Add SignedCms to the TypeForwards in the System.Security.Cryptography.Pkcs facade (#18325)

* Add SignedCms to the typeforwards in the System.Security.Cryptography.Pkcs facade

* Added additional missing types from System.Security.Cryptography.Pkcs.

* It would be nice if the files I added had namespaces ;-)

* Bump API snapshot submodule

* [csproj] Update project files

Co-authored-by: monojenkins <jo.shields+jenkins@xamarin.com>

Fixes https://github.com/mono/mono/issues/18323

20 files changed, 1095 insertions, 2 deletions

diff --git a/external/api-snapshot b/external/api-snapshot
-Subproject 0d04b48a9d018249f75e950a3fc248aaf240092
+Subproject c58c68d3c0c70ff011912fbc310da665dbd80c6
diff --git a/mcs/class/Facades/System.Security.Cryptography.Pkcs/TypeForwarders.cs b/mcs/class/Facades/System.Security.Cryptography.Pkcs/TypeForwarders.cs
index db96723509e..0054d951a89 100644
--- a/mcs/class/Facades/System.Security.Cryptography.Pkcs/TypeForwarders.cs
+++ b/mcs/class/Facades/System.Security.Cryptography.Pkcs/TypeForwarders.cs
@@ -27,14 +27,28 @@
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.CmsRecipient))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.CmsRecipientCollection))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.CmsRecipientEnumerator))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.CmsSigner))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.ContentInfo))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.EnvelopedCms))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.KeyAgreeRecipientInfo))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.KeyTransRecipientInfo))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12Builder))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12CertBag))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12ConfidentialityMode))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12Info))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12IntegrityMode))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12KeyBag))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12SafeBag))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12SafeContents))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12SafeContentsBag))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12SecretBag))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs12ShroudedKeyBag))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs8PrivateKeyInfo))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs9AttributeObject))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs9ContentType))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs9DocumentDescription))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs9DocumentName))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs9LocalKeyId))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs9MessageDigest))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Pkcs9SigningTime))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.PublicKeyInfo))]
@@ -42,10 +56,15 @@
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.RecipientInfoCollection))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.RecipientInfoEnumerator))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.RecipientInfoType))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Rfc3161TimestampToken))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.Rfc3161TimestampTokenInfo))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.SignedCms))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.SignerInfo))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.SignerInfoCollection))]
+[assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.SignerInfoEnumerator))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.SubjectIdentifier))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.SubjectIdentifierOrKey))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.SubjectIdentifierOrKeyType))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Pkcs.SubjectIdentifierType))]
 [assembly: System.Runtime.CompilerServices.TypeForwardedToAttribute(typeof(System.Security.Cryptography.Xml.X509IssuerSerial))]
-
-
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12Builder.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12Builder.NotSupported.cs
new file mode 100644
index 00000000000..95ce4ff018b
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12Builder.NotSupported.cs
@@ -0,0 +1,115 @@
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Pkcs;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Enables the creation of PKCS#12 PFX data values. This class cannot be inherited.</summary>
+    public sealed class Pkcs12Builder {
+        /// <summary>Gets a value that indicates whether the PFX data has been sealed.</summary>
+        /// <returns>A value that indicates whether the PFX data has been sealed.</returns>
+        public bool IsSealed {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Add contents to the PFX in an bundle encrypted with a byte-based password from a byte array.</summary>
+        /// <param name="safeContents">The contents to add to the PFX.</param>
+        /// <param name="passwordBytes">The byte array to use as a password when encrypting the contents.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the contents.</param>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> or <paramref name="pbeParameters" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter value is already encrypted.</exception>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">
+        ///   <paramref name="pbeParameters" /> indicates that <see cref="F:System.Security.Cryptography.PbeEncryptionAlgorithm.TripleDes3KeyPkcs12" /> should be used, which requires <see cref="T:System.Char" />-based passwords.</exception>
+        public void AddSafeContentsEncrypted (Pkcs12SafeContents safeContents, byte[] passwordBytes, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Add contents to the PFX in an bundle encrypted with a byte-based password from a span.</summary>
+        /// <param name="safeContents">The contents to add to the PFX.</param>
+        /// <param name="passwordBytes">The byte span to use as a password when encrypting the contents.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the contents.</param>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> or <paramref name="pbeParameters" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter value is already encrypted.</exception>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">
+        ///   <paramref name="pbeParameters" /> indicates that <see cref="F:System.Security.Cryptography.PbeEncryptionAlgorithm.TripleDes3KeyPkcs12" /> should be used, which requires <see cref="T:System.Char" />-based passwords.</exception>
+        public void AddSafeContentsEncrypted (Pkcs12SafeContents safeContents, ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Add contents to the PFX in an bundle encrypted with a char-based password from a span.</summary>
+        /// <param name="safeContents">The contents to add to the PFX.</param>
+        /// <param name="password">The span to use as a password when encrypting the contents.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the contents.</param>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> or <paramref name="pbeParameters" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter value is already encrypted.</exception>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
+        public void AddSafeContentsEncrypted (Pkcs12SafeContents safeContents, ReadOnlySpan<char> password, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Add contents to the PFX in an bundle encrypted with a char-based password from a string.</summary>
+        /// <param name="safeContents">The contents to add to the PFX.</param>
+        /// <param name="password">The string to use as a password when encrypting the contents.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the contents.</param>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> or <paramref name="pbeParameters" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter value is already encrypted.</exception>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
+        public void AddSafeContentsEncrypted (Pkcs12SafeContents safeContents, string password, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Add contents to the PFX without encrypting them.</summary>
+        /// <param name="safeContents">The contents to add to the PFX.</param>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
+        public void AddSafeContentsUnencrypted (Pkcs12SafeContents safeContents) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Encodes the contents of a sealed PFX and returns it as a byte array.</summary>
+        /// <returns>A byte array representing the encoded form of the PFX.</returns>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is not sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="false" />).</exception>
+        public byte[] Encode () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Seals the PFX against further changes by applying a password-based Message Authentication Code (MAC) over the contents with a password from a span.</summary>
+        /// <param name="password">The password to use as a key for computing the MAC.</param>
+        /// <param name="hashAlgorithm">The hash algorithm to use when computing the MAC.</param>
