Create X509Certificate2 object from client cert and key file in .net standard 2.1

Question

.Net6 has a function X509Certificate2.CreateFromPem. What is the way to use client cert and key.pem file and create X509Certificate2 object in .Net Standard 2.1.

Answer 1

.NET Standard 2.1 is an unusual target, as it is essentially just the .NET Core development line (although Unity has updated their copy of .NET to be .NET Standard 2.1-compatible). So the most common industry answer would be to avoid that target and just target a .NET Core / .NET 5+ version that meets your needs.

If you do want to target .NET Standard 2.1, though, you need to

• Load the certificate using either the byte[] (encoded contents) or string (filename) constructor, either of which understand the PEM format (but won't load the private key).
  • If you have the PEM contents as a string, you need to turn that into bytes via Encoding.Utf8.GetBytes
• Use the value of cert.GetKeyAlgorithm() to understand what algorithm the private key uses. Call RSA.Create(), ECDsa.Create(), ECDiffieHellman.Create(), or DSA.Create() as appropriate.
• Load the PEM contents of the key file.
• Use the PEM header to know what data type the payload is.
• Base64-decode the PEM payload
• Send that decoded payload to ImportPkcs8PrivateKey, ImportRSAPrivateKey, or ImportECPrivateKey (as determined by the PEM header)
• Combine the cert and key with X509Certificate2 combined = cert.CopyWithPrivateKey(key);

https://github.com/dotnet/runtime/blob/9e8d0a81a35f05eaa2c4d0ab258ed9a1f4e2ec76/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs#L937-L963 may be a reasonable starting point... but a lot of its implementation uses things not available in .NET Standard 2.1.