security: Reorganizing source code to prepare for support of two version of NDN certificates

This commit also removes unused ndn_digestSha256 function and deprecates
crypto::sha256 in favor of crypto::computeSha256Digest in util/crypto.hpp.

Change-Id: I24ee50ff073a96b868633bdf2cfade412d3605f3
Refs: #3098
diff --git a/src/security/certificate-cache-ttl.cpp b/src/security/certificate-cache-ttl.cpp
index 2ab13c9..c1ad631 100644
--- a/src/security/certificate-cache-ttl.cpp
+++ b/src/security/certificate-cache-ttl.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -24,6 +24,7 @@
 #include "certificate-cache-ttl.hpp"
 
 namespace ndn {
+namespace security {
 
 CertificateCacheTtl::CertificateCacheTtl(boost::asio::io_service& io,
                                          const time::seconds& defaultTtl/* = time::seconds(3600)*/)
@@ -38,19 +39,19 @@
 }
 
 void
-CertificateCacheTtl::insertCertificate(shared_ptr<const IdentityCertificate> certificate)
+CertificateCacheTtl::insertCertificate(shared_ptr<const v1::IdentityCertificate> certificate)
 {
   m_io.dispatch([this, certificate] { this->insert(certificate); });
 }
 
-shared_ptr<const IdentityCertificate>
+shared_ptr<const v1::IdentityCertificate>
 CertificateCacheTtl::getCertificate(const Name& certificateName)
 {
   Cache::iterator it = m_cache.find(certificateName);
   if (it != m_cache.end())
     return it->second.first;
   else
-    return shared_ptr<IdentityCertificate>();
+    return shared_ptr<v1::IdentityCertificate>();
 }
 
 void
@@ -66,7 +67,7 @@
 }
 
 void
-CertificateCacheTtl::insert(shared_ptr<const IdentityCertificate> certificate)
+CertificateCacheTtl::insert(shared_ptr<const v1::IdentityCertificate> certificate)
 {
   time::milliseconds expire = (certificate->getFreshnessPeriod() >= time::seconds::zero() ?
                                certificate->getFreshnessPeriod() : m_defaultTtl);
@@ -102,4 +103,5 @@
   m_cache.clear();
 }
 
+} // namespace security
 } // namespace ndn
diff --git a/src/security/certificate-cache-ttl.hpp b/src/security/certificate-cache-ttl.hpp
index 55cbc5a..e0ef837 100644
--- a/src/security/certificate-cache-ttl.hpp
+++ b/src/security/certificate-cache-ttl.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -29,6 +29,7 @@
 #include "../util/scheduler.hpp"
 
 namespace ndn {
+namespace security {
 
 /**
  * @brief Cache of validated certificates with freshness-based eviction policy
@@ -47,9 +48,9 @@
   ~CertificateCacheTtl();
 
   virtual void
-  insertCertificate(shared_ptr<const IdentityCertificate> certificate);
+  insertCertificate(shared_ptr<const v1::IdentityCertificate> certificate);
 
-  virtual shared_ptr<const IdentityCertificate>
+  virtual shared_ptr<const v1::IdentityCertificate>
   getCertificate(const Name& certificateNameWithoutVersion);
 
   virtual void
@@ -60,7 +61,7 @@
 
 private:
   void
-  insert(shared_ptr<const IdentityCertificate> certificate);
+  insert(shared_ptr<const v1::IdentityCertificate> certificate);
 
   void
   remove(const Name& certificateName);
@@ -69,7 +70,7 @@
   removeAll();
 
 protected:
-  typedef std::map<Name, std::pair<shared_ptr<const IdentityCertificate>, EventId> > Cache;
+  typedef std::map<Name, std::pair<shared_ptr<const v1::IdentityCertificate>, EventId> > Cache;
 
   time::seconds m_defaultTtl;
   Cache m_cache;
@@ -77,6 +78,10 @@
   Scheduler m_scheduler;
 };
 
+} // namespace security
+
+using security::CertificateCacheTtl;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_CERTIFICATE_CACHE_TTL_HPP
diff --git a/src/security/certificate-cache.hpp b/src/security/certificate-cache.hpp
index 42f3b88..fa6cb79 100644
--- a/src/security/certificate-cache.hpp
+++ b/src/security/certificate-cache.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -25,9 +25,10 @@
 #define NDN_SECURITY_CERTIFICATE_CACHE_HPP
 
 #include "../name.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
 
 namespace ndn {
+namespace security {
 
 /**
  * @brief Interface for the cache of validated certificates
@@ -41,9 +42,9 @@
   }
 
   virtual void
-  insertCertificate(shared_ptr<const IdentityCertificate> certificate) = 0;
+  insertCertificate(shared_ptr<const v1::IdentityCertificate> certificate) = 0;
 
-  virtual shared_ptr<const IdentityCertificate>
+  virtual shared_ptr<const v1::IdentityCertificate>
   getCertificate(const Name& certificateNameWithoutVersion) = 0;
 
   virtual void
@@ -59,6 +60,10 @@
   }
 };
 
+} // namespace security
+
+using security::CertificateCache;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_CERTIFICATE_CACHE_HPP
diff --git a/src/security/certificate-container.cpp b/src/security/certificate-container.cpp
index b18bbcb..a05dd52 100644
--- a/src/security/certificate-container.cpp
+++ b/src/security/certificate-container.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -32,7 +32,7 @@
 {
 }
 
-IdentityCertificate
+v1::IdentityCertificate
 CertificateContainer::const_iterator::operator*()
 {
   return m_impl->getCertificate(*m_it);
diff --git a/src/security/certificate-container.hpp b/src/security/certificate-container.hpp
index 1d7b6b4..f0cc408 100644
--- a/src/security/certificate-container.hpp
+++ b/src/security/certificate-container.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,7 +23,7 @@
 #define NDN_SECURITY_CERTIFICATE_CONTAINER_HPP
 
 #include <set>
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
 
 namespace ndn {
 namespace security {
@@ -40,7 +40,7 @@
     friend class CertificateContainer;
 
   public:
-    IdentityCertificate
+    v1::IdentityCertificate
     operator*();
 
     const_iterator&
diff --git a/src/security/command-interest-validator.cpp b/src/security/command-interest-validator.cpp
index ddba90e..f877f41 100644
--- a/src/security/command-interest-validator.cpp
+++ b/src/security/command-interest-validator.cpp
@@ -20,7 +20,7 @@
  */
 
 #include "command-interest-validator.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
 #include <boost/lexical_cast.hpp>
 
 namespace ndn {
@@ -146,9 +146,9 @@
   }
 
   try {
-    keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
+    keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
   }
-  catch (const IdentityCertificate::Error&) {
+  catch (const v1::IdentityCertificate::Error&) {
     return ErrorCode::BAD_CERT_NAME;
   }
 
diff --git a/src/security/conf/checker.hpp b/src/security/conf/checker.hpp
index c2c4244..c4ec3ca 100644
--- a/src/security/conf/checker.hpp
+++ b/src/security/conf/checker.hpp
@@ -29,7 +29,7 @@
 #include "key-locator-checker.hpp"
 #include "../../util/io.hpp"
 #include "../validator.hpp"
-#include "../identity-certificate.hpp"
+#include "../v1/identity-certificate.hpp"
 
 #include <boost/algorithm/string.hpp>
 #include <boost/filesystem.hpp>
@@ -198,10 +198,10 @@
 {
 public:
   FixedSignerChecker(uint32_t sigType,
-                     const std::vector<shared_ptr<IdentityCertificate>>& signers)
+                     const std::vector<shared_ptr<v1::IdentityCertificate>>& signers)
     : m_sigType(sigType)
   {
-    for (std::vector<shared_ptr<IdentityCertificate>>::const_iterator it = signers.begin();
+    for (std::vector<shared_ptr<v1::IdentityCertificate>>::const_iterator it = signers.begin();
          it != signers.end(); it++)
       m_signers[(*it)->getName().getPrefix(-1)] = (*it);
 
@@ -295,7 +295,7 @@
   }
 
 private:
-  typedef std::map<Name, shared_ptr<IdentityCertificate>> SignerList;
+  typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> SignerList;
   uint32_t m_sigType;
   SignerList m_signers;
 };
@@ -394,7 +394,7 @@
     std::string sigType = propertyIt->second.data();
     propertyIt++;
 
-    std::vector<shared_ptr<IdentityCertificate>> signers;
+    std::vector<shared_ptr<v1::IdentityCertificate>> signers;
     for (; propertyIt != configSection.end(); propertyIt++) {
       if (!boost::iequals(propertyIt->first, "signer"))
         BOOST_THROW_EXCEPTION(Error("Expect <checker.signer> but get <checker." +
@@ -410,7 +410,7 @@
                                                                  signers));
   }
 
-  static shared_ptr<IdentityCertificate>
+  static shared_ptr<v1::IdentityCertificate>
   getSigner(const ConfigSection& configSection, const std::string& configFilename)
   {
     using namespace boost::filesystem;
@@ -436,8 +436,8 @@
       if (propertyIt != configSection.end())
         BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
 
-      shared_ptr<IdentityCertificate> idCert
-        = io::load<IdentityCertificate>(certfilePath.c_str());
+      shared_ptr<v1::IdentityCertificate> idCert
+        = io::load<v1::IdentityCertificate>(certfilePath.c_str());
 
       if (static_cast<bool>(idCert))
         return idCert;
@@ -457,7 +457,7 @@
       if (propertyIt != configSection.end())
         BOOST_THROW_EXCEPTION(Error("Expect the end of checker.signer"));
 
-      shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
+      shared_ptr<v1::IdentityCertificate> idCert = io::load<v1::IdentityCertificate>(ss);
 
       if (static_cast<bool>(idCert))
         return idCert;
diff --git a/src/security/cryptopp.hpp b/src/security/cryptopp.hpp
index d7342cf..4c9e959 100644
--- a/src/security/cryptopp.hpp
+++ b/src/security/cryptopp.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,27 +19,15 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_CRYPTOPP_HPP
-#define NDN_SECURITY_CRYPTOPP_HPP
+/**
+ * @file security/cryptopp.hpp
+ * @deprecated Use security/v1/cryptopp.hpp
+ */
 
-// suppress CryptoPP warnings
-#pragma GCC system_header
-#pragma clang system_header
+#include "security-common.hpp"
 
-#include <cryptopp/asn.h>
-#include <cryptopp/base64.h>
-#include <cryptopp/des.h>
-#include <cryptopp/files.h>
-#include <cryptopp/filters.h>
-#include <cryptopp/hex.h>
-#include <cryptopp/modes.h>
-#include <cryptopp/osrng.h>
-#include <cryptopp/pssr.h>
-#include <cryptopp/pwdbased.h>
-#include <cryptopp/rsa.h>
-#include <cryptopp/sha.h>
-#include <cryptopp/eccrypto.h>
-#include <cryptopp/oids.h>
-#include <cryptopp/dsa.h>
-
-#endif // NDN_SECURITY_CRYPTOPP_HPP
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/cryptopp.hpp"
+#else
+#error "Deprecated. Use v1/cryptopp.hpp instead."
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/identity-certificate.hpp b/src/security/identity-certificate.hpp
index b416080..42553a6 100644
--- a/src/security/identity-certificate.hpp
+++ b/src/security/identity-certificate.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -17,84 +17,17 @@
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
  */
 
-#ifndef NDN_SECURITY_IDENTITY_CERTIFICATE_HPP
-#define NDN_SECURITY_IDENTITY_CERTIFICATE_HPP
+/**
+ * @file security/identity-certificate.hpp
+ * @deprecated Use security/v1/identity-certificate.hpp
+ */
 
-#include "../common.hpp"
-#include "certificate.hpp"
+#include "security-common.hpp"
 
-namespace ndn {
-
-class IdentityCertificate : public Certificate
-{
-public:
-  class Error : public Certificate::Error
-  {
-  public:
-    explicit
-    Error(const std::string& what)
-      : Certificate::Error(what)
-    {
-    }
-  };
-
-  /**
-   * @brief The default constructor.
-   */
-  IdentityCertificate();
-
-  /**
-   * @brief Create an IdentityCertificate from the content in the data packet.
-   * @param data The data packet with the content to decode.
-   */
-  explicit
-  IdentityCertificate(const Data& data);
-
-  /**
-   * @brief Create an IdentityCertificate from a block.
-   * @param block The raw block of the certificate.
-   */
-  explicit
-  IdentityCertificate(const Block& block);
-
-  void
-  wireDecode(const Block& wire);
-
-  void
-  setName(const Name& name);
-
-  const Name&
-  getPublicKeyName() const
-  {
-    return m_publicKeyName;
-  }
-
-  static bool
-  isIdentityCertificate(const Certificate& certificate);
-
-  /**
-   * @brief Get the public key name from the full certificate name.
-   * @param certificateName The full certificate name.
-   * @return The related public key name.
-   */
-  static Name
-  certificateNameToPublicKeyName(const Name& certificateName);
-
-private:
-  static bool
-  isCorrectName(const Name& name);
-
-  void
-  setPublicKeyName();
-
-protected:
-  Name m_publicKeyName;
-};
-
-} // namespace ndn
-
-#endif // NDN_SECURITY_IDENTITY_CERTIFICATE_HPP
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/identity-certificate.hpp"
+#else
+#error "Deprecated. Use `v1/identity-certificate.hpp` instead."
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/identity.cpp b/src/security/identity.cpp
index 9b42ec5..176814c 100644
--- a/src/security/identity.cpp
+++ b/src/security/identity.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -58,7 +58,7 @@
 }
 
 Key
-Identity::addKey(const PublicKey& publicKey, const name::Component& keyId)
+Identity::addKey(const v1::PublicKey& publicKey, const name::Component& keyId)
 {
   validityCheck();
 
