RsaUtils.Decrypt overload for non-exportable private key?

I am no expert here, but through experimentation it appears that the new RsaUtils class cannot be used to decrypt data that was encrypted with a certificate that is marked with a non-exportable private key.
However it is possible to decrypt using the RSACryptoServiceProvider with a certificate that has a non-exportable private key.

I am suggesting that we add an overload for Decrypt, something like, for example:
Decrypt(string encryptedText, AsymmetricAlgorithm privateKey) or some such signature that works with current pattern.

Evidently, when a certificate is imported into a cert store as non-exportable (as is the case for Azure deployed certificates) it is not possible to either do:
ImportParameters() as in this overload
nor, FromXmlString() as in this overload

The new overload would simply look like this:

    public static byte[] Decrypt(byte[] encryptedBytes, AsymmetricAlgorithm privateKey)
        using (var rsa =(RSACryptoServiceProvider)privateKey)
             byte[] bytes = rsa.Decrypt(encryptedBytes, DoOAEPPadding);
            return bytes;

Don’t ask me to explain exactly why that works (i.e. how it uses the non-exportable private key) but it does.


Don’t think it should accept AsymmetricAlgorithm if it only works for RSACryptoServiceProvider also don’t think we should be putting it in a using{} if the method didn’t create the instance, so that would leave something like:

public static byte[] Decrypt(byte[] encryptedBytes, RSACryptoServiceProvider privateKey)
     return privateKey.Decrypt(encryptedBytes, DoOAEPPadding);

Which as it’s a simple wrapper, I don’t think it adds much value.