+        /// <param name="iterationCount">The iteration count for the Key Derivation Function (KDF) used in computing the MAC.</param>
+        /// <exception cref="T:System.ArgumentOutOfRangeException">The <paramref name="iterationCount" /> parameter is less than or equal to 0.</exception>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
+        public void SealWithMac (ReadOnlySpan<char> password, HashAlgorithmName hashAlgorithm, int iterationCount) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Seals the PFX against further changes by applying a password-based Message Authentication Code (MAC) over the contents with a password from a string.</summary>
+        /// <param name="password">The password to use as a key for computing the MAC.</param>
+        /// <param name="hashAlgorithm">The hash algorithm to use when computing the MAC.</param>
+        /// <param name="iterationCount">The iteration count for the Key Derivation Function (KDF) used in computing the MAC.</param>
+        /// <exception cref="T:System.ArgumentOutOfRangeException">The <paramref name="iterationCount" /> parameter is less than or equal to 0.</exception>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
+        public void SealWithMac (string password, HashAlgorithmName hashAlgorithm, int iterationCount) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Seals the PFX from further changes without applying tamper-protection.</summary>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is already sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="true" />).</exception>
+        public void SealWithoutIntegrity () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Attempts to encode the contents of a sealed PFX into a provided buffer.</summary>
+        /// <param name="destination">The byte span to receive the PKCS#12 PFX data.</param>
+        /// <param name="bytesWritten">When this method returns, contains a value that indicates the number of bytes written to <paramref name="destination" />. This parameter is treated as uninitialized.</param>
+        /// <returns>
+        ///   <see langword="true" /> if <paramref name="destination" /> is big enough to receive the output; otherwise, <see langword="false" />.</returns>
+        /// <exception cref="T:System.InvalidOperationException">The PFX is not sealed (<see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Builder.IsSealed" /> is <see langword="false" />).</exception>
+        public bool TryEncode (Span<byte> destination, out int bytesWritten) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12CertBag.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12CertBag.NotSupported.cs
new file mode 100644
index 00000000000..8e074f7386f
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12CertBag.NotSupported.cs
@@ -0,0 +1,50 @@
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Pkcs;
+using System.Security.Cryptography.X509Certificates;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents the PKCS#12 CertBag. This class cannot be inherited.</summary>
+    public sealed class Pkcs12CertBag : Pkcs12SafeBag {
+        /// <summary>Gets the uninterpreted certificate contents of the CertSafeBag.</summary>
+        /// <returns>The uninterpreted certificate contents of the CertSafeBag.</returns>
+        public ReadOnlyMemory<byte> EncodedCertificate {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Gets a value indicating whether the content type of the encoded certificate value is the X.509 public key certificate content type.</summary>
+        /// <returns>
+        ///   <see langword="true" /> if the content type is the X.509 public key certificate content type (1.2.840.113549.1.9.22.1); otherwise, <see langword="false" />.</returns>
+        public bool IsX509Certificate {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12CertBag" /> class using the specified certificate type and encoding.</summary>
+        /// <param name="certificateType">The Object Identifier (OID) for the certificate type.</param>
+        /// <param name="encodedCertificate">The encoded certificate value.</param>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="certificateType" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The <paramref name="encodedCertificate" /> parameter does not represent a single ASN.1 BER-encoded value.</exception>
+        public Pkcs12CertBag (Oid certificateType, ReadOnlyMemory<byte> encodedCertificate)
+            : base (null, default(ReadOnlyMemory<byte>)) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Gets the contents of the CertBag interpreted as an X.509 public key certificate.</summary>
+        /// <returns>A certificate decoded from the contents of the CertBag.</returns>
+        /// <exception cref="">The content type is not the X.509 public key certificate content type.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The contents were not valid for the X.509 certificate content type.</exception>
+        public X509Certificate2 GetCertificate () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Gets the Object Identifier (OID) which identifies the content type of the encoded certificte value.</summary>
+        /// <returns>The Object Identifier (OID) which identifies the content type of the encoded certificate value.</returns>
+        public Oid GetCertificateType () {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
\ No newline at end of file
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12ConfidentialityMode.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12ConfidentialityMode.NotSupported.cs
new file mode 100644
index 00000000000..5cf164d4444
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12ConfidentialityMode.NotSupported.cs
@@ -0,0 +1,13 @@
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents the kind of encryption associated with a PKCS#12 SafeContents value.</summary>
+    public enum Pkcs12ConfidentialityMode {
+        /// <summary>The SafeContents value is not encrypted.</summary>
+        None = 1,
+        /// <summary>The SafeContents value is encrypted with a password.</summary>
+        Password = 2,
+        /// <summary>The SafeContents value is encrypted using public key cryptography.</summary>
+        PublicKey = 3,
+        /// <summary>The kind of encryption applied to the SafeContents is unknown or could not be determined.</summary>
+        Unknown = 0
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12Info.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12Info.NotSupported.cs
new file mode 100644
index 00000000000..69c7a2b4347
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12Info.NotSupported.cs
@@ -0,0 +1,59 @@
+using System;
+using System.Collections.ObjectModel;
+using System.Security.Cryptography.Pkcs;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents the data from PKCS#12 PFX contents. This class cannot be inherited.</summary>
+    public sealed class Pkcs12Info {
+        /// <summary>Gets a read-only collection of the SafeContents values present in the PFX AuthenticatedSafe.</summary>
+        /// <returns>A read-only collection of the SafeContents values present in the PFX AuthenticatedSafe.</returns>
+        public ReadOnlyCollection<Pkcs12SafeContents> AuthenticatedSafe {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Gets a value that indicates the type of tamper protection provided for the <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Info.AuthenticatedSafe" /> contents.</summary>
+        /// <returns>One of the enumeration members that indicates the type of tamper protection provided for the <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Info.AuthenticatedSafe" /> contents.</returns>
+        public Pkcs12IntegrityMode IntegrityMode {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        internal Pkcs12Info () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Reads the provided data as a PKCS#12 PFX and returns an object view of the contents.</summary>
+        /// <param name="encodedBytes">The data to interpret as a PKCS#12 PFX.</param>
+        /// <param name="bytesConsumed">When this method returns, contains a value that indicates the number of bytes from <paramref name="encodedBytes" /> which were read by this method. This parameter is treated as uninitialized.</param>
+        /// <param name="skipCopy">
+        ///   <see langword="true" /> to store <paramref name="encodedBytes" /> without making a defensive copy; otherwise, <see langword="false" />. The default is <see langword="false" />.</param>
+        /// <returns>An object view of the PKCS#12 PFX decoded from the input.</returns>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The contents of the <paramref name="encodedBytes" /> parameter were not successfully decoded as a PKCS#12 PFX.</exception>
+        public static Pkcs12Info Decode (ReadOnlyMemory<byte> encodedBytes, out int bytesConsumed, bool skipCopy = false) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Attempts to verify the integrity of the <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Info.AuthenticatedSafe" /> contents with a password represented by a <see cref="System.ReadOnlySpan{System.Char}" />.</summary>
+        /// <param name="password">The password to use to attempt to verify integrity.</param>
+        /// <returns>
+        ///   <see langword="true" /> if the password successfully verifies the integrity of the <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Info.AuthenticatedSafe" /> contents; <see langword="false" /> if the password is not correct or the contents have been altered.</returns>
