diff --git a/DigitalData.Core.Abstractions/Security/IRSADecryptor.cs b/DigitalData.Core.Abstractions/Security/IRSADecryptor.cs
index 91a906b..376684e 100644
--- a/DigitalData.Core.Abstractions/Security/IRSADecryptor.cs
+++ b/DigitalData.Core.Abstractions/Security/IRSADecryptor.cs
@@ -2,7 +2,7 @@
 {
     public interface IRSADecryptor : IRSACryptographer
     {
-        (string Value, Version Version) VersionedPassword { init; }
+        (string Value, Version Version)? VersionedPassword { init; }
 
         Version? PasswordVersion { get; }
 
diff --git a/DigitalData.Core.Security/RSADecryptor.cs b/DigitalData.Core.Security/RSADecryptor.cs
index 4e2ac03..a527fe5 100644
--- a/DigitalData.Core.Security/RSADecryptor.cs
+++ b/DigitalData.Core.Security/RSADecryptor.cs
@@ -6,12 +6,12 @@ namespace DigitalData.Core.Security
 {
     public class RSADecryptor : RSACryptographer, IRSADecryptor, IRSACryptographer
     {
-        public (string Value, Version Version) VersionedPassword
+        public (string Value, Version Version)? VersionedPassword
         {
             init
             {
-                _password = value.Value;
-                PasswordVersion = value.Version;
+                _password = value?.Value;
+                PasswordVersion = value?.Version;
             }
         }
 
diff --git a/DigitalData.Core.Security/RSAFactory.cs b/DigitalData.Core.Security/RSAFactory.cs
index f7a51a5..9425dbb 100644
--- a/DigitalData.Core.Security/RSAFactory.cs
+++ b/DigitalData.Core.Security/RSAFactory.cs
@@ -1,4 +1,5 @@
-using System.Security.Cryptography;
+using DigitalData.Core.Abstractions.Security;
+using System.Security.Cryptography;
 using System.Text;
 
 namespace DigitalData.Core.Security
@@ -106,5 +107,26 @@ namespace DigitalData.Core.Security
 
             return new string(pemChars);
         }
+
+        public async Task<IRSADecryptor> ReadRSADecryptorAsync(string path, Version? version = null, CancellationToken cancellationToken = default)
+        {
+            var pem = await File.ReadAllTextAsync(path, cancellationToken);
+
+            (string Value, Version Version)? versionedPassword = null;
+
+            if(version is not null)
+            {
+                if (version != Secrets.Version)
+                    throw new InvalidOperationException($"The provided version {version} does not match the expected version {Secrets.Version}.");
+
+                versionedPassword = (Secrets.PBE_PASSWORD, Secrets.Version);
+            }
+
+            return new RSADecryptor()
+            {
+                Pem = pem,
+                VersionedPassword = versionedPassword
+            };
+        }
     }
 }
\ No newline at end of file