In some cases, private keys for certificates is not completely available. When attempting to decrypt key material,
this can cause 'CryptographicException: Keyset does not exist'. This changes the order in which key material
decryption looks up private keys to first key the certificate options provided explicitly to the API, and then
falling back to the cert store for decryption keys.
The default implementation of EncryptedXml doesn't support using the RSA
key from X509Certificate to decrypt xml unless that cert is in the X509
CurrentUser\My or Localmachine\My store. This adds support for
decrypting with the X509Certificate directly. This is useful for Linux
(often Docker) scenarios, where the user already has a .pfx file, but
may not have added it to X509Store.
Nate McMaster
Nate McMaster
Ajay Bhargav Baaskaran