.Net6 has a function X509Certificate2.CreateFromPem. What is the way to use client cert and key.pem file and create X509Certificate2 object in .Net Standard 2.1.

CodePudding user response：

.NET Standard 2.1 is an unusual target, as it is essentially just the .NET Core development line (although Unity has updated their copy of .NET to be .NET Standard 2.1-compatible). So the most common industry answer would be to avoid that target and just target a .NET Core / .NET 5 version that meets your needs.

If you do want to target .NET Standard 2.1, though, you need to

• Load the certificate using either the byte[] (encoded contents) or string (filename) constructor, either of which understand the PEM format (but won't load the private key).
  • If you have the PEM contents as a string, you need to turn that into bytes via Encoding.Utf8.GetBytes
• Use the value of cert.GetKeyAlgorithm() to understand what algorithm the private key uses. Call RSA.Create(), ECDsa.Create(), ECDiffieHellman.Create(), or DSA.Create() as appropriate.
• Load the PEM contents of the key file.
• Use the PEM header to know what data type the payload is.
• Base64-decode the PEM payload
• Send that decoded payload to ImportPkcs8PrivateKey, ImportRSAPrivateKey, or ImportECPrivateKey (as determined by the PEM header)
• Combine the cert and key with X509Certificate2 combined = cert.CopyWithPrivateKey(key);

https://github.com/dotnet/runtime/blob/9e8d0a81a35f05eaa2c4d0ab258ed9a1f4e2ec76/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs#L937-L963 may be a reasonable starting point... but a lot of its implementation uses things not available in .NET Standard 2.1.