public string DecryptString(string encryptedString, EncryptionCertificateSettings certificateSettings) { if (!IsEncrypted(encryptedString)) { return(encryptedString); } var privateKey = _certificateService.GetEncryptionCertificatePrivateKey(certificateSettings); var encryptedPasswordAsBytes = Convert.FromBase64String( encryptedString.Replace(EncryptionPrefix, string.Empty)); var decryptedPasswordAsBytes = privateKey.Decrypt(encryptedPasswordAsBytes, RSAEncryptionPadding.OaepSHA1); return(System.Text.Encoding.UTF8.GetString(decryptedPasswordAsBytes)); }