Setreg.exe (Set Registry Tool)

Article
02/04/2013

The Set Registry tool allows you to change the registry settings for public key cryptography. These keys, called the Software Publishing State Keys, control the behavior of the certificate verification process. After Setreg.exe completes the requested action, it displays the current values of the Software Publishing State Keys.

The Set Registry tool ships only with the .NET Framework SDK versions 1.0 and 1.1. In later versions, use the SignTool.exe (Sign Tool) utility instead.

setreg [-q] [Choice# {true|false}...]

Parameters

Option	Description
-q	Specifies quiet mode; suppresses the automatic display of the Software Publishing State Key values after completing the requested action.
Choice#	Specifies the registry setting. It must be followed by either true or false. (Note that true and false are not case-sensitive.) More than one choice and its corresponding value (true or false) can be displayed on the same command line. 1 — Trust the test root. 2 — Use expiration date on certificates. 3 — Check the revocation list. 4 — Offline revocation server OK. If true, allows offline approval for individual certificates. 5 — Offline revocation server OK. If true, allows offline approval for commercial certificates. 6 — Java offline revocation server OK. If true, allows offline approval for individual certificates. 7 — Java offline revocation server OK. If true, allows offline approval for commercial certificates. 8 — Invalidate version 1 signed objects. 9 — Check the revocation list on the Time Stamp Signer. 10 — Only trust items found in the Trust database. If true, allows downloads from publishers that are contained in the Personal Trust Database.
-?	Displays command syntax and options for the tool.

-q

Specifies quiet mode; suppresses the automatic display of the Software Publishing State Key values after completing the requested action.

Choice#

Specifies the registry setting. It must be followed by either true or false. (Note that true and false are not case-sensitive.) More than one choice and its corresponding value (true or false) can be displayed on the same command line.

1 — Trust the test root.

2 — Use expiration date on certificates.

3 — Check the revocation list.

4 — Offline revocation server OK. If true, allows offline approval for individual certificates.

5 — Offline revocation server OK. If true, allows offline approval for commercial certificates.

6 — Java offline revocation server OK. If true, allows offline approval for individual certificates.

7 — Java offline revocation server OK. If true, allows offline approval for commercial certificates.

8 — Invalidate version 1 signed objects.

9 — Check the revocation list on the Time Stamp Signer.

10 — Only trust items found in the Trust database. If true, allows downloads from publishers that are contained in the Personal Trust Database.

Displays command syntax and options for the tool.

Remarks

If you run Setreg.exe from the command line with no options specified, the tool displays the current values of the Software Publishing State Keys.

Examples

The following command sets the registry to trust the test root (the root of all test certificates created with Makecert.exe) and displays key values.

setreg 1 TRUE

The following command sets the registry to not check the revocation list and not display key values.

setreg -q 3 FALSE

The following command disables offline approval for individual and commercial certificates.

setreg 4 false 5 false

The following command disables offline approval for individual and commercial certificates and does not display the current settings.

setreg –q 4 false 5 false

Setreg.exe (Set Registry Tool)

Parameters

Remarks

Examples

See Also

Reference

Other Resources

Additional resources