X509Certificate2 Class

Namespace: System.Security.Cryptography.X509Certificates

Represents an X.509 certificate. This class extends the X509Certificate class by adding support for private keys and other advanced features.

Inheritance

ObjectX509CertificateX509Certificate2

Syntax

public sealed class X509Certificate2 : X509Certificate

Remarks

The X509Certificate2 class provides access to the private key of an X.509 certificate, enabling operations such as signing and decryption.

Certificates can be loaded from various sources, including files, the certificate store, and byte arrays. When loading a certificate with a private key, you may need to provide a password.

Important

Accessing and managing private keys requires appropriate permissions. Ensure that your application has the necessary privileges to access and use private keys.

Constructors

  • X509Certificate2()
    public X509Certificate2()
    Initializes a new instance of the X509Certificate2 class.
  • X509Certificate2(byte[] rawData)
    public X509Certificate2(byte[] rawData)
    Initializes a new instance of the X509Certificate2 class using the specified array of bytes and loads the private key if available.
  • X509Certificate2(string fileName)
    public X509Certificate2(string fileName)
    Initializes a new instance of the X509Certificate2 class using the specified file name and loads the private key if available.
  • X509Certificate2(string fileName, string password)
    public X509Certificate2(string fileName, string password)
    Initializes a new instance of the X509Certificate2 class using the specified file name and password, and loads the private key if available.
  • X509Certificate2(string fileName, string password, X509KeyStorageFlags keyStorageFlags)
    public X509Certificate2(string fileName, string password, X509KeyStorageFlags keyStorageFlags)
    Initializes a new instance of the X509Certificate2 class using the specified file name, password, and key storage flags, and loads the private key if available.

Properties

  • Archived
    public bool Archived { get; set; }
    Gets or sets a Boolean value that indicates whether the certificate is archived.
  • Extensions
    public X509ExtensionCollection Extensions { get; }
    Gets an X509ExtensionCollection object that contains all extensions in the certificate.
  • FriendlyName
    public string FriendlyName { get; set; }
    Gets or sets a friendly name for the certificate.
  • HasPrivateKey
    public bool HasPrivateKey { get; }
    Gets a value that indicates whether the certificate has an associated private key.
  • IssuerName
    public X500DistinguishedName IssuerName { get; }
    Gets the issuer name from the certificate.
  • NotAfter
    public DateTime NotAfter { get; }
    Gets the date and time after which the certificate is no longer valid.
  • NotBefore
    public DateTime NotBefore { get; }
    Gets the date and time at which the certificate becomes valid.
  • PublicKey
    public AsymmetricKeyFragment PublicKey { get; }
    Gets the public key of the certificate.
  • SerialNumber
    public string SerialNumber { get; }
    Gets the serial number of the certificate.
  • SubjectName
    public X500DistinguishedName SubjectName { get; }
    Gets the subject name from the certificate.
  • Thumbprint
    public string Thumbprint { get; }
    Gets the thumbprint of the certificate.
  • Version
    public int Version { get; }
    Gets the version of the certificate.

Methods

  • Export(X509ContentType contentType)
    public byte[] Export(X509ContentType contentType)
    Exports the certificate to a specified file format.
  • Export(X509ContentType contentType, string password)
    public byte[] Export(X509ContentType contentType, string password)
    Exports the certificate to a specified file format with a password.
  • GetCertHash()
    public byte[] GetCertHash()
    Gets the hash of the certificate.
  • GetCertHashString()
    public string GetCertHashString()
    Gets the hash of the certificate as a string.
  • GetRSAPrivateKey()
    public RSA GetRSAPrivateKey()
    Gets the RSA private key associated with the certificate.
  • Reset()
    public void Reset()
    Resets the certificate object to its original state.

Example

Loading a certificate with a private key

using System;
using System.Security.Cryptography.X509Certificates;

public class CertificateExample
{
    public static void Main(string[] args)
    {
        try
        {
            // Load a certificate from a file with a password
            string certPath = "mycertificate.pfx";
            string certPassword = "mysecretpassword";

            X509Certificate2 certificate = new X509Certificate2(certPath, certPassword);

            Console.WriteLine($"Certificate loaded: {certificate.SubjectName.Name}");
            Console.WriteLine($"Has private key: {certificate.HasPrivateKey}");
            Console.WriteLine($"Thumbprint: {certificate.Thumbprint}");
            Console.WriteLine($"Valid until: {certificate.NotAfter}");

            if (certificate.HasPrivateKey)
            {
                // You can now use the private key for signing, decryption, etc.
                // For example, to get the RSA private key:
                // RSA rsaKey = certificate.GetRSAPrivateKey();
                // Console.WriteLine("Successfully retrieved RSA private key.");
            }
        }
        catch (CryptographicException ex)
        {
            Console.WriteLine($"Error loading certificate: {ex.Message}");
        }
        catch (Exception ex)
        {
            Console.WriteLine($"An unexpected error occurred: {ex.Message}");
        }
    }
}

Note

The example above assumes you have a .pfx file named mycertificate.pfx with the specified password. Replace these with your actual certificate details.