====== X509Certificate2ExportExtensions ======

**Namespace:** ''WvdS.System.Security.Cryptography.X509Certificates''

Export and import extensions for ''X509Certificate2'' with post-quantum key persistence. Enables saving and restoring PQ keys in PFX/PKCS#12 files.

===== Export Methods =====

^ Method ^ Description ^
| ''ExportPfx(password, mode)'' | Exports certificate as PFX with PQ keys |
| ''ExportPfx(collection, password, mode)'' | Exports collection with PQ keys |
| ''ExportPfxToFile(fileName, password, mode)'' | Exports directly to file |

===== Import Methods =====

^ Method ^ Description ^
| ''ImportPfx(pfxBytes, password, flags)'' | Imports PFX with PQ key restoration |
| ''ImportPfx(fileName, password, flags)'' | Imports from file |
| ''ImportPfxCollection(pfxBytes, password, flags)'' | Imports collection with PQ keys |

===== Example =====

<code csharp>
// Export certificate
var cert = GetHybridCertificate();
cert.ExportPfxToFile("certificate.pfx", "MyPassword123!");

// Import later
var importedCert = X509Certificate2ExportExtensions.ImportPfx(
    "certificate.pfx",
    "MyPassword123!");

// PQ keys are automatically restored
var pqPubKey = PqKeyStore.GetPublicKey(importedCert);
</code>

===== PFX Format =====

<code>
+---------------------------+
| Standard PKCS#12 Data     |
| (Certificate + RSA/ECDSA) |
+---------------------------+
| Marker: "WVDS-PQ-KEYS-V1" |
+---------------------------+
| Encrypted PQ Keys         |
| (AES-256-GCM)             |
+---------------------------+
</code>

===== Security Notes =====

<WRAP warning>
  * PQ private keys are protected with the same password as the PFX
  * Use strong passwords (min. 16 characters)
  * PFX files with PQ keys are larger (~4KB additional per certificate)
</WRAP>

===== See Also =====

  * [[.:x509certificate2extensions|X509Certificate2Extensions]]
  * [[.:x509storeextensions|X509StoreExtensions]]

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//