+        /// <exception cref="T:System.InvalidOperationException">The <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Info.IntegrityMode" /> value is not <see cref="F:System.Security.Cryptography.Pkcs.Pkcs12IntegrityMode.Password" />.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The hash algorithm option specified by the PKCS#12 PFX contents could not be identified or is not supported by this platform.</exception>
+        public bool VerifyMac (ReadOnlySpan<char> password) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Attempts to verify the integrity of the <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Info.AuthenticatedSafe" /> contents with a password represented by a <see cref="T:System.String" />.</summary>
+        /// <param name="password">The password to use to attempt to verify integrity.</param>
+        /// <returns>
+        ///   <see langword="true" /> if the password successfully verifies the integrity of the <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Info.AuthenticatedSafe" /> contents; <see langword="false" /> if the password is not correct or the contents have been altered.</returns>
+        /// <exception cref="T:System.InvalidOperationException">The <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12Info.IntegrityMode" /> value is not <see cref="F:System.Security.Cryptography.Pkcs.Pkcs12IntegrityMode.Password" />.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The hash algorithm option specified by the PKCS#12 PFX contents could not be identified or is not supported by this platform.</exception>
+        public bool VerifyMac (string password) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12IntegrityMode.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12IntegrityMode.NotSupported.cs
new file mode 100644
index 00000000000..dc6ffb67403
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12IntegrityMode.NotSupported.cs
@@ -0,0 +1,13 @@
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents the type of anti-tampering applied to a PKCS#12 PFX value.</summary>
+    public enum Pkcs12IntegrityMode {
+        /// <summary>The PKCS#12 PFX value is not protected from tampering.</summary>
+        None = 1,
+        /// <summary>The PKCS#12 PFX value is protected from tampering with a Message Authentication Code (MAC) keyed with a password.</summary>
+        Password = 2,
+        /// <summary>The PKCS#12 PFX value is protected from tampering with a digital signature using public key cryptography.</summary>
+        PublicKey = 3,
+        /// <summary>The type of anti-tampering applied to the PKCS#12 PFX is unknown or could not be determined.</summary>
+        Unknown = 0
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12KeyBag.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12KeyBag.NotSupported.cs
new file mode 100644
index 00000000000..5c9e6bf55a0
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12KeyBag.NotSupported.cs
@@ -0,0 +1,25 @@
+using System;
+using System.Security.Cryptography.Pkcs;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents the KeyBag from PKCS#12, a container whose contents are a PKCS#8 PrivateKeyInfo. This class cannot be inherited.</summary>
+    public sealed class Pkcs12KeyBag : Pkcs12SafeBag {
+        /// <summary>Gets a memory value containing the PKCS#8 PrivateKeyInfo value transported by this bag.</summary>
+        /// <returns>A memory value containing the PKCS#8 PrivateKeyInfo value transported by this bag.</returns>
+        public ReadOnlyMemory<byte> Pkcs8PrivateKey {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12KeyBag" /> from an existing encoded PKCS#8 PrivateKeyInfo value.</summary>
+        /// <param name="pkcs8PrivateKey">A BER-encoded PKCS#8 PrivateKeyInfo value.</param>
+        /// <param name="skipCopy">
+        ///   <see langword="true" /> to store <paramref name="pkcs8PrivateKey" /> without making a defensive copy; otherwise, <see langword="false" />. The default is <see langword="false" />.</param>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The <paramref name="pkcs8privateKey" /> parameter does not represent a single ASN.1 BER-encoded value.</exception>
+        public Pkcs12KeyBag (ReadOnlyMemory<byte> pkcs8PrivateKey, bool skipCopy = false)
+            : base (null, default(ReadOnlyMemory<byte>)) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SafeBag.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SafeBag.NotSupported.cs
new file mode 100644
index 00000000000..1f32260e3c7
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SafeBag.NotSupported.cs
@@ -0,0 +1,57 @@
+using System;
+using System.Security.Cryptography;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Defines the core behavior of a SafeBag value from the PKCS#12 specification and provides a base for derived classes.</summary>
+    public abstract class Pkcs12SafeBag {
+        /// <summary>Gets the modifiable collection of attributes to encode with the SafeBag value.</summary>
+        /// <returns>The modifiable collection of attributes to encode with the SafeBag value.</returns>
+        public CryptographicAttributeObjectCollection Attributes {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Gets the ASN.1 BER encoding of the contents of this SafeBag.</summary>
+        /// <returns>The ASN.1 BER encoding of the contents of this SafeBag.</returns>
+        public ReadOnlyMemory<byte> EncodedBagValue {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Called from constructors in derived classes to initialize the <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12SafeBag" /> class.</summary>
+        /// <param name="bagIdValue">The Object Identifier (OID), in dotted decimal form, indicating the data type of this SafeBag.</param>
+        /// <param name="encodedBagValue">The ASN.1 BER encoded value of the SafeBag contents.</param>
+        /// <param name="skipCopy">
+        ///   <see langword="true" /> to store <paramref name="encodedBagValue" /> without making a defensive copy; otherwise, <see langword="false" />. The default is <see langword="false" />.</param>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="bagIdValue" /> parameter is <see langword="null" /> or the empty string.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The <paramref name="encodedBagValue" /> parameter does not represent a single ASN.1 BER-encoded value.</exception>
+        protected Pkcs12SafeBag (string bagIdValue, ReadOnlyMemory<byte> encodedBagValue, bool skipCopy = false) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Encodes the SafeBag value and returns it as a byte array.</summary>
+        /// <returns>A byte array representing the encoded form of the SafeBag.</returns>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The object identifier value passed to the constructor was invalid.</exception>
+        public byte[] Encode () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Gets the Object Identifier (OID) identifying the content type of this SafeBag.</summary>
+        /// <returns>The Object Identifier (OID) identifying the content type of this SafeBag.</returns>
+        public Oid GetBagId () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Attempts to encode the SafeBag value into a provided buffer.</summary>
+        /// <param name="destination">The byte span to receive the encoded SafeBag value.</param>
+        /// <param name="bytesWritten">When this method returns, contains a value that indicates the number of bytes written to <paramref name="destination" />. This parameter is treated as uninitialized.</param>
+        /// <returns>
+        ///   <see langword="true" /> if <paramref name="destination" /> is big enough to receive the output; otherwise, <see langword="false" />.</returns>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The object identifier value passed to the constructor was invalid.</exception>
+        public bool TryEncode (Span<byte> destination, out int bytesWritten) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SafeContents.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SafeContents.NotSupported.cs
new file mode 100644
index 00000000000..3a02a792cbb
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SafeContents.NotSupported.cs
@@ -0,0 +1,171 @@
+using System;
+using System.Collections.Generic;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Pkcs;
+using System.Security.Cryptography.X509Certificates;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents a PKCS#12 SafeContents value. This class cannot be inherited.</summary>
+    public sealed class Pkcs12SafeContents {
+        /// <summary>Gets a value that indicates the type of encryption applied to the contents.</summary>
+        /// <returns>One of the enumeration values that indicates the type of encryption applied to the contents. The default value is <see cref="F:System.Security.Cryptography.Pkcs.Pkcs12ConfidentialityMode.None" />.</returns>
+        public Pkcs12ConfidentialityMode ConfidentialityMode {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Gets a value that indicates whether this instance in a read-only state.</summary>
+        /// <returns>
+        ///   <see langword="true" /> if this value is in a read-only state; otherwise, <see langword="false" />. The default value is <see langword="false" />.</returns>
