We have a newer web site! Visit axcrypt.net instead!

Registry keys and values

AxCrypt keeps some persistent data and chosen options in the registry. Most of these are managed automatically, and should not be modified manually.

Some values under HKEY_CURRENT_USER\Software\Axantum\AxCrypt\ are:

AllowAnyExtension is a DWORD that when non-zero causes AxCrypt to allow any extension of files to be decrypted. The default is to assume that if this happens it's because of a faulty association, and thus give a message to this effect.

BruteForceCheck is a REG_SZ that maintains the most recent check-point in a custom brute force key-recovery search. See the code for details. This is not for ordinary mortals. Please don't waste bandwidth hollering 'back-door' without understanding what this is about. It's not. For questions, please contact me directly.

CompressThreshold is DWORD that indicates the minimum estimated compression level needed for AxCrypt to compress before encryption. To disable compression, set the value to 101. To enable compression in all cases, set it to 0. The default is 20, indicating that at least estimated 20% savings is required for compression to be performed.

DefaultLanguageId is a DWORD when non-zero will indicate which language AxCrypt will attempt to use. The id is expressed as a Locale ID, or LCID . The default is the current system locale.

DisableRenameMenu is a DWORD when non-zero causes the anonymous rename menu to disappear from the right-click context menu. The default is 0.

EventLogLevel is normally zero DWORD, causing nothing to be logged, unless server mode is enabled. You may increase this to positive values to get increasing levels of detailed log-entries in %TEMP%\AxCrypt.Log. This is primarily for testing and debugging purposes.

EntropyPool is 128 byte BINARY used to persistently save the state of half of the entropy pool.

FastModeDefault is a DWORD that when non-zero indicates that 'Fast Mode' is default if not specified on the command line. Fast mode skips wiping of temporaries, and is typically used when AxCrypt is run in a controlled server environment. The default is 0.

KeepTimeStamp is a DWORD that when non-zero will ensure that the encrypted file always has the same time-stamp as the plain-text file. When zero (default), the time stamp will reflect the time of last encryption - not the time of last modification of the plain-text. The default is 0.

KeyWrapIterations is a DWORD that specifies the number of rounds performed in the key-wrapping operation, where the actual master data encrypting key is wrapped with the SHA-1 hash of the pass phrase. The minimum value is 6, no maximum, except it may take a long time... The default is 6.

Licensee is a REG_SZ containing the name or identifying string for the licensed user. This setting may be override an entry in HKLM.

NoDecryptMode is a DWORD that when non-zero indicates that the option to decrypt is disabled. The default is 0.

NoShowKeyFileInfo is a DWORD that when non-zero indicates that AxCrypt should not show the warning when a key file is being created. This is maintained by AxCrypt by a 'don't show again' checkbox in the dialog. The default is 0.

NoShowKeyFileNotRemovable is a DWORD that when non-zero indicates that AxCrypt should not show the warning about key files stored on removeable media. This is maintained by AxCrypt by a 'don't show again' checkbox in the dialog. The default is 0.

NoShowKeyFileUseInfo is a DWORD that when non-zero indicates that AxCrypt should not show the warning about key files stored on removeable media. This is maintained by AxCrypt by a 'don't show again' checkbox in the dialog. The default is 0.

NoShowKeyFileNotEncrypt is a DWORD that when non-zero indicates that AxCrypt should not show the warning about a key file possibly being encrypted, an operation that usually will cause dataloss. This is maintained by AxCrypt by a 'don't show again' checkbox in the dialog. The default is 0.

NoUnsafeWipeWarn is a DWORD that when non-zero disables the warning about not being able to securely wipe certain types of files, notably compressed and EFS encrypted. This is modified by the checkbox in the warning dialog. The default is 0.

SaveDecKey is a DWORD that when non-zero causes decryption pass phrases to be cached in memory. This is modified by the checkbox in the enter pass phrase dialog.

SaveEncKey is a DWORD that when non-zero causes an encryption pass phrase to be cached in memory and be used as default encryption pass phrase. This is modified by the checkbox in the enter pass phrase dialog for encryption.

ServerErrorShellCmd is a REG_SZ containing the prototype of a shell command. The %1 parameter of the command will be substituted with the file name of an encrypted file and executed, if AxCrypt is running in server mode and a passphrase prompt would have been shown if not for server mode. This can be used to feth the passphrase from somewhere, load it into AxCrypt and the retry for example. The default is an empty string, which disables the feature.

ServerMode is a DWORD entry, that when non-zero causes AxCrypt to enter a non-interactive server mode. In this mode, no message boxes or dialogues will be displayed. The messages will be logged to %TEMP%\AxCrypt.Log, and they will be given default responses. The shell extension, i.e. the right click menu in Windows Explorer with AxCrypt options will be disabled as well. Note that this is per user, so if a service is running AxCrypt, the user it considers to be the current user must have this entry set. The default is 0.

Signature is a REG_SZ containing the base 34 string representing the digital signature that verifies the licensee. This setting may be override an entry in HKLM.

ShowActivationMenu is a DWORD. When non-zero, determines that the Program Activation menu should be shown. When zero, it will not be. The default is 0.

SystemFolderWarn is a DWORD. When non-zero, determines that a warning will be displayed when an attempt is made to encrypt what AxCrypt believes to be a system folder. This is maintained by AxCrypt by a 'don't show again' checkbox in the dialog. The default is 1.

TryBrokenFile is a DWORD that when non-zero makes AxCrypt give the user the option to try decrypting a file, even if it appears broken. Use only for data-recovery, and at your own risk, and always on a copy of the file in question. The default is 0.

WipePasses is a DWORD between 0 and 7 indicating how many wipe passes should be used. The sequence is random, 0xff, 0x00, random, 0x00, 0xff, random, with the early steps being skipped if less than 7 passes are requested. The default is 1. Zero is interpreted as default.


Some values under HKEY_LOCAL_MACHINE\Software\Axantum\AxCrypt\ are:

DefaultLanguageId is a DWORD when non-zero will indicate which language AxCrypt will attempt to use. The id is expressed as a Locale ID, or LCID .

DisableSaveDecryptionKey is a DWORD which when non-zero will mean that there is no user interface checkbox allowing caching of any passphrases for decryption. This setting may not be overriden by a HKCU setting.

DisableSaveEncryptionKey is a DWORD which when non-zero will mean that there is no user interface checkbox allowing caching of a passphrase as default for encryption. This setting may not be overriden by a HKCU setting.

KeyWrapIterations is a DWORD that specifies the number of rounds performed in the key-wrapping operation, where the actual master data encrypting key is wrapped with the SHA-1 hash of the pass phrase. The minimum value is 6, no maximum, except it may take a long time...

Licensee is a REG_SZ containing the name or identifying string for the licensed user. This setting may be overridden by an entry in HKCU.

SelfExtractorName is a REG_SZ that contains the name of the executable base file used for self decrypting archives. This should be a file name without a path, it must reside in the same directory as the program.

ShowActivationMenu is a DWORD. When non-zero, determines that the Program Activation menu should be shown. When zero, it will not be.

Signature is a REG_SZ containing the base 34 string representing the digital signature that verifies the licensee. This setting may be overridden by an entry in HKCU.