@@ -123,7 +123,7 @@
 }
 
 Key&
-Identity::setDefaultKey(const PublicKey& publicKey, const name::Component& keyId)
+Identity::setDefaultKey(const v1::PublicKey& publicKey, const name::Component& keyId)
 {
   const Key& keyEntry = addKey(publicKey, keyId);
   return setDefaultKey(keyEntry.getKeyId());
diff --git a/src/security/identity.hpp b/src/security/identity.hpp
index 0ac8201..1e4bd2c 100644
--- a/src/security/identity.hpp
+++ b/src/security/identity.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -116,7 +116,7 @@
    * @return the added key or existing key with the same key id.
    */
   Key
-  addKey(const PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
+  addKey(const v1::PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
 
   /**
    * @brief Remove a key.
@@ -147,7 +147,7 @@
    * @return the default key
    */
   Key&
-  setDefaultKey(const PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
+  setDefaultKey(const v1::PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
 
 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
   /**
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 8369cb1..827f9df 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -298,7 +298,7 @@
   try {
     keyName = m_pib->getDefaultKeyNameForIdentity(identityName);
 
-    shared_ptr<PublicKey> key = m_pib->getPublicKey(keyName);
+    shared_ptr<v1::PublicKey> key = m_pib->getPublicKey(keyName);
 
     if (key->getKeyType() != params.getKeyType()) {
       keyName = generateKeyPair(identityName, true, params);
@@ -315,7 +315,7 @@
     certName = m_pib->getDefaultCertificateNameForKey(keyName);
   }
   catch (const SecPublicInfo::Error& e) {
-    shared_ptr<IdentityCertificate> selfCert = selfSign(keyName);
+    shared_ptr<v1::IdentityCertificate> selfCert = selfSign(keyName);
     m_pib->addCertificateAsIdentityDefault(*selfCert);
     certName = selfCert->getName();
   }
@@ -362,15 +362,15 @@
 }
 
 
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
 KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
   const Name& signingIdentity,
   const time::system_clock::TimePoint& notBefore,
   const time::system_clock::TimePoint& notAfter,
-  const std::vector<CertificateSubjectDescription>& subjectDescription,
+  const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
   const Name& certPrefix)
 {
-  shared_ptr<PublicKey> publicKey;
+  shared_ptr<v1::PublicKey> publicKey;
   try {
     publicKey = m_pib->getPublicKey(keyName);
   }
@@ -383,13 +383,13 @@
                                             subjectDescription, certPrefix);
 }
 
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
 KeyChain::prepareUnsignedIdentityCertificate(const Name& keyName,
-  const PublicKey& publicKey,
+  const v1::PublicKey& publicKey,
   const Name& signingIdentity,
   const time::system_clock::TimePoint& notBefore,
   const time::system_clock::TimePoint& notAfter,
-  const std::vector<CertificateSubjectDescription>& subjectDescription,
+  const std::vector<v1::CertificateSubjectDescription>& subjectDescription,
   const Name& certPrefix)
 {
   if (keyName.size() < 1)
@@ -428,21 +428,19 @@
       return nullptr;
   }
 
-  auto certificate = make_shared<IdentityCertificate>();
+  auto certificate = make_shared<v1::IdentityCertificate>();
   certificate->setName(certName);
   certificate->setNotBefore(notBefore);
   certificate->setNotAfter(notAfter);
   certificate->setPublicKeyInfo(publicKey);
 
   if (subjectDescription.empty()) {
-    CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
+    v1::CertificateSubjectDescription subjectName(oid::ATTRIBUTE_NAME, keyName.getPrefix(-1).toUri());
     certificate->addSubjectDescription(subjectName);
   }
   else {
-    std::vector<CertificateSubjectDescription>::const_iterator sdIt =
-      subjectDescription.begin();
-    std::vector<CertificateSubjectDescription>::const_iterator sdEnd =
-      subjectDescription.end();
+    std::vector<v1::CertificateSubjectDescription>::const_iterator sdIt = subjectDescription.begin();
+    std::vector<v1::CertificateSubjectDescription>::const_iterator sdEnd = subjectDescription.end();
     for(; sdIt != sdEnd; sdIt++)
       certificate->addSubjectDescription(*sdIt);
   }
@@ -457,7 +455,7 @@
 {
   SignatureInfo sigInfo = params.getSignatureInfo();
 
-  shared_ptr<IdentityCertificate> signingCert;
+  shared_ptr<v1::IdentityCertificate> signingCert;
 
   switch (params.getSignerType()) {
     case SigningInfo::SIGNER_TYPE_NULL: {
@@ -539,7 +537,7 @@
 Signature
 KeyChain::sign(const uint8_t* buffer, size_t bufferLength, const Name& certificateName)
 {
-  shared_ptr<IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
+  shared_ptr<v1::IdentityCertificate> certificate = m_pib->getCertificate(certificateName);
 
   if (certificate == nullptr) {
     BOOST_THROW_EXCEPTION(SecPublicInfo::Error("certificate does not exist"));
@@ -555,10 +553,10 @@
   return sig;
 }
 
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
 KeyChain::selfSign(const Name& keyName)
 {
-  shared_ptr<PublicKey> pubKey;
+  shared_ptr<v1::PublicKey> pubKey;
   try {
     pubKey = m_pib->getPublicKey(keyName); // may throw an exception.
   }
@@ -566,7 +564,7 @@
     return nullptr;
   }
 
-  auto certificate = make_shared<IdentityCertificate>();
+  auto certificate = make_shared<v1::IdentityCertificate>();
 
   Name certificateName = keyName.getPrefix(-1);
   certificateName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
@@ -575,8 +573,8 @@
   certificate->setNotBefore(time::system_clock::now());
   certificate->setNotAfter(time::system_clock::now() + time::days(7300)); // ~20 years
   certificate->setPublicKeyInfo(*pubKey);
-  certificate->addSubjectDescription(CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
-                                                                   keyName.toUri()));
+  certificate->addSubjectDescription(v1::CertificateSubjectDescription(oid::ATTRIBUTE_NAME,
+                                                                       keyName.toUri()));
   certificate->encode();
 
   certificate->setSignature(Signature(SignatureInfo()));
@@ -586,7 +584,7 @@
 }
 
 void
-KeyChain::selfSign(IdentityCertificate& cert)
+KeyChain::selfSign(v1::IdentityCertificate& cert)
 {
   Name keyName = cert.getPublicKeyName();
 
@@ -617,7 +615,7 @@
     BOOST_THROW_EXCEPTION(SecPublicInfo::Error("Fail to export PKCS5 of private key"));
   }
 
-  shared_ptr<IdentityCertificate> cert;
+  shared_ptr<v1::IdentityCertificate> cert;
   try {
     cert = m_pib->getCertificate(m_pib->getDefaultCertificateNameForKey(keyName));
   }
@@ -634,7 +632,7 @@
 KeyChain::importIdentity(const SecuredBag& securedBag, const std::string& passwordStr)
 {
   Name certificateName = securedBag.getCertificate().getName();
-  Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+  Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
   Name identity = keyName.getPrefix(-1);
 
   // Add identity
@@ -646,7 +644,7 @@
                                       securedBag.getKey()->size(),
                                       passwordStr);
 
-  shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+  shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
   // HACK! We should set key type according to the pkcs8 info.
   m_pib->addKey(keyName, *pubKey);
   m_pib->setDefaultKeyNameForIdentity(keyName);
@@ -711,7 +709,7 @@
 
   m_tpm->generateKeyPairInTpm(keyName.toUri(), params);
 
-  shared_ptr<PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
+  shared_ptr<v1::PublicKey> pubKey = m_tpm->getPublicKeyFromTpm(keyName.toUri());
   m_pib->addKey(keyName, *pubKey);
 
   return keyName;
@@ -761,7 +759,7 @@
                    const Name& keyName, DigestAlgorithm digestAlgorithm) const
 {
   if (keyName == DIGEST_SHA256_IDENTITY)
-    return Block(tlv::SignatureValue, crypto::sha256(buf, size));
+    return Block(tlv::SignatureValue, crypto::computeSha256Digest(buf, size));
 
   return m_tpm->signInTpm(buf, size, keyName, digestAlgorithm);
 }
@@ -796,8 +794,8 @@
     .append(sig.getInfo());                                        // signatureInfo
 
   Block sigValue(tlv::SignatureValue,
-                 crypto::sha256(signedName.wireEncode().value(),
-                                signedName.wireEncode().value_size()));
+                 crypto::computeSha256Digest(signedName.wireEncode().value(),
+                                             signedName.wireEncode().value_size()));
 
   sigValue.encode();
   signedName.append(sigValue);                                     // signatureValue
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index d9963cd..796aa33 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -38,7 +38,6 @@
 #include "../util/random.hpp"
 #include <initializer_list>
 
-
 namespace ndn {
 namespace security {
 
@@ -210,22 +209,22 @@
    *
    * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
    * @param signingIdentity The signing identity.
-   * @param notBefore Refer to IdentityCertificate.
-   * @param notAfter Refer to IdentityCertificate.
-   * @param subjectDescription Refer to IdentityCertificate.
+   * @param notBefore Refer to v1::IdentityCertificate.
+   * @param notAfter Refer to v1::IdentityCertificate.
+   * @param subjectDescription Refer to v1::IdentityCertificate.
    * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
    *                   certificate name according to the relation between the signingIdentity and
    *                   the subject identity. If signingIdentity is a prefix of the subject identity,
    *                   `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
    *                   after subject identity (i.e., before `ksk-....`).
-   * @return IdentityCertificate.
+   * @return v1::IdentityCertificate.
    */
-  shared_ptr<IdentityCertificate>
+  shared_ptr<v1::IdentityCertificate>
   prepareUnsignedIdentityCertificate(const Name& keyName,
     const Name& signingIdentity,
     const time::system_clock::TimePoint& notBefore,
     const time::system_clock::TimePoint& notAfter,
-    const std::vector<CertificateSubjectDescription>& subjectDescription,
+    const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
     const Name& certPrefix = DEFAULT_PREFIX);
 
   /**
@@ -234,23 +233,23 @@
    * @param keyName Key name, e.g., `/<identity_name>/ksk-123456`.
    * @param publicKey Public key to sign.
    * @param signingIdentity The signing identity.
-   * @param notBefore Refer to IdentityCertificate.
-   * @param notAfter Refer to IdentityCertificate.
-   * @param subjectDescription Refer to IdentityCertificate.
+   * @param notBefore Refer to v1::IdentityCertificate.
+   * @param notAfter Refer to v1::IdentityCertificate.
+   * @param subjectDescription Refer to v1::IdentityCertificate.
    * @param certPrefix Prefix before `KEY` component. By default, KeyChain will infer the
    *                   certificate name according to the relation between the signingIdentity and
    *                   the subject identity. If signingIdentity is a prefix of the subject identity,
    *                   `KEY` will be inserted after the signingIdentity, otherwise `KEY` is inserted
    *                   after subject identity (i.e., before `ksk-....`).
-   * @return IdentityCertificate.
+   * @return v1::IdentityCertificate.
    */
-  shared_ptr<IdentityCertificate>
+  shared_ptr<v1::IdentityCertificate>
   prepareUnsignedIdentityCertificate(const Name& keyName,
-    const PublicKey& publicKey,
+    const v1::PublicKey& publicKey,
     const Name& signingIdentity,
     const time::system_clock::TimePoint& notBefore,
     const time::system_clock::TimePoint& notAfter,
-    const std::vector<CertificateSubjectDescription>& subjectDescription,
+    const std::vector<security::v1::CertificateSubjectDescription>& subjectDescription,
     const Name& certPrefix = DEFAULT_PREFIX);
 
   /**
@@ -373,9 +372,9 @@
    * @brief Generate a self-signed certificate for a public key.
    *
    * @param keyName The name of the public key
-   * @return The generated certificate, shared_ptr<IdentityCertificate>() if selfSign fails
+   * @return The generated certificate, shared_ptr<v1::IdentityCertificate>() if selfSign fails
    */
-  shared_ptr<IdentityCertificate>
+  shared_ptr<v1::IdentityCertificate>
   selfSign(const Name& keyName);
 
   /**
@@ -385,7 +384,7 @@
    * @throws SecTpm::Error if the private key does not exist.
    */
   void
-  selfSign(IdentityCertificate& cert);
+  selfSign(v1::IdentityCertificate& cert);
 
   /**
    * @brief delete a certificate.
@@ -480,18 +479,18 @@
   }
 
   void
-  addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKeyDer)
+  addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKeyDer)
   {
     return m_pib->addKey(keyName, publicKeyDer);
   }
 
   void
-  addKey(const Name& keyName, const PublicKey& publicKeyDer)
+  addKey(const Name& keyName, const v1::PublicKey& publicKeyDer)
   {
     return m_pib->addKey(keyName, publicKeyDer);
   }
 
-  shared_ptr<PublicKey>
+  shared_ptr<v1::PublicKey>
   getPublicKey(const Name& keyName) const
   {
     return m_pib->getPublicKey(keyName);
@@ -504,12 +503,12 @@
   }
 
   void
-  addCertificate(const IdentityCertificate& certificate)
+  addCertificate(const v1::IdentityCertificate& certificate)
   {
     return m_pib->addCertificate(certificate);
   }
 
-  shared_ptr<IdentityCertificate>
+  shared_ptr<v1::IdentityCertificate>
   getCertificate(const Name& certificateName) const
   {
     return m_pib->getCertificate(certificateName);
@@ -630,24 +629,24 @@
   }
 
   void
-  addCertificateAsKeyDefault(const IdentityCertificate& certificate)
+  addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate)
   {
     return m_pib->addCertificateAsKeyDefault(certificate);
   }
 
   void
-  addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
+  addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate)
   {
     return m_pib->addCertificateAsIdentityDefault(certificate);
   }
 
   void
-  addCertificateAsSystemDefault(const IdentityCertificate& certificate)
+  addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate)
   {
     return m_pib->addCertificateAsSystemDefault(certificate);
   }
 
