C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys filling up

[jknepfle]

I have an app using PushSharp. It seems that every time I call new ApplePushChannelSettings with my certificate from Apple, a file is created in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys (which is how it's supposed to happen, I believe, when it creates a X509Certificate). However, that file is never deleted.

Doing a little research, this comment (from ApplePushChannelSettings) seems relevant:
// Fixed by danielgindi@gmail.com :
// The default is UserKeySet, which has caused internal encryption errors,
// Because of lack of permissions on most hosting services.
// So MachineKeySet should be used instead.

It seems as though MachineKeySet tells the machine to keep the key around forever. If you have an application that sends a lot of notifications, those files pile up. Any ideas of what I can do to work around?

[jknepfle]

Can anyone help with this one?

[jknepfle]

Anyone?

[torbinpace]

I am seeing a similar issue on a production server. It was originally thought to possibly be caused by antivirus on the server but we eventually traced it back to PushSharp. Did anyone ever come up with a resolution?

[Redth]

Can you periodically delete those files? eg: delete any files with the right name pattern with a creation date older than a day?

[jknepfle]

That's what we ended up doing. Not ideal, but it did seem to work.

[Redth]

I suppose it might be possible to check if the cert already exists there. Anyone able to help with some code for this? Thinking to check hashes of the file. This check should obviously only be done on windows.

[NeilSorensen]

Is there a reason that you're not using the Windows certificate store? It seems like that would be a simple solution to the problem

[Redth]

@NeilSorensen could you provide some guidance here? This is an area i'm unfamiliar with....

[adrixcs]

I was experiencing the same issue. Did a fork and removed X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable from the ApnsConfiguration and added an apnsConfiguration.Certificate.Reset() before apnsServiceBroker.Stop() on my application.

On my tests this was preventing the file from being removed after calling the Certificate.Reset. Now the file is still created, but is removed successfully when calling the same method.

Maybe an option should be added to not store the key?

[Subha-murali]

@adrixcs,

How to remove MachineKeySet from ApnsConfiguration. I am creating apns object as below:

apnsConfig = new ApnsConfiguration(appleServerEnv, appleCert, ConfigurationManager.AppSettings["iOSProdCertPassword"]);

MachineKey is generated while executing above line