docs: Extending documentation and manpages
Refs: #1462
Change-Id: If33a0f3c623daf3502ed301bcdc63892779463e3
diff --git a/docs/manpages/ndnsec-cert-dump.rst b/docs/manpages/ndnsec-cert-dump.rst
new file mode 100644
index 0000000..9daf52c
--- /dev/null
+++ b/docs/manpages/ndnsec-cert-dump.rst
@@ -0,0 +1,67 @@
+ndnsec-cert-dump
+================
+
+``ndnsec-cert-dump`` is a tool to dump a certificate from **Public Info Base** or file and output
+it to standard output.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-cert-dump [-h] [-p] [-ikf] name
+
+Description
+-----------
+
+``ndnsec-cert-dump`` can read a certificate from **Public Info Base (PIB)** or a file and output
+the certificate to standard output.
+
+By default, ``name`` is interpreted as a certificate name.
+
+Options
+-------
+
+``-i``
+ Interpret ``name`` as an identity name. If specified, the certificate to dump is the default
+ certificate of the identity.
+
+``-k``
+ Interpret ``name`` as a key name. If specified, the certificate to dump is the default certificate
+ of the key.
+
+``-f``
+ Interpret ``name`` as a path to a file containing the certificate. If ``name`` is ``-``,
+ certificate will be read from standard input.
+
+``-p``
+ Print out the certificate to a human-readable format.
+
+Examples
+--------
+
+Dump a certificate from PIB to standard output:
+::
+
+ $ ndnsec-cert-dump /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
+
+Dump a certificate to a human-readable format:
+::
+
+ $ ndnsec-cert-dump -p /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
+ Certificate name:
+ /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
+ Validity:
+ NotBefore: 20140401T000000
+ NotAfter: 20150331T235959
+ Subject Description:
+ 2.5.4.41: David
+ 2.5.4.10: Some Organization
+ Public key bits:
+ MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtLq50tpynJ15zExEh9l6
+ jvh/HOmwhOppr/hTEPYUn2VTh21+JJIg5pHAAH/DQr8Bq5BGrdDUCIShxSxbaHwu
+ a1y4XgKP1MYBQP/WzcIhIzB/3PBDdmE0jM3Qg6yuk8BOwett3C07GtwW9dfgacwt
+ aC29xIHnYKfryH/gBSIDUIb38M7ILIDgQeIiQcHGHoFO8CbDtKY2OvVkFNgxowAR
+ Xn+gtkIfMdE77Z8p0S21pYfdvPuIpVVLy7lnFdwGzyCi3nmbtd/r9NSTepBczWQz
+ zBbThT7yfeNyHWLu0PZPdz84UpNPsBad3Bx9tT31noIVnt8yyBEfEU1jyEIVkm8U
+ VQIB
diff --git a/docs/manpages/ndnsec-cert-gen.rst b/docs/manpages/ndnsec-cert-gen.rst
new file mode 100644
index 0000000..3c2eff8
--- /dev/null
+++ b/docs/manpages/ndnsec-cert-gen.rst
@@ -0,0 +1,70 @@
+ndnsec-cert-gen
+===============
+
+``ndnsec-cert-gen`` is a tool to issue an identity certificate.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-cert-gen [-h] [-S timestamp] [-E timestamp] [-N name] [-I info] [-s sign-id] request
+
+Description
+-----------
+
+``ndnsec-cert-gen`` takes signing request as input and issues an identity certificate for the key in
+the signing request. The signing request can be created during ``ndnsec-keygen`` and can be
+re-generated with ``ndnsec-sign-req``.
+
+By default, the default key/certificate will be used to sign the issued certificate.
+
+``request`` could be a path to a file that contains the signing request. If ``request`` is ``-``,
+then signing request will be read from standard input.
+
+The generated certificate will be written to standard output in base64 encoding.
+
+
+Options
+-------
+
+``-S timestamp``
+ Timestamp when the certificate becomes valid. The default value is now.
+
+``-E timestamp``
+ Timestamp when the certificate expires. The default value is one year from now.
+
+``-N name``
+ Name of the certificate owner.
+
+``-I info``
+ Other information about the certificate owner. ``subject-info`` is a list of pairs of OID and
+ corresponding value. For example, "2.5.4.10 'Some Organization' 2.5.4.3 'http://home.page/'".
+
+``-s sign-id``
+ Signing identity. The default key/certificate of ``sign-id`` will be used to sign the requested
+ certificate. If this option is not specified, the system default identity will be used.
