@transcend-io/encrypt-web-streams/dist/stream.d.ts

WebAssembly-powered streaming AES-256-GCM encryption and decryption with a web-native TransformStream API.

/**
 * Initialize the WebAssembly module.
 *
 * @returns A promise that resolves when the Wasm module has been initialized.
 */
export declare function init(): Promise<void>;
/**
 * A `TransformStream` with an additional method to retrieve the authentication
 * tag.
 */
export interface EncryptionStream extends TransformStream<Uint8Array, Uint8Array> {
    /**
     * Get the authentication tag.
     *
     * The getAuthTag() method should ONLY be called if:
     *
     * 1. `options.detachAuthTag` was true when the stream was created.
     * 2. The encryption stream has been fully read.
     *
     * Otherwise, `getAuthTag()` will throw an error. It throws a TypeError if
     * `options.detachAuthTag` was false, and an Error if the encryption stream
     * has not completed.
     */
    getAuthTag(): Uint8Array;
}
/**
 * Create a native TransformStream that encrypts via a Wasm AES-GCM encryption
 * implementation.
 *
 * @param {Uint8Array} key - 32-byte encryption key
 * @param {Uint8Array} iv - 12-byte iv (recommended)
 * @param {Object} options - Optional options
 * @param {Uint8Array} options.additionalData - Optional additional
 *   authenticated data
 * @param {boolean} [options.detachAuthTag=false] - If `true`, the
 *   authentication tag will not be appended to the ciphertext and must be
 *   retrieved with `getAuthTag()` after the stream is complete. Default is
 *   `false`
 * @returns {EncryptionStream} An `EncryptionStream`, which is a
 *   `TransformStream` with an added `getAuthTag()` method
 */
export declare function createEncryptionStream(key: Uint8Array, iv: Uint8Array, { additionalData, detachAuthTag, }?: {
    /**
     * If `true`, the authentication tag will not be appended to the ciphertext
     * and must be retrieved with `getAuthTag()` after the stream is complete.
     * Default is `false`
     */
    detachAuthTag?: boolean;
    /** Optional additional authenticated data */
    additionalData?: Uint8Array;
}): EncryptionStream;
/** A `TransformStream` with an additional method to set the authentication tag. */
export interface DecryptionStream extends TransformStream<Uint8Array, Uint8Array> {
    /** Set the authentication tag. */
    setAuthTag(authTag: Uint8Array): void;
}
/**
 * Create a native TransformStream that decrypts via a Wasm AES-GCM decryption
 * implementation.
 *
 * @param {Uint8Array} key - 32-byte encryption key
 * @param {Uint8Array} iv - 12-byte iv (recommended)
 * @param {Object} options - Optional options
 * @param {Uint8Array} options.additionalData - Optional additional
 *   authenticated data
 * @param {Uint8Array} options.detachedAuthTag - Optional detached
 *   authentication tag to append to ciphertext, if the ciphertext does not
 *   already contain an appended authentication tag.
 * @returns {TransformStream} A `TransformStream` that decrypts the ciphertext
 *   and verifies the authentication tag.
 */
export declare function createDecryptionStream(key: Uint8Array, iv: Uint8Array, { additionalData, authTag: originalAuthTagArgument, __dangerouslyIgnoreAuthTag, }?: {
    /** Optional additional authenticated data */
    additionalData?: Uint8Array;
    /**
     * The detached authentication tag, if the ciphertext does not have it
     * appended.
     *
     * If `authTag` is set to `'defer'`, the authentication tag must be set
     * later by calling `setAuthTag()`. The decryption stream will not finalize
     * until it is set.
     *
     * @see {EncryptionStream.getAuthTag}
     */
    authTag?: Uint8Array | 'defer';
    /** If `true`, the authentication tag will not be verified. */
    __dangerouslyIgnoreAuthTag?: boolean;
}): DecryptionStream;
//# sourceMappingURL=stream.d.ts.map