No error encrypting / decrypting data with an expired certificate using RSACryptoServiceProvider

I currently doing a proof of concept to encrypt data using a certificate. It works well but now, I want to try a scenario when the certificate is expired. I created an expired certificate and I was surprise to notice that everthing works property even with the expired certificate. I was expecting an error.

Do you know if it's because it's a self signed certificate ?

Here's the code I using to test my case

public void Encrypt_decrypt_with_expired_certificate()
    var baseString = "This is an encryption test";
    X509Certificate2 newX509Certificate2 = new X509Certificate2("d:\\testx509certExpired.pfx", "apassword");
    Console.WriteLine(newX509Certificate2.NotAfter); //Show the expiration date which is in the past
    var encryptor = new CertificateEncryptor(newX509Certificate2); //This class is a simple wrapper around RSACryptoServiceProvider

    string encryptedResult = encryptor.Encrypt(baseString); //Exception expected because of the expired certificate but not thrown

    Console.WriteLine("Base string : {0}", baseString);
    Console.WriteLine("Encrypted string : {0}", encryptedResult);

    //revert back
    string decryptedString = encryptor.Decrypt(encryptedResult);
    Console.WriteLine("Decrypted string : {0}", decryptedString);
    Assert.AreEqual(baseString, decryptedString);



As GregS said, RSACryptoServiceProvider class (not X509Certificate2) provides an ability to perform cryptographic operations. RSACryptoServiceProvider knows nothing about certificate, it knows only keys and their parameters. This is why you don't see any errors.

This means that certificate validation -- is your app responsibility. You should check certificate when encrypting data and skip all certificate checks to decrypt data.