+
+Examples
+--------
+
+::
+
+ $ ndnsec-cert-gen -S 20140401000000 -E 20150331235959 -N "David"
+ -I "2.5.4.10 'Some Organization'" -s /ndn/test sign_request.cert
+ Bv0C9wc9CANuZG4IBHRlc3QIA0tFWQgFZGF2aWQIEWtzay0xMzk2OTEzMDU4MTk2
+ CAdJRC1DRVJUCAgAAAFFPp2g3hQDGAECFf0BdjCCAXIwIhgPMjAxNDA0MDEwMDAw
+ MDBaGA8yMDE1MDMzMTIzNTk1OVowKDAMBgNVBCkTBURhdmlkMBgGA1UEChMRU29t
+ ZSBPcmdhbml6YXRpb24wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC0
+ urnS2nKcnXnMTESH2XqO+H8c6bCE6mmv+FMQ9hSfZVOHbX4kkiDmkcAAf8NCvwGr
+ kEat0NQIhKHFLFtofC5rXLheAo/UxgFA/9bNwiEjMH/c8EN2YTSMzdCDrK6TwE7B
+ 623cLTsa3Bb11+BpzC1oLb3Egedgp+vIf+AFIgNQhvfwzsgsgOBB4iJBwcYegU7w
+ JsO0pjY69WQU2DGjABFef6C2Qh8x0TvtnynRLbWlh928+4ilVUvLuWcV3AbPIKLe
+ eZu13+v01JN6kFzNZDPMFtOFPvJ943IdYu7Q9k93PzhSk0+wFp3cHH21PfWeghWe
+ 3zLIER8RTWPIQhWSbxRVAgERFjMbAQEcLgcsCANuZG4IA0tFWQgEdGVzdAgRa3Nr
+ LTEzOTQxMjk2OTQ3ODgIB0lELUNFUlQX/QEABUGcl7U+F8cwMHKckerv+1H2Nvsd
+ OfeqX0+4RzWU+wRx2emMGMZZdHSx8M/i45hb0P5hbNEF99L35/SrSTSzhTZdOriD
+ t/LQOcKBoNXY+iw3EUFM0gvRGU0kaEVBKAHtbYhtoHc48QLEyrsVaMqmrjCmpeF/
+ JOcClhzJfFW3cZ/SlhcTEayF0ntogYLR2cMzIwQhhSj5L/Kl7I7uxNxZhK1DS98n
+ q8oGAxHufEAluPrRpDQfI+jeQ4h/YYKcXPW3Vn7VQAGOqIi6gTlUxrmEbyCDF70E
+ xj5t3wfSUmDa1N+hLRMdEAI+IjRRHDSx2Lhj/QcoPIZPWwKjBz9CBL92og==
diff --git a/docs/manpages/ndnsec-cert-install.rst b/docs/manpages/ndnsec-cert-install.rst
new file mode 100644
index 0000000..1ca1ddb
--- /dev/null
+++ b/docs/manpages/ndnsec-cert-install.rst
@@ -0,0 +1,56 @@
+ndnsec-cert-install
+===================
+
+``ndnsec-cert-install`` is a tool to install a certificate into **Public Information Base (PIB)**.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-cert-install [-h] [-IKN] cert-source
+
+Description
+-----------
+
+``ndnsec-cert-install`` can insert a certificate into PIB. By default, the installed certificate
+will be set as the default certificate of its corresponding identity and the identity is set as
+the system default identity.
+
+``cert-source`` could be a filesystem path or an HTTP URL of a file containing to certificate to
+install or . If ``cert-file`` is ``-``, the certificate will be read from standard input.
+
+Options
+-------
+
+``-I``
+ Set the certificate as the default certificate of its corresponding identity, but do not change
+ the system default identity.
+
+``-K``
+ Set the certificate as the default certificate of its corresponding key, but do not change the
+ corresponding identity's default key and the system default identity.
+
+``-N``
+ Install the certificate but do not change any default settings.
+
+Examples
+--------
+
+Install a certificate and set it as the system default certificate:
+
+::
+
+ $ ndnsec-cert-install cert_file.cert
+
+Install a certificate with HTTP URL and set it as the system default certificate:
+
+::
+
+ $ ndnsec-install-cert "http://ndncert.domain.com/cert/get/my-certificate.ndncert"
+
+Install a certificate but do not change any default settings:
+
+::
+
+ $ ndnsec-cert-install -N cert_file.cert
diff --git a/docs/manpages/ndnsec-delete.rst b/docs/manpages/ndnsec-delete.rst
new file mode 100644
index 0000000..e501592
--- /dev/null
+++ b/docs/manpages/ndnsec-delete.rst
@@ -0,0 +1,37 @@
+ndnsec-delete
+=============
+
+``ndnsec-delete`` is a tool to delete security data from both **Public Info Base** and
+**Trusted Platform Module**.
+
+Usage
+-----
+
+::
+
+ ndnsec-delete [-h] [-kc] name
+
+Description
+-----------
+
+By default, ``ndnsec-delete`` interpret ``name`` as an identity name. If an identity is deleted,
+all the keys and certificates belonging to the identity will be deleted as well. If a key is
+deleted, all the certificate belonging to the key will be deleted as well.
+
+Options
+-------
+
+``-k``
+ Interpret ``name`` as a key name and delete the key and its related data.
+
+``-c``
+ Interpret ``name`` as a certificate name and delete the certificate.
+
+Examples
+--------
+
+Delete all data related to an identity:
+
+::
+
+ $ ndnsec-delete /ndn/test/david
diff --git a/docs/manpages/ndnsec-export.rst b/docs/manpages/ndnsec-export.rst
new file mode 100644
index 0000000..839e381
--- /dev/null
+++ b/docs/manpages/ndnsec-export.rst
@@ -0,0 +1,44 @@
+ndnsec-export
+=============
+
+``ndnsec-export`` is a tool to export an identity's security data
+
+Usage
+-----
+
+::
+
+ $ ndnsec-export [-h] [-o output] [-p] identity
+
+Description
+-----------
+
+``ndnsec-export`` can export public data of the ``identity`` including default key/certificate.
+``ndnsec-export`` can also export sensitive data (such as private key), but the sensitive data will
+be encrypted. The exported identity can be imported again using ``ndnsec-import``.
+
+By default, the command will write exported data to standard output.
+
+Options
+-------
+
+``-o output``
+ Output the exported data to a file pointed by ``output``.
+
+``-p``
+ Export private key of the identity. A password will be asked for data encryption.
+
+Examples
+--------
+
+Export an identity's security data including private key and store the security data in a file:
+
+::
+
+ $ ndnsec-export -o id.info -p /ndn/test/alice
+
+Export an identity's security data without private key and write it to standard output:
+
+::
+
+ $ ndnsec-export /ndn/test/alice
diff --git a/docs/manpages/ndnsec-get-default.rst b/docs/manpages/ndnsec-get-default.rst
new file mode 100644
index 0000000..48889c8
--- /dev/null
+++ b/docs/manpages/ndnsec-get-default.rst
@@ -0,0 +1,61 @@
+ndnsec-get-default
+==================
+
+``ndnsec-get-default`` is a tool to display the default setting of a particular entity.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-get-default [-h] [-kc] [-i identity|-K key] [-q]
+
+Description
+-----------
+
+Given a particular entity, ``ndnsec-get-default`` can display its default setting as specified in
+options. If ``identity`` is specified, the given entity becomes the identity. If ``key`` is
+specified, the given identity becomes the key. If no entity is specified, the command will take the
+system default identity as the given entity.
+
+Options
+-------
+
+``-k``
+ Display the given entity's default key name.
+
+``-c``
+ Display the given entity's default certificate name.
