Why are there so many iMessage Signing Keys in the private key section of Keychain?
I tried to clean my keychain because there are many certificates in it. When I opened the private key section, I found there are too many of the same key.
Can I delete them? I don't know what they are for. Help me please!
Answer
It is normal and OK. If you want to clean up useless keys, just quit Messages app first, then open Keychain and delete all items named "iMessage Signing Key" and "iMessage Encryption Key". Then you should restart OS X, after rebooting, OS X will request and generate new key pairs for iMessage encryption.
The number of key pairs depends on how many addresses you set to receive iMessage. Open "Messages" -> "Preferences" -> "Accounts", under "You can reached fro messages at:" section, if you checked 4 addresses, OS X will generate 4 "iMessage Signing Key" and 4 "iMessage Encryption Key" and store them to Keychain.
For details, iMessage system generates two pairs for each address, that is an RSA 1280-bit key for encryption called "iMessage Encryption Key" and an ECDSA 256-bit key for signing called "iMessage Signing Key". The private keys are saved in the device’s Keychain and the public keys are sent to Apple’s directory service. The user’s outgoing message is individually encrypted using AES in CTR mode for each of the recipient’s devices, signed using the sender’s private key, and then dispatched to the Apple iMessage Service for delivery. You can check this out from iOS Security Guide. BTW, on OS X, this is done by /System/Library/PrivateFrameworks/MessageProtection.framework.