-  shared_ptr<IdentityCertificate>
+  shared_ptr<v1::IdentityCertificate>
   getDefaultCertificate() const
   {
     if (!static_cast<bool>(m_pib->getDefaultCertificate()))
@@ -714,7 +713,7 @@
     return m_tpm->deleteKeyPairInTpm(keyName);
   }
 
-  shared_ptr<PublicKey>
+  shared_ptr<v1::PublicKey>
   getPublicKeyFromTpm(const Name& keyName) const
   {
     return m_tpm->getPublicKeyFromTpm(keyName);
diff --git a/src/security/key.cpp b/src/security/key.cpp
index 3d91cad..c59a39d 100644
--- a/src/security/key.cpp
+++ b/src/security/key.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -34,7 +34,7 @@
 }
 
 Key::Key(const Name& identityName, const name::Component& keyId,
-         const PublicKey& publicKey, shared_ptr<PibImpl> impl)
+         const v1::PublicKey& publicKey, shared_ptr<PibImpl> impl)
   : m_id(identityName)
   , m_keyId(keyId)
   , m_key(publicKey)
@@ -91,7 +91,7 @@
   return m_keyId;
 }
 
-const PublicKey&
+const v1::PublicKey&
 Key::getPublicKey() const
 {
   validityCheck();
@@ -100,7 +100,7 @@
 }
 
 void
-Key::addCertificate(const IdentityCertificate& certificate)
+Key::addCertificate(const v1::IdentityCertificate& certificate)
 {
   validityCheck();
 
@@ -126,7 +126,7 @@
   m_needRefreshCerts = true;
 }
 
-IdentityCertificate
+v1::IdentityCertificate
 Key::getCertificate(const Name& certName) const
 {
   validityCheck();
@@ -147,7 +147,7 @@
   return m_certificates;
 }
 
-const IdentityCertificate&
+const v1::IdentityCertificate&
 Key::setDefaultCertificate(const Name& certName)
 {
   validityCheck();
@@ -158,14 +158,14 @@
   return m_defaultCertificate;
 }
 
-const IdentityCertificate&
-Key::setDefaultCertificate(const IdentityCertificate& certificate)
+const v1::IdentityCertificate&
+Key::setDefaultCertificate(const v1::IdentityCertificate& certificate)
 {
   addCertificate(certificate);
   return setDefaultCertificate(certificate.getName());
 }
 
-const IdentityCertificate&
+const v1::IdentityCertificate&
 Key::getDefaultCertificate() const
 {
   validityCheck();
diff --git a/src/security/key.hpp b/src/security/key.hpp
index 31d7fe7..a237a38 100644
--- a/src/security/key.hpp
+++ b/src/security/key.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,7 +22,7 @@
 #ifndef NDN_SECURITY_KEY_HPP
 #define NDN_SECURITY_KEY_HPP
 
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
 #include "certificate-container.hpp"
 
 namespace ndn {
@@ -83,7 +83,7 @@
   getKeyId() const;
 
   /// @brief Get public key
-  const PublicKey&
+  const v1::PublicKey&
   getPublicKey() const;
 
   /**
@@ -92,7 +92,7 @@
    * @return the certificate
    * @throws Pib::Error if the certificate does not exist.
    */
-  IdentityCertificate
+  v1::IdentityCertificate
   getCertificate(const Name& certName) const;
 
   /// @brief Get all the certificates for this key.
@@ -104,7 +104,7 @@
    *
    * @throws Pib::Error if the default certificate does not exist.
    */
-  const IdentityCertificate&
+  const v1::IdentityCertificate&
   getDefaultCertificate() const;
 
   /// @brief Check if the Key instance is valid
@@ -122,7 +122,7 @@
    * @param certificate The certificate to add.
    */
   void
-  addCertificate(const IdentityCertificate& certificate);
+  addCertificate(const v1::IdentityCertificate& certificate);
 
   /**
    * @brief Remove a certificate.
@@ -139,7 +139,7 @@
    * @return the default certificate
    * @throws Pib::Error if the certificate does not exist.
    */
-  const IdentityCertificate&
+  const v1::IdentityCertificate&
   setDefaultCertificate(const Name& certName);
 
   /**
@@ -151,8 +151,8 @@
    * @param certificate The certificate to add.
    * @return the default certificate
    */
-  const IdentityCertificate&
-  setDefaultCertificate(const IdentityCertificate& certificate);
+  const v1::IdentityCertificate&
+  setDefaultCertificate(const v1::IdentityCertificate& certificate);
 
 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
   /**
@@ -166,7 +166,7 @@
    * @param impl The actual backend implementation.
    */
   Key(const Name& identityName, const name::Component& keyId,
-      const PublicKey& publicKey, shared_ptr<PibImpl> impl);
+      const v1::PublicKey& publicKey, shared_ptr<PibImpl> impl);
 
   /**
    * @brief Create an KeyEntry with @p identityName and @p keyId.
@@ -190,10 +190,10 @@
   Name m_id;
   name::Component m_keyId;
   Name m_keyName;
-  PublicKey m_key;
+  v1::PublicKey m_key;
 
   mutable bool m_hasDefaultCertificate;
-  mutable IdentityCertificate m_defaultCertificate;
+  mutable v1::IdentityCertificate m_defaultCertificate;
 
   mutable bool m_needRefreshCerts;
   mutable CertificateContainer m_certificates;
diff --git a/src/security/pib-impl.hpp b/src/security/pib-impl.hpp
index 90e7dfc..d2b2324 100644
--- a/src/security/pib-impl.hpp
+++ b/src/security/pib-impl.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,7 +23,7 @@
 #define NDN_SECURITY_PIB_IMPL_HPP
 
 #include <set>
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
 
 namespace ndn {
 namespace security {
@@ -161,7 +161,7 @@
    * @param publicKey The public key bits.
    */
   virtual void
-  addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey) = 0;
+  addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) = 0;
 
   /**
    * @brief Remove a key.
@@ -183,7 +183,7 @@
    * @return key bits
    * @throws Pib::Error if the key does not exist.
    */
-  virtual PublicKey
+  virtual v1::PublicKey
   getKeyBits(const Name& identity, const name::Component& keyId) const = 0;
 
   /**
@@ -238,7 +238,7 @@
    * @param certificate The certificate to add.
    */
   virtual void
-  addCertificate(const IdentityCertificate& certificate) = 0;
+  addCertificate(const v1::IdentityCertificate& certificate) = 0;
 
   /**
    * @brief Remove a certificate with name @p certName.
@@ -257,7 +257,7 @@
    * @return the certificate.
    * @throws Pib::Error if the certificate does not exist.
    */
-  virtual IdentityCertificate
+  virtual v1::IdentityCertificate
   getCertificate(const Name& certName) const = 0;
 
   /**
@@ -293,7 +293,7 @@
    * @return a pointer to the certificate, null if no default certificate for the key.
    * @throws Pib::Error if the default certificate does not exist.
    */
-  virtual IdentityCertificate
+  virtual v1::IdentityCertificate
   getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const = 0;
 
 };
diff --git a/src/security/pib-memory.cpp b/src/security/pib-memory.cpp
index 09300f1..c472863 100644
--- a/src/security/pib-memory.cpp
+++ b/src/security/pib-memory.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -102,7 +102,7 @@
 }
 
 void
-PibMemory::addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey)
+PibMemory::addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey)
 {
   this->addIdentity(identity);
 
@@ -127,7 +127,7 @@
   }
 }
 
-PublicKey
+v1::PublicKey
 PibMemory::getKeyBits(const Name& identity, const name::Component& keyId) const
 {
   if (!hasKey(identity, keyId))
@@ -184,7 +184,7 @@
 }
 
 void
-PibMemory::addCertificate(const IdentityCertificate& certificate)
+PibMemory::addCertificate(const v1::IdentityCertificate& certificate)
 {
   this->addKey(certificate.getPublicKeyName().getPrefix(-1),
                certificate.getPublicKeyName().get(-1),
@@ -201,10 +201,10 @@
 PibMemory::removeCertificate(const Name& certName)
 {
   m_certs.erase(certName);
-  m_defaultCert.erase(IdentityCertificate::certificateNameToPublicKeyName(certName));
+  m_defaultCert.erase(v1::IdentityCertificate::certificateNameToPublicKeyName(certName));
 }
 
-IdentityCertificate
+v1::IdentityCertificate
 PibMemory::getCertificate(const Name& certName) const
 {
   if (!hasCertificate(certName))
@@ -237,7 +237,7 @@
   m_defaultCert[keyName] = certName;
 }
 
-IdentityCertificate
+v1::IdentityCertificate
 PibMemory::getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const
 {
   Name keyName = getKeyName(identity, keyId);
diff --git a/src/security/pib-memory.hpp b/src/security/pib-memory.hpp
index 377d52d..1a859ce 100644
--- a/src/security/pib-memory.hpp
+++ b/src/security/pib-memory.hpp
@@ -83,12 +83,12 @@
   hasKey(const Name& identity, const name::Component& keyId) const override;
 
   virtual void
-  addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey) override;
+  addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) override;
 
   virtual void
   removeKey(const Name& identity, const name::Component& keyId) override;
 
-  virtual PublicKey
+  virtual v1::PublicKey
   getKeyBits(const Name& identity, const name::Component& keyId) const override;
 
   virtual std::set<name::Component>
@@ -106,12 +106,12 @@
   hasCertificate(const Name& certName) const override;
 
   virtual void
-  addCertificate(const IdentityCertificate& certificate) override;
+  addCertificate(const v1::IdentityCertificate& certificate) override;
 
   virtual void
   removeCertificate(const Name& certName) override;
 
-  virtual IdentityCertificate
+  virtual v1::IdentityCertificate
   getCertificate(const Name& certName) const override;
 
   virtual std::set<Name>
@@ -120,7 +120,7 @@
   virtual void
   setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId, const Name& certName) override;
 
-  virtual IdentityCertificate
+  virtual v1::IdentityCertificate
   getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const override;
 
 private: // Key management
@@ -135,13 +135,13 @@
   Name m_defaultIdentity;
 
   /// @brief keyName => keyBits
-  std::map<Name, PublicKey> m_keys;
+  std::map<Name, v1::PublicKey> m_keys;
 
   /// @brief identity => default key Name
   std::map<Name, Name> m_defaultKey;
 
   /// @brief certificate Name => certificate
-  std::map<Name, IdentityCertificate> m_certs;
+  std::map<Name, v1::IdentityCertificate> m_certs;
 
   /// @brief keyName => default certificate Name
   std::map<Name, Name> m_defaultCert;
diff --git a/src/security/pib-sqlite3.cpp b/src/security/pib-sqlite3.cpp
index cbded5b..dc21610 100644
--- a/src/security/pib-sqlite3.cpp
+++ b/src/security/pib-sqlite3.cpp
@@ -360,7 +360,7 @@
 }
 
 void
-PibSqlite3::addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey)
+PibSqlite3::addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey)
 {
   if (hasKey(identity, keyId)) {
     return;
@@ -392,7 +392,7 @@
   statement.step();
 }
 
-PublicKey
+v1::PublicKey
 PibSqlite3::getKeyBits(const Name& identity, const name::Component& keyId) const
 {
   Name keyName = getKeyName(identity, keyId);
@@ -401,7 +401,7 @@
   statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
 
   if (statement.step() == SQLITE_ROW)
-    return PublicKey(statement.getBlob(0), statement.getSize(0));
+    return v1::PublicKey(statement.getBlob(0), statement.getSize(0));
   else
     BOOST_THROW_EXCEPTION(Pib::Error("Key does not exist"));
 }
@@ -469,7 +469,7 @@
 }
 
 void
-PibSqlite3::addCertificate(const IdentityCertificate& certificate)
+PibSqlite3::addCertificate(const v1::IdentityCertificate& certificate)
 {
   const Name& certName = certificate.getName();
   const Name& keyName = certificate.getPublicKeyName();
@@ -498,7 +498,7 @@
   statement.step();
 }
 
-IdentityCertificate
+v1::IdentityCertificate
 PibSqlite3::getCertificate(const Name& certName) const
 {
   Sqlite3Statement statement(m_database,
@@ -506,7 +506,7 @@
   statement.bind(1, certName.wireEncode(), SQLITE_TRANSIENT);
 
   if (statement.step() == SQLITE_ROW)
-    return IdentityCertificate(statement.getBlock(0));
+    return v1::IdentityCertificate(statement.getBlock(0));
   else
     BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exit"));
 }
@@ -544,7 +544,7 @@
   statement.step();
 }
 
-IdentityCertificate
+v1::IdentityCertificate
 PibSqlite3::getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const
 {
   Name keyName = getKeyName(identity, keyId);
@@ -556,7 +556,7 @@
   statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
 
   if (statement.step() == SQLITE_ROW)
-    return IdentityCertificate(statement.getBlock(0));
+    return v1::IdentityCertificate(statement.getBlock(0));
   else
     BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exit"));
 }
diff --git a/src/security/pib-sqlite3.hpp b/src/security/pib-sqlite3.hpp
index 7e867cd..f8665c5 100644
--- a/src/security/pib-sqlite3.hpp
+++ b/src/security/pib-sqlite3.hpp
@@ -92,12 +92,12 @@
   hasKey(const Name& identity, const name::Component& keyId) const final;
 
   virtual void
-  addKey(const Name& identity, const name::Component& keyId, const PublicKey& publicKey) final;
+  addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) final;
 
   virtual void
   removeKey(const Name& identity, const name::Component& keyId) final;
 
-  virtual PublicKey
+  virtual v1::PublicKey
   getKeyBits(const Name& identity, const name::Component& keyId) const final;
 
   virtual std::set<name::Component>
@@ -115,12 +115,12 @@
   hasCertificate(const Name& certName) const final;
 
   virtual void
-  addCertificate(const IdentityCertificate& certificate) final;
+  addCertificate(const v1::IdentityCertificate& certificate) final;
 
   virtual void
   removeCertificate(const Name& certName) final;
 
