionProfile> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+// skipped method EncryptionProfile.CompressionConfig with unsupported parameter or return types
+
+// skipped method EncryptionProfile.EncryptionConfig with unsupported parameter or return types
+
+@end
+
+@interface CryptoKeyEncryptionProfile : NSObject <goSeqRefInterface, CryptoKeyEncryptionProfile> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+// skipped method KeyEncryptionProfile.KeyEncryptionConfig with unsupported parameter or return types
+
+@end
+
+@interface CryptoKeyGenerationProfile : NSObject <goSeqRefInterface, CryptoKeyGenerationProfile> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+// skipped method KeyGenerationProfile.KeyGenerationConfig with unsupported parameter or return types
+
+@end
+
+/**
+ * PGPDecryption is an interface for decrypting pgp messages with GopenPGP.
+Use the DecryptionHandleBuilder to create a handle that implements PGPDecryption.
+ */
+@interface CryptoPGPDecryption : NSObject <goSeqRefInterface, CryptoPGPDecryption> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * ClearPrivateParams clears all private key material contained in EncryptionHandle from memory.
+ */
+- (void)clearPrivateParams;
+/**
+ * Decrypt decrypts an encrypted pgp message.
+Returns a VerifiedDataResult, which can be queried for potential signature verification errors,
+and the plaintext data. Note that on a signature error, the method does not return an error.
+Instead, the signature error is stored within the VerifiedDataResult.
+The encoding indicates if the input message should be unarmored or not, i.e., Bytes/Armor/Auto
+where Auto tries to detect automatically.
+ */
+- (CryptoVerifiedDataResult* _Nullable)decrypt:(NSData* _Nullable)pgpMessage encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * DecryptDetached provides the same functionality as Decrypt but allows
+to supply an encrypted detached signature that should be decrypted and verified
+against the data in the pgp message. If encDetachedSignature is nil, the behavior is similar
+to Decrypt. The encoding indicates if the input message should be unarmored or not,
+i.e., Bytes/Armor/Auto where Auto tries to detect automatically.
+ */
+- (CryptoVerifiedDataResult* _Nullable)decryptDetached:(NSData* _Nullable)pgpMessage encDetachedSignature:(NSData* _Nullable)encDetachedSignature encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * DecryptSessionKey decrypts an encrypted session key.
+To decrypt a session key, the decryption handle must contain either a decryption key or a password.
+ */
+- (CryptoSessionKey* _Nullable)decryptSessionKey:(NSData* _Nullable)keyPackets error:(NSError* _Nullable* _Nullable)error;
+/**
+ * DecryptingReader returns a wrapper around underlying encryptedMessage Reader,
+such that any read-operation via the wrapper results in a read from the decrypted pgp message.
+The returned VerifyDataReader has to be fully read before any potential signatures can be verified.
+Either read the message fully end then call VerifySignature or use the helper method ReadAllAndVerifySignature.
+The encoding indicates if the input message should be unarmored or not, i.e., Bytes/Armor/Auto
+where Auto tries to detect automatically.
+If encryptedMessage is of type PGPSplitReader, the method tries to verify an encrypted detached signature
+that is read from the separate reader.
+ */
+- (CryptoVerifyDataReader* _Nullable)decryptingReader:(id<CryptoReader> _Nullable)encryptedMessage encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * PGPEncryption is an interface for encrypting messages with GopenPGP.
+Use an EncryptionHandleBuilder to create a PGPEncryption handle.
+ */
+@interface CryptoPGPEncryption : NSObject <goSeqRefInterface, CryptoPGPEncryption> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * ClearPrivateParams clears all private key material contained in EncryptionHandle from memory.
+ */
+- (void)clearPrivateParams;
+/**
+ * Encrypt encrypts a plaintext message.
+ */
+- (CryptoPGPMessage* _Nullable)encrypt:(NSData* _Nullable)message error:(NSError* _Nullable* _Nullable)error;
+/**
+ * EncryptSessionKey encrypts a session key with the encryption handle.
+To encrypt a session key, the handle must contain either recipients or a password.
+ */
+- (NSData* _Nullable)encryptSessionKey:(CryptoSessionKey* _Nullable)sessionKey error:(NSError* _Nullable* _Nullable)error;
+/**
+ * EncryptingWriter returns a wrapper around underlying output Writer,
+such that any write-operation via the wrapper results in a write to an encrypted pgp message.
+If the output Writer is of type PGPSplitWriter, the output can be split to multiple writers
+for different parts of the message. For example to write key packets and encrypted data packets
+to different writers or to write a detached signature separately.
+The encoding argument defines the output encoding, i.e., Bytes or Armored
+The returned pgp message WriteCloser must be closed after the plaintext has been written.
+ */
+- (id<CryptoWriteCloser> _Nullable)encryptingWriter:(id<CryptoWriter> _Nullable)output encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * GenerateSessionKey generates a random session key for the given encryption handle
+considering the algorithm preferences of the recipient keys.
+ */
+- (CryptoSessionKey* _Nullable)generateSessionKey:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * PGPKeyGeneration is an interface for generating pgp keys with GopenPGP.
+Use the KeyGenerationBuilder to create a handle that implements PGPKeyGeneration.
+ */
+@interface CryptoPGPKeyGeneration : NSObject <goSeqRefInterface, CryptoPGPKeyGeneration> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * GenerateKey generates a pgp key with the standard security level.
+ */
+- (CryptoKey* _Nullable)generateKey:(NSError* _Nullable* _Nullable)error;
+/**
+ * GenerateKeyWithSecurity generates a pgp key with the given security level.
+The argument security allows to set the security level, either standard or high.
