A private key to be used for authenticating the user.
SSHClientCert must contain a valid private key in order to use public key authentication. A public key is optional, if one is not included then the driver generates it from the private key. The driver sends the public key to the server and the connection is allowed if the user has authorized the public key.
Some types of key stores are containers which may include multiple keys. By default the driver will select the first key in the store, but you can specify a specific key using SSHClientCertSubject.