Read different certificate/key file formats with C#

Read a PEM X509 certificate / public key

using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Microsoft.IdentityModel.Tokens;
(...)
X509Certificate2 cert = new X509Certificate2("THE_X509_PEM_FILE_PATH");
RsaSecurityKey rsaSecurityKey = new RsaSecurityKey(cert.GetRSAPublicKey());

Read a PEM PKCS1 private key

using System;
using System.IO;
using System.Security.Cryptography;
using Microsoft.IdentityModel.Tokens;
(...)
string privateKeyPem = File.ReadAllText("THE_PEM_ENCODED_FILE_PATH");
// keeping only the payload of the key 
privateKeyPem = privateKeyPem.Replace("-----BEGIN RSA PRIVATE KEY-----", "");
privateKeyPem = privateKeyPem.Replace("-----END RSA PRIVATE KEY-----", "");
byte[] privateKeyRaw = Convert.FromBase64String(privateKeyPem);
// creating the RSA key 
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.ImportRSAPrivateKey(new ReadOnlySpan<byte>(privateKeyRaw), out _);
RsaSecurityKey rsaSecurityKey = new RsaSecurityKey(provider);

Read a PEM PKCS8 private key

using System;
using System.IO;
using System.Security.Cryptography;
using Microsoft.IdentityModel.Tokens;
(...)
string privateKeyPem = File.ReadAllText("THE_PEM_ENCODED_FILE_PATH");
// keeping only the payload of the key
privateKeyPem = privateKeyPem.Replace("-----BEGIN PRIVATE KEY-----", "");
privateKeyPem = privateKeyPem.Replace("-----END PRIVATE KEY-----", "");
byte[] privateKeyRaw = Convert.FromBase64String(privateKeyPem);
// creating the RSA key 
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.ImportPkcs8PrivateKey(new ReadOnlySpan<byte>(privateKeyRaw), out _);
RsaSecurityKey rsaSecurityKey = new RsaSecurityKey(provider);

Read a binary encoded (DER) X509 certificate / public key

using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Microsoft.IdentityModel.Tokens;
(...)
X509Certificate2 cert = new X509Certificate2("THE_BINARY_ENCODED_FILE_PATH");
RsaSecurityKey rsaSecurityKey = new RsaSecurityKey(cert.GetRSAPublicKey());

Read a binary encoded (DER) private key

using System;
using System.IO;
using System.Security.Cryptography;
using Microsoft.IdentityModel.Tokens;
(...)
byte[] privateKeyDer = File.ReadAllBytes("THE_BINARY_ENCODED_FILE_PATH");
// creating the RSA key 
RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
provider.ImportRSAPrivateKey(new ReadOnlySpan<byte>(privateKeyDer), out _);
RsaSecurityKey rsaSecurityKey = new RsaSecurityKey(provider);

Read a PKC12 / PFX file to extract a key / certificate

using System;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Microsoft.IdentityModel.Tokens;
(...)
X509Certificate2Collection collection = new X509Certificate2Collection();
// GetPassword() returns the password of the key / file. The password should not be hard coded. 
collection.Import("THE_PFX_FILE_PATH", GetPassword(), X509KeyStorageFlags.EphemeralKeySet);
foreach ( X509Certificate2 cert in collection )
{
	if ( "YOUR_KEY_ALIAS".Equals( cert.FriendlyName ) )
	{
		RsaSecurityKey rsaPublicSecurityKey = new RsaSecurityKey(cert.GetRSAPublicKey());
		RsaSecurityKey rsaPrivateSecurityKey = new RsaSecurityKey(cert.GetRSAPrivateKey());
		break;
	}
}