-  virtual IdentityCertificate
+  virtual v1::IdentityCertificate
   getCertificate(const Name& certName) const final;
 
   virtual std::set<Name>
@@ -130,7 +130,7 @@
   setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId,
                              const Name& certName) final;
 
-  virtual IdentityCertificate
+  virtual v1::IdentityCertificate
   getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const final;
 
 private:
diff --git a/src/security/public-key.hpp b/src/security/public-key.hpp
index 3f90783..8e1a09b 100644
--- a/src/security/public-key.hpp
+++ b/src/security/public-key.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -17,107 +17,17 @@
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- *
- * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
- * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
- * @author Jeff Thompson <jefft0@remap.ucla.edu>
  */
 
-#ifndef NDN_SECURITY_PUBLIC_KEY_HPP
-#define NDN_SECURITY_PUBLIC_KEY_HPP
+/**
+ * @file security/public-key.hpp
+ * @deprecated Use security/v1/public-key.hpp
+ */
 
-#include "../common.hpp"
-
-#include "../encoding/buffer.hpp"
-#include "../encoding/block.hpp"
 #include "security-common.hpp"
 
-namespace CryptoPP {
-class BufferedTransformation;
-}
-
-namespace ndn {
-
-class PublicKey
-{
-public:
-  class Error : public std::runtime_error
-  {
-  public:
-    explicit
-    Error(const std::string& what)
-      : std::runtime_error(what)
-    {
-    }
-  };
-
-  /**
-   * The default constructor.
-   */
-  PublicKey();
-
-  /**
-   * @brief Create a new PublicKey from @p keyDerBuf in DER buffer
-   *
-   * @param keyDerBuf The pointer to the first byte of buffer containing DER of public key
-   * @param keyDerSize Size of the buffer
-   *
-   * @throws PublicKey::Error If DER in buffer cannot be decoded
-   */
-  PublicKey(const uint8_t* keyDerBuf, size_t keyDerSize);
-
-  const Buffer&
-  get() const
-  {
-    return m_key;
-  }
-
-  void
-  set(const uint8_t* keyDerBuf, size_t keyDerSize)
-  {
-    Buffer buf(keyDerBuf, keyDerSize);
-    m_key.swap(buf);
-  }
-
-  KeyType
-  getKeyType() const
-  {
-    return m_type;
-  }
-
-  /**
-   * @return a KeyDigest block that matches this public key
-   */
-  const Block&
-  computeDigest() const;
-
-  void
-  encode(CryptoPP::BufferedTransformation& out) const;
-
-  void
-  decode(CryptoPP::BufferedTransformation& in);
-
-  bool
-  operator==(const PublicKey& key) const
-  {
-    return m_key == key.m_key;
-  }
-
-  bool
-  operator!=(const PublicKey& key) const
-  {
-    return m_key != key.m_key;
-  }
-
-private:
-  KeyType m_type;
-  Buffer m_key;
-  mutable Block m_digest;
-};
-
-std::ostream&
-operator<<(std::ostream& os, const PublicKey& key);
-
-} // namespace ndn
-
-#endif //NDN_SECURITY_PUBLIC_KEY_HPP
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+#include "v1/public-key.hpp"
+#else
+#error "Deprecated. Use `v1/public-key.hpp` instead."
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
diff --git a/src/security/sec-public-info-sqlite3.cpp b/src/security/sec-public-info-sqlite3.cpp
index 1be311f..b392ba1 100644
--- a/src/security/sec-public-info-sqlite3.cpp
+++ b/src/security/sec-public-info-sqlite3.cpp
@@ -23,7 +23,7 @@
  */
 
 #include "sec-public-info-sqlite3.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
 #include "signature-sha256-with-rsa.hpp"
 #include "signature-sha256-with-ecdsa.hpp"
 #include "../data.hpp"
@@ -36,6 +36,7 @@
 #include <boost/filesystem.hpp>
 
 namespace ndn {
+namespace security {
 
 using std::string;
 using std::vector;
@@ -363,7 +364,7 @@
 
 void
 SecPublicInfoSqlite3::addKey(const Name& keyName,
-                             const PublicKey& publicKeyDer)
+                             const v1::PublicKey& publicKeyDer)
 {
   if (keyName.empty())
     return;
@@ -396,7 +397,7 @@
   sqlite3_finalize(statement);
 }
 
-shared_ptr<PublicKey>
+shared_ptr<v1::PublicKey>
 SecPublicInfoSqlite3::getPublicKey(const Name& keyName)
 {
   if (keyName.empty())
@@ -415,10 +416,10 @@
 
   int res = sqlite3_step(statement);
 
-  shared_ptr<PublicKey> result;
+  shared_ptr<v1::PublicKey> result;
   if (res == SQLITE_ROW) {
-    result = make_shared<PublicKey>(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
-                                    sqlite3_column_bytes(statement, 0));
+    result = make_shared<v1::PublicKey>(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
+                                        sqlite3_column_bytes(statement, 0));
     sqlite3_finalize(statement);
     return result;
   }
@@ -483,12 +484,12 @@
 }
 
 void
-SecPublicInfoSqlite3::addCertificate(const IdentityCertificate& certificate)
+SecPublicInfoSqlite3::addCertificate(const v1::IdentityCertificate& certificate)
 {
   const Name& certificateName = certificate.getName();
-  // KeyName is from IdentityCertificate name, so should be qualified.
+  // KeyName is from v1::IdentityCertificate name, so should be qualified.
   Name keyName =
-    IdentityCertificate::certificateNameToPublicKeyName(certificate.getName());
+    v1::IdentityCertificate::certificateNameToPublicKeyName(certificate.getName());
 
   addKey(keyName, certificate.getPublicKeyInfo());
 
@@ -537,7 +538,7 @@
   sqlite3_finalize(statement);
 }
 
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
 SecPublicInfoSqlite3::getCertificate(const Name& certificateName)
 {
   sqlite3_stmt* statement = nullptr;
@@ -551,7 +552,7 @@
   int res = sqlite3_step(statement);
 
   if (res == SQLITE_ROW) {
-    shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
+    shared_ptr<v1::IdentityCertificate> certificate = make_shared<v1::IdentityCertificate>();
     try {
       certificate->wireDecode(Block(static_cast<const uint8_t*>(sqlite3_column_blob(statement, 0)),
                                     sqlite3_column_bytes(statement, 0)));
@@ -723,7 +724,7 @@
   if (!doesCertificateExist(certificateName))
     BOOST_THROW_EXCEPTION(Error("certificate does not exist:" + certificateName.toUri()));
 
-  Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certificateName);
+  Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certificateName);
   string keyId = keyName.get(-1).toUri();
   Name identityName = keyName.getPrefix(-1);
 
@@ -951,4 +952,5 @@
   return SCHEME;
 }
 
+} // namespace security
 } // namespace ndn
diff --git a/src/security/sec-public-info-sqlite3.hpp b/src/security/sec-public-info-sqlite3.hpp
index 697ff12..fbe7d7e 100644
--- a/src/security/sec-public-info-sqlite3.hpp
+++ b/src/security/sec-public-info-sqlite3.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -31,6 +31,7 @@
 struct sqlite3;
 
 namespace ndn {
+namespace security {
 
 class SecPublicInfoSqlite3 : public SecPublicInfo
 {
@@ -77,9 +78,9 @@
   doesPublicKeyExist(const Name& keyName);
 
   virtual void
-  addKey(const Name& keyName, const PublicKey& publicKeyDer);
+  addKey(const Name& keyName, const v1::PublicKey& publicKeyDer);
 
-  virtual shared_ptr<PublicKey>
+  virtual shared_ptr<v1::PublicKey>
   getPublicKey(const Name& keyName);
 
   virtual KeyType
@@ -89,9 +90,9 @@
   doesCertificateExist(const Name& certificateName);
 
   virtual void
-  addCertificate(const IdentityCertificate& certificate);
+  addCertificate(const v1::IdentityCertificate& certificate);
 
-  virtual shared_ptr<IdentityCertificate>
+  virtual shared_ptr<v1::IdentityCertificate>
   getCertificate(const Name& certificateName);
 
 
@@ -162,6 +163,10 @@
   sqlite3* m_database;
 };
 
+} // namespace security
+
+using security::SecPublicInfoSqlite3;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_SEC_PUBLIC_INFO_SQLITE3_HPP
diff --git a/src/security/sec-public-info.cpp b/src/security/sec-public-info.cpp
index 2226f51..7002d36 100644
--- a/src/security/sec-public-info.cpp
+++ b/src/security/sec-public-info.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,6 +22,7 @@
 #include "sec-public-info.hpp"
 
 namespace ndn {
+namespace security {
 
 SecPublicInfo::SecPublicInfo(const std::string& location)
   : m_location(location)
@@ -39,7 +40,7 @@
 }
 
 void
-SecPublicInfo::addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey)
+SecPublicInfo::addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKey)
 {
   addKey(keyName, publicKey);
 }
@@ -104,7 +105,7 @@
 }
 
 void
-SecPublicInfo::addCertificateAsKeyDefault(const IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate)
 {
   addCertificate(certificate);
   setDefaultCertificateNameForKeyInternal(certificate.getName());
@@ -112,35 +113,35 @@
 }
 
 void
-SecPublicInfo::addCertificateAsIdentityDefault(const IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate)
 {
   addCertificate(certificate);
   Name certName = certificate.getName();
-  Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
+  Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certName);
   setDefaultKeyNameForIdentityInternal(keyName);
   setDefaultCertificateNameForKeyInternal(certName);
   refreshDefaultCertificate();
 }
 
 void
-SecPublicInfo::addCertificateAsSystemDefault(const IdentityCertificate& certificate)
+SecPublicInfo::addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate)
 {
   addCertificate(certificate);
   Name certName = certificate.getName();
-  Name keyName = IdentityCertificate::certificateNameToPublicKeyName(certName);
+  Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(certName);
   setDefaultIdentityInternal(keyName.getPrefix(-1));
   setDefaultKeyNameForIdentityInternal(keyName);
   setDefaultCertificateNameForKeyInternal(certName);
   refreshDefaultCertificate();
 }
 
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
 SecPublicInfo::defaultCertificate()
 {
   return getDefaultCertificate();
 }
 
-shared_ptr<IdentityCertificate>
+shared_ptr<v1::IdentityCertificate>
 SecPublicInfo::getDefaultCertificate()
 {
   return m_defaultCertificate;
@@ -158,4 +159,5 @@
   }
 }
 
+} // namespace security
 } // namespace ndn
diff --git a/src/security/sec-public-info.hpp b/src/security/sec-public-info.hpp
index c4b7175..9f24538 100644
--- a/src/security/sec-public-info.hpp
+++ b/src/security/sec-public-info.hpp
@@ -24,11 +24,11 @@
 
 #include "../name.hpp"
 #include "security-common.hpp"
-#include "public-key.hpp"
-#include "identity-certificate.hpp"
-
+#include "v1/public-key.hpp"
+#include "v1/identity-certificate.hpp"
 
 namespace ndn {
+namespace security {
 
 /**
  * @brief SecPublicInfo is a base class for the storage of public information.
@@ -132,7 +132,7 @@
    */
   DEPRECATED(
   void
-  addPublicKey(const Name& keyName, KeyType keyType, const PublicKey& publicKey));
+  addPublicKey(const Name& keyName, KeyType keyType, const v1::PublicKey& publicKey));
 
   /**
    * @brief Add a public key to the identity storage.
@@ -141,7 +141,7 @@
    * @param publicKey Reference to the PublicKey object
    */
   virtual void
-  addKey(const Name& keyName, const PublicKey& publicKey) = 0;
+  addKey(const Name& keyName, const v1::PublicKey& publicKey) = 0;
 
   /**
    * @brief Get shared pointer to PublicKey object from the identity storage
@@ -149,7 +149,7 @@
    * @param keyName The name of the requested public key
    * @throws SecPublicInfo::Error if public key does not exist
    */
-  virtual shared_ptr<PublicKey>
+  virtual shared_ptr<v1::PublicKey>
   getPublicKey(const Name& keyName) = 0;
 
   /**
@@ -180,7 +180,7 @@
    * @param certificate The certificate to be added
    */
   virtual void
-  addCertificate(const IdentityCertificate& certificate) = 0;
+  addCertificate(const v1::IdentityCertificate& certificate) = 0;
 
   /**
    * @brief Get a shared pointer to identity certificate object from the identity storage
@@ -188,7 +188,7 @@
    * @param certificateName The name of the requested certificate
    * @throws SecPublicInfo::Error if the certificate does not exist
    */
-  virtual shared_ptr<IdentityCertificate>
+  virtual shared_ptr<v1::IdentityCertificate>
   getCertificate(const Name& certificateName) = 0;
 
 
@@ -404,7 +404,7 @@
    * @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
    */
   void
-  addCertificateAsKeyDefault(const IdentityCertificate& certificate);
+  addCertificateAsKeyDefault(const v1::IdentityCertificate& certificate);
 
   /**
    * @brief Add a certificate into the public key identity storage and set the certificate as the
@@ -414,7 +414,7 @@
    * @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
    */
   void
-  addCertificateAsIdentityDefault(const IdentityCertificate& certificate);
+  addCertificateAsIdentityDefault(const v1::IdentityCertificate& certificate);
 
   /**
    * @brief Add a certificate into the public key identity storage and set the certificate as the
@@ -424,24 +424,24 @@
    * @throws SecPublicInfo::Error if the certificate cannot be added (though it is really rare)
    */
   void
-  addCertificateAsSystemDefault(const IdentityCertificate& certificate);
+  addCertificateAsSystemDefault(const v1::IdentityCertificate& certificate);
 
   /**
    * @brief Get cached default certificate of the default identity
    *
-   * @return The certificate which might be empty shared_ptr<IdentityCertificate>()
+   * @return The certificate which might be empty shared_ptr<v1::IdentityCertificate>()
    * @deprecated Use getDefaultCertificate instead
    */
   DEPRECATED(
-  shared_ptr<IdentityCertificate>
+  shared_ptr<v1::IdentityCertificate>
   defaultCertificate());
 