+
+``-i identity``
+ Display default setting of the ``identity``
+
+``-K key``
+ Display default setting of the ``key``.
+
+``-q``
+ Disable trailling new line character.
+
+Examples
+--------
+
+Display an identity's default key name.
+
+::
+
+ $ ndnsec-get-default -k -i /ndn/test/alice
+ /ndn/test/alice/ksk-1394129695025
+
+Display an identity's default certificate name.
+
+::
+
+ $ ndnsec-get-default -c -i /ndn/test/alice
+ /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
+
+Display a key's default certificate name.
+
+::
+
+ $ ndnsec-get-default -c -K /ndn/test/alice/ksk-1394129695025
+ /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
diff --git a/docs/manpages/ndnsec-import.rst b/docs/manpages/ndnsec-import.rst
new file mode 100644
index 0000000..5b61f59
--- /dev/null
+++ b/docs/manpages/ndnsec-import.rst
@@ -0,0 +1,33 @@
+ndnsec-import
+=============
+
+``ndnsec-import`` is a tool to import an identity's security data that is prepared by
+``ndnsec-export``.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-import [-h] [-p] input
+
+Description
+-----------
+
+``ndnsec-import`` read data from ``input``. It will ask for password if the input contains private
+key. If ``input`` is ``-``, security data will be read from standard input.
+
+Options
+-------
+
+``-p``
+ Indicates the imported data containing private key. A password will be asked for data encryption.
+
+Examples
+--------
+
+Import an identity's security data including private key:
+
+::
+
+ $ ndnsec-import -p input_file
diff --git a/docs/manpages/ndnsec-key-gen.rst b/docs/manpages/ndnsec-key-gen.rst
new file mode 100644
index 0000000..fe70233
--- /dev/null
+++ b/docs/manpages/ndnsec-key-gen.rst
@@ -0,0 +1,50 @@
+ndnsec-key-gen
+==============
+
+``ndnsec-key-gen`` is tool to generate a pair of RSA key.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-key-gen [-h] [-n] identity
+
+Description
+-----------
+
+``ndnsec-key-gen`` creates a RSA key pair for the specified ``identity`` and sets the key as the
+identity's default key. ``ndnsec-key-gen`` will also create a signing request for the generated key.
+The signing request will be written to standard output in base64 encoding.
+
+By default, it will also set the identity as the system default identity.
+
+Options
+-------
+
+``-n``
+ Do not set the identity as the system default identity.
+
+Examples
+--------
+
+::
+
+ $ ndnsec-key-gen /ndn/test/david
+ Bv0DAAc9CANuZG4IBHRlc3QIBWRhdmlkCANLRVkIEWtzay0xMzk2OTEzMDU4MTk2
+ CAdJRC1DRVJUCAgAAAFFPoG0ohQDGAECFf0BeDCCAXQwIhgPMjAxNDA0MDcyMzI0
+ MThaGA8yMDM0MDQwMjIzMjQxOFowKjAoBgNVBCkTIS9uZG4vdGVzdC9kYXZpZC9r
+ c2stMTM5NjkxMzA1ODE5NjCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEB
+ ALS6udLacpydecxMRIfZeo74fxzpsITqaa/4UxD2FJ9lU4dtfiSSIOaRwAB/w0K/
+ AauQRq3Q1AiEocUsW2h8LmtcuF4Cj9TGAUD/1s3CISMwf9zwQ3ZhNIzN0IOsrpPA
+ TsHrbdwtOxrcFvXX4GnMLWgtvcSB52Cn68h/4AUiA1CG9/DOyCyA4EHiIkHBxh6B
+ TvAmw7SmNjr1ZBTYMaMAEV5/oLZCHzHRO+2fKdEttaWH3bz7iKVVS8u5ZxXcBs8g
+ ot55m7Xf6/TUk3qQXM1kM8wW04U+8n3jch1i7tD2T3c/OFKTT7AWndwcfbU99Z6C
+ FZ7fMsgRHxFNY8hCFZJvFFUCAREWOhsBARw1BzMIA25kbggEdGVzdAgFZGF2aWQI
+ A0tFWQgRa3NrLTEzOTY5MTMwNTgxOTYIB0lELUNFUlQX/QEAW2yfF8JTgu5okR+n
+ dRlXc3UR/b1REegrpQb3xVzs7fYiiHwFYzQE9RzOuGh/9GSMvQcfejsPw021tJnj
+ oxNx6spGTOK5Bc0QZGeC6YyNoVSaJr9Obc5Uh8eRqxw76r0pCUHP+l38UgUGeBg/
+ aHurtcu5zK0zFYX++SAfUGLUZlG4CqKBUNZC+6w9OGUXlcW411zMzfqQ7V9Gxg+p
+ 1IMNJQ6trTFdIwT/4YWHsxR+16r2TRWCNHtJey2GEG84YoqRh8y37jnu7oPhAtTN
+ TgG9O7O39dZLiFg+UP3LpW1LY64fJXsNfZQmnZWcNo5lX6MXfeiPxWFjOQqnno82
+ 1hgqgA==
diff --git a/docs/manpages/ndnsec-list.rst b/docs/manpages/ndnsec-list.rst
new file mode 100644
index 0000000..bc4a316
--- /dev/null
+++ b/docs/manpages/ndnsec-list.rst
@@ -0,0 +1,83 @@
+ndnsec-list
+===========
+
+``ndnsec-list`` is a tool to display entities stored in **Public Information Base (PIB)**, such as
+identities, keys, and certificates.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-list [-h] [-KkCc]
+
+Description
+-----------
+
+``ndnsec-list`` lists names of all the entities according to the granularity specified in options
+(The default granularity is identity). The default entities will be marked with ``*`` in front of
+their names. For example:
+
+::
+
+ $ ndnsec list
+ * /ndn/edu/ucla/cs/yingdi
+ /ndn/test/cathy
+ /ndn/test/bob
+ /ndn/test/alice
+
+
+Options
+-------
+
+``-K, -k``
+ Display key names for each identity. The key name with ``*`` in front is the default key name of
+ the corresponding identity.
+
+``-C, -c``
+ Display certificate names for each key. The certificate name with ``*`` in front is the default
+ certificate name of the corresponding key.
