A cryptographic service provider creates key containers for storing RSA public/private asymmetric key pairs.
Key containers are stored in the user profiles unless you specify the machine key folder.
Say you use RSACryptoServiceProvider class to create a key, save it in the user profile, and then when the RSACryptoServiceProvider instance is disposed, the keys are not deleted.
The safest pattern to follow is:
1. Create the key
2. Use the key
3. Dispose of the key
From managed code you can specify CspProviderFlags.UseExistingKey (Supported in .NET Framework version 3.5, 3.0, 2.0, 1.1, and 1.0). Even if you use the UseExistingKey flag, you have to specific a container name; otherwise it will generate a random container name that doesn’t exist.
Or we can create key containers and use the RSACryptoServiceProvider::PersistKeyInCsp Property, which is TRUE by default.