Currently we have a routine that Signs a byte[] given a certificate (and it’s private key). However, the type of certificate/keys is hardcoded as “Certificate with RSA keys”. That code is :

public byte[] Sign(byte[] bytesToSign, bool fOAEP, X509Certificate2 certificate)
{
    using (RSACryptoServiceProvider provider = new RSACryptoServiceProvider())
    {
        // HACK: Round-trip the key to XML and back, to get provider type working
        // as 'Microsoft Enhanced RSA and AES Cryptographic Provider' (for  
        // SHA256/SHA512 signing hash) instead of 'Microsoft Enhanced 
        // Cryptographic Provider v1.0' (that limits us to SHA1)
        string publicKeyXml = certificate.PrivateKey.ToXmlString(true);
        provider.FromXmlString(publicKeyXml);

        // We use the private key to sign.
        return provider.SignData(bytesToSign, CryptoConfig.MapNameToOID("SHA512"));
    }
}

We would like to make it more flexible where if the certificate uses RSA keys, we process it one way but if it uses EC keys, then we process it differently. Basically the Crypto Service Provider type would be of a different type.

So the core question is:

• Given a certificate with public+private keys (for signing) OR a certificate with just public keys (for verifying), how do you determine the types of keys used by the certificate?

I’m open to standard .NET libs or even BouncyCastle.Org libs.