You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Duplicate iMessage Encryption/Signing Keys in Keychain

Has anyone noticed this unusual behaviour, I'm seeing multiple iMessage Encryption/Signing Keys for Public and Private. Appears each time I restart or login one extra of each is generated - if I delete all, when first restarting two of each appear, thereafter its back to one of each again.


Would have thought if new Keys are generated on restart then old should be removed automatically, but mine seem to be "multiplying" and if left unchecked take over Keychains.


I have always used Keychains to store Secure Notes so this unusual behaviour is very noticeable and wonder if anyone else has seen this and more importantly how it's resolved.

iMac (21.5-inch, Late 2013), OS X Yosemite (10.10.4), 3.1 GHz i7, 500 GB Flash Storage

Posted on Nov 26, 2015 7:42 AM

Reply
31 replies

Dec 1, 2015 12:53 PM in response to woodmeister50

Thanks for replying, was thinking I was the only one with this behaviour, have submitted awhile back to Apple via Bug Report so might get sorted.


From what I have discovered, if you delete all, then the next time you restart or login 8 keys are generated (2 of each), leave them alone and do the same results in 4 more added and so on - if you are in the habit of restarts or logins that can soon mount up.


If all keys are deleted iMessages still appears to work ok but that might be down to the fact that they are used when logging in, so while the Mac is running they might not be required (not sure about that though).


What I have discovered is deleting all but the last ones created (the bottom ones of each type are the new if you have Keychains "Name" column set to "^") although only adds 4 more on restart it causes issues with iMessage and FaceTime - 1st iMessage text appears to fail, others thereafter ok and you can not receive calls unless you first open and close the FaceTime app. Both of these can be avoided by deleting all but the first ones created (the upper most ones of each type), then on restart 4 more are added but iMessages and FaceTime appear to work from login as normal. Not sure if this proves that although new ones are being created the old are still the ones being used!


Anyhow, I try not to restart my iMac too many times and if I do I will periodically go into Keychains and delete all but the first ones created - maybe it's linked to the lack of password field box issue when you run Keychain First Aid, who knows, but both are reported to Apple. Wouldn't go a miss if you all do the same so Apple appreciate it might not be an isolated issue - think more might have this problem than we think if they look inside keychains.

Dec 2, 2015 1:05 AM in response to verdi1987

Do not believe its intended behaviour, would think if new keys are generated for any reason the old would be automatically removed - and I noticed this change when I upgraded from Yosemite to El Capitan so don't think it's the point updates. I have submitted additional info when asked by Apple Bug Reporting so they must consider this is worth investigating.

Dec 25, 2015 8:21 PM in response to fssbob

Unfortunately not, sent update to Apple via Bug Reporter on the 18th that I still experience the issue under 10.11.2 but thats it. Take it you understood my post of the 1st in that deleting all but the very first ones created (top most if you have Name column selected with ^ on its right side) retains iMessage/FaceTime correct behaviour if you reboot/login again - but you still get an extra 4 keys added each time.


If you do the above periodically, say after several reboots/logins you will at least prevent the duplicate keys getting out of hand and "swamping" Keychains - I've just added it to my list of things to do in periodic general maintenance!

Dec 25, 2015 8:28 PM in response to SiHancox

Yup. I've experienced exactly what you described. And I'll be doing the same maintenance as you and being a bit less zealous about how often I reboot. 🙂


Interestingly, when I tried deleting ALL iMessage keychain entries, the first response to an iMessage conversation initiated by me DID come through, but the first iMessage to me initiated elsewhere didn't. (After that everything was normal, except for the four new keychain entries on every reboot.)


It's surprising to me how little discussion there is out there about this. I've observed it on two different Macs that I upgraded to El Capitan.


Thanks.

Dec 26, 2015 1:30 AM in response to fssbob

Yes, should have differentiated between sent and received - when I said iMessages appeared not to work I meant for incoming texts until you had initiated the first by sending or by logging out/in of your iMessage account.


The main issue for me was FaceTime which would not receive a call after deleting all the key followed by a reboot until it was opened first, then it continued to function normally until the next reboot which again required it to be opened or it failed to get any calls (even if no more keys had been removed).


Deleting only the newly generated keys and leaving the very first ones in place following the successful working of both iMessages and FaceTime kept everything running as normal no matter how many reboots although you still get the 4 extra keys each time.


As to why it's not being commented about more frequently - can only assume it's due to the fact not many use Keychains on a everyday basis and therefore are not aware of the issue - or it's simply not happening to that many and we might be the unlucky ones, time might tell.


From the behaviour on my system I can only conclude it appears that new keys are not actually required through reboots/logins but for some reason the system still thinks they are, probably because it might not realise they already exist - this differed from my original thought in that it was a simple matter of the old keys not being removed (tidied up) following generation of the new - but then why do we need new if the old ones still work as proven by the fact that they are the important ones to leave alone and not remove to ensure everything functions as expected!

Dec 27, 2015 8:41 AM in response to fssbob

[cut...]

It's surprising to me how little discussion there is out there about this. I've observed it on two different Macs that I upgraded to El Capitan.

[cut...]

It's not that surprising, since you have to look into Keys in your key ring in order to discover the problem. Very few do that

I have informed Apple through several channels, but they have not deigned me with an answer. It seems to be part of the so-called "Code Rot" that is becoming more and more prevalent for each OS X release.

I get an added iMessage Encryption Key set (Private AND public) and also an iMessage Signing Key set (Private AND public) each time I log into my account on my Apple. When I reach several hundred, I perform a clean-up (deleting all), and then the build-up continues again.

If you have several accounts on the same hardware, the build-up happens for each account, and it does not matter, whether you share your keychain via iCloud or not. I'm not using iCloud for that purpose anymore.

Regards

May 15, 2016 1:34 PM in response to Kurt Friis

It's a bit sad that this might be something easily explained if Apple did such things (explaining itself). You know, explain to your customers how your product can be expected to work. I guess I spent too many years living in the Linux community so I came to expect that I'd be able to get answers to simple questions from a developer. Not so with the Black Hole of Apple - Queries Check In, But Answers Can Never Leave. I realize that Microsoft isn't much better, but at least they don't try to get away with the marketing phrase "It Just Works."

Duplicate iMessage Encryption/Signing Keys in Keychain

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.