The KeyChain class provides access to private keys and their corresponding certificate chains in credential storage.

Applications accessing the KeyChain normally go through these steps:

1. Receive a callback from an Javax.Net.Ssl.IX509KeyManager that a private key is requested.
2. Call KeyChain.ChoosePrivateKeyAlias(Android.App.Activity, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback) to allow the user to select from a list of currently available private keys and corresponding certificate chains. The chosen alias will be returned by the callback IKeyChainAliasCallback.Alias(string), or null if no private key is available or the user cancels the request.
3. Call KeyChain.GetPrivateKey(Android.Content.Context, System.String) and KeyChain.GetCertificateChain(Android.Content.Context, System.String) to retrieve the credentials to return to the corresponding Javax.Net.Ssl.IX509KeyManager callbacks.

An application may remember the value of a selected alias to avoid prompting the user with KeyChain.ChoosePrivateKeyAlias(Android.App.Activity, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback) on subsequent connections. If the alias is no longer valid, null will be returned on lookups using that value

An application can request the installation of private keys and certificates via the Intent provided by KeyChain.CreateInstallIntent. Private keys installed via this Intent will be accessible via KeyChain.ChoosePrivateKeyAlias(Android.App.Activity, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback, Android.Security.IKeyChainAliasCallback) while Certificate Authority (CA) certificates will be trusted by all applications through the default X509TrustManager.

[Android Documentation]