+        public bool IsReadOnly {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Adds a certificate to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12CertBag" /> and returns the newly created bag instance.</summary>
+        /// <param name="certificate">The certificate to add.</param>
+        /// <returns>The bag instance which was added to the SafeContents.</returns>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="certificate" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The <paramref name="certificate" /> parameter is in an invalid state.</exception>
+        public Pkcs12CertBag AddCertificate (X509Certificate2 certificate) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Adds an asymmetric private key to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12KeyBag" /> and returns the newly created bag instance.</summary>
+        /// <param name="key">The asymmetric private key to add.</param>
+        /// <returns>The bag instance which was added to the SafeContents.</returns>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="key" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The key export failed.</exception>
+        public Pkcs12KeyBag AddKeyUnencrypted (AsymmetricAlgorithm key) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Adds a nested SafeContents to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12SafeContentsBag" /> and returns the newly created bag instance.</summary>
+        /// <param name="safeContents">The nested contents to add to the SafeContents.</param>
+        /// <returns>The bag instance which was added to the SafeContents.</returns>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeContents" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.ArgumentException">The <paramref name="safeContents" /> parameter is encrypted.</exception>
+        /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
+        public Pkcs12SafeContentsBag AddNestedContents (Pkcs12SafeContents safeContents) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Adds a SafeBag to the SafeContents.</summary>
+        /// <param name="safeBag">The SafeBag value to add.</param>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="safeBag" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
+        public void AddSafeBag (Pkcs12SafeBag safeBag) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Adds an ASN.1 BER-encoded value with a specified type identifier to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12SecretBag" /> and returns the newly created bag instance.</summary>
+        /// <param name="secretType">The Object Identifier (OID) which identifies the data type of the secret value.</param>
+        /// <param name="secretValue">The BER-encoded value representing the secret to add.</param>
+        /// <returns>The bag instance which was added to the SafeContents.</returns>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="secretType" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The <paramref name="secretValue" /> parameter does not represent a single ASN.1 BER-encoded value.</exception>
+        public Pkcs12SecretBag AddSecret (Oid secretType, ReadOnlyMemory<byte> secretValue) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Adds an encrypted asymmetric private key to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12ShroudedKeyBag" /> from a byte-based password in an array and returns the newly created bag instance.</summary>
+        /// <param name="key">The asymmetric private key to add.</param>
+        /// <param name="passwordBytes">The bytes to use as a password when encrypting the key material.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the key material.</param>
+        /// <returns>The bag instance which was added to the SafeContents.</returns>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="key" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The key export failed.</exception>
+        public Pkcs12ShroudedKeyBag AddShroudedKey (AsymmetricAlgorithm key, byte[] passwordBytes, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Adds an encrypted asymmetric private key to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12ShroudedKeyBag" /> from a byte-based password in a span and returns the newly created bag instance.</summary>
+        /// <param name="key">The asymmetric private key to add.</param>
+        /// <param name="passwordBytes">The bytes to use as a password when encrypting the key material.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the key material.</param>
+        /// <returns>The bag instance which was added to the SafeContents.</returns>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="key" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The key export failed.</exception>
+        public Pkcs12ShroudedKeyBag AddShroudedKey (AsymmetricAlgorithm key, ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Adds an encrypted asymmetric private key to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12ShroudedKeyBag" /> from a character-based password in a span and returns the newly created bag instance.</summary>
+        /// <param name="key">The asymmetric private key to add.</param>
+        /// <param name="password">The password to use when encrypting the key material.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the key material.</param>
+        /// <returns>The bag instance which was added to the SafeContents.</returns>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="key" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The key export failed.</exception>
+        public Pkcs12ShroudedKeyBag AddShroudedKey (AsymmetricAlgorithm key, ReadOnlySpan<char> password, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Adds an encrypted asymmetric private key to the SafeContents via a new <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12ShroudedKeyBag" /> from a character-based password in a string and returns the newly created bag instance.</summary>
+        /// <param name="key">The asymmetric private key to add.</param>
+        /// <param name="password">The password to use when encrypting the key material.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the key material.</param>
+        /// <returns>The bag instance which was added to the SafeContents.</returns>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="key" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.InvalidOperationException">This instance is read-only.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The key export failed.</exception>
+        public Pkcs12ShroudedKeyBag AddShroudedKey (AsymmetricAlgorithm key, string password, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Decrypts the contents of this SafeContents value using a byte-based password from an array.</summary>
+        /// <param name="passwordBytes">The bytes to use as a password for decrypting the encrypted contents.</param>
+        /// <exception cref="T:System.InvalidOperationException">The <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12SafeContents.ConfidentialityMode" /> property is not <see cref="F:System.Security.Cryptography.Pkcs.Pkcs12ConfidentialityMode.Password" />.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The password is incorrect.
+        /// -or-
+        /// The contents were not successfully decrypted.</exception>
+        public void Decrypt (byte[] passwordBytes) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Decrypts the contents of this SafeContents value using a byte-based password from a span.</summary>
+        /// <param name="passwordBytes">The bytes to use as a password for decrypting the encrypted contents.</param>
+        /// <exception cref="T:System.InvalidOperationException">The <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12SafeContents.ConfidentialityMode" /> property is not <see cref="F:System.Security.Cryptography.Pkcs.Pkcs12ConfidentialityMode.Password" />.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The password is incorrect.
+        /// -or-
+        /// The contents were not successfully decrypted.</exception>
+        public void Decrypt (ReadOnlySpan<byte> passwordBytes) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Decrypts the contents of this SafeContents value using a character-based password from a span.</summary>
+        /// <param name="password">The password to use for decrypting the encrypted contents.</param>
+        /// <exception cref="T:System.InvalidOperationException">The <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12SafeContents.ConfidentialityMode" /> property is not <see cref="F:System.Security.Cryptography.Pkcs.Pkcs12ConfidentialityMode.Password" />.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The password is incorrect.
+        /// -or-
+        /// The contents were not successfully decrypted.</exception>
+        public void Decrypt (ReadOnlySpan<char> password) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Decrypts the contents of this SafeContents value using a character-based password from a string.</summary>
+        /// <param name="password">The password to use for decrypting the encrypted contents.</param>
+        /// <exception cref="T:System.InvalidOperationException">The <see cref="P:System.Security.Cryptography.Pkcs.Pkcs12SafeContents.ConfidentialityMode" /> property is not <see cref="F:System.Security.Cryptography.Pkcs.Pkcs12ConfidentialityMode.Password" />.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The password is incorrect.