+
+Examples
+--------
+
+Display all the key names in PIB.
+
+::
+
+ $ ndnsec-list -k
+ * /ndn/edu/ucla/cs/yingdi
+ +->* /ndn/edu/ucla/cs/yingdi/ksk-1397247318867
+ +-> /ndn/edu/ucla/cs/yingdi/ksk-1393811874052
+
+ /ndn/test/cathy
+ +->* /ndn/test/cathy/ksk-1394129695418
+
+ /ndn/test/bob
+ +->* /ndn/test/bob/ksk-1394129695308
+
+ /ndn/test/alice
+ +->* /ndn/test/alice/ksk-1394129695025
+
+Display all the certificate names in PIB.
+
+::
+
+ $ ndnsec-list -c
+ * /ndn/edu/ucla/cs/yingdi
+ +->* /ndn/edu/ucla/cs/yingdi/ksk-1397247318867
+ +->* /ndn/edu/ucla/cs/yingdi/KEY/ksk-1397247318867/ID-CERT/%00%00%01ERn%1B%BE
+ +-> /ndn/edu/ucla/cs/yingdi/ksk-1393811874052
+ +->* /ndn/edu/ucla/cs/yingdi/KEY/ksk-1393811874052/ID-CERT/%FD%01D%85%A9a%DD
+
+ /ndn/test/cathy
+ +->* /ndn/test/cathy/ksk-1394129695418
+ +->* /ndn/test/KEY/cathy/ksk-1394129695418/ID-CERT/%FD%01D%98%9A%F3J
+
+ /ndn/test/bob
+ +->* /ndn/test/bob/ksk-1394129695308
+ +->* /ndn/test/KEY/bob/ksk-1394129695308/ID-CERT/%FD%01D%98%9A%F2%AE
+
+ /ndn/test/alice
+ +->* /ndn/test/alice/ksk-1394129695025
+ +->* /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
diff --git a/docs/manpages/ndnsec-op-tool.rst b/docs/manpages/ndnsec-op-tool.rst
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/docs/manpages/ndnsec-op-tool.rst
diff --git a/docs/manpages/ndnsec-set-acl.rst b/docs/manpages/ndnsec-set-acl.rst
new file mode 100644
index 0000000..23eb1a3
--- /dev/null
+++ b/docs/manpages/ndnsec-set-acl.rst
@@ -0,0 +1,26 @@
+ndnsec-set-acl
+==============
+
+``ndnsec-set-acl`` is a tool to add an application into access control list of an private key.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-set-acl [-h] keyName appPath
+
+Description
+-----------
+
+``ndnsec-set-acl`` will add the application pointed by ``appPath`` into the ACL of a key with name
+``keyName``.
+
+Examples
+--------
+
+Add an application into a key's ACL:
+
+::
+
+ $ ndnsec-set-acl /ndn/test/alice/ksk-1394129695025 /test/app/path
diff --git a/docs/manpages/ndnsec-set-default.rst b/docs/manpages/ndnsec-set-default.rst
new file mode 100644
index 0000000..da0c5b5
--- /dev/null
+++ b/docs/manpages/ndnsec-set-default.rst
@@ -0,0 +1,49 @@
+ndnsec-set-default
+==================
+
+``ndnsec-set-default`` is a tool to change the default security settings.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-set-default [-h] [-k|c] name
+
+Description
+-----------
+
+By default, ``ndnsec-set-default`` takes ``name`` as an identity name and sets the identity as the
+system default identity.
+
+Options
+-------
+
+``-k``
+ Set default key. ``name`` should be a key name, ``ndnsec-set-default`` can infer the corresponding
+ identity and set the key as the identity's default key.
+
+``-c``
+ Set default certificate. ``name`` should be a certificate name, ``ndnsec-set-default`` can
+ infer the corresponding key name and set the certificate as the key's default certificate.
+
+Examples
+--------
+
+Set a key's default certificate:
+
+::
+
+ $ ndnsec-set-default -c /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
+
+Set an identity's default key:
+
+::
+
+ $ ndnsec-set-default -k /ndn/test/alice/ksk-1394129695025
+
+Set system default identity:
+
+::
+
+ $ ndnsec-set-default /ndn/test/alice
diff --git a/docs/manpages/ndnsec-sig-verify.rst b/docs/manpages/ndnsec-sig-verify.rst
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/docs/manpages/ndnsec-sig-verify.rst
diff --git a/docs/manpages/ndnsec-sign-req.rst b/docs/manpages/ndnsec-sign-req.rst
new file mode 100644
index 0000000..67d11f4
--- /dev/null
+++ b/docs/manpages/ndnsec-sign-req.rst
@@ -0,0 +1,77 @@
+ndnsec-sign-req
+===============
+
+``ndnsec-sign-req`` is a tool to generate a signing request for a particular key.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-sign-req [-h] [-k] name
+
+Description
+-----------
+
+The signing request of a key is actually a self-signed certificate. Given key's information,
+``ndnsec-sign-req`` looks up the key in PIB. If such a key exists, a self-signed certificate of the
+key, or its signing request, will be outputed to **stdout** with base64 encoding.
+
+By default, ``name`` is interpreted as an identity name. ``ndnsec-sign-req`` will generate a
+signing request for the identity's default key.
+
+Options
+-------
+
+``-k``
+ Interpret ``name`` as a key name.
+
+Examples
+--------
+
+Create a signing request for an identity's default key.
