public void DownloadCertificateSync() { // Environment variable with the Key Vault endpoint. string keyVaultUrl = TestEnvironment.KeyVaultUrl; #region Snippet:CertificatesSample4CertificateClient CertificateClient client = new CertificateClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); #endregion string certificateName = $"rsa-{Guid.NewGuid()}"; CertificateOperation operation = client.StartCreateCertificate(certificateName, CertificatePolicy.Default); while (!operation.HasCompleted) { operation.UpdateStatus(); Thread.Sleep(TimeSpan.FromSeconds(10)); } using SHA256 sha = SHA256.Create(); byte[] data = Encoding.UTF8.GetBytes("test"); byte[] hash = sha.ComputeHash(data); #region Snippet:CertificatesSample4DownloadCertificate X509KeyStorageFlags keyStorageFlags = X509KeyStorageFlags.MachineKeySet; if (!RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { keyStorageFlags |= X509KeyStorageFlags.EphemeralKeySet; } DownloadCertificateOptions options = new DownloadCertificateOptions(certificateName) { KeyStorageFlags = keyStorageFlags }; using X509Certificate2 certificate = client.DownloadCertificate(options); using RSA key = certificate.GetRSAPrivateKey(); byte[] signature = key.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Debug.WriteLine($"Signature: {Convert.ToBase64String(signature)}"); #endregion #region Snippet:CertificatesSample4PublicKey Response <KeyVaultCertificateWithPolicy> certificateResponse = client.GetCertificate(certificateName); using X509Certificate2 publicCertificate = new X509Certificate2(certificateResponse.Value.Cer); using RSA publicKey = publicCertificate.GetRSAPublicKey(); bool verified = publicKey.VerifyHash(hash, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); Debug.WriteLine($"Signature verified: {verified}"); #endregion Assert.IsTrue(verified); DeleteCertificateOperation deleteOperation = client.StartDeleteCertificate(certificateName); while (!deleteOperation.HasCompleted) { deleteOperation.UpdateStatus(); Thread.Sleep(TimeSpan.FromSeconds(2)); } client.PurgeDeletedCertificate(certificateName); }