   /**
    * @brief Get cached default certificate of the default identity
    *
-   * @return The certificate which might be empty shared_ptr<IdentityCertificate>()
+   * @return The certificate which might be empty shared_ptr<v1::IdentityCertificate>()
    */
-  shared_ptr<IdentityCertificate>
+  shared_ptr<v1::IdentityCertificate>
   getDefaultCertificate();
 
   /**
@@ -451,10 +451,14 @@
   refreshDefaultCertificate();
 
 protected:
-  shared_ptr<IdentityCertificate> m_defaultCertificate;
+  shared_ptr<v1::IdentityCertificate> m_defaultCertificate;
   std::string m_location;
 };
 
+} // namespace security
+
+using security::SecPublicInfo;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_SEC_PUBLIC_INFO_HPP
diff --git a/src/security/sec-tpm-file.cpp b/src/security/sec-tpm-file.cpp
index adb5938..931d8fd 100644
--- a/src/security/sec-tpm-file.cpp
+++ b/src/security/sec-tpm-file.cpp
@@ -30,7 +30,7 @@
 #include <boost/filesystem.hpp>
 #include <boost/algorithm/string.hpp>
 
-#include "cryptopp.hpp"
+#include "v1/cryptopp.hpp"
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -38,6 +38,7 @@
 #include <algorithm>
 
 namespace ndn {
+namespace security {
 
 using std::string;
 using std::ostringstream;
@@ -231,7 +232,7 @@
     boost::filesystem::remove(privateKeyPath);
 }
 
-shared_ptr<PublicKey>
+shared_ptr<v1::PublicKey>
 SecTpmFile::getPublicKeyFromTpm(const Name&  keyName)
 {
   string keyURI = keyName.toUri();
@@ -250,7 +251,7 @@
     BOOST_THROW_EXCEPTION(Error(e.what()));
   }
 
-  return make_shared<PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
+  return make_shared<v1::PublicKey>(reinterpret_cast<const uint8_t*>(os.str().c_str()),
                                 os.str().size());
 }
 
@@ -320,7 +321,7 @@
     AutoSeededRandomPool rng;
 
     // Read public key
-    shared_ptr<PublicKey> pubkeyPtr;
+    shared_ptr<v1::PublicKey> pubkeyPtr;
     pubkeyPtr = getPublicKeyFromTpm(keyName);
 
     switch (pubkeyPtr->getKeyType()) {
@@ -586,4 +587,5 @@
   }
 }
 
+} // namespace security
 } // namespace ndn
diff --git a/src/security/sec-tpm-file.hpp b/src/security/sec-tpm-file.hpp
index e934fd7..ed25d2d 100644
--- a/src/security/sec-tpm-file.hpp
+++ b/src/security/sec-tpm-file.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -31,6 +31,7 @@
 #include "sec-tpm.hpp"
 
 namespace ndn {
+namespace security {
 
 class SecTpmFile : public SecTpm
 {
@@ -91,7 +92,7 @@
   virtual void
   deleteKeyPairInTpm(const Name& keyName);
 
-  virtual shared_ptr<PublicKey>
+  virtual shared_ptr<v1::PublicKey>
   getPublicKeyFromTpm(const Name&  keyName);
 
   virtual Block
@@ -143,6 +144,10 @@
   bool m_inTerminal;
 };
 
+} // namespace security
+
+using security::SecTpmFile;
+
 } // namespace ndn
 
 #endif  // NDN_SECURITY_SEC_TPM_FILE_HPP
diff --git a/src/security/sec-tpm-osx.cpp b/src/security/sec-tpm-osx.cpp
index 92c6add..671a6f1 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/sec-tpm-osx.cpp
@@ -22,11 +22,11 @@
  */
 
 #include "sec-tpm-osx.hpp"
-#include "public-key.hpp"
+#include "v1/public-key.hpp"
 
 #include "../encoding/oid.hpp"
 #include "../encoding/buffer-stream.hpp"
-#include "cryptopp.hpp"
+#include "v1/cryptopp.hpp"
 
 #include <pwd.h>
 #include <unistd.h>
@@ -43,6 +43,7 @@
 #include <Security/SecDigestTransform.h>
 
 namespace ndn {
+namespace security {
 
 using std::string;
 
@@ -498,7 +499,7 @@
   //   throw Error("Fail to create a symmetric key");
 }
 
-shared_ptr<PublicKey>
+shared_ptr<v1::PublicKey>
 SecTpmOsx::getPublicKeyFromTpm(const Name& keyName)
 {
   CFReleaser<SecKeychainItemRef> publicKey = m_impl->getKey(keyName, KeyClass::PUBLIC);
@@ -517,8 +518,8 @@
     BOOST_THROW_EXCEPTION(Error("Cannot export requested public key from OSX Keychain"));
   }
 
-  shared_ptr<PublicKey> key = make_shared<PublicKey>(CFDataGetBytePtr(exportedKey.get()),
-                                                     CFDataGetLength(exportedKey.get()));
+  shared_ptr<v1::PublicKey> key = make_shared<v1::PublicKey>(CFDataGetBytePtr(exportedKey.get()),
+                                                             CFDataGetLength(exportedKey.get()));
   return key;
 }
 
@@ -540,7 +541,7 @@
                                 "in OSX Keychain"));
   }
 
-  shared_ptr<PublicKey> publicKey = getPublicKeyFromTpm(keyName);
+  shared_ptr<v1::PublicKey> publicKey = getPublicKeyFromTpm(keyName);
 
   CFReleaser<CFDataRef> exportedKey;
   OSStatus res = SecItemExport(privateKey.get(),
@@ -561,9 +562,9 @@
   }
 
   uint32_t version = 0;
-  OID algorithm;
+  Oid algorithm;
   bool hasParameters = false;
-  OID algorithmParameter;
+  Oid algorithmParameter;
   switch (publicKey->getKeyType()) {
     case KeyType::RSA: {
       algorithm = oid::RSA; // "RSA encryption"
@@ -646,14 +647,14 @@
     BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER);
     BERSequenceDecoder sequenceDecoder(privateKeyInfo);
     {
-      OID keyTypeOID;
-      keyTypeOID.decode(sequenceDecoder);
+      Oid keyTypeOid;
+      keyTypeOid.decode(sequenceDecoder);
 
-      if (keyTypeOID == oid::RSA)
+      if (keyTypeOid == oid::RSA)
         BERDecodeNull(sequenceDecoder);
-      else if (keyTypeOID == oid::ECDSA) {
-        OID parameterOID;
-        parameterOID.decode(sequenceDecoder);
+      else if (keyTypeOid == oid::ECDSA) {
+        Oid parameterOid;
+        parameterOid.decode(sequenceDecoder);
       }
       else
         return false; // Unsupported key type;
@@ -1138,4 +1139,5 @@
   }
 }
 
+} // namespace security
 } // namespace ndn
diff --git a/src/security/sec-tpm-osx.hpp b/src/security/sec-tpm-osx.hpp
index 5ed93d5..1713f06 100644
--- a/src/security/sec-tpm-osx.hpp
+++ b/src/security/sec-tpm-osx.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -33,6 +33,7 @@
 #include "sec-tpm.hpp"
 
 namespace ndn {
+namespace security {
 
 class SecTpmOsx : public SecTpm
 {
@@ -84,7 +85,7 @@
     deleteKeyPairInTpmInternal(keyName, false);
   }
 
-  virtual shared_ptr<PublicKey>
+  virtual shared_ptr<v1::PublicKey>
   getPublicKeyFromTpm(const Name& keyName);
 
   virtual Block
@@ -160,6 +161,10 @@
   shared_ptr<Impl> m_impl;
 };
 
+} // namespace security
+
+using security::SecTpmOsx;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_SEC_TPM_OSX_HPP
diff --git a/src/security/sec-tpm.cpp b/src/security/sec-tpm.cpp
index 14e71fa..2ce3d66 100644
--- a/src/security/sec-tpm.cpp
+++ b/src/security/sec-tpm.cpp
@@ -25,14 +25,13 @@
 
 #include "../encoding/oid.hpp"
 #include "../encoding/buffer-stream.hpp"
-#include "cryptopp.hpp"
+#include "v1/cryptopp.hpp"
 #include <unistd.h>
 
 namespace ndn {
+namespace security {
 
-using std::string;
-
-SecTpm::SecTpm(const string& location)
+SecTpm::SecTpm(const std::string& location)
   : m_location(location)
 {
 }
@@ -48,7 +47,7 @@
 }
 
 ConstBufferPtr
-SecTpm::exportPrivateKeyPkcs5FromTpm(const Name& keyName, const string& passwordStr)
+SecTpm::exportPrivateKeyPkcs5FromTpm(const Name& keyName, const std::string& passwordStr)
 {
   using namespace CryptoPP;
 
@@ -94,9 +93,9 @@
   }
 
   // encode
-  OID pbes2Id("1.2.840.113549.1.5.13");
-  OID pbkdf2Id("1.2.840.113549.1.5.12");
-  OID pbes2encsId("1.2.840.113549.3.7");
+  Oid pbes2Id("1.2.840.113549.1.5.13");
+  Oid pbkdf2Id("1.2.840.113549.1.5.12");
+  Oid pbes2encsId("1.2.840.113549.3.7");
 
   OBufferStream pkcs8Os;
   try {
@@ -167,15 +166,15 @@
 bool
 SecTpm::importPrivateKeyPkcs5IntoTpm(const Name& keyName,
                                      const uint8_t* buf, size_t size,
-                                     const string& passwordStr)
+                                     const std::string& passwordStr)
 {
   using namespace CryptoPP;
 
-  OID pbes2Id;
-  OID pbkdf2Id;
+  Oid pbes2Id;
+  Oid pbkdf2Id;
   SecByteBlock saltBlock;
   uint32_t iterationCount;
-  OID pbes2encsId;
+  Oid pbes2encsId;
   SecByteBlock ivBlock;
   SecByteBlock encryptedDataBlock;
 
@@ -290,11 +289,11 @@
     BERDecodeUnsigned<uint32_t>(privateKeyInfo, versionNum, INTEGER);
     BERSequenceDecoder sequenceDecoder(privateKeyInfo);
     {
-      OID keyTypeOID;
-      keyTypeOID.decode(sequenceDecoder);
-      if (keyTypeOID == oid::RSA)
+      Oid keyTypeOid;
+      keyTypeOid.decode(sequenceDecoder);
+      if (keyTypeOid == oid::RSA)
         publicKeyType = KeyType::RSA;
-      else if (keyTypeOID == oid::ECDSA)
+      else if (keyTypeOid == oid::ECDSA)
         publicKeyType = KeyType::EC;
       else
         return false; // Unsupported key type;
@@ -382,5 +381,5 @@
   return isInitialized;
 }
 
-
+} // namespace security
 } // namespace ndn
diff --git a/src/security/sec-tpm.hpp b/src/security/sec-tpm.hpp
index 1ade1d6..3da278e 100644
--- a/src/security/sec-tpm.hpp
+++ b/src/security/sec-tpm.hpp
@@ -28,10 +28,11 @@
 #include "security-common.hpp"
 #include "../name.hpp"
 #include "../data.hpp"
-#include "public-key.hpp"
 #include "key-params.hpp"
+#include "v1/public-key.hpp"
 
 namespace ndn {
+namespace security {
 
 /**
  * @brief SecTpm is the base class of the TPM classes.
@@ -136,7 +137,7 @@
    * @return The public key.
    * @throws SecTpm::Error if public key does not exist in TPM.
    */
-  virtual shared_ptr<PublicKey>
+  virtual shared_ptr<v1::PublicKey>
   getPublicKeyFromTpm(const Name& keyName) = 0;
 
   /**
@@ -300,6 +301,10 @@
   std::string m_location;
 };
 
+} // namespace security
+
+using security::SecTpm;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_SEC_TPM_HPP
diff --git a/src/security/secured-bag.cpp b/src/security/secured-bag.cpp
index 1780c3a..66fad02 100644
--- a/src/security/secured-bag.cpp
+++ b/src/security/secured-bag.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -41,7 +41,7 @@
   this->wireDecode(wire);
 }
 
-SecuredBag::SecuredBag(const IdentityCertificate& cert, ConstBufferPtr key)
+SecuredBag::SecuredBag(const v1::IdentityCertificate& cert, ConstBufferPtr key)
   : m_cert(cert)
   , m_key(key)
   , m_wire(tlv::security::IdentityPackage)
diff --git a/src/security/secured-bag.hpp b/src/security/secured-bag.hpp
index 3393e8a..5dd27fc 100644
--- a/src/security/secured-bag.hpp
+++ b/src/security/secured-bag.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,9 +23,10 @@
 #define NDN_SECURITY_SECURED_BAG_HPP
 
 #include "../common.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
 
 namespace ndn {
+namespace security {
 
 class SecuredBag
 {
@@ -45,7 +46,7 @@
   explicit
   SecuredBag(const Block& wire);
 
-  SecuredBag(const IdentityCertificate& cert,
+  SecuredBag(const v1::IdentityCertificate& cert,
              ConstBufferPtr key);
 
   virtual
@@ -57,7 +58,7 @@
   const Block&
   wireEncode() const;
 
-  const IdentityCertificate&
+  const v1::IdentityCertificate&
   getCertificate() const
   {
     return m_cert;
@@ -70,12 +71,16 @@
   }
 
 private:
-  IdentityCertificate m_cert;
+  v1::IdentityCertificate m_cert;
   ConstBufferPtr m_key;
 
   mutable Block m_wire;
 };
 
+} // namespace security
+
+using security::SecuredBag;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_SECURED_BAG_HPP
diff --git a/src/security/security-common.hpp b/src/security/security-common.hpp
index 542e169..bd709f5 100644
--- a/src/security/security-common.hpp
+++ b/src/security/security-common.hpp
@@ -24,6 +24,8 @@
 