+
+::
+
+ $ ndnsec-sign-req /ndn/test/david
+ Bv0DAAc9CANuZG4IBHRlc3QIBWRhdmlkCANLRVkIEWtzay0xMzk2OTk4Mzg5MjU3
+ CAdJRC1DRVJUCAgAAAFFZ+ibohQDGAECFf0BeDCCAXQwIhgPMjAxNDA0MTYwMDIx
+ MDhaGA8yMDM0MDQxMTAwMjEwOFowKjAoBgNVBCkTIS9uZG4vdGVzdC9kYXZpZC9r
+ c2stMTM5Njk5ODM4OTI1NzCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEB
+ AKOhGgpUZXiUkaqgfcIvBKSw4wFcSMhBdXr45Tzh8hi8dv1plXKAV4YQLkjHhJqi
+ VTj8qGWkvaP0Kv/mkynaa2rPzUQ77wE1ydRIBUik62bXQa8SanJsV9ux99t9LBKq
+ MY4mtWgal48wFqwqRPNH4xq0yFACh28eaMCMpNvZd2Fh4gmDvQ5xU7sJTyRLt/Mc
+ mfYppDFGfzUP2nP8eQW5I9+L0DXMAAb4z8w1nXHs21xyPv0SSaJXgBH0ZdBwB++D
+ Eo5RLmcDdhFqN0f9Rlz06LVq+gLUC2M+N54jD5qUhPEdW5erY6pyYhq4Zv2B4lbK
+ Zgf2FWIB2iw0of4snf2SxDcCAREWOhsBARw1BzMIA25kbggEdGVzdAgFZGF2aWQI
+ A0tFWQgRa3NrLTEzOTY5OTgzODkyNTcIB0lELUNFUlQX/QEABe8tCY99uFTPyiNX
+ u/hUY96FGnfQx4usA2rCd+M4bkvsAwKQVlbBx1sDXsakvoHhLaCi+MTwHw17o+oG
+ mtPqklLjM8XS+gF+Lh+OyivJQixb8KR8tAtlGeLDoLU/kpgYv/xVhp8Q5ma0/T47
+ faI4Sn6bQP7YoWj+BdO3oZYthtq3MZPw2hl7wuTRMHNm5i3efnZyZdoPNMR2K43x
+ gH6ew1JbEQG7G6l5Q/jjnfT/oTtUeQzqWf2SSylAX+9xFZ9KG4+S6K7mYieBoqiA
+ 0wHjvDS1cuIH2j6XveoUYapRjZXaEZqB/YoBwRqEYq2KVn/ol5knLM6FIISXXjxn
+ cIh62A==
+
+
+Create a signing request for a particular key.
+
+::
+
+ $ ndnsec-sign-req -k /ndn/test/david/ksk-1396913058196
+ Bv0DAAc9CANuZG4IBHRlc3QIBWRhdmlkCANLRVkIEWtzay0xMzk2OTEzMDU4MTk2
+ CAdJRC1DRVJUCAgAAAFFZ+mbhRQDGAECFf0BeDCCAXQwIhgPMjAxNDA0MTYwMDIy
+ MTRaGA8yMDM0MDQxMTAwMjIxNFowKjAoBgNVBCkTIS9uZG4vdGVzdC9kYXZpZC9r
+ c2stMTM5NjkxMzA1ODE5NjCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEB
+ ALS6udLacpydecxMRIfZeo74fxzpsITqaa/4UxD2FJ9lU4dtfiSSIOaRwAB/w0K/
+ AauQRq3Q1AiEocUsW2h8LmtcuF4Cj9TGAUD/1s3CISMwf9zwQ3ZhNIzN0IOsrpPA
+ TsHrbdwtOxrcFvXX4GnMLWgtvcSB52Cn68h/4AUiA1CG9/DOyCyA4EHiIkHBxh6B
+ TvAmw7SmNjr1ZBTYMaMAEV5/oLZCHzHRO+2fKdEttaWH3bz7iKVVS8u5ZxXcBs8g
+ ot55m7Xf6/TUk3qQXM1kM8wW04U+8n3jch1i7tD2T3c/OFKTT7AWndwcfbU99Z6C
+ FZ7fMsgRHxFNY8hCFZJvFFUCAREWOhsBARw1BzMIA25kbggEdGVzdAgFZGF2aWQI
+ A0tFWQgRa3NrLTEzOTY5MTMwNTgxOTYIB0lELUNFUlQX/QEAkA2DjqDq8pcAD579
+ PaGz3sybCMo2zyjAJvLCRRDPrjQfkublIvN3wGykfsYRKTPW/aDlZcgOtqn8+Qdo
+ tpL9PixqB7hPAZzelADB7Rrqw41p5VNJTzBuIzC6bCssMa8xb2VTGkw1oEtWb1vl
+ Dn+WWvmTNE/yTnSTjNXnTdLinBSA1HH4edkjvH9hTn5+DVyZlpZrTX2qRYcNZqdC
+ kgESIroeoFnp95NVmO+jtL/pKaJ53jh7pvpv7y8wOu28Qk6HuhwDUR186Y/TNNt4
+ hIc0NNDfvvyGgbDEGCMJ7/qOSt0qpJ2BxvPCb9S/bQD1odjGfP2F4ZA2S/JN2SYm
+ 5gldDQ==
diff --git a/docs/manpages/ndnsec-unlock-tpm.rst b/docs/manpages/ndnsec-unlock-tpm.rst
new file mode 100644
index 0000000..7672f00
--- /dev/null
+++ b/docs/manpages/ndnsec-unlock-tpm.rst
@@ -0,0 +1,17 @@
+ndnsec-unlock-tpm
+=================
+
+``ndnsec-unlock-tpm`` is a tool to (temporarily) unlock the **Trusted Platform Module (TPM)** that
+manages private keys.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-unlock-tpm [-h]
+
+Description
+-----------
+
+``ndnsec-unlock-tpm`` will ask for password to unlock the TPM.
diff --git a/docs/manpages/ndnsec.rst b/docs/manpages/ndnsec.rst
index 8004f80..1efc2e1 100644
--- a/docs/manpages/ndnsec.rst
+++ b/docs/manpages/ndnsec.rst
@@ -1,352 +1,85 @@
-ndnsec: NDN security tool
-=========================
+ndnsec
+======
-``ndnsec`` is a command-line tools to perform various NDN security management
-operation:
+``ndnsec`` is a command-line toolkit to perform various NDN security management
+operation.
+
+Usage
+-----
::
- $ ndnsec <command> <args>
+ $ ndnsec <command> [<args>]
-One can check the command list by
+or alternatively
::
- $ ndnsec help
+ $ ndnsec-command [<args>]
-Here is a list of commands supported so far:
+Description
+-----------
-::
+The NDN security data are stored and managed in two places: **Public Information Base** and
+**Trusted Platform Module**. ``ndnsec`` toolkit provides a command-line interface of managing and
+using the NDN security data.
