I have been searching for quite a while now but i am unable to find the answer to the following. I am storing a key pair in Windows Store, and recently started receiving the “Keyset does not exist” error. Investigating a bit further i found out it could be two things, 1 – The private key is not stored with the persist key set attribute (X509KeyStorageFlags.PersistKeySet) and 2 – access rights to the key. I have tried both 1 and 2 with no success on one machine (in my machine it works apparently). The strange thing is that when i look into Microsoft\Crypto\RSA\MachineKeys (and S-1-5-18) the key remains there but only for a period of time then it is deleted which means that it is not persisting.

//If decoded then save as RSACryptoServiceProvider
newCert.PrivateKey = DecodePrivateKey(privateKeyFile, pkPassword)


if (newCert.PrivateKey == null)
throw new System.NullReferenceException("Decoded private key resulted in a null reference. Unable to store certificate.");

byte[] pfx = newCert.Export(X509ContentType.Pfx);
newCert = new X509Certificate2(pfx, string.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);

I am running this code on a WCF Service hosted on IIS, and the certificate is deleted even if i give permissions to Network Service, the AppPoolIdentity, my account, etc through MMC-CertMgr. Would anyone know why this happens?

Thanks in advance!

UPDATE:
I have just found out today that since i am doing this through a WCF service, the application pool is deleting the private key when it reaches its idle time limit so i am completely sure that it is the application pool the one disposing of the private key which causes the key to be deleted from the Microsoft\Crypto\RSA\MachineKeys and S-1-5-18 folders. Today i left a test running where i disabled Idle time shut down from the application pool bu i am still not sure if the private key will stop persisting with a restart or something like that?

Would anybody know how to make the application pool stop deleting my private keys?