 #include "../common.hpp"
 
+#define NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
 namespace ndn {
 
 namespace signed_interest {
diff --git a/src/security/certificate-extension.cpp b/src/security/v1/certificate-extension.cpp
similarity index 94%
rename from src/security/certificate-extension.cpp
rename to src/security/v1/certificate-extension.cpp
index d215662..d871eac 100644
--- a/src/security/certificate-extension.cpp
+++ b/src/security/v1/certificate-extension.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,12 +22,12 @@
  * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
  */
 
-#include "common.hpp"
-
 #include "certificate-extension.hpp"
 #include "cryptopp.hpp"
 
 namespace ndn {
+namespace security {
+namespace v1 {
 
 void
 CertificateExtension::encode(CryptoPP::BufferedTransformation& out) const
@@ -72,4 +72,6 @@
   extension.MessageEnd();
 }
 
+} // namespace v1
+} // namespace security
 } // namespace ndn
diff --git a/src/security/certificate-extension.hpp b/src/security/v1/certificate-extension.hpp
similarity index 76%
rename from src/security/certificate-extension.hpp
rename to src/security/v1/certificate-extension.hpp
index 4a42eac..c898835 100644
--- a/src/security/certificate-extension.hpp
+++ b/src/security/v1/certificate-extension.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,18 +23,20 @@
  * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
  */
 
-#ifndef NDN_SECURITY_CERTIFICATE_EXTENSION_HPP
-#define NDN_SECURITY_CERTIFICATE_EXTENSION_HPP
+#ifndef NDN_SECURITY_V1_CERTIFICATE_EXTENSION_HPP
+#define NDN_SECURITY_V1_CERTIFICATE_EXTENSION_HPP
 
-#include "../common.hpp"
-#include "../encoding/buffer.hpp"
-#include "../encoding/oid.hpp"
+#include "../../common.hpp"
+#include "../../encoding/buffer.hpp"
+#include "../../encoding/oid.hpp"
 
 namespace CryptoPP {
 class BufferedTransformation;
-}
+} // namespace CryptoPP
 
 namespace ndn {
+namespace security {
+namespace v1 {
 
 /**
  * A CertificateExtension represents the Extension entry in a certificate.
@@ -64,12 +66,12 @@
    * @param isCritical If true, the extension must be handled.
    * @param value The extension value.
    */
-  CertificateExtension(const OID& oid, const bool isCritical, const Buffer& value)
+  CertificateExtension(const Oid& oid, const bool isCritical, const Buffer& value)
     : m_extensionId(oid), m_isCritical(isCritical), m_extensionValue(value)
   {
   }
 
-  CertificateExtension(const OID& oid, const bool isCritical,
+  CertificateExtension(const Oid& oid, const bool isCritical,
                        const uint8_t* value, size_t valueSize)
     : m_extensionId(oid), m_isCritical(isCritical), m_extensionValue(value, valueSize)
   {
@@ -89,7 +91,7 @@
   void
   decode(CryptoPP::BufferedTransformation& in);
 
-  inline const OID&
+  inline const Oid&
   getOid() const
   {
     return m_extensionId;
@@ -108,11 +110,19 @@
   }
 
 protected:
-  OID m_extensionId;
+  Oid m_extensionId;
   bool m_isCritical;
   Buffer m_extensionValue;
 };
 
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::CertificateExtension;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
 } // namespace ndn
 
-#endif //NDN_SECURITY_CERTIFICATE_EXTENSION_HPP
+#endif // NDN_SECURITY_V1_CERTIFICATE_EXTENSION_HPP
diff --git a/src/security/certificate-subject-description.cpp b/src/security/v1/certificate-subject-description.cpp
similarity index 94%
rename from src/security/certificate-subject-description.cpp
rename to src/security/v1/certificate-subject-description.cpp
index 60f7dbb..1e910c2 100644
--- a/src/security/certificate-subject-description.cpp
+++ b/src/security/v1/certificate-subject-description.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,13 +23,13 @@
  * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
  */
 
-#include "common.hpp"
-
 #include "certificate-subject-description.hpp"
 
 #include "cryptopp.hpp"
 
 namespace ndn {
+namespace security {
+namespace v1 {
 
 void
 CertificateSubjectDescription::encode(CryptoPP::BufferedTransformation& out) const
@@ -79,4 +79,6 @@
   attributeTypeAndValue.MessageEnd();
 }
 
+} // namespace v1
+} // namespace security
 } // namespace ndn
diff --git a/src/security/certificate-subject-description.hpp b/src/security/v1/certificate-subject-description.hpp
similarity index 74%
rename from src/security/certificate-subject-description.hpp
rename to src/security/v1/certificate-subject-description.hpp
index 0e56dfa..00eab76 100644
--- a/src/security/certificate-subject-description.hpp
+++ b/src/security/v1/certificate-subject-description.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,17 +23,19 @@
  * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
  */
 
-#ifndef NDN_SECURITY_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
-#define NDN_SECURITY_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
+#ifndef NDN_SECURITY_V1_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
+#define NDN_SECURITY_V1_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
 
-#include "../common.hpp"
-#include "../encoding/oid.hpp"
+#include "../../common.hpp"
+#include "../../encoding/oid.hpp"
 
 namespace CryptoPP {
 class BufferedTransformation;
-}
+} // namespace CryptoPP
 
 namespace ndn {
+namespace security {
+namespace v1 {
 
 /**
  * A CertificateSubjectDescription represents the SubjectDescription entry in a Certificate.
@@ -52,7 +54,7 @@
    * @param oid The oid of the subject description entry.
    * @param value The value of the subject description entry.
    */
-  CertificateSubjectDescription(const OID& oid, const std::string& value)
+  CertificateSubjectDescription(const Oid& oid, const std::string& value)
   : m_oid(oid), m_value(value)
   {
   }
@@ -76,10 +78,18 @@
   }
 
 private:
-  OID m_oid;
+  Oid m_oid;
   std::string m_value;
 };
 
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::CertificateSubjectDescription;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
 } // namespace ndn
 
-#endif //NDN_SECURITY_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
+#endif // NDN_SECURITY_V1_CERTIFICATE_SUBJECT_DESCRIPTION_HPP
diff --git a/src/security/certificate.cpp b/src/security/v1/certificate.cpp
similarity index 96%
rename from src/security/certificate.cpp
rename to src/security/v1/certificate.cpp
index 1b004ed..823c994 100644
--- a/src/security/certificate.cpp
+++ b/src/security/v1/certificate.cpp
@@ -23,19 +23,19 @@
  * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
  */
 
-#include "common.hpp"
-
 #include "certificate.hpp"
-#include "../util/time.hpp"
+#include "../../util/time.hpp"
 #include "cryptopp.hpp"
-#include "../encoding/cryptopp/asn_ext.hpp"
-#include "../encoding/buffer-stream.hpp"
-#include "../util/concepts.hpp"
-#include "../util/indented-stream.hpp"
+#include "../../encoding/cryptopp/asn_ext.hpp"
+#include "../../encoding/buffer-stream.hpp"
+#include "../../util/concepts.hpp"
+#include "../../util/indented-stream.hpp"
 
 #include <boost/algorithm/string/split.hpp>
 
 namespace ndn {
+namespace security {
+namespace v1 {
 
 BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
 BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));
@@ -354,5 +354,6 @@
   return os;
 }
 
-
+} // namespace v1
+} // namespace security
 } // namespace ndn
diff --git a/src/security/certificate.hpp b/src/security/v1/certificate.hpp
similarity index 89%
rename from src/security/certificate.hpp
rename to src/security/v1/certificate.hpp
index 51efb7d..f2f70bf 100644
--- a/src/security/certificate.hpp
+++ b/src/security/v1/certificate.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,16 +23,18 @@
  * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
  */
 
-#ifndef NDN_SECURITY_CERTIFICATE_HPP
-#define NDN_SECURITY_CERTIFICATE_HPP
+#ifndef NDN_SECURITY_V1_CERTIFICATE_HPP
+#define NDN_SECURITY_V1_CERTIFICATE_HPP
 
-#include "../common.hpp"
-#include "../data.hpp"
+#include "../../common.hpp"
+#include "../../data.hpp"
 #include "certificate-subject-description.hpp"
 #include "certificate-extension.hpp"
 #include "public-key.hpp"
 
 namespace ndn {
+namespace security {
+namespace v1 {
 
 class Certificate : public Data
 {
@@ -210,6 +212,15 @@
 
 std::ostream&
 operator<<(std::ostream& os, const Certificate& cert);
+
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::Certificate;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
 } // namespace ndn
 
-#endif // NDN_SECURITY_CERTIFICATE_HPP
+#endif // NDN_SECURITY_V1_CERTIFICATE_HPP
diff --git a/src/security/v1/cryptopp.hpp b/src/security/v1/cryptopp.hpp
new file mode 100644
index 0000000..4de66bb
--- /dev/null
+++ b/src/security/v1/cryptopp.hpp
@@ -0,0 +1,45 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_SECURITY_V1_CRYPTOPP_HPP
+#define NDN_SECURITY_V1_CRYPTOPP_HPP
+
+// suppress CryptoPP warnings
+#pragma GCC system_header
+#pragma clang system_header
+
+#include <cryptopp/asn.h>
+#include <cryptopp/base64.h>
+#include <cryptopp/des.h>
+#include <cryptopp/files.h>
+#include <cryptopp/filters.h>
+#include <cryptopp/hex.h>
+#include <cryptopp/modes.h>
+#include <cryptopp/osrng.h>
+#include <cryptopp/pssr.h>
+#include <cryptopp/pwdbased.h>
+#include <cryptopp/rsa.h>
+#include <cryptopp/sha.h>
+#include <cryptopp/eccrypto.h>
+#include <cryptopp/oids.h>
+#include <cryptopp/dsa.h>
+
+#endif // NDN_SECURITY_V1_CRYPTOPP_HPP
diff --git a/src/security/identity-certificate.cpp b/src/security/v1/identity-certificate.cpp
similarity index 95%
rename from src/security/identity-certificate.cpp
rename to src/security/v1/identity-certificate.cpp
index 7a7180d..ea8a946 100644
--- a/src/security/identity-certificate.cpp
+++ b/src/security/v1/identity-certificate.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,12 +19,12 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#include "common.hpp"
-
 #include "identity-certificate.hpp"
-#include "../util/concepts.hpp"
+#include "../../util/concepts.hpp"
 
 namespace ndn {
+namespace security {
+namespace v1 {
 
 using std::string;
 
@@ -143,4 +143,6 @@
                                       tmpName.size() - keyComponentIndex - 1));
 }
 
+} // namespace v1
+} // namespace security
 } // namespace ndn
diff --git a/src/security/v1/identity-certificate.hpp b/src/security/v1/identity-certificate.hpp
new file mode 100644
index 0000000..7ea4fe4
--- /dev/null
+++ b/src/security/v1/identity-certificate.hpp
@@ -0,0 +1,110 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
+ * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ */
+
+#ifndef NDN_SECURITY_V1_IDENTITY_CERTIFICATE_HPP
+#define NDN_SECURITY_V1_IDENTITY_CERTIFICATE_HPP
+
+#include "../../common.hpp"
+#include "certificate.hpp"
+
+namespace ndn {
+namespace security {
+namespace v1 {
+
+class IdentityCertificate : public Certificate
+{
+public:
+  class Error : public Certificate::Error
+  {
+  public:
+    explicit
+    Error(const std::string& what)
+      : Certificate::Error(what)
+    {
+    }
+  };
+
+  /**
+   * @brief The default constructor.
+   */
+  IdentityCertificate();
+
+  /**
+   * @brief Create an IdentityCertificate from the content in the data packet.
+   * @param data The data packet with the content to decode.
+   */
+  explicit
+  IdentityCertificate(const Data& data);
+
+  /**
+   * @brief Create an IdentityCertificate from a block.
+   * @param block The raw block of the certificate.
+   */
+  explicit
+  IdentityCertificate(const Block& block);
+
+  void
+  wireDecode(const Block& wire);
+
+  void
+  setName(const Name& name);
+
+  const Name&
+  getPublicKeyName() const
+  {
+    return m_publicKeyName;
+  }
+
+  static bool
+  isIdentityCertificate(const Certificate& certificate);
+
+  /**
+   * @brief Get the public key name from the full certificate name.
+   * @param certificateName The full certificate name.
+   * @return The related public key name.
+   */
+  static Name
+  certificateNameToPublicKeyName(const Name& certificateName);
+
+private:
+  static bool
+  isCorrectName(const Name& name);
+
+  void
+  setPublicKeyName();
+
+protected:
+  Name m_publicKeyName;
+};
+
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::IdentityCertificate;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
+} // namespace ndn
+
+#endif // NDN_SECURITY_V1_IDENTITY_CERTIFICATE_HPP
diff --git a/src/security/public-key.cpp b/src/security/v1/public-key.cpp
similarity index 93%
rename from src/security/public-key.cpp
rename to src/security/v1/public-key.cpp
index e366a47..2721dee 100644
--- a/src/security/public-key.cpp
+++ b/src/security/v1/public-key.cpp
@@ -24,11 +24,13 @@
 
 #include "public-key.hpp"
 
