security: Adapt PIB to NDN Certificate Format version 2.0

The certificate format can be found at docs/specs/certificate-format.rst

Change-Id: I5656837f09ce327e06a0cb1abdf16ac28fe0b823
Refs: #3202
diff --git a/src/security/pib/certificate-container.cpp b/src/security/pib/certificate-container.cpp
index a05dd52..fa8d058 100644
--- a/src/security/pib/certificate-container.cpp
+++ b/src/security/pib/certificate-container.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -24,6 +24,7 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 CertificateContainer::const_iterator::const_iterator(std::set<Name>::const_iterator it,
                                                      shared_ptr<PibImpl> impl)
@@ -32,7 +33,7 @@
 {
 }
 
-v1::IdentityCertificate
+v2::Certificate
 CertificateContainer::const_iterator::operator*()
 {
   return m_impl->getCertificate(*m_it);
@@ -100,5 +101,6 @@
   return m_certNames.size();
 }
 
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/src/security/pib/certificate-container.hpp b/src/security/pib/certificate-container.hpp
index 8e77e43..eba765e 100644
--- a/src/security/pib/certificate-container.hpp
+++ b/src/security/pib/certificate-container.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,10 +23,11 @@
 #define NDN_SECURITY_PIB_CERTIFICATE_CONTAINER_HPP
 
 #include <set>
-#include "../v1/identity-certificate.hpp"
+#include "../v2/certificate.hpp"
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 class PibImpl;
 
@@ -40,7 +41,7 @@
     friend class CertificateContainer;
 
   public:
-    v1::IdentityCertificate
+    v2::Certificate
     operator*();
 
     const_iterator&
@@ -87,6 +88,10 @@
   shared_ptr<PibImpl> m_impl;
 };
 
+} // namespace pib
+
+using pib::CertificateContainer;
+
 } // namespace security
 } // namespace ndn
 
diff --git a/src/security/pib/identity-container.cpp b/src/security/pib/identity-container.cpp
index 605be8b..77076af 100644
--- a/src/security/pib/identity-container.cpp
+++ b/src/security/pib/identity-container.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -24,6 +24,7 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 IdentityContainer::const_iterator::const_iterator(std::set<Name>::const_iterator it,
                                                   shared_ptr<PibImpl> impl)
@@ -100,5 +101,6 @@
   return m_identities.size();
 }
 
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/src/security/pib/identity-container.hpp b/src/security/pib/identity-container.hpp
index 1de18c7..1ac30e1 100644
--- a/src/security/pib/identity-container.hpp
+++ b/src/security/pib/identity-container.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -27,6 +27,7 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 class PibImpl;
 
@@ -88,6 +89,10 @@
   shared_ptr<PibImpl> m_impl;
 };
 
+} // namespace pib
+
+using pib::IdentityContainer;
+
 } // namespace security
 } // namespace ndn
 
diff --git a/src/security/pib/identity.cpp b/src/security/pib/identity.cpp
index 176814c..11cad88 100644
--- a/src/security/pib/identity.cpp
+++ b/src/security/pib/identity.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -25,8 +25,7 @@
 
 namespace ndn {
 namespace security {
-
-const name::Component Identity::EMPTY_KEY_ID;
+namespace pib {
 
 Identity::Identity()
   : m_hasDefaultKey(false)
@@ -52,49 +51,45 @@
 const Name&
 Identity::getName() const
 {
-  validityCheck();
-
   return m_name;
 }
 
 Key
-Identity::addKey(const v1::PublicKey& publicKey, const name::Component& keyId)
+Identity::addKey(const uint8_t* key, size_t keyLen, const Name& keyName)
 {
-  validityCheck();
-
-  name::Component actualKeyId = keyId;
-  if (actualKeyId == EMPTY_KEY_ID) {
-    const Block& digest = publicKey.computeDigest();
-    actualKeyId = name::Component(digest.wire(), digest.size());
+  if (m_name != v2::extractIdentityFromKeyName(keyName)) {
+    BOOST_THROW_EXCEPTION(Pib::Error("Key name `" + keyName.toUri() + "` does not match identity "
+                                     "`" + m_name.toUri() + "`"));
   }
 
-  if (!m_needRefreshKeys && m_keys.find(actualKeyId) == m_keys.end()) {
-    // if we have already loaded all the keys, but the new key is not one of them
-    // the KeyContainer should be refreshed
-    m_needRefreshKeys = true;
-  }
+  // if we have already loaded all the keys, but the new key is not one of them the
+  // KeyContainer should be refreshed
+  m_needRefreshKeys = m_needRefreshKeys || m_keys.find(keyName) == m_keys.end();
 
