Windows Certificate Store Permissions

The Windows certificate store, especially private key permissions, has caused no end of misery for people the world over. I recently discovered something that seems to get around private key permission nonsense. I’m not sure why, but it works. Note this only works with .NET Framework 4.6 or later.

Suppose you already have an X509Certificate object called “cert”. Running this code once you have the object seems to magically make permission issues on the private key disappear (note you need “using System.Security.Cryptography;”):

X509Certificate2 samecert = (X509Certificate2)cert;
RSA rsaobj = samecert.GetRSAPrivateKey();

If you’ve dug enough into the code or documentation enough to understand what’s going on here, please comment. I have a few ideas but nothing I could write coherently about right now. I sort of suspect this was always the way it was supposed to work…