-#include "../encoding/oid.hpp"
-#include "../util/crypto.hpp"
+#include "../../encoding/oid.hpp"
+#include "../../util/crypto.hpp"
 #include "cryptopp.hpp"
 
 namespace ndn {
+namespace security {
+namespace v1 {
 
 PublicKey::PublicKey()
   : m_type(KeyType::NONE)
@@ -51,7 +53,7 @@
   if (m_digest.hasWire())
     return m_digest;
   else {
-    m_digest = Block(tlv::KeyDigest, crypto::sha256(m_key.buf(), m_key.size()));
+    m_digest = Block(tlv::KeyDigest, crypto::computeSha256Digest(m_key.buf(), m_key.size()));
     m_digest.encode();
     return m_digest;
   }
@@ -102,7 +104,7 @@
       {
         BERSequenceDecoder algorithmInfo(subjectPublicKeyInfo);
         {
-          OID algorithm;
+          Oid algorithm;
           algorithm.decode(algorithmInfo);
 
           if (algorithm == oid::RSA)
@@ -148,4 +150,6 @@
   return os;
 }
 
+} // namespace v1
+} // namespace security
 } // namespace ndn
diff --git a/src/security/v1/public-key.hpp b/src/security/v1/public-key.hpp
new file mode 100644
index 0000000..6b67535
--- /dev/null
+++ b/src/security/v1/public-key.hpp
@@ -0,0 +1,133 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ *
+ * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
+ * @author Alexander Afanasyev <http://lasr.cs.ucla.edu/afanasyev/index.html>
+ * @author Jeff Thompson <jefft0@remap.ucla.edu>
+ */
+
+#ifndef NDN_SECURITY_V1_PUBLIC_KEY_HPP
+#define NDN_SECURITY_V1_PUBLIC_KEY_HPP
+
+#include "../../common.hpp"
+
+#include "../../encoding/buffer.hpp"
+#include "../../encoding/block.hpp"
+#include "../security-common.hpp"
+
+namespace CryptoPP {
+class BufferedTransformation;
+} // namespace CryptoPP
+
+namespace ndn {
+namespace security {
+namespace v1 {
+
+class PublicKey
+{
+public:
+  class Error : public std::runtime_error
+  {
+  public:
+    explicit
+    Error(const std::string& what)
+      : std::runtime_error(what)
+    {
+    }
+  };
+
+  /**
+   * The default constructor.
+   */
+  PublicKey();
+
+  /**
+   * @brief Create a new PublicKey from @p keyDerBuf in DER buffer
+   *
+   * @param keyDerBuf The pointer to the first byte of buffer containing DER of public key
+   * @param keyDerSize Size of the buffer
+   *
+   * @throws PublicKey::Error If DER in buffer cannot be decoded
+   */
+  PublicKey(const uint8_t* keyDerBuf, size_t keyDerSize);
+
+  const Buffer&
+  get() const
+  {
+    return m_key;
+  }
+
+  void
+  set(const uint8_t* keyDerBuf, size_t keyDerSize)
+  {
+    Buffer buf(keyDerBuf, keyDerSize);
+    m_key.swap(buf);
+  }
+
+  KeyType
+  getKeyType() const
+  {
+    return m_type;
+  }
+
+  /**
+   * @return a KeyDigest block that matches this public key
+   */
+  const Block&
+  computeDigest() const;
+
+  void
+  encode(CryptoPP::BufferedTransformation& out) const;
+
+  void
+  decode(CryptoPP::BufferedTransformation& in);
+
+  bool
+  operator==(const PublicKey& key) const
+  {
+    return m_key == key.m_key;
+  }
+
+  bool
+  operator!=(const PublicKey& key) const
+  {
+    return m_key != key.m_key;
+  }
+
+private:
+  KeyType m_type;
+  Buffer m_key;
+  mutable Block m_digest;
+};
+
+std::ostream&
+operator<<(std::ostream& os, const PublicKey& key);
+
+} // namespace v1
+} // namespace security
+
+#ifdef NDN_CXX_KEEP_SECURITY_V1_ALIASES
+/// @deprecated When needed, use explicit namespace
+using security::v1::PublicKey;
+#endif // NDN_CXX_KEEP_SECURITY_V1_ALIASES
+
+} // namespace ndn
+
+#endif // NDN_SECURITY_V1_PUBLIC_KEY_HPP
diff --git a/src/security/additional-description.cpp b/src/security/v2/additional-description.cpp
similarity index 96%
rename from src/security/additional-description.cpp
rename to src/security/v2/additional-description.cpp
index c912638..6fdfd53 100644
--- a/src/security/additional-description.cpp
+++ b/src/security/v2/additional-description.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -20,11 +20,12 @@
  */
 
 #include "additional-description.hpp"
-#include "../util/concepts.hpp"
-#include "../encoding/block-helpers.hpp"
+#include "../../util/concepts.hpp"
+#include "../../encoding/block-helpers.hpp"
 
 namespace ndn {
 namespace security {
+namespace v2 {
 
 BOOST_CONCEPT_ASSERT((boost::EqualityComparable<AdditionalDescription>));
 BOOST_CONCEPT_ASSERT((WireEncodable<AdditionalDescription>));
@@ -193,5 +194,6 @@
   return os;
 }
 
+} // namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/src/security/additional-description.hpp b/src/security/v2/additional-description.hpp
similarity index 87%
rename from src/security/additional-description.hpp
rename to src/security/v2/additional-description.hpp
index b34cb74..d5142ae 100644
--- a/src/security/additional-description.hpp
+++ b/src/security/v2/additional-description.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2015 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,16 +19,17 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
-#define NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+#ifndef NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
+#define NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
 
-#include "../common.hpp"
-#include "../encoding/tlv.hpp"
-#include "../encoding/block.hpp"
+#include "../../common.hpp"
+#include "../../encoding/tlv.hpp"
+#include "../../encoding/block.hpp"
 #include <map>
 
 namespace ndn {
 namespace security {
+namespace v2 {
 
 /**
  * @brief Abstraction of AdditionalDescription
@@ -125,7 +126,11 @@
 std::ostream&
 operator<<(std::ostream& os, const AdditionalDescription& period);
 
+} // namespace v2
+
+using v2::AdditionalDescription;
+
 } // namespace security
 } // namespace ndn
 
-#endif // NDN_SECURITY_ADDITIONAL_DESCRIPTION_HPP
+#endif // NDN_SECURITY_V2_ADDITIONAL_DESCRIPTION_HPP
diff --git a/src/security/validation-request.hpp b/src/security/validation-request.hpp
index d9aae80..000f61b 100644
--- a/src/security/validation-request.hpp
+++ b/src/security/validation-request.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -27,6 +27,8 @@
 #include "../interest.hpp"
 
 namespace ndn {
+namespace security {
+
 /// @brief Callback to report a successful Interest validation.
 typedef function<void(const shared_ptr<const Interest>&)> OnInterestValidated;
 
@@ -82,6 +84,14 @@
   int m_nSteps;
 };
 
+} // namespace security
+
+using security::ValidationRequest;
+using security::OnInterestValidated;
+using security::OnInterestValidationFailed;
+using security::OnDataValidated;
+using security::OnDataValidationFailed;
+
 } // namespace ndn
 
 #endif //NDN_SECURITY_VALIDATION_REQUEST_HPP
diff --git a/src/security/validator-config.cpp b/src/security/validator-config.cpp
index ba37a5a..f643c84 100644
--- a/src/security/validator-config.cpp
+++ b/src/security/validator-config.cpp
@@ -31,6 +31,7 @@
 #include <boost/algorithm/string.hpp>
 
 namespace ndn {
+namespace security {
 
 const shared_ptr<CertificateCache> ValidatorConfig::DEFAULT_CERTIFICATE_CACHE;
 const time::milliseconds ValidatorConfig::DEFAULT_GRACE_INTERVAL(3000);
@@ -275,8 +276,8 @@
         BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor!"));
 
       path certfilePath = absolute(file, path(filename).parent_path());
-      shared_ptr<IdentityCertificate> idCert =
-        io::load<IdentityCertificate>(certfilePath.string());
+      shared_ptr<v1::IdentityCertificate> idCert =
+        io::load<v1::IdentityCertificate>(certfilePath.string());
 
       if (static_cast<bool>(idCert))
         {
@@ -303,7 +304,7 @@
       if (propertyIt != configSection.end())
         BOOST_THROW_EXCEPTION(Error("Expect the end of trust-anchor!"));
 
-      shared_ptr<IdentityCertificate> idCert = io::load<IdentityCertificate>(ss);
+      shared_ptr<v1::IdentityCertificate> idCert = io::load<v1::IdentityCertificate>(ss);
 
       if (static_cast<bool>(idCert))
         {
@@ -357,8 +358,8 @@
 
           for (directory_iterator it(dirPath); it != end; it++)
             {
-              shared_ptr<IdentityCertificate> idCert =
-                io::load<IdentityCertificate>(it->path().string());
+              shared_ptr<v1::IdentityCertificate> idCert =
+                io::load<v1::IdentityCertificate>(it->path().string());
 
               if (static_cast<bool>(idCert))
                 m_staticContainer.add(idCert);
@@ -552,7 +553,7 @@
         return onValidationFailed(interest.shared_from_this(),
                                   "Key Locator is not a name");
 
-      Name keyName = IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
+      Name keyName = v1::IdentityCertificate::certificateNameToPublicKeyName(keyLocator.getName());
 
       bool isMatched = false;
       int8_t checkResult = -1;
@@ -594,7 +595,7 @@
       return onValidationFailed(interest.shared_from_this(),
                                 "No valid KeyLocator");
     }
-  catch (IdentityCertificate::Error& e)
+  catch (v1::IdentityCertificate::Error& e)
     {
       return onValidationFailed(interest.shared_from_this(),
                                 "Cannot determine the signing key");
@@ -710,8 +711,8 @@
 
       for (directory_iterator it(m_path); it != end; it++)
         {
-          shared_ptr<IdentityCertificate> idCert =
-            io::load<IdentityCertificate>(it->path().string());
+          shared_ptr<v1::IdentityCertificate> idCert =
+            io::load<v1::IdentityCertificate>(it->path().string());
 
           if (static_cast<bool>(idCert))
             m_certificates.push_back(idCert);
@@ -719,8 +720,8 @@
     }
   else
     {
-      shared_ptr<IdentityCertificate> idCert =
-        io::load<IdentityCertificate>(m_path.string());
+      shared_ptr<v1::IdentityCertificate> idCert =
+        io::load<v1::IdentityCertificate>(m_path.string());
 
       if (static_cast<bool>(idCert))
         m_certificates.push_back(idCert);
@@ -779,7 +780,7 @@
 
   const Name& keyLocatorName = signature.getKeyLocator().getName();
 
-  shared_ptr<const Certificate> trustedCert;
+  shared_ptr<const v1::Certificate> trustedCert;
 
   refreshAnchors();
 
@@ -838,9 +839,9 @@
                               "Cannot retrieve signer's cert: " +
                               signCertificate->getName().toUri());
 
-  shared_ptr<IdentityCertificate> certificate;
+  shared_ptr<v1::IdentityCertificate> certificate;
   try {
-    certificate = make_shared<IdentityCertificate>(*signCertificate);
+    certificate = make_shared<v1::IdentityCertificate>(*signCertificate);
   }
   catch (tlv::Error&) {
     return onValidationFailed(packet,
@@ -879,4 +880,5 @@
   onValidationFailed(packet, failureInfo);
 }
 
+} // namespace security
 } // namespace ndn
diff --git a/src/security/validator-config.hpp b/src/security/validator-config.hpp
index db8d17d..8d801ad 100644
--- a/src/security/validator-config.hpp
+++ b/src/security/validator-config.hpp
@@ -31,6 +31,7 @@
 #include "conf/common.hpp"
 
 namespace ndn {
+namespace security {
 
 class ValidatorConfig : public Validator
 {
@@ -160,20 +161,20 @@
     {
     }
 
-    const std::list<shared_ptr<IdentityCertificate>>&
+    const std::list<shared_ptr<v1::IdentityCertificate>>&
     getAll() const
     {
       return m_certificates;
     }
 
     void
-    add(shared_ptr<IdentityCertificate> certificate)
+    add(shared_ptr<v1::IdentityCertificate> certificate)
     {
       m_certificates.push_back(certificate);
     }
 
   protected:
-    std::list<shared_ptr<IdentityCertificate>> m_certificates;
+    std::list<shared_ptr<v1::IdentityCertificate>> m_certificates;
   };
 
   class DynamicTrustAnchorContainer : public TrustAnchorContainer
@@ -233,9 +234,9 @@
   typedef security::conf::Rule<Data>     DataRule;
   typedef std::vector<shared_ptr<InterestRule>> InterestRuleList;
   typedef std::vector<shared_ptr<DataRule>>     DataRuleList;
-  typedef std::map<Name, shared_ptr<IdentityCertificate>> AnchorList;
+  typedef std::map<Name, shared_ptr<v1::IdentityCertificate>> AnchorList;
   typedef std::list<DynamicTrustAnchorContainer> DynamicContainers; // sorted by m_lastRefresh
-  typedef std::list<shared_ptr<IdentityCertificate>> CertificateList;
+  typedef std::list<shared_ptr<v1::IdentityCertificate>> CertificateList;
 
 
   /**
@@ -262,6 +263,10 @@
   const time::system_clock::Duration& m_keyTimestampTtl;
 };
 
+} // namespace security
+
+using security::ValidatorConfig;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_VALIDATOR_CONFIG_HPP
diff --git a/src/security/validator-null.hpp b/src/security/validator-null.hpp
index 34b18c8..36448af 100644
--- a/src/security/validator-null.hpp
+++ b/src/security/validator-null.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,6 +28,7 @@
 #include "validator.hpp"
 
 namespace ndn {
+namespace security {
 
 class ValidatorNull : public Validator
 {
@@ -59,6 +60,10 @@
   }
 };
 
+} // namespace security
+
+using security::ValidatorNull;
+
 } // namespace ndn
 
 #endif //NDN_SECURITY_VALIDATOR_NULL_HPP
diff --git a/src/security/validator-regex.cpp b/src/security/validator-regex.cpp
index 08f4c73..caa2e6c 100644
--- a/src/security/validator-regex.cpp
+++ b/src/security/validator-regex.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,6 +28,7 @@
 #include "certificate-cache-ttl.hpp"
 
 namespace ndn {
+namespace security {
 
 const shared_ptr<CertificateCache> ValidatorRegex::DEFAULT_CERTIFICATE_CACHE;
 
