Set Registry Tool (Setreg.exe)
The Set Registry tool allows you to change the registry settings for public key cryptography. These keys, called the Software Publishing State Keys, control the behavior of the certificate verification process. After Setreg.exe completes the requested action, it displays the current values of the Software Publishing State Keys.
The Set Registry tool only ships with the .NET Framework SDK version 1.0 and 1.1. In later versions, use the Sign Tool (SignTool.exe) utility instead.
setreg [-q] [Choice# {true|false}...]
Parameters
Option |
Description |
---|---|
-q |
Specifies quiet mode; suppresses the automatic display of the Software Publishing State Key values after completing the requested action. |
Choice# |
Specifies the registry setting. It must be followed by either true or false. More than one choice and its corresponding value (true or false) can be displayed on the same command line. 1 — Trust the test root. 2 — Use expiration date on certificates. 3 — Check the revocation list. 4 — Offline revocation server OK. If true, allows offline approval for individual certificates. 5 — Offline revocation server OK. If true, allows offline approval for commercial certificates. 8 — Invalidate version 1 signed objects. 9 — Check the revocation list on the Time Stamp Signer. 10 — Only trust items found in the Trust database. If true, allows downloads from publishers that are contained in the Personal Trust Database. |
-? |
Displays command syntax and options for the tool. |
Remarks
If you run Setreg.exe from the command line with no options specified, the tool displays the current values of the Software Publishing State Keys.
Examples
The following command sets the registry to trust the test root (the root of all test certificates created with Makecert.exe) and displays key values.
setreg 1 TRUE
The following command sets the registry to not check the revocation list and not display key values.
setreg -q 3 FALSE