Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys filling up #580

Open
jknepfle opened this issue Dec 10, 2015 · 10 comments
Open

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys filling up #580

jknepfle opened this issue Dec 10, 2015 · 10 comments
Labels
enhancement need-more-info

Comments

@jknepfle
Copy link

I have an app using PushSharp. It seems that every time I call new ApplePushChannelSettings with my certificate from Apple, a file is created in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys (which is how it's supposed to happen, I believe, when it creates a X509Certificate). However, that file is never deleted.

Doing a little research, this comment (from ApplePushChannelSettings) seems relevant:
// Fixed by [email protected] :
// The default is UserKeySet, which has caused internal encryption errors,
// Because of lack of permissions on most hosting services.
// So MachineKeySet should be used instead.

It seems as though MachineKeySet tells the machine to keep the key around forever. If you have an application that sends a lot of notifications, those files pile up. Any ideas of what I can do to work around?
@jknepfle
Copy link
Author

Can anyone help with this one?

@jknepfle
Copy link
Author

Anyone?

@torbinpace
Copy link

I am seeing a similar issue on a production server. It was originally thought to possibly be caused by antivirus on the server but we eventually traced it back to PushSharp. Did anyone ever come up with a resolution?

@Redth
Copy link
Owner

Redth commented Feb 4, 2016

Can you periodically delete those files? eg: delete any files with the right name pattern with a creation date older than a day?

@jknepfle
Copy link
Author

jknepfle commented Feb 4, 2016

That's what we ended up doing. Not ideal, but it did seem to work.

@Redth
Copy link
Owner

Redth commented Feb 22, 2016

I suppose it might be possible to check if the cert already exists there. Anyone able to help with some code for this? Thinking to check hashes of the file. This check should obviously only be done on windows.

@NeilSorensen
Copy link

Is there a reason that you're not using the Windows certificate store? It seems like that would be a simple solution to the problem

@Redth
Copy link
Owner

Redth commented Mar 5, 2016

@NeilSorensen could you provide some guidance here? This is an area i'm unfamiliar with....

@adrixcs
Copy link

adrixcs commented May 19, 2016

I was experiencing the same issue. Did a fork and removed X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable from the ApnsConfiguration and added an apnsConfiguration.Certificate.Reset() before apnsServiceBroker.Stop() on my application.

On my tests this was preventing the file from being removed after calling the Certificate.Reset. Now the file is still created, but is removed successfully when calling the same method.

Maybe an option should be added to not store the key?

@Subha-murali Subha-murali mentioned this issue Nov 3, 2016
Open
@Subha-murali
Copy link

Subha-murali commented Nov 8, 2016
edited
Loading

@adrixcs,

How to remove MachineKeySet from ApnsConfiguration. I am creating apns object as below:

apnsConfig = new ApnsConfiguration(appleServerEnv, appleCert, ConfigurationManager.AppSettings["iOSProdCertPassword"]);

MachineKey is generated while executing above line

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement need-more-info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Redth @NeilSorensen @adrixcs @torbinpace @jknepfle @Subha-murali