-  return Key(m_name, actualKeyId, publicKey, m_impl);
+  return Key(keyName, key, keyLen, m_impl);
 }
 
 void
-Identity::removeKey(const name::Component& keyId)
+Identity::removeKey(const Name& keyName)
 {
+  if (m_name != v2::extractIdentityFromKeyName(keyName)) {
+    BOOST_THROW_EXCEPTION(Pib::Error("Key name `" + keyName.toUri() + "` does not match identity "
+                                     "`" + m_name.toUri() + "`"));
+  }
+
   validityCheck();
 
-  if (m_hasDefaultKey && m_defaultKey.getKeyId() == keyId)
+  if (m_hasDefaultKey && m_defaultKey.getName() == keyName)
     m_hasDefaultKey = false;
 
-  m_impl->removeKey(m_name, keyId);
+  m_impl->removeKey(keyName);
   m_needRefreshKeys = true;
 }
 
 Key
-Identity::getKey(const name::Component& keyId) const
+Identity::getKey(const Name& keyName) const
 {
-  validityCheck();
-
-  return Key(m_name, keyId, m_impl);
+  return Key(keyName, m_impl);
 }
 
 const KeyContainer&
@@ -111,22 +106,24 @@
 }
 
 Key&
-Identity::setDefaultKey(const name::Component& keyId)
+Identity::setDefaultKey(const Name& keyName)
 {
   validityCheck();
 
-  m_defaultKey = Key(m_name, keyId, m_impl);
+  m_defaultKey = Key(keyName, m_impl);
   m_hasDefaultKey = true;
 
-  m_impl->setDefaultKeyOfIdentity(m_name, keyId);
+  m_impl->setDefaultKeyOfIdentity(m_name, keyName);
   return m_defaultKey;
 }
 
 Key&
-Identity::setDefaultKey(const v1::PublicKey& publicKey, const name::Component& keyId)
+Identity::setDefaultKey(const uint8_t* key, size_t keyLen, const Name& keyName)
 {
-  const Key& keyEntry = addKey(publicKey, keyId);
-  return setDefaultKey(keyEntry.getKeyId());
+  validityCheck();
+
+  addKey(key, keyLen, keyName);
+  return setDefaultKey(keyName);
 }
 
 Key&
@@ -135,7 +132,7 @@
   validityCheck();
 
   if (!m_hasDefaultKey) {
-    m_defaultKey = Key(m_name, m_impl->getDefaultKeyOfIdentity(m_name), m_impl);
+    m_defaultKey = Key(m_impl->getDefaultKeyOfIdentity(m_name), m_impl);
     m_hasDefaultKey = true;
   }
 
@@ -156,9 +153,11 @@
 void
 Identity::validityCheck() const
 {
-  if (m_impl == nullptr)
-    BOOST_THROW_EXCEPTION(std::domain_error("Invalid Identity instance"));
+  if (m_impl == nullptr) {
+    BOOST_THROW_EXCEPTION(std::domain_error("Invalid identity instance"));
+  }
 }
 
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/src/security/pib/identity.hpp b/src/security/pib/identity.hpp
index 3c081ef..0a6ca60 100644
--- a/src/security/pib/identity.hpp
+++ b/src/security/pib/identity.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -26,29 +26,20 @@
 
 namespace ndn {
 namespace security {
-
-class PibImpl;
-class Pib;
-class IdentityContainer;
+namespace pib {
 
 /**
  * @brief represents an identity
  *
- * Identity is at the top level in PIB's Identity-Key-Certificate hierarchy.
- * An identity has a Name, and contains one or more keys, one of which is set
- * as the default key of this identity.  Properties of a key can be accessed
- * after obtaining a Key object.
+ * Identity is at the top level in PIB's Identity-Key-Certificate hierarchy.  An identity has a
+ * Name, and contains zero or more keys, at most one of which is set as the default key of this
+ * identity.  Properties of a key can be accessed after obtaining a Key object.
  *
- * @throw PibImpl::Error when underlying implementation has non-semantic error.
+ * @throw Pib::Error when underlying implementation has non-semantic error.
  */
 class Identity
 {
 public:
-  friend class Pib;
-  friend class IdentityContainer;
-  friend class KeyChain;
-
-public:
   /**
    * @brief Default Constructor
    *
@@ -60,27 +51,35 @@
    *   try {
    *     id = pib.getIdentity(...);
    *   }
-   *   catch (Pib::Error&) {
+   *   catch (const Pib::Error&) {
    *     ...
    *   }
    *
-   * An Identity instance created using the constructor is invalid. Calling a
+   * An Identity instance created using this constructor is invalid. Calling a
    * member method on an invalid Identity instance may cause an std::domain_error.
    */
   Identity();
 