- $ ndnsec help
- help Show all commands.
- list Display information in PublicInfo.
- get-default Get default setting info.
- set-default Configure default setting.
- key-gen Generate a Key-Signing-Key for an identity.
- sign-req Generate a certificate signing request.
- cert-gen Generate an identity certificate.
- cert-dump Dump a certificate from PublicInfo.
- cert-install Install a certificate into PublicInfo.
- delete Delete identity/key/certificate.
- export Export an identity package.
- import Import an identity package.
- set-acl Configure ACL of a private key.
- unlock-tpm Unlock Tpm.
- op-tool Operator tool.
+ndnsec commands
+---------------
-Next, we will introduce these commands one-by-one:
+ndnsec-list_
+ Display information in PublicInfo.
-list
-----
+ndnsec-get-default_
+ Get default setting info.
-``list`` command can display the information of identities, keys, and
-certificates. By default, it only display all the identities created in
-the system. For example:
+ndnsec-set-default_
+ Configure default setting.
-::
+ndnsec-key-gen_
+ Generate a Key-Signing-Key for an identity.
- $ ndnsec list
- * /ndn/edu/ucla/cs/yingdi
- /ndn/test/cathy
- /ndn/test/bob
- /ndn/test/alice
+ndnsec-sign-req_
+ Generate a certificate signing request.
-The identity with ``*`` in front is the default identity of the system.
+ndnsec-cert-gen_
+ Generate an identity certificate.
-If option ``-K`` or ``-k`` is specified, the output of the command will
-display key names for each identity. The key name with ``*`` in front is
-the key name of the corresponding identity. For example:
+ndnsec-cert-dump_
+ Dump a certificate from PublicInfo.
-::
+ndnsec-cert-install_
+ Install a certificate into PublicInfo.
- $ ndnsec list -k
- * /ndn/edu/ucla/cs/yingdi
- +->* /ndn/edu/ucla/cs/yingdi/ksk-1393811874052
+ndnsec-delete_
+ Delete identity/key/certificate.
- /ndn/test/cathy
- +->* /ndn/test/cathy/ksk-1394129695418
+ndnsec-export_
+ Export an identity package.
- /ndn/test/bob
- +->* /ndn/test/bob/ksk-1394129695308
+ndnsec-import_
+ Import an identity package.
- /ndn/test/alice
- +->* /ndn/test/alice/ksk-1394129695025
+ndnsec-set-acl_
+ Configure ACL of a private key.
-If option ``-C`` or ``-c`` is specified, the output of the command will
-display certificate names for each key. The certificate name with ``*``
-in front is the certificate name of the corresponding key. For example:
+ndnsec-unlock-tpm_
+ Unlock Tpm.
-::
+ndnsec-op-tool_
+ Operator tool.
- $ ndnsec list -c
- * /ndn/edu/ucla/cs/yingdi
- +->* /ndn/edu/ucla/cs/yingdi/ksk-1393811874052
- +->* /ndn/edu/ucla/cs/yingdi/KEY/ksk-1393811874052/ID-CERT/%FD%01D%85%A9a%DD
-
- /ndn/test/cathy
- +->* /ndn/test/cathy/ksk-1394129695418
- +->* /ndn/test/KEY/cathy/ksk-1394129695418/ID-CERT/%FD%01D%98%9A%F3J
-
- /ndn/test/bob
- +->* /ndn/test/bob/ksk-1394129695308
- +->* /ndn/test/KEY/bob/ksk-1394129695308/ID-CERT/%FD%01D%98%9A%F2%AE
-
- /ndn/test/alice
- +->* /ndn/test/alice/ksk-1394129695025
- +->* /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
-
-get-default/set-default
------------------------
-
-If you are only curious about the default setting of a particular
-identity or key. You can use ``get-default`` command.
-
-If you want to check the default setting of a particular identity, you
-can specify the identity name with option ``-i``. For example, a
-command:
-
-::
-
- $ ndnsec get-default -k -i /ndn/test/alice
- /ndn/test/alice/ksk-1394129695025
-
-returns the default key name of ``/ndn/test/alice``. And a command:
-
-::
-
- $ ndnsec get-default -c -i /ndn/test/alice
- /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
-
-returns the default certificate name of ``/ndn/test/alice``. If option
-``-i`` is missing, the system default identity will be used.
-
-If you want to check default settings of a particular key, you can
-specify the key name with option ``-K``.
-
-::
-
- $ ndnsec get-default -c -K /ndn/test/alice/ksk-1394129695025
- /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
-
-In order to change the default setting, you can change it using command
-``set-default``. If you want to change the default system identity, you
-can use command:
-
-::
-
- $ ndnsec set-default /ndn/test/alice
-
-If you want to set a key as the default key of its corresponding
-identity, you can specify the key name with option ``-k``:
-
-::
-
- $ ndnsec set-default -k /ndn/test/alice/ksk-1394129695025
-
-If you want to set a certificate as the default certificate of its
-corresponding key, you can specify the certificate name with option
-``-c``:
-
-::
-
- $ ndnsec set-default -c /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
-
-key-gen
--------
-
-Command ``key-gen`` allows you to generate keys for a specified
-identity.
