Encrypted Xml using cer file

Question

This websie

http://msdn.microsoft.com/en-us/library/vstudio/ms148633(v=vs.100).aspx?cs-save-lang=1&cs-lang=csharp#code-snippet-2

encrypts XML using "test.pfx".

I want encipher my XML by X509 certificate and decrypt it using smart card.

I changed that line

X509Certificate2 cert = new X509Certificate2("test.pfx");

on

X509Certificate2 cert = new X509Certificate2("test.cer");

and my code encrypt XML and during decrypting I type my smard card pin and my XML is decrypted.

When I use test.pfx I have to change code on

X509Certificate2 cert = new X509Certificate2("test.pfx", "myPassword"); 

and this code encrypt XML but during decrypting I don't type my smard card pin and my XML is decrypted.

Can you explain me why on http://msdn.microsoft.com/ website to encrypt xml is using pfx file?

Does XML encrypted *.cer file is safe? I want decrypted my XML only by my smart card.

Answer 1

A pfx file is similar to a PKCS#12 (.p12) file. It usually contains a certificate and the correspondent private key.

A .cer file contains just a plain certificate without private key.

According to the documentation the method EncryptedXml.Encrypt used in the referenced example wants to encrypt and sign the generated AES key that is used for encrypting the XML document.

For encryption the public key in the certificate is used. However for signing the document the private key is required, I assume this is the reason a .pfx file is used.