+  /**
+   * @brief Create an Identity with @p identityName.
+   *
+   * @param identityName The name of the Identity.
+   * @param impl The backend implementation.
+   * @param needInit If true, create the identity in backend when the identity does not exist.
+   *                 Otherwise, throw Pib::Error when the identity does not exist.
+   */
+  Identity(const Name& identityName, shared_ptr<PibImpl> impl, bool needInit = false);
+
   /// @brief Get the name of the identity.
   const Name&
   getName() const;
 
   /**
-   * @brief Get a key with id @p keyId.
-   *
-   * @param keyId The id of the key to get.
+   * @brief Get a key with @p keyName.
    * @throw Pib::Error if the key does not exist.
    */
   Key
-  getKey(const name::Component& keyId) const;
+  getKey(const Name& keyName) const;
 
   /// @brief Get all the keys for this Identity.
   const KeyContainer&
@@ -102,65 +101,48 @@
   operator!() const;
 
 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE: // write operations should be private
-
   /**
-   * @brief Add a key.
+   * @brief Add a @p key (in PKCS#8 format) with @p keyName.
    *
    * If the key already exists, do nothing.
    *
    * If no default key is set before, the new key will be set as the default key of the identity.
    *
-   * @param publicKey The public key to add.
-   * @param keyId The key id component of the new key to add.
-   *              By default, the keyId will be set to the hash of the public key bits.
    * @return the added key or existing key with the same key id.
    */
   Key
-  addKey(const v1::PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
+  addKey(const uint8_t* key, size_t keyLen, const Name& keyName);
 
   /**
-   * @brief Remove a key.
-   *
-   * @param keyId The key id component of the key to delete.
+   * @brief Remove a key with @p keyName
    */
   void
-  removeKey(const name::Component& keyId);
+  removeKey(const Name& keyName);
 
   /**
-   * @brief Set the key with id @p keyId as the default key.
+   * @brief Set the key with id @p keyName.
    *
-   * @param keyId The key id component of the default key.
    * @return The default key
    * @throws Pib::Error if the key does not exist.
    */
   Key&
-  setDefaultKey(const name::Component& keyId);
+  setDefaultKey(const Name& keyName);
 
   /**
-   * @brief Set the default key.
+   * @brief Set the default key with @p keyName (in PKCS#8 format).
    *
    * If the key does not exist, add the key and set it as the default of the Identity.
    * If the key exists, simply set it as the default key of the Identity.
    *
-   * @param publicKey The public key to add.
-   * @param keyId The key id component of the default key.
+   * @param key The public key to add.
+   * @param keyLen The length of the key.
    * @return the default key
    */
   Key&
-  setDefaultKey(const v1::PublicKey& publicKey, const name::Component& keyId = EMPTY_KEY_ID);
+  setDefaultKey(const uint8_t* key, size_t keyLen, const Name& keyName);
 
 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
   /**
-   * @brief Create an Identity with @p identityName.
-   *
-   * @param identityName The name of the Identity.
-   * @param impl The backend implementation.
-   * @param needInit If true, create the identity in backend when the identity does not exist.
-   *                 Otherwise, throw Pib::Error when the identity does not exist.
-   */
-  Identity(const Name& identityName, shared_ptr<PibImpl> impl, bool needInit = false);
-
-  /**
    * @brief Check the validity of this instance
    *
    * @throws std::domain_error if the instance is invalid
@@ -168,14 +150,6 @@
   void
   validityCheck() const;
 
-public:
-  /**
-   * @brief The default value of keyId when add a new key.
-   *
-   * An empty keyId implies that the key digest should be used as the actual keyId.
-   */
-  static const name::Component EMPTY_KEY_ID;
-
 private:
   Name m_name;
 
@@ -188,6 +162,10 @@
   shared_ptr<PibImpl> m_impl;
 };
 
