X509Certificate2 certificat;

var privateKey = certificat.PrivateKey.ToXmlString(true);
var publicKey = certificat.PublicKey.Key.ToXmlString(false);

var publicKeyBase64 = Convert.ToBase64String(certificat.RawData);

// certificat avec clé publique seulement
var certificate = new X509Certificate2(certificateFilePath);

// certificat avec clé publique et privée
var certificate = new X509Certificate2(certificateFilePath, certificateFilePassword, X509KeyStorageFlags.Exportable);

X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 x509 = null;
foreach (X509Certificate2 certificat in store.Certificates)
{
    if (!certificat.HasPrivateKey) continue; // skip certificats without private keys

    if (certificat.SerialNumber.Equals("xxxxxxxxxxxxxxxxxx", StringComparison.InvariantCultureIgnoreCase))
    {
        x509 = certificat;
        break;
    }
}
store.Close();

// Use “enveloping” signature and create SHA2-256 hash
// create an RSA digital signature using the 2048-bit private key

XmlDocument doc;
string signatureCanonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#";
string signatureMethod = @"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
string digestMethod = @"http://www.w3.org/2001/04/xmlenc#sha256";

CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription), signatureMethod);

// This small hack is needed to switch to Enhanced RSA and AES Cryptographic Provider
// to be able to use RSA-SHA256 signatures.
// The privateKey HAS TO BE EXPORTABLE, otherwise the call ToXmlString will fail
CspParameters cspParams = new CspParameters(24);
RSACryptoServiceProvider privateKey = new RSACryptoServiceProvider(cspParams);
privateKey.FromXmlString(signingCertificate.PrivateKey.ToXmlString(true));

// Create signed xml from input and initialize it.
SignedXml signer = new SignedXml(doc);
signer.SigningKey = privateKey;
signer.SignedInfo.CanonicalizationMethod = signatureCanonicalizationMethod;
signer.SignedInfo.SignatureMethod = signatureMethod;
XmlDsigExcC14NTransform cn14Transform = new XmlDsigExcC14NTransform();

// Add the data to be signed as a sub-element of the Signature-element (Enveloping).
DataObject dataObject = new DataObject();
dataObject.Data = doc.GetElementsByTagName("balise root");
dataObject.Id = "Id";
signer.AddObject(dataObject);

// Add a reference to the signed data.
Reference signatureReference = new Reference();
signatureReference.Uri = "#Id";
signatureReference.AddTransform(cn14Transform);
signatureReference.DigestMethod = digestMethod;
signer.AddReference(signatureReference);

// Create the signature
signer.ComputeSignature();

// Get the XML representation of the signature and save it to an XmlElement object.
StringBuilder xmlBuilder = new StringBuilder();
xmlBuilder.AppendLine("<?xml version=\"1.0\" encoding=\"utf-8\"?>");
xmlBuilder.Append(signer.GetXml().OuterXml);

File.WriteAllText(destinationPath, xmlBuilder.ToString(), Encoding.UTF8);

byte[] bytesToBeEncrypted = File.ReadAllBytes(filePathToEncrypt);
var certificate = new X509Certificate2(certificateFilePath);

CspParameters cspParams = new CspParameters(24);
using (var provider = new RSACryptoServiceProvider(cspParams))
{
    provider.FromXmlString(certificate.PublicKey.Key.ToXmlString(false));
    byte[] bytesEncrypted = provider.Encrypt(bytesToBeEncrypted, false);
    File.WriteAllBytes(encryptedFilePath, bytesEncrypted);
}

byte[] bytesToBeDecrypted = File.ReadAllBytes(encryptedFilePath);
var certificate = new X509Certificate2(certificateFilePath, certificateFilePassword, X509KeyStorageFlags.Exportable);

CspParameters cspParams = new CspParameters(24);
using (var provider = new RSACryptoServiceProvider(cspParams))
{
    provider.FromXmlString(certificate.PrivateKey.ToXmlString(true));
    byte[] bytesDecrypted = provider.Decrypt(bytesToBeDecrypted, false);
    File.WriteAllBytes(decryptedFilePath, bytesDecrypted);
}

string password = GetRandomString();

byte[] bytesToBeEncrypted = File.ReadAllBytes(filePathToEncrypt);
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
byte[] bytesEncrypted;

// Hash the password with SHA256
passwordBytes = SHA256.Create().ComputeHash(passwordBytes);
// Store the key in a file
File.WriteAllBytes(keyFilePath, passwordBytes);

using (MemoryStream ms = new MemoryStream())
{
    using (AesManaged AES = new AesManaged())
    {
        AES.KeySize = 256;
        AES.Mode = CipherMode.ECB;
        AES.IV = new byte[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; // CRB mode uses an empty IV
        AES.Key = passwordBytes;
        AES.Padding = PaddingMode.PKCS7;

        using (CryptoStream cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write))
        {
            cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
            cs.Close();
        }
        bytesEncrypted = ms.ToArray();
    }
}

File.WriteAllBytes(encryptedFilePath, bytesEncrypted);

private string GetRandomString()
{
    var sb = new StringBuilder();
    Random rnd = new Random();
    int size = rnd.Next(5, 10);

    for (int i = 0; i < size; i++)
    {
        sb.Append(Guid.NewGuid().ToString());
    }
    return sb.ToString();
}

byte[] bytesToBeDecrypted = File.ReadAllBytes(encryptedFilePath);
byte[] passwordBytes = File.ReadAllBytes(keyFilePath);
byte[] bytesDecrypted;

using (MemoryStream ms = new MemoryStream(bytesToBeDecrypted))
{
    using (AesManaged AES = new AesManaged())
    {
        AES.KeySize = 256;
        AES.Mode = CipherMode.ECB;
        AES.IV = new byte[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; // CRB mode uses an empty IV
        AES.Key = passwordBytes;
        AES.Padding = PaddingMode.PKCS7;

        using (CryptoStream cs = new CryptoStream(ms, AES.CreateDecryptor(), CryptoStreamMode.Write))
        {
            cs.Write(bytesToBeDecrypted, 0, bytesToBeDecrypted.Length);
            cs.Close();
        }
        bytesDecrypted = ms.ToArray();
    }
}
File.WriteAllBytes(decryptedFilePath, bytesDecrypted);