@@ -49,7 +50,7 @@
   , m_stepLimit(stepLimit)
   , m_certificateCache(certificateCache)
 {
-  if (!static_cast<bool>(m_certificateCache))
+  if (certificateCache == nullptr)
     m_certificateCache = make_shared<CertificateCacheTtl>(ref(face.getIoService()));
 }
 
@@ -60,7 +61,7 @@
 }
 
 void
-ValidatorRegex::addTrustAnchor(shared_ptr<IdentityCertificate> certificate)
+ValidatorRegex::addTrustAnchor(shared_ptr<v1::IdentityCertificate> certificate)
 {
   m_trustAnchors[certificate->getName().getPrefix(-1)] = certificate;
 }
@@ -71,28 +72,26 @@
                                        const OnDataValidated& onValidated,
                                        const OnDataValidationFailed& onValidationFailed)
 {
-  shared_ptr<IdentityCertificate> certificate =
-    make_shared<IdentityCertificate>(*signCertificate);
+  shared_ptr<v1::IdentityCertificate> certificate =
+    make_shared<v1::IdentityCertificate>(*signCertificate);
 
-  if (!certificate->isTooLate() && !certificate->isTooEarly())
-    {
-      if (static_cast<bool>(m_certificateCache))
-        m_certificateCache->insertCertificate(certificate);
+  if (!certificate->isTooLate() && !certificate->isTooEarly()) {
+    if (m_certificateCache != nullptr)
+      m_certificateCache->insertCertificate(certificate);
 
-      if (verifySignature(*data, certificate->getPublicKeyInfo()))
-        return onValidated(data);
-      else
-        return onValidationFailed(data,
-                                  "Cannot verify signature: " +
-                                  data->getName().toUri());
-    }
-  else
-    {
+    if (verifySignature(*data, certificate->getPublicKeyInfo()))
+      return onValidated(data);
+    else
       return onValidationFailed(data,
-                                "Signing certificate " +
-                                signCertificate->getName().toUri() +
-                                " is no longer valid.");
-    }
+                                "Cannot verify signature: " +
+                                data->getName().toUri());
+  }
+  else {
+    return onValidationFailed(data,
+                              "Signing certificate " +
+                              signCertificate->getName().toUri() +
+                              " is no longer valid.");
+  }
 }
 
 void
@@ -126,82 +125,76 @@
 
   for (RuleList::iterator it = m_verifyPolicies.begin();
        it != m_verifyPolicies.end();
-       it++)
-    {
-      if ((*it)->satisfy(data))
-        {
-          try
-            {
-              if (!data.getSignature().hasKeyLocator())
-                return onValidationFailed(data.shared_from_this(),
-                                          "Key Locator is missing in Data packet: " +
-                                          data.getName().toUri());
+       it++) {
+    if ((*it)->satisfy(data)) {
+      try {
+        if (!data.getSignature().hasKeyLocator())
+          return onValidationFailed(data.shared_from_this(),
+                                    "Key Locator is missing in Data packet: " +
+                                    data.getName().toUri());
 
-              const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
-              if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
-                return onValidationFailed(data.shared_from_this(),
-                                          "Key Locator is not a name: " +
-                                          data.getName().toUri());
+        const KeyLocator& keyLocator = data.getSignature().getKeyLocator();
+        if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
+          return onValidationFailed(data.shared_from_this(),
+                                    "Key Locator is not a name: " +
+                                    data.getName().toUri());
 
 
-              const Name& keyLocatorName = keyLocator.getName();
-              shared_ptr<const Certificate> trustedCert;
-              if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName) &&
-                  static_cast<bool>(m_certificateCache))
-                trustedCert = m_certificateCache->getCertificate(keyLocatorName);
-              else
-                trustedCert = m_trustAnchors[keyLocatorName];
+        const Name& keyLocatorName = keyLocator.getName();
+        shared_ptr<const v1::Certificate> trustedCert;
+        if (m_trustAnchors.end() == m_trustAnchors.find(keyLocatorName) &&
+            m_certificateCache != nullptr)
+          trustedCert = m_certificateCache->getCertificate(keyLocatorName);
+        else
+          trustedCert = m_trustAnchors[keyLocatorName];
 
-              if (static_cast<bool>(trustedCert))
-                {
-                  if (verifySignature(data, data.getSignature(), trustedCert->getPublicKeyInfo()))
-                    return onValidated(data.shared_from_this());
-                  else
-                    return onValidationFailed(data.shared_from_this(),
-                                              "Cannot verify signature: " +
-                                              data.getName().toUri());
-                }
-              else
-                {
-                  // KeyLocator is not a trust anchor
-
-                  OnDataValidated onKeyValidated =
-                    bind(&ValidatorRegex::onCertificateValidated, this, _1,
-                         data.shared_from_this(), onValidated, onValidationFailed);
-
-                  OnDataValidationFailed onKeyValidationFailed =
-                    bind(&ValidatorRegex::onCertificateValidationFailed, this, _1, _2,
-                         data.shared_from_this(), onValidationFailed);
-
-                  Interest interest(keyLocatorName);
-                  shared_ptr<ValidationRequest> nextStep =
-                    make_shared<ValidationRequest>(interest,
-                                                   onKeyValidated,
-                                                   onKeyValidationFailed,
-                                                   3,
-                                                   nSteps + 1);
-
-                  nextSteps.push_back(nextStep);
-
-                  return;
-                }
-            }
-          catch (KeyLocator::Error& e)
-            {
-              return onValidationFailed(data.shared_from_this(),
-                                        "Key Locator is not a name: " +
-                                        data.getName().toUri());
-            }
-          catch (tlv::Error& e)
-            {
-              return onValidationFailed(data.shared_from_this(),
-                                        "Cannot decode signature");
-            }
+        if (trustedCert != nullptr) {
+          if (verifySignature(data, data.getSignature(), trustedCert->getPublicKeyInfo()))
+            return onValidated(data.shared_from_this());
+          else
+            return onValidationFailed(data.shared_from_this(),
+                                      "Cannot verify signature: " +
+                                      data.getName().toUri());
         }
+        else {
+          // KeyLocator is not a trust anchor
+
+          OnDataValidated onKeyValidated =
+            bind(&ValidatorRegex::onCertificateValidated, this, _1,
+                 data.shared_from_this(), onValidated, onValidationFailed);
+
+          OnDataValidationFailed onKeyValidationFailed =
+            bind(&ValidatorRegex::onCertificateValidationFailed, this, _1, _2,
+                 data.shared_from_this(), onValidationFailed);
+
+          Interest interest(keyLocatorName);
+          shared_ptr<ValidationRequest> nextStep =
+            make_shared<ValidationRequest>(interest,
+                                           onKeyValidated,
+                                           onKeyValidationFailed,
+                                           3,
+                                           nSteps + 1);
+
+          nextSteps.push_back(nextStep);
+
+          return;
+        }
+      }
+      catch (const KeyLocator::Error& e) {
+        return onValidationFailed(data.shared_from_this(),
+                                  "Key Locator is not a name: " +
+                                  data.getName().toUri());
+      }
+      catch (const tlv::Error& e) {
+        return onValidationFailed(data.shared_from_this(),
+                                  "Cannot decode signature");
+      }
     }
+  }
 
   return onValidationFailed(data.shared_from_this(),
                             "No policy found for data: " + data.getName().toUri());
 }
 
+} // namespace security
 } // namespace ndn
diff --git a/src/security/validator-regex.hpp b/src/security/validator-regex.hpp
index b207bbc..7d97f22 100644
--- a/src/security/validator-regex.hpp
+++ b/src/security/validator-regex.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2014 Regents of the University of California.
+ * Copyright (c) 2013-2016 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -25,12 +25,13 @@
 #define NDN_SECURITY_VALIDATOR_REGEX_HPP
 
 #include "validator.hpp"
-#include "identity-certificate.hpp"
+#include "v1/identity-certificate.hpp"
 #include "sec-rule-relative.hpp"
 #include "certificate-cache.hpp"
 #include "../util/regex.hpp"
 
 namespace ndn {
+namespace security {
 
 class ValidatorRegex : public Validator
 {
@@ -79,7 +80,7 @@
    * @param certificate The trust anchor
    */
   void
-  addTrustAnchor(shared_ptr<IdentityCertificate> certificate);
+  addTrustAnchor(shared_ptr<v1::IdentityCertificate> certificate);
 
 protected:
   virtual void
@@ -122,9 +123,13 @@
   shared_ptr<CertificateCache> m_certificateCache;
   RuleList m_mustFailVerify;
   RuleList m_verifyPolicies;
-  std::map<Name, shared_ptr<IdentityCertificate> > m_trustAnchors;
+  std::map<Name, shared_ptr<v1::IdentityCertificate> > m_trustAnchors;
 };
 
+} // namespace security
+
+using security::ValidatorRegex;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_VALIDATOR_REGEX_HPP
diff --git a/src/security/validator.cpp b/src/security/validator.cpp
index ffb9501..84aaa0f 100644
--- a/src/security/validator.cpp
+++ b/src/security/validator.cpp
@@ -25,12 +25,13 @@
 #include "validator.hpp"
 #include "../util/crypto.hpp"
 
-#include "cryptopp.hpp"
+#include "v1/cryptopp.hpp"
 
 namespace ndn {
+namespace security {
 
-static OID SECP256R1("1.2.840.10045.3.1.7");
-static OID SECP384R1("1.3.132.0.34");
+static Oid SECP256R1("1.2.840.10045.3.1.7");
+static Oid SECP384R1("1.3.132.0.34");
 
 Validator::Validator(Face* face)
   : m_face(face)
@@ -101,7 +102,7 @@
 }
 
 bool
-Validator::verifySignature(const Data& data, const PublicKey& key)
+Validator::verifySignature(const Data& data, const v1::PublicKey& key)
 {
   if (!data.getSignature().hasKeyLocator())
     return false;
@@ -113,7 +114,7 @@
 }
 
 bool
-Validator::verifySignature(const Interest& interest, const PublicKey& key)
+Validator::verifySignature(const Interest& interest, const v1::PublicKey& key)
 {
   const Name& name = interest.getName();
 
@@ -142,7 +143,7 @@
 Validator::verifySignature(const uint8_t* buf,
                            const size_t size,
                            const Signature& sig,
-                           const PublicKey& key)
+                           const v1::PublicKey& key)
 {
   try {
     using namespace CryptoPP;
@@ -181,10 +182,10 @@
         {
           BERSequenceDecoder algorithmInfo(subjectPublicKeyInfo);
           {
-            OID algorithm;
+            Oid algorithm;
             algorithm.decode(algorithmInfo);
 
-            OID curveId;
+            Oid curveId;
             curveId.decode(algorithmInfo);
 
             if (curveId == SECP256R1)
@@ -234,7 +235,7 @@
 Validator::verifySignature(const uint8_t* buf, const size_t size, const DigestSha256& sig)
 {
   try {
-    ConstBufferPtr buffer = crypto::sha256(buf, size);
+    ConstBufferPtr buffer = crypto::computeSha256Digest(buf, size);
     const Block& sigValue = sig.getValue();
 
     if (buffer != nullptr &&
@@ -321,4 +322,5 @@
   }
 }
 
+} // namespace security
 } // namespace ndn
diff --git a/src/security/validator.hpp b/src/security/validator.hpp
index e6eec8d..edc0365 100644
--- a/src/security/validator.hpp
+++ b/src/security/validator.hpp
@@ -26,14 +26,15 @@
 #define NDN_SECURITY_VALIDATOR_HPP
 
 #include "../face.hpp"
-#include "public-key.hpp"
 #include "signature-sha256-with-rsa.hpp"
 #include "signature-sha256-with-ecdsa.hpp"
 #include "digest-sha256.hpp"
 #include "validation-request.hpp"
-#include "identity-certificate.hpp"
+#include "v1/public-key.hpp"
+#include "v1/identity-certificate.hpp"
 
 namespace ndn {
+namespace security {
 
 /**
  * @brief provides the interfaces for packet validation.
@@ -105,7 +106,7 @@
 
   /// @brief Verify the data using the publicKey.
   static bool
-  verifySignature(const Data& data, const PublicKey& publicKey);
+  verifySignature(const Data& data, const v1::PublicKey& publicKey);
 
   /**
    * @brief Verify the signed Interest using the publicKey.
@@ -113,11 +114,11 @@
    * (Note the signature covers the first n-2 name components).
    */
   static bool
-  verifySignature(const Interest& interest, const PublicKey& publicKey);
+  verifySignature(const Interest& interest, const v1::PublicKey& publicKey);
 
   /// @brief Verify the blob using the publicKey against the signature.
   static bool
-  verifySignature(const Buffer& blob, const Signature& sig, const PublicKey& publicKey)
+  verifySignature(const Buffer& blob, const Signature& sig, const v1::PublicKey& publicKey)
   {
     return verifySignature(blob.buf(), blob.size(), sig, publicKey);
   }
@@ -126,7 +127,7 @@
   static bool
   verifySignature(const Data& data,
                   const Signature& sig,
-                  const PublicKey& publicKey)
+                  const v1::PublicKey& publicKey)
   {
     return verifySignature(data.wireEncode().value(),
                            data.wireEncode().value_size() - data.getSignature().getValue().size(),
@@ -140,7 +141,7 @@
   static bool
   verifySignature(const Interest& interest,
                   const Signature& sig,
-                  const PublicKey& publicKey)
+                  const v1::PublicKey& publicKey)
   {
     if (interest.getName().size() < 2)
       return false;
@@ -157,7 +158,7 @@
   verifySignature(const uint8_t* buf,
                   const size_t size,
                   const Signature& sig,
-                  const PublicKey& publicKey);
+                  const v1::PublicKey& publicKey);
 
 
   /// @brief Verify the data against the SHA256 signature.
@@ -330,6 +331,10 @@
   Face* m_face;
 };
 
+} // namespace security
+
+using security::Validator;
+
 } // namespace ndn
 
 #endif // NDN_SECURITY_VALIDATOR_HPP