Verify that a X509Certificate can be used for key exchange
Here is another method that earned it’s place in my ever growing toolbox:
public static bool CanDoKeyExchange(this X509Certificate2 certificate)
{
if (!certificate.HasPrivateKey) return false;
var privateKey = certificate.PrivateKey as RSACryptoServiceProvider;
if (privateKey == null) return false;
var canDoKeyExchange = privateKey.CspKeyContainerInfo.KeyNumber == KeyNumber.Exchange;
return canDoKeyExchange;
}