Skip to main content

temporare files in ProgramData\Microsoft\Crypto\RSA\S-1-5-18 directory


This article describes a situation and affects all applications (like SignDocWeb and SignDoc Standard), which are running SignDoc SDK on Windows Servers.

  1. where the local c:\ partition runs out of free disk space and
  2. the folder C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 is the reason for the disk space leckage.
  3. the amount of files in C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 is abnormally high.


Whenever a signature is placed into a document, and the biometric data is encrypted with the encryption key, SignDoc SDK is using the Windows Crypto Api for encrypting the biometric data.

Windows made changes in the Crypto API interface which results, that a key file is written into directory C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18. The key file is left over, and not deleted anymore.
One key file will be created for each biometric data encryption (so one file per signature). The key files look like and are named as following:


This issue has been identified using version Signdoc 2.2.1, but affects also all versions which have been released before.
This issue is documented and will be handled in future versions.


It´s not safe to just delete all key files in directory C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 to free disk space, because

- specific key files might be created by other Applications (non Kofax application which are not relaying on SignDoc SDK)
- the key files may depend on each other, so they cannot be deleted independently.

Therefor Kofax provides a command line based tool called "CleanPKCS12" which identifies and deletes only key files in directory C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 which are created and triggered by SignDoc SDK. Key files created by other non Kofax Applications remain untouched. 

The CleanPKCS12 tool can be downloaded here -->

Before using the tool on the affected Windows server, it´s strongly recommended to perform an OS backup, or a backup of the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 folder.

The program CleanPKCS12.exe needs to be started with the Windows user credentials which the key files belong to. In this particular case it´s the Windows System Account (the folder S-1-5-18 is the SID of System Account).

To start a process via System Account an extra tool from Microsoft called psexec.exe is required. It can be downloaded from

Please open a command prompt window by selecting the option "Run as Administrator"

psexec -s "<path to CleanPKCS12.exe>" "<path to encryption key>" <key password>

psexec -s “
c:\temp\CleanPKCS12.exe" "c:\temp\cert_store.p12” password

If the Clean Up performs successfully it will respond within the cmd prompt showing that the matching key files have been deleted:


If necessary this tool can be executed as scheduled task on regular basis (e.g. weekly)
If you need more information or further support, please create a new support case in our support portal