+        /// -or-
+        /// The contents were not successfully decrypted.</exception>
+        public void Decrypt (string password) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Gets an enumerable representation of the SafeBag values contained within the SafeContents.</summary>
+        /// <returns>An enumerable representation of the SafeBag values contained within the SafeContents.</returns>
+        /// <exception cref="T:System.InvalidOperationException">The contents are encrypted.</exception>
+        public IEnumerable<Pkcs12SafeBag> GetBags () {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SafeContentsBag.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SafeContentsBag.NotSupported.cs
new file mode 100644
index 00000000000..15f10f14d63
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SafeContentsBag.NotSupported.cs
@@ -0,0 +1,20 @@
+using System;
+using System.Security.Cryptography.Pkcs;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents the SafeContentsBag from PKCS#12, a container whose contents are a PKCS#12 SafeContents value. This class cannot be inherited.</summary>
+    public sealed class Pkcs12SafeContentsBag : Pkcs12SafeBag {
+        /// <summary>Gets the SafeContents value contained within this bag.</summary>
+        /// <returns>The SafeContents value contained within this bag.</returns>
+        public Pkcs12SafeContents SafeContents {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        internal Pkcs12SafeContentsBag ()
+            : base (null, default(ReadOnlyMemory<byte>)) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SecretBag.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SecretBag.NotSupported.cs
new file mode 100644
index 00000000000..65552677408
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12SecretBag.NotSupported.cs
@@ -0,0 +1,27 @@
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Pkcs;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents the SecretBag from PKCS#12, a container whose contents are arbitrary data with a type identifier. This class cannot be inherited.</summary>
+    public sealed class Pkcs12SecretBag : Pkcs12SafeBag {
+        /// <summary>Gets a memory value containing the BER-encoded contents of the bag.</summary>
+        /// <returns>A memory value containing the BER-encoded contents of the bag.</returns>
+        public ReadOnlyMemory<byte> SecretValue {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        internal Pkcs12SecretBag ()
+            : base (null, default(ReadOnlyMemory<byte>)) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Gets the Object Identifier (OID) which identifies the data type of the secret value.</summary>
+        /// <returns>The Object Identifier (OID) which identifies the data type of the secret value.</returns>
+        public Oid GetSecretType () {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12ShroudedKeyBag.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12ShroudedKeyBag.NotSupported.cs
new file mode 100644
index 00000000000..14bc04c105c
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs12ShroudedKeyBag.NotSupported.cs
@@ -0,0 +1,25 @@
+using System;
+using System.Security.Cryptography.Pkcs;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents the ShroudedKeyBag from PKCS#12, a container whose contents are a PKCS#8 EncryptedPrivateKeyInfo. This class cannot be inherited.</summary>
+    public sealed class Pkcs12ShroudedKeyBag : Pkcs12SafeBag {
+        /// <summary>Gets a memory value containing the PKCS#8 EncryptedPrivateKeyInfo value transported by this bag.</summary>
+        /// <returns>A memory value containing the PKCS#8 EncryptedPrivateKeyInfo value transported by this bag.</returns>
+        public ReadOnlyMemory<byte> EncryptedPkcs8PrivateKey {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.Pkcs.Pkcs12ShroudedKeyBag" /> from an existing encoded PKCS#8 EncryptedPrivateKeyInfo value.</summary>
+        /// <param name="encryptedPkcs8PrivateKey">A BER-encoded PKCS#8 EncryptedPrivateKeyInfo value.</param>
+        /// <param name="skipCopy">
+        ///   <see langword="true" /> to store <paramref name="encryptedPkcs8PrivateKey" /> without making a defensive copy; otherwise, <see langword="false" />. The default is <see langword="false" />.</param>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The <paramref name="encryptedPkcs8privateKey" /> parameter does not represent a single ASN.1 BER-encoded value.</exception>
+        public Pkcs12ShroudedKeyBag (ReadOnlyMemory<byte> encryptedPkcs8PrivateKey, bool skipCopy = false)
+            : base (null, default(ReadOnlyMemory<byte>)) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs8PrivateKeyInfo.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs8PrivateKeyInfo.NotSupported.cs
new file mode 100644
index 00000000000..719c890da99
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs8PrivateKeyInfo.NotSupported.cs
@@ -0,0 +1,149 @@
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Pkcs;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Enables the inspection of and creation of PKCS#8 PrivateKeyInfo and EncryptedPrivateKeyInfo values. This class cannot be inherited.</summary>
+    public sealed class Pkcs8PrivateKeyInfo {
+        /// <summary>Gets the Object Identifier (OID) value identifying the algorithm this key is for.</summary>
+        /// <returns>The Object Identifier (OID) value identifying the algorithm this key is for.</returns>
+        public Oid AlgorithmId {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Gets a memory value containing the BER-encoded algorithm parameters associated with this key.</summary>
+        /// <returns>A memory value containing the BER-encoded algorithm parameters associated with this key, or <see langword="null" /> if no parameters were present.</returns>
+        public ReadOnlyMemory<byte>? AlgorithmParameters {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Gets the modifiable collection of attributes for this private key.</summary>
+        /// <returns>The modifiable collection of attributes to encode with the private key.</returns>
+        public CryptographicAttributeObjectCollection Attributes {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Gets a memory value that represents the algorithm-specific encoded private key.</summary>
+        /// <returns>A memory value that represents the algorithm-specific encoded private key.</returns>
+        public ReadOnlyMemory<byte> PrivateKeyBytes {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.Pkcs.Pkcs8PrivateKeyInfo" /> class.</summary>
+        /// <param name="algorithmId">The Object Identifier (OID) identifying the asymmetric algorithm this key is for.</param>
+        /// <param name="algorithmParameters">The BER-encoded algorithm parameters associated with this key, or <see langword="null" /> to omit algorithm parameters when encoding.</param>
+        /// <param name="privateKey">The algorithm-specific encoded private key.</param>
+        /// <param name="skipCopies">
+        ///   <see langword="true" /> to store <paramref name="algorithmParameters" /> and <paramref name="privateKey" /> without making a defensive copy; otherwise, <see langword="false" />. The default is <see langword="false" />.</param>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="algorithmId" /> parameter is <see langword="null" />.</exception>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The <paramref name="algorithmParameters" /> parameter is not <see langword="null" />, empty, or a single BER-encoded value.</exception>
+        public Pkcs8PrivateKeyInfo (Oid algorithmId, ReadOnlyMemory<byte>? algorithmParameters, ReadOnlyMemory<byte> privateKey, bool skipCopies = false) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Exports a specified key as a PKCS#8 PrivateKeyInfo and returns its decoded interpretation.</summary>
+        /// <param name="privateKey">The private key to represent in a PKCS#8 PrivateKeyInfo.</param>
+        /// <returns>The decoded interpretation of the exported PKCS#8 PrivateKeyInfo.</returns>
+        /// <exception cref="T:System.ArgumentNullException">The <paramref name="privateKey" /> parameter is <see langword="null" />.</exception>
+        public static Pkcs8PrivateKeyInfo Create (AsymmetricAlgorithm privateKey) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Reads the provided data as a PKCS#8 PrivateKeyInfo and returns an object view of the contents.</summary>
+        /// <param name="source">The data to interpret as a PKCS#8 PrivateKeyInfo value.</param>
+        /// <param name="bytesRead">When this method returns, contains a value that indicates the number of bytes read from <paramref name="source" />. This parameter is treated as uninitialized.</param>
+        /// <param name="skipCopy">
+        ///   <see langword="true" /> to store <paramref name="source" /> without making a defensive copy; otherwise, <see langword="false" />. The default is <see langword="false" />.</param>
+        /// <returns>An object view of the contents decoded as a PKCS#8 PrivateKeyInfo.</returns>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The contents of the <paramref name="source" /> parameter were not successfully decoded as a PKCS#8 PrivateKeyInfo.</exception>
+        public static Pkcs8PrivateKeyInfo Decode (ReadOnlyMemory<byte> source, out int bytesRead, bool skipCopy = false) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Decrypts the provided data using the provided byte-based password and decodes the output into an object view of the PKCS#8 PrivateKeyInfo.</summary>
+        /// <param name="passwordBytes">The bytes to use as a password when decrypting the key material.</param>
+        /// <param name="source">The data to read as a PKCS#8 EncryptedPrivateKeyInfo structure in the ASN.1-BER encoding.</param>
+        /// <param name="bytesRead">When this method returns, contains a value that indicates the number of bytes read from <paramref name="source" />. This parameter is treated as uninitialized.</param>
+        /// <returns>An object view of the contents decrypted decoded as a PKCS#8 PrivateKeyInfo.</returns>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">The password is incorrect.