-
-::
-
- $ ndnsec key-gen /ndn/test/david
- Bv0DAAc9CANuZG4IBHRlc3QIBWRhdmlkCANLRVkIEWtzay0xMzk2OTEzMDU4MTk2
- CAdJRC1DRVJUCAgAAAFFPoG0ohQDGAECFf0BeDCCAXQwIhgPMjAxNDA0MDcyMzI0
- MThaGA8yMDM0MDQwMjIzMjQxOFowKjAoBgNVBCkTIS9uZG4vdGVzdC9kYXZpZC9r
- c2stMTM5NjkxMzA1ODE5NjCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEB
- ALS6udLacpydecxMRIfZeo74fxzpsITqaa/4UxD2FJ9lU4dtfiSSIOaRwAB/w0K/
- AauQRq3Q1AiEocUsW2h8LmtcuF4Cj9TGAUD/1s3CISMwf9zwQ3ZhNIzN0IOsrpPA
- TsHrbdwtOxrcFvXX4GnMLWgtvcSB52Cn68h/4AUiA1CG9/DOyCyA4EHiIkHBxh6B
- TvAmw7SmNjr1ZBTYMaMAEV5/oLZCHzHRO+2fKdEttaWH3bz7iKVVS8u5ZxXcBs8g
- ot55m7Xf6/TUk3qQXM1kM8wW04U+8n3jch1i7tD2T3c/OFKTT7AWndwcfbU99Z6C
- FZ7fMsgRHxFNY8hCFZJvFFUCAREWOhsBARw1BzMIA25kbggEdGVzdAgFZGF2aWQI
- A0tFWQgRa3NrLTEzOTY5MTMwNTgxOTYIB0lELUNFUlQX/QEAW2yfF8JTgu5okR+n
- dRlXc3UR/b1REegrpQb3xVzs7fYiiHwFYzQE9RzOuGh/9GSMvQcfejsPw021tJnj
- oxNx6spGTOK5Bc0QZGeC6YyNoVSaJr9Obc5Uh8eRqxw76r0pCUHP+l38UgUGeBg/
- aHurtcu5zK0zFYX++SAfUGLUZlG4CqKBUNZC+6w9OGUXlcW411zMzfqQ7V9Gxg+p
- 1IMNJQ6trTFdIwT/4YWHsxR+16r2TRWCNHtJey2GEG84YoqRh8y37jnu7oPhAtTN
- TgG9O7O39dZLiFg+UP3LpW1LY64fJXsNfZQmnZWcNo5lX6MXfeiPxWFjOQqnno82
- 1hgqgA==
-
-And the generated key will be automatically set to be the default key of
-the identity. The output of these command is a base64 encoded
-self-signed certificate of the generated key. By default, the specified
-identity will become the system default identity. If this is not your
-intention, you can specify option ``-n`` to disable that.
-
-sign-req
---------
-
-If you want to ask somebody else to issue you a certificate, you need to
-create a signing request. Such a signing request is a self-signed
-certificate of the your default key. You can generate this request using
-command ``sign-req``, for example:
-
-::
-
- $ ndnsec sign-req /ndn/test/david
-
-The request will be output to stdout. If you want to create a signing
-request for a particular key. You can specify the key name with option
-``-k``, for example:
-
-::
-
- $ ndnsec sign-req -k /ndn/test/david/ksk-1396913058196
-
-cert-gen
---------
-
-In order to issue others certificates, you can use command ``cert-gen``.
-Such a command requires a signing request (a self-signed certificate).
-
-::
-
- $ ndnsec cert-gen sign_request.cert
-
-You can specify the starting timestamp of the certificate's validity via
-option ``-S`` and the ending timestamp of the certificate's validity via
-option ``-E``. You can specify the name of the certificate owner via
-option ``-N`` and other information about the certificate owner via
-option ``-I``. At last, you may also specify the signing identity of the
-certificate via option ``-s``, the default key and certificate of the
-signing identity will be used to generate the requested certificate. If
-``-s`` is missing, the system default identity will be used. A complete
-example of ``cert-gen`` command could be:
-
-::
-
- $ ndnsec cert-gen -S 20140401000000 -E 20150331235959 -N "David" -I "2.5.4.10 'Some Organization'" -s /ndn/test sign_request.cert
- Bv0C9wc9CANuZG4IBHRlc3QIA0tFWQgFZGF2aWQIEWtzay0xMzk2OTEzMDU4MTk2
- CAdJRC1DRVJUCAgAAAFFPp2g3hQDGAECFf0BdjCCAXIwIhgPMjAxNDA0MDEwMDAw
- MDBaGA8yMDE1MDMzMTIzNTk1OVowKDAMBgNVBCkTBURhdmlkMBgGA1UEChMRU29t
- ZSBPcmdhbml6YXRpb24wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC0
- urnS2nKcnXnMTESH2XqO+H8c6bCE6mmv+FMQ9hSfZVOHbX4kkiDmkcAAf8NCvwGr
- kEat0NQIhKHFLFtofC5rXLheAo/UxgFA/9bNwiEjMH/c8EN2YTSMzdCDrK6TwE7B
- 623cLTsa3Bb11+BpzC1oLb3Egedgp+vIf+AFIgNQhvfwzsgsgOBB4iJBwcYegU7w
- JsO0pjY69WQU2DGjABFef6C2Qh8x0TvtnynRLbWlh928+4ilVUvLuWcV3AbPIKLe
- eZu13+v01JN6kFzNZDPMFtOFPvJ943IdYu7Q9k93PzhSk0+wFp3cHH21PfWeghWe
- 3zLIER8RTWPIQhWSbxRVAgERFjMbAQEcLgcsCANuZG4IA0tFWQgEdGVzdAgRa3Nr
- LTEzOTQxMjk2OTQ3ODgIB0lELUNFUlQX/QEABUGcl7U+F8cwMHKckerv+1H2Nvsd
- OfeqX0+4RzWU+wRx2emMGMZZdHSx8M/i45hb0P5hbNEF99L35/SrSTSzhTZdOriD
- t/LQOcKBoNXY+iw3EUFM0gvRGU0kaEVBKAHtbYhtoHc48QLEyrsVaMqmrjCmpeF/
- JOcClhzJfFW3cZ/SlhcTEayF0ntogYLR2cMzIwQhhSj5L/Kl7I7uxNxZhK1DS98n
- q8oGAxHufEAluPrRpDQfI+jeQ4h/YYKcXPW3Vn7VQAGOqIi6gTlUxrmEbyCDF70E
- xj5t3wfSUmDa1N+hLRMdEAI+IjRRHDSx2Lhj/QcoPIZPWwKjBz9CBL92og==
-
-The output of ``cert-gen`` is the generated certificate with base64
-encoding.
-
-cert-install
-------------
-
-On receiving the requested certificate, you can install the certificate
-in your system via command ``cert-install``.
