By default, when creating a PKCS12 store, a default cryptographic provider is selected which does not support signing with SHA256, so here is how we can modify an existing store or create a new one with the attribute that specifies the CSP
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
IDictionary attributes = new Dictionary<string, Asn1Encodable>()
{
["1.3.6.1.4.1.311.17.1"] = new DerBmpString("Microsoft Enhanced RSA and AES Cryptographic Provider")
};
AsymmetricKeyEntry keyEntry = new (pair.Private, attributes);
store.SetKeyEntry("private", keyEntry, new X509CertificateEntry[] { certEntry });
using MemoryStream stream = new();
store.Save(stream, "123456".ToCharArray(), new SecureRandom());
var pfxBytes = stream.ToArray();
Tags
cryptography