+        /// -or-
+        /// The contents of <paramref name="source" /> indicate the Key Derivation Function (KDF) to apply is the legacy PKCS#12 KDF, which requires <see cref="T:System.Char" />-based passwords.
+        /// -or-
+        /// The contents of <paramref name="source" /> do not represent an ASN.1-BER-encoded PKCS#8 EncryptedPrivateKeyInfo structure.</exception>
+        public static Pkcs8PrivateKeyInfo DecryptAndDecode (ReadOnlySpan<byte> passwordBytes, ReadOnlyMemory<byte> source, out int bytesRead) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Decrypts the provided data using the provided character-based password and decodes the output into an object view of the PKCS#8 PrivateKeyInfo.</summary>
+        /// <param name="password">The password to use when decrypting the key material.</param>
+        /// <param name="source">The bytes of a PKCS#8 EncryptedPrivateKeyInfo structure in the ASN.1-BER encoding.</param>
+        /// <param name="bytesRead">When this method returns, contains a value that indicates the number of bytes read from <paramref name="source" />. This parameter is treated as uninitialized.</param>
+        /// <returns>An object view of the contents decrypted decoded as a PKCS#8 PrivateKeyInfo.</returns>
+        public static Pkcs8PrivateKeyInfo DecryptAndDecode (ReadOnlySpan<char> password, ReadOnlyMemory<byte> source, out int bytesRead) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Encodes the property data of this instance as a PKCS#8 PrivateKeyInfo and returns the encoding as a byte array.</summary>
+        /// <returns>A byte array representing the encoded form of the PKCS#8 PrivateKeyInfo.</returns>
+        public byte[] Encode () {
+            throw new PlatformNotSupportedException();
+        }
+
+        /// <summary>Produces a PKCS#8 EncryptedPrivateKeyInfo from the property contents of this object after encrypting with the specified byte-based password and encryption parameters.</summary>
+        /// <param name="passwordBytes">The bytes to use as a password when encrypting the key material.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the key material.</param>
+        /// <returns>A byte array containing the encoded form of the PKCS#8 EncryptedPrivateKeyInfo.</returns>
+        /// <exception cref="T:System.Security.Cryptography.CryptographicException">
+        ///   <paramref name="pbeParameters" /> indicates that <see cref="F:System.Security.Cryptography.PbeEncryptionAlgorithm.TripleDes3KeyPkcs12" /> should be used, which requires <see cref="T:System.Char" />-based passwords.</exception>
+        public byte[] Encrypt (ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Produces a PKCS#8 EncryptedPrivateKeyInfo from the property contents of this object after encrypting with the specified character-based password and encryption parameters.</summary>
+        /// <param name="password">The password to use when encrypting the key material.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the key material.</param>
+        /// <returns>A byte array containing the encoded form of the PKCS#8 EncryptedPrivateKeyInfo.</returns>
+        public byte[] Encrypt (ReadOnlySpan<char> password, PbeParameters pbeParameters) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Attempts to encode the property data of this instance as a PKCS#8 PrivateKeyInfo, writing the results into a provided buffer.</summary>
+        /// <param name="destination">The byte span to receive the PKCS#8 PrivateKeyInfo data.</param>
+        /// <param name="bytesWritten">When this method returns, contains a value that indicates the number of bytes written to <paramref name="destination" />. This parameter is treated as uninitialized.</param>
+        /// <returns>
+        ///   <see langword="true" /> if <paramref name="destination" /> is big enough to receive the output; otherwise, <see langword="false" />.</returns>
+        public bool TryEncode (Span<byte> destination, out int bytesWritten) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Attempts to produce a PKCS#8 EncryptedPrivateKeyInfo from the property contents of this object after encrypting with the specified byte-based password and encryption parameters, writing the results into a provided buffer.</summary>
+        /// <param name="passwordBytes">The bytes to use as a password when encrypting the key material.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the key material.</param>
+        /// <param name="destination">The byte span to receive the PKCS#8 EncryptedPrivateKeyInfo data.</param>
+        /// <param name="bytesWritten">When this method returns, contains a value that indicates the number of bytes written to <paramref name="destination" />. This parameter is treated as uninitialized.</param>
+        /// <returns>
+        ///   <see langword="true" /> if <paramref name="destination" /> is big enough to receive the output; otherwise, <see langword="false" />.</returns>
+        public bool TryEncrypt (ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters, Span<byte> destination, out int bytesWritten) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Attempts to produce a PKCS#8 EncryptedPrivateKeyInfo from the property contents of this object after encrypting with the specified character-based password and encryption parameters, writing the result into a provided buffer.</summary>
+        /// <param name="password">The password to use when encrypting the key material.</param>
+        /// <param name="pbeParameters">The password-based encryption (PBE) parameters to use when encrypting the key material.</param>
+        /// <param name="destination">The byte span to receive the PKCS#8 EncryptedPrivateKeyInfo data.</param>
+        /// <param name="bytesWritten">When this method returns, contains a value that indicates the number of bytes written to <paramref name="destination" />. This parameter is treated as uninitialized.</param>
+        /// <returns>
+        ///   <see langword="true" /> if <paramref name="destination" /> is big enough to receive the output; otherwise, <see langword="false" />.</returns>
+        public bool TryEncrypt (ReadOnlySpan<char> password, PbeParameters pbeParameters, Span<byte> destination, out int bytesWritten) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs9LocalKeyId.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs9LocalKeyId.NotSupported.cs
new file mode 100644
index 00000000000..20aa61ea492
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Pkcs9LocalKeyId.NotSupported.cs
@@ -0,0 +1,32 @@
+using System;
+using System.Security.Cryptography.Pkcs;
+
+namespace System.Security.Cryptography.Pkcs {
+    /// <summary>Represents the LocalKeyId attribute from PKCS#9.</summary>
+    public sealed class Pkcs9LocalKeyId : Pkcs9AttributeObject {
+        /// <summary>Gets a memory value containing the key identifier from this attribute.</summary>
+        /// <returns>A memory value containing the key identifier from this attribute.</returns>
+        public ReadOnlyMemory<byte> KeyId {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.Pkcs.Pkcs9LocalKeyId" /> class with an empty key identifier value.</summary>
+        public Pkcs9LocalKeyId () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.Pkcs.Pkcs9LocalKeyId" /> class with a key identifier specified by a byte array.</summary>
+        /// <param name="keyId">A byte array containing the key identifier.</param>
+        public Pkcs9LocalKeyId (byte[] keyId) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.Pkcs.Pkcs9LocalKeyId" /> class with a key identifier specified by a byte span.</summary>