+} // namespace pib
+
+using pib::Identity;
+
 } // namespace security
 } // namespace ndn
 
diff --git a/src/security/pib/key-container.cpp b/src/security/pib/key-container.cpp
index ca30ab9..7653955 100644
--- a/src/security/pib/key-container.cpp
+++ b/src/security/pib/key-container.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -24,9 +24,10 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 KeyContainer::const_iterator::const_iterator(const Name& identity,
-                                             std::set<name::Component>::const_iterator it,
+                                             std::set<Name>::const_iterator it,
                                              shared_ptr<PibImpl> impl)
   : m_identity(identity)
   , m_it(it)
@@ -37,7 +38,7 @@
 Key
 KeyContainer::const_iterator::operator*()
 {
-  return Key(m_identity, *m_it, m_impl);
+  return Key(*m_it, m_impl);
 }
 
 KeyContainer::const_iterator&
@@ -71,11 +72,9 @@
 {
 }
 
-KeyContainer::KeyContainer(const Name& identity,
-                           std::set<name::Component>&& keyIds,
-                           shared_ptr<PibImpl> impl)
+KeyContainer::KeyContainer(const Name& identity, std::set<Name>&& keyNames, shared_ptr<PibImpl> impl)
   : m_identity(identity)
-  , m_keyIds(keyIds)
+  , m_keyNames(keyNames)
   , m_impl(impl)
 {
 }
@@ -83,26 +82,27 @@
 KeyContainer::const_iterator
 KeyContainer::begin() const
 {
-  return const_iterator(m_identity, m_keyIds.begin(), m_impl);
+  return const_iterator(m_identity, m_keyNames.begin(), m_impl);
 }
 
 KeyContainer::const_iterator
 KeyContainer::end() const
 {
-  return const_iterator(m_identity, m_keyIds.end(), m_impl);
+  return const_iterator(m_identity, m_keyNames.end(), m_impl);
 }
 
 KeyContainer::const_iterator
-KeyContainer::find(const name::Component& keyId) const
+KeyContainer::find(const Name& keyName) const
 {
-  return const_iterator(m_identity, m_keyIds.find(keyId), m_impl);
+  return const_iterator(m_identity, m_keyNames.find(keyName), m_impl);
 }
 
 size_t
 KeyContainer::size() const
 {
-  return m_keyIds.size();
+  return m_keyNames.size();
 }
 
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/src/security/pib/key-container.hpp b/src/security/pib/key-container.hpp
index 7d88da9..a593132 100644
--- a/src/security/pib/key-container.hpp
+++ b/src/security/pib/key-container.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -27,6 +27,7 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 class PibImpl;
 
@@ -37,9 +38,6 @@
   class const_iterator
   {
   public:
-    friend class KeyContainer;
-
-  public:
     Key
     operator*();
 
@@ -56,14 +54,14 @@
     operator!=(const const_iterator& other);
 
   private:
-    const_iterator(const Name& identity,
-                   std::set<name::Component>::const_iterator it,
-                   shared_ptr<PibImpl> impl);
+    const_iterator(const Name& identity, std::set<Name>::const_iterator it, shared_ptr<PibImpl> impl);
 
   private:
     Name m_identity;
-    std::set<name::Component>::const_iterator m_it;
+    std::set<Name>::const_iterator m_it;
     shared_ptr<PibImpl> m_impl;
+
+    friend class KeyContainer;
   };
 
   typedef const_iterator iterator;
@@ -71,9 +69,7 @@
 public:
   KeyContainer();
 
-  KeyContainer(const Name& identity,
-               std::set<name::Component>&& keyIds,
-               shared_ptr<PibImpl> impl);
+  KeyContainer(const Name& identity, std::set<Name>&& keyNames, shared_ptr<PibImpl> impl);
 
   const_iterator
   begin() const;
@@ -82,17 +78,21 @@
   end() const;
 
   const_iterator
-  find(const name::Component& keyId) const;
+  find(const Name& keyName) const;
 
   size_t
   size() const;
 
 private:
   Name m_identity;
-  std::set<name::Component> m_keyIds;
+  std::set<Name> m_keyNames;
   shared_ptr<PibImpl> m_impl;
 };
 
