diff --git a/DigitalData.Core.Abstractions/Security/IRSADecryptor.cs b/DigitalData.Core.Abstractions/Security/IRSADecryptor.cs
index 88864e0..e1fb7ee 100644
--- a/DigitalData.Core.Abstractions/Security/IRSADecryptor.cs
+++ b/DigitalData.Core.Abstractions/Security/IRSADecryptor.cs
@@ -2,7 +2,9 @@
 {
     public interface IRSADecryptor : IRSACryptographer
     {
-        public string PrivateKeyPem { init; }
+        public string PrivateKeyPem { get; init; }
+
+        public string? Password { get; init; }
 
         public IRSAEncryptor Encryptor { get; }
 
diff --git a/DigitalData.Core.Security/RSADecryptor.cs b/DigitalData.Core.Security/RSADecryptor.cs
index 5ab3fb5..87d60dd 100644
--- a/DigitalData.Core.Security/RSADecryptor.cs
+++ b/DigitalData.Core.Security/RSADecryptor.cs
@@ -5,10 +5,11 @@ namespace DigitalData.Core.Security
 {
     public class RSADecryptor : RSACryptographer, IRSADecryptor, IRSACryptographer
     {
-        public required string PrivateKeyPem
-        {
-            init => _rsa.ImportFromPem(value);
-        }
+        public required string PrivateKeyPem { get; init; }
+
+        public string? Password { get; init; }
+
+        public bool IsEncrypted => Password is not null;
 
         public IRSAEncryptor Encryptor
         {
@@ -22,6 +23,14 @@ namespace DigitalData.Core.Security
             }
         }
 
+        public RSADecryptor()
+        {
+            if (Password is null)
+                _rsa.ImportFromPem(PrivateKeyPem);
+            else
+                _rsa.ImportFromEncryptedPem(PrivateKeyPem, Password.AsSpan());
+        }
+
         public byte[] Decrypt(byte[] data) => _rsa.Decrypt(data, Padding);
 
         public string Decrypt(string data) => _rsa.Decrypt(data.Base64ToByte(), Padding).BytesToString();