I guess this is something i don't work with alot and i need to get it in my head. Hence this post.
Assumption : in this post i am using dotnetcore to encrypt and decrypt a jwt token. (using jose jwt library).
By design x.509 certificates contains only public key. private key are not stored in x.509. By design, public key are stored because it is presented to other external parties. Public key normally comes with extension ".cer", while private keys file ends with ".pfx" (private keys).
For a developer, it is essential understand the followings :-
a) where you store or getting certificates from - you could be installing your certs to your local certificate repository - that is accessible to you only, local machine - accessible to more users or service account.
You can goto mmc-> Add/remove snap-in -> Certificates ->
Two steps installation process. first we install our public x.509 cer and then private keys. For info, please click here.
b) Getting your certificate from store (your account, service account or computer account) with the example code here :-
c) Encrypt and De-crypt
Hopefully the workflow is clear