Extracting key of type ECDA or ECDH from X509Certificate2 object

[MukilanP]

I have X509Certificate2 object which is constructed from PFX bytes. It can be ECDSA/ECDH key. I would like to extract the key. How can I know whether it is ECDSA/ECDH key and call GetECDsaPrivateKey() or GetECDiffieHellmanPrivateKey().

[bartonjs]

If by "extract" you mean "export", then you can generally pick one arbitrarily. If you mean "use" then you have to pick the one that meets your needs.

The certificate's Key Usage can say that the key should only be used for signing, in which case it's ECDSA, or that it should only be used for key agreement, in which case it's ECDH. But if it's flexible, you get to pick.

https://source.dot.net/#System.Security.Cryptography/System/Security/Cryptography/X509Certificates/ECDsaCertificateExtensions.cs,3e517b2c43fe7cfc

[MukilanP]

Thank you very much Jeremy for the answer and the reference to the function.

One more query on top of it. Do we consider the key is ECDH type if it has only Key Agreement key usage or combination of key usage including Key Agreement.