This documentation is archived and is not being maintained.

X509AsymmetricSecurityKey.DecryptKey Method

Decrypts the specified encrypted key using the specified cryptographic algorithm.

Namespace:  System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public override byte[] DecryptKey(
	string algorithm,
	byte[] keyData


Type: System.String
The cryptographic algorithm to decrypt the key.
Type: System.Byte[]
An array of Byte that contains the encrypted key.

Return Value

Type: System.Byte[]
An array of Byte that contains the decrypted key.


The X.509 certificate specified in the constructor does not have a private key.


The X.509 certificate has a private key, but it was not generated using the RSA algorithm.


The X.509 certificate has a private key, it was generated using the RSA algorithm, but the KeyExchangeAlgorithm property is null.


The algorithm parameter is not supported. The supported algorithms are XmlEncRSA15Url and XmlEncRSAOAEPUrl.

Use the XmlEncRSA15Url or XmlEncRSAOAEPUrl fields to specify the algorithm.

.NET Framework

Supported in: 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.