X509Certificate Constructor (array<Byte>[]()[], String, X509KeyStorageFlags)

[ This article is for Windows Phone 8 developers. If you’re developing for Windows 10, see the latest documentation. ]

Initializes a new instance of the X509Certificate class using a byte array, a password, and a key storage flag.

Namespace: System.Security.Cryptography.X509Certificates
Assembly: mscorlib (in mscorlib.dll)


Public Sub New ( _
    rawData As Byte(), _
    password As String, _
    keyStorageFlags As X509KeyStorageFlags _
public X509Certificate(
    byte[] rawData,
    string password,
    X509KeyStorageFlags keyStorageFlags


  • rawData
    Type: array<System..::.Byte>[]()[]
    A byte array containing data from an X.509 certificate.
  • password
    Type: System..::.String
    The password required to access the X.509 certificate data.


Exception Condition

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.


The rawData parameter is nullNothingnullptra null reference (Nothing in Visual Basic).


The length of the rawData parameter is 0.


This constructor creates a new X509Certificate object using a byte array, a password that is needed to access the certificate data, and a key storage flag. Calling this constructor with the correct password decrypts the private key and saves it to a Microsoft Cryptographic API Cryptographic Service Provider (CSP).

The X509KeyStorageFlags value can be used to control where and how the private key is imported.

ASN.1 DER is the only certificate format supported by this class.

Security Note:

Never hard-code a password within your source code. Hard-coded passwords can be retrieved from an assembly by using the MSIL Disassembler (Ildasm.exe), by using a hexadecimal editor, or by simply opening the assembly in a text editor such as Notepad.exe.

If you create an X509Certificate certificate by specifying a PKCS7 signed file store for rawData, the X509Certificate is created for the certificate that signed the store instead of the certificates within the store.

rawDatadoes not accept input data formatted in the PKCS #12 format.

Version Notes

Windows Phone

If you pass an invalid X509KeyStorageFlags value when you create an X509Certificate, a NotSupportedException occurs instead of ArgumentException.

Version Information

Windows Phone OS

Supported in: 8.1, 8.0, 7.1, 7.0


Windows Phone

See Also


X509Certificate Class

X509Certificate Overload

System.Security.Cryptography.X509Certificates Namespace