+        /// <param name="keyId">A byte array containing the key identifier.</param>
+        public Pkcs9LocalKeyId (ReadOnlySpan<byte> keyId) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Rfc3161TimestampRequest.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Rfc3161TimestampRequest.NotSupported.cs
new file mode 100644
index 00000000000..46175aa8c76
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Rfc3161TimestampRequest.NotSupported.cs
@@ -0,0 +1,120 @@
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Pkcs;
+using System.Security.Cryptography.X509Certificates;
+
+namespace System.Security.Cryptography.Pkcs {
+    public sealed class Rfc3161TimestampRequest {
+        public bool HasExtensions {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public Oid HashAlgorithmId {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public Oid RequestedPolicyId {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public bool RequestSignerCertificate {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public int Version {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        internal Rfc3161TimestampRequest () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="data" />
+        /// <param name="hashAlgorithm" />
+        /// <param name="requestedPolicyId" />
+        /// <param name="nonce" />
+        /// <param name="requestSignerCertificates" />
+        /// <param name="extensions" />
+        public static Rfc3161TimestampRequest CreateFromData (ReadOnlySpan<byte> data, HashAlgorithmName hashAlgorithm, Oid requestedPolicyId = null, ReadOnlyMemory<byte>? nonce = default(ReadOnlyMemory<byte>?), bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="hash" />
+        /// <param name="hashAlgorithm" />
+        /// <param name="requestedPolicyId" />
+        /// <param name="nonce" />
+        /// <param name="requestSignerCertificates" />
+        /// <param name="extensions" />
+        public static Rfc3161TimestampRequest CreateFromHash (ReadOnlyMemory<byte> hash, HashAlgorithmName hashAlgorithm, Oid requestedPolicyId = null, ReadOnlyMemory<byte>? nonce = default(ReadOnlyMemory<byte>?), bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Create a timestamp request using a pre-computed hash value.</summary>
+        /// <param name="hash">The pre-computed hash value to be timestamped.</param>
+        /// <param name="hashAlgorithmId">The Object Identifier (OID) for the hash algorithm that produced <paramref name="hash" />.</param>
+        /// <param name="requestedPolicyId">The Object Identifier (OID) for a timestamp policy the Timestamp Authority (TSA) should use, or <see langword="null" /> to express no preference.</param>
+        /// <param name="nonce">An optional nonce (number used once) to uniquely identify this request to pair it with the response. The value is interpreted as an unsigned big-endian integer and may be normalized to the encoding format.</param>
+        /// <param name="requestSignerCertificates">
+        ///   <see langword="true" /> to indicate the Timestamp Authority (TSA) must include the signing certificate in the issued timestamp token; otherwise, <see langword="false" />.</param>
+        /// <param name="extensions">RFC3161 extensions to present with the request.</param>
+        /// <returns>An <see cref="T:System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest" /> representing the chosen values.</returns>
+        public static Rfc3161TimestampRequest CreateFromHash (ReadOnlyMemory<byte> hash, Oid hashAlgorithmId, Oid requestedPolicyId = null, ReadOnlyMemory<byte>? nonce = default(ReadOnlyMemory<byte>?), bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) {
+            throw new PlatformNotSupportedException ();		
+        }
+
+        /// <param name="signerInfo" />
+        /// <param name="hashAlgorithm" />
+        /// <param name="requestedPolicyId" />
+        /// <param name="nonce" />
+        /// <param name="requestSignerCertificates" />
+        /// <param name="extensions" />
+        public static Rfc3161TimestampRequest CreateFromSignerInfo (SignerInfo signerInfo, HashAlgorithmName hashAlgorithm, Oid requestedPolicyId = null, ReadOnlyMemory<byte>? nonce = default(ReadOnlyMemory<byte>?), bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public byte[] Encode () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public X509ExtensionCollection GetExtensions () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public ReadOnlyMemory<byte> GetMessageHash () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public ReadOnlyMemory<byte>? GetNonce () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="responseBytes" />
+        /// <param name="bytesConsumed" />
+        public Rfc3161TimestampToken ProcessResponse (ReadOnlyMemory<byte> responseBytes, out int bytesConsumed) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="encodedBytes" />
+        /// <param name="request" />
+        /// <param name="bytesConsumed" />
+        public static bool TryDecode (ReadOnlyMemory<byte> encodedBytes, out Rfc3161TimestampRequest request, out int bytesConsumed) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="destination" />
+        /// <param name="bytesWritten" />
+        public bool TryEncode (Span<byte> destination, out int bytesWritten) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Rfc3161TimestampToken.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Rfc3161TimestampToken.NotSupported.cs
new file mode 100644
index 00000000000..3e10b1f82fc
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Rfc3161TimestampToken.NotSupported.cs
@@ -0,0 +1,61 @@
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Pkcs;
+using System.Security.Cryptography.X509Certificates;
+
+namespace System.Security.Cryptography.Pkcs {
+    public sealed class Rfc3161TimestampToken {
+        public Rfc3161TimestampTokenInfo TokenInfo {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        internal Rfc3161TimestampToken () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <summary>Gets a Signed Cryptographic Message Syntax (CMS) representation of the RFC3161 timestamp token.</summary>
+        /// <returns>The <see cref="T:System.Security.Cryptography.Pkcs.SignedCms" /> representation of the <see cref="T:System.Security.Cryptography.Pkcs.Rfc3161TimestampToken" />.</returns>
+        public SignedCms AsSignedCms () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="encodedBytes" />
+        /// <param name="token" />
+        /// <param name="bytesConsumed" />
+        public static bool TryDecode (ReadOnlyMemory<byte> encodedBytes, out Rfc3161TimestampToken token, out int bytesConsumed) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="data" />
+        /// <param name="signerCertificate" />
+        /// <param name="extraCandidates" />
+        public bool VerifySignatureForData (ReadOnlySpan<byte> data, out X509Certificate2 signerCertificate, X509Certificate2Collection extraCandidates = null) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="hash" />
+        /// <param name="hashAlgorithm" />
+        /// <param name="signerCertificate" />
+        /// <param name="extraCandidates" />
+        public bool VerifySignatureForHash (ReadOnlySpan<byte> hash, HashAlgorithmName hashAlgorithm, out X509Certificate2 signerCertificate, X509Certificate2Collection extraCandidates = null) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="hash" />