-
-::
-
- $ ndnsec cert-install cert_file.cert
-
-By default, the installed certificate will be set to be the default
-certificate of its corresponding identity. And this identity will become
-the system default identity. If this is not your intention, you can
-specify option ``-N`` to install the certificate without changing any
-default setting; or you can specify option ``-K`` to set the installed
-certificate to be the default certificate of its corresponding key; or
-option ``-I`` to set the installed certificate to be the default
-certificate of its corresponding identity.
-
-cert-dump
----------
-
-If you want to display a certificate in stdout, you can use command
-``cert-dump``.
-
-::
-
- $ ndnsec cert-dump /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
-
-By default, a base64 encoded certificate is displayed. You can specify
-option ``-p`` to display a decoded certificate:
-
-::
-
- $ ndnsec cert-dump -p /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
- Certificate name:
- /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
- Validity:
- NotBefore: 20140401T000000
- NotAfter: 20150331T235959
- Subject Description:
- 2.5.4.41: David
- 2.5.4.10: Some Organization
- Public key bits:
- MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtLq50tpynJ15zExEh9l6
- jvh/HOmwhOppr/hTEPYUn2VTh21+JJIg5pHAAH/DQr8Bq5BGrdDUCIShxSxbaHwu
- a1y4XgKP1MYBQP/WzcIhIzB/3PBDdmE0jM3Qg6yuk8BOwett3C07GtwW9dfgacwt
- aC29xIHnYKfryH/gBSIDUIb38M7ILIDgQeIiQcHGHoFO8CbDtKY2OvVkFNgxowAR
- Xn+gtkIfMdE77Z8p0S21pYfdvPuIpVVLy7lnFdwGzyCi3nmbtd/r9NSTepBczWQz
- zBbThT7yfeNyHWLu0PZPdz84UpNPsBad3Bx9tT31noIVnt8yyBEfEU1jyEIVkm8U
- VQIB
-
-delete
-------
-
-If you want to delete identities, keys, or certificates, you can use
-command ``delete``. You need to supply a name to this command. By
-default the name should be the identity to delete. For example:
-
-::
-
- $ ndnsec delete /ndn/test/david
-
-If option ``-K`` or ``-k`` is specified, the name should be the name of
-the key to delete. If option ``-C`` or ``-c`` is specified, the name
-should be the name of the certificate to delete.
-
-export/import
--------------
-
-You can export or import security data of a specified identity. The
-security data may even include private key (which is protected by
-encryption).
-
-In order to export security data of an identity, you can use command:
-
-::
-
- $ ndnsec export /ndn/test/alice
-
-This will output all the public security data of the specified identity
-to ``stdout``. If you want to export private keys, you need to specify
-option ``-p``. If you want to export security data into a file, you can
-specify the file name with option ``-o``.
-
-If you can also import security data of a particular identity from a
-file, you can use command:
-
-::
-
- $ ndnsec import input_file
-
-If input\_file is ``-``, the command will import security data from
-``stdin``. If the security to import contains private key, you need to
-specify option ``-p``.
-
-unlock-tpm
-----------
-
-Depending on the internal implementation, the Trusted Platform Module
-(TPM) which manages private keys may be locked. If you want to
-explicitly unlock the TPM, you can use ``unlock-tpm`` command.
+.. _ndnsec-list: ndnsec-list.html
+.. _ndnsec-get-default: ndnsec-get-default.html
+.. _ndnsec-set-default: ndnsec-set-default.html
+.. _ndnsec-key-gen: ndnsec-key-gen.html
+.. _ndnsec-sign-req: ndnsec-sign-req.html
+.. _ndnsec-cert-gen: ndnsec-cert-gen.html
+.. _ndnsec-cert-dump: ndnsec-cert-dump.html
+.. _ndnsec-cert-install: ndnsec-cert-install.html
+.. _ndnsec-delete: ndnsec-delete.html
+.. _ndnsec-export: ndnsec-export.html
+.. _ndnsec-import: ndnsec-import.html
+.. _ndnsec-set-acl: ndnsec-set-acl.html
+.. _ndnsec-unlock-tpm: ndnsec-unlock-tpm.html
+.. _ndnsec-op-tool: ndnsec-op-tool.html
diff --git a/docs/manpages/tlvdump.rst b/docs/manpages/tlvdump.rst
new file mode 100644
index 0000000..eb50961
--- /dev/null
+++ b/docs/manpages/tlvdump.rst
@@ -0,0 +1,46 @@
+tlvdump
+=======
+
+``tlvdump`` is a simple application allowing to decode structure of TLV-encoded packet.
+
+Usage
+-----
+
+::
+
+ tlvdump [filename]
+
+Description
+-----------
+
+If filename is specified, ``tlvdump`` will attempt to read and decode content of the file,
+otherwise data will be read from standard input.
+
+Example
+-------
+
+::
+
+ $ tlvdump interest.tlv
+ 5 (Interest) (size: 89)
+ 7 (Name) (size: 20)
+ 8 (NameComponent) (size: 5) [[local]]
+ 8 (NameComponent) (size: 3) [[ndn]]
+ 8 (NameComponent) (size: 6) [[prefix]]
+ 9 (Selectors) (size: 55)
+ 13 (MinSuffixComponents) (size: 1) [[%01]]
+ 14 (MaxSuffixComponents) (size: 1) [[%01]]
+ 28 (KeyLocatorDigest) (size: 22)
+ 7 (Name) (size: 20)
+ 8 (NameComponent) (size: 4) [[test]]
+ 8 (NameComponent) (size: 3) [[key]]
+ 8 (NameComponent) (size: 7) [[locator]]
+ 16 (Exclude) (size: 20)
+ 8 (NameComponent) (size: 4) [[alex]]
+ 8 (NameComponent) (size: 4) [[xxxx]]
+ 19 (Any) (size: 0) [[...]]
+ 8 (NameComponent) (size: 4) [[yyyy]]
+ 17 (ChildSelector) (size: 1) [[%01]]
+ 10 (Nonce) (size: 1) [[%01]]
+ 11 (Scope) (size: 1) [[%01]]
+ 12 (InterestLifetime) (size: 2) [[%03%E8]]