+ */
+- (CryptoKey* _Nullable)generateKeyWithSecurity:(int8_t)securityLevel error:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * PGPSign is an interface for creating signature messages with GopenPGP.
+ */
+@interface CryptoPGPSign : NSObject <goSeqRefInterface, CryptoPGPSign> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * ClearPrivateParams clears all secret key material contained in the PGPSign from memory.
+ */
+- (void)clearPrivateParams;
+/**
+ * Sign creates a detached or inline signature from the provided byte slice.
+The encoding argument defines the output encoding, i.e., Bytes or Armored
+ */
+- (NSData* _Nullable)sign:(NSData* _Nullable)message encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * SignCleartext produces an armored cleartext message according to the specification.
+Returns an armored message even if the PGPSign is not configured for armored output.
+ */
+- (NSData* _Nullable)signCleartext:(NSData* _Nullable)message error:(NSError* _Nullable* _Nullable)error;
+/**
+ * SigningWriter returns a wrapper around underlying output Writer,
+such that any write-operation via the wrapper results in a write to a detached or inline signature message.
+The encoding argument defines the output encoding, i.e., Bytes or Armored
+Once close is called on the returned WriteCloser the final signature is written to the output.
+Thus, the returned WriteCloser must be closed after the plaintext has been written.
+ */
+- (id<CryptoWriteCloser> _Nullable)signingWriter:(id<CryptoWriter> _Nullable)output encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@interface CryptoPGPSplitReader : NSObject <goSeqRefInterface, CryptoPGPSplitReader> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (BOOL)read:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+- (id<CryptoReader> _Nullable)signature;
+@end
+
+/**
+ * PGPSplitWriter is an interface to write different parts of a PGP message
+(i.e., packets) to different streams.
+ */
+@interface CryptoPGPSplitWriter : NSObject <goSeqRefInterface, CryptoPGPSplitWriter> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * Keys returns the Writer to which the key packets are written to.
+ */
+- (id<CryptoWriter> _Nullable)keys;
+/**
+ * Signature returns the Writer to which an encrypted detached signature is written to.
+ */
+- (id<CryptoWriter> _Nullable)signature;
+- (BOOL)write:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * PGPVerify is an interface for verifying detached signatures with GopenPGP.
+ */
+@interface CryptoPGPVerify : NSObject <goSeqRefInterface, CryptoPGPVerify> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+/**
+ * VerifyCleartext verifies an armored cleartext message
+and returns a VerifyCleartextResult. The VerifyCleartextResult can be checked for failure
+and allows access the contained message
+Note that an error is only returned if it is not a signature error.
+ */
+- (CryptoVerifyCleartextResult* _Nullable)verifyCleartext:(NSData* _Nullable)cleartext error:(NSError* _Nullable* _Nullable)error;
+/**
+ * VerifyDetached verifies a detached signature pgp message
+and returns a VerifyResult. The VerifyResult can be checked for failure
+and allows access to information about the signatures.
+Note that an error is only returned if it is not a signature error.
+The encoding indicates if the input signature message should be unarmored or not,
+i.e., Bytes/Armor/Auto where Auto tries to detect it automatically.
+ */
+- (CryptoVerifyResult* _Nullable)verifyDetached:(NSData* _Nullable)data signature:(NSData* _Nullable)signature encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * VerifyInline verifies an inline signed pgp message
+and returns a VerifiedDataResult. The VerifiedDataResult can be checked for failure,
+allows access to information about the signatures, and includes the plain message.
+Note that an error is only returned if it is not a signature error.
+The encoding indicates if the input message should be unarmored or not, i.e., Bytes/Armor/Auto
+where Auto tries to detect it automatically.
+ */
+- (CryptoVerifiedDataResult* _Nullable)verifyInline:(NSData* _Nullable)message encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+/**
+ * VerifyingReader wraps a reader with a signature verify reader.
+Once all data is read from the returned verify reader, the signature can be verified
+with (VerifyDataReader).VerifySignature().
+Note that an error is only returned if it is not a signature error.
+The encoding indicates if the input signature message should be unarmored or not,
+i.e., Bytes/Armor/Auto where Auto tries to detect it automatically.
+If detachedData is nil, signatureMessage is treated as an inline signature message.
+Thus, it is expected that signatureMessage contains the data to be verified.
+If detachedData is not nil, signatureMessage must contain a detached signature,
+which is verified against the detachedData.
+ */
+- (CryptoVerifyDataReader* _Nullable)verifyingReader:(id<CryptoReader> _Nullable)detachedData signatureMessage:(id<CryptoReader> _Nullable)signatureMessage encoding:(int8_t)encoding error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@interface CryptoReader : NSObject <goSeqRefInterface, CryptoReader> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (BOOL)read:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+@end
+
+@interface CryptoSignProfile : NSObject <goSeqRefInterface, CryptoSignProfile> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+// skipped method SignProfile.SignConfig with unsupported parameter or return types
+
+@end
+
+/**
+ * WriteCloser replicates the io.WriteCloser interface for go-mobile.
+ */
+@interface CryptoWriteCloser : NSObject <goSeqRefInterface, CryptoWriteCloser> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (BOOL)close:(NSError* _Nullable* _Nullable)error;
+- (BOOL)write:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+@end
+
+/**
+ * Writer replicates the io.Writer interface for go-mobile.
+ */
+@interface CryptoWriter : NSObject <goSeqRefInterface, CryptoWriter> {
+}
+@property(strong, readonly) _Nonnull id _ref;
+
+- (nonnull instancetype)initWithRef:(_Nonnull id)ref;
+- (BOOL)write:(NSData* _Nullable)b n:(long* _Nullable)n error:(NSError* _Nullable* _Nullable)error;
+@end
+
+#endif