+        /// <param name="hashAlgorithmId" />
+        /// <param name="signerCertificate" />
+        /// <param name="extraCandidates" />
+        public bool VerifySignatureForHash (ReadOnlySpan<byte> hash, Oid hashAlgorithmId, out X509Certificate2 signerCertificate, X509Certificate2Collection extraCandidates = null) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="signerInfo" />
+        /// <param name="signerCertificate" />
+        /// <param name="extraCandidates" />
+        public bool VerifySignatureForSignerInfo (SignerInfo signerInfo, out X509Certificate2 signerCertificate, X509Certificate2Collection extraCandidates = null) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Rfc3161TimestampTokenInfo.NotSupported.cs b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Rfc3161TimestampTokenInfo.NotSupported.cs
new file mode 100644
index 00000000000..094114c7fbf
--- /dev/null
+++ b/mcs/class/System.Security/System.Security.Cryptography.Pkcs/Rfc3161TimestampTokenInfo.NotSupported.cs
@@ -0,0 +1,101 @@
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Pkcs;
+using System.Security.Cryptography.X509Certificates;
+
+namespace System.Security.Cryptography.Pkcs {
+    public sealed class Rfc3161TimestampTokenInfo {
+        public long? AccuracyInMicroseconds {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public bool HasExtensions {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public Oid HashAlgorithmId {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public bool IsOrdering {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public Oid PolicyId {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public DateTimeOffset Timestamp {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        public int Version {
+            get {
+                throw new PlatformNotSupportedException ();
+            }
+        }
+
+        /// <param name="policyId" />
+        /// <param name="hashAlgorithmId" />
+        /// <param name="messageHash" />
+        /// <param name="serialNumber" />
+        /// <param name="timestamp" />
+        /// <param name="accuracyInMicroseconds" />
+        /// <param name="isOrdering" />
+        /// <param name="nonce" />
+        /// <param name="timestampAuthorityName" />
+        /// <param name="extensions" />
+        public Rfc3161TimestampTokenInfo (Oid policyId, Oid hashAlgorithmId, ReadOnlyMemory<byte> messageHash, ReadOnlyMemory<byte> serialNumber, DateTimeOffset timestamp, long? accuracyInMicroseconds = default(long?), bool isOrdering = false, ReadOnlyMemory<byte>? nonce = default(ReadOnlyMemory<byte>?), ReadOnlyMemory<byte>? timestampAuthorityName = default(ReadOnlyMemory<byte>?), X509ExtensionCollection extensions = null) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public byte[] Encode () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public X509ExtensionCollection GetExtensions () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public ReadOnlyMemory<byte> GetMessageHash () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public ReadOnlyMemory<byte>? GetNonce () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public ReadOnlyMemory<byte> GetSerialNumber () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        public ReadOnlyMemory<byte>? GetTimestampAuthorityName () {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="encodedBytes" />
+        /// <param name="timestampTokenInfo" />
+        /// <param name="bytesConsumed" />
+        public static bool TryDecode (ReadOnlyMemory<byte> encodedBytes, out Rfc3161TimestampTokenInfo timestampTokenInfo, out int bytesConsumed) {
+            throw new PlatformNotSupportedException ();
+        }
+
+        /// <param name="destination" />
+        /// <param name="bytesWritten" />
+        public bool TryEncode (Span<byte> destination, out int bytesWritten) {
+            throw new PlatformNotSupportedException ();
+        }
+    }
+}
diff --git a/mcs/class/System.Security/System.Security.csproj b/mcs/class/System.Security/System.Security.csproj
index dad6da662ae..9041ec7b454 100644
--- a/mcs/class/System.Security/System.Security.csproj
+++ b/mcs/class/System.Security/System.Security.csproj
@@ -211,6 +211,22 @@
     <Compile Include="..\..\..\external\corefx\src\System.Security.Cryptography.ProtectedData\src\System\Security\Cryptography\DataProtectionScope.cs" />
     <Compile Include="Assembly\AssemblyInfo.cs" />
     <Compile Include="System.Security.Cryptography.Pkcs\EnvelopedCms.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12Builder.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12CertBag.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12ConfidentialityMode.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12Info.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12IntegrityMode.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12KeyBag.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12SafeBag.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12SafeContents.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12SafeContentsBag.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12SecretBag.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs12ShroudedKeyBag.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs8PrivateKeyInfo.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Pkcs9LocalKeyId.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Rfc3161TimestampRequest.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Rfc3161TimestampToken.NotSupported.cs" />
+    <Compile Include="System.Security.Cryptography.Pkcs\Rfc3161TimestampTokenInfo.NotSupported.cs" />
     <Compile Include="corefx\SR.cs" />
   </ItemGroup>
   <!--End of common files-->
diff --git a/mcs/class/System.Security/common_System.Security.dll.sources b/mcs/class/System.Security/common_System.Security.dll.sources
index bc12f3f9315..edd3535fd3b 100644
--- a/mcs/class/System.Security/common_System.Security.dll.sources
+++ b/mcs/class/System.Security/common_System.Security.dll.sources
@@ -99,5 +99,25 @@ System.Security.Cryptography.Pkcs/EnvelopedCms.cs
 ../../../external/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfoCollection.cs
 ../../../external/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfoEnumerator.cs
 
+
+# System.Security.Cryptography.Pkcs NotSupported
+System.Security.Cryptography.Pkcs/Pkcs12Builder.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12CertBag.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12ConfidentialityMode.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12Info.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12IntegrityMode.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12KeyBag.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12SafeBag.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12SafeContents.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12SafeContentsBag.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12SecretBag.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs12ShroudedKeyBag.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs8PrivateKeyInfo.NotSupported.cs
+System.Security.Cryptography.Pkcs/Pkcs9LocalKeyId.NotSupported.cs
+System.Security.Cryptography.Pkcs/Rfc3161TimestampRequest.NotSupported.cs
+System.Security.Cryptography.Pkcs/Rfc3161TimestampToken.NotSupported.cs
+System.Security.Cryptography.Pkcs/Rfc3161TimestampTokenInfo.NotSupported.cs
+
+
 # System.Security.Cryptography.Xml
 ../../../external/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Xml/X509IssuerSerial.cs