+} // namespace pib
+
+using pib::KeyContainer;
+
 } // namespace security
 } // namespace ndn
 
diff --git a/src/security/pib/key.cpp b/src/security/pib/key.cpp
index 51f368c..5890a9c 100644
--- a/src/security/pib/key.cpp
+++ b/src/security/pib/key.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,49 +23,52 @@
 #include "pib-impl.hpp"
 #include "pib.hpp"
 #include "../v2/certificate.hpp"
+#include "../transform/public-key.hpp"
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 Key::Key()
-  : m_hasDefaultCertificate(false)
+  : m_keyType(KeyType::NONE)
+  , m_hasDefaultCertificate(false)
   , m_needRefreshCerts(false)
   , m_impl(nullptr)
 {
 }
 
-Key::Key(const Name& identityName, const name::Component& keyId,
-         const v1::PublicKey& publicKey, shared_ptr<PibImpl> impl)
-  : m_id(identityName)
-  , m_keyId(keyId)
-  , m_key(publicKey)
+Key::Key(const Name& keyName, const uint8_t* key, size_t keyLen, shared_ptr<PibImpl> impl)
+  : m_keyName(keyName)
+  , m_key(key, keyLen)
   , m_hasDefaultCertificate(false)
   , m_needRefreshCerts(true)
   , m_impl(impl)
 {
   validityCheck();
 
-  m_keyName = m_id;
-  m_keyName.append(m_keyId);
+  m_identity = v2::extractIdentityFromKeyName(keyName);
+  m_impl->addIdentity(m_identity);
+  m_impl->addKey(m_identity, m_keyName, key, keyLen);
 
-  m_impl->addIdentity(m_id);
-  m_impl->addKey(m_id, m_keyId, publicKey);
+  transform::PublicKey publicKey;
+  publicKey.loadPkcs8(key, keyLen);
+  m_keyType = publicKey.getKeyType();
 }
 
-Key::Key(const Name& identityName, const name::Component& keyId,
-         shared_ptr<PibImpl> impl)
-  : m_id(identityName)
-  , m_keyId(keyId)
+Key::Key(const Name& keyName, shared_ptr<PibImpl> impl)
+  : m_keyName(keyName)
   , m_hasDefaultCertificate(false)
   , m_needRefreshCerts(true)
   , m_impl(impl)
 {
   validityCheck();
 
-  m_keyName = m_id;
-  m_keyName.append(m_keyId);
+  m_identity = v2::extractIdentityFromKeyName(keyName);
+  m_key = m_impl->getKeyBits(m_keyName);
 
-  m_key = m_impl->getKeyBits(m_id, m_keyId);
+  transform::PublicKey key;
+  key.loadPkcs8(m_key.buf(), m_key.size());
+  m_keyType = key.getKeyType();
 }
 
 const Name&
@@ -81,18 +84,10 @@
 {
   validityCheck();
 
-  return m_id;
+  return m_identity;
 }
 
-const name::Component&
-Key::getKeyId() const
-{
-  validityCheck();
-
-  return m_keyId;
-}
-
-const v1::PublicKey&
+const Buffer&
 Key::getPublicKey() const
 {
   validityCheck();
@@ -101,10 +96,13 @@
 }
 
 void
-Key::addCertificate(const v1::IdentityCertificate& certificate)
+Key::addCertificate(const v2::Certificate& certificate)
 {
   validityCheck();
 
+  if (certificate.getKeyName() != m_keyName)
+    BOOST_THROW_EXCEPTION(Pib::Error("Certificate name does not match key name"));
+
   if (!m_needRefreshCerts &&
       m_certificates.find(certificate.getName()) == m_certificates.end()) {
     // if we have already loaded all the certificate, but the new certificate is not one of them
@@ -127,7 +125,7 @@
   m_needRefreshCerts = true;
 }
 
-v1::IdentityCertificate
+v2::Certificate
 Key::getCertificate(const Name& certName) const
 {
   validityCheck();
@@ -141,38 +139,38 @@
   validityCheck();
 
   if (m_needRefreshCerts) {
-    m_certificates = CertificateContainer(m_impl->getCertificatesOfKey(m_id, m_keyId), m_impl);
+    m_certificates = CertificateContainer(m_impl->getCertificatesOfKey(m_keyName), m_impl);
     m_needRefreshCerts = false;
   }
 
   return m_certificates;
 }
 
-const v1::IdentityCertificate&
+const v2::Certificate&
 Key::setDefaultCertificate(const Name& certName)
 {
   validityCheck();
 
+  m_impl->setDefaultCertificateOfKey(m_keyName, certName);
   m_defaultCertificate = m_impl->getCertificate(certName);
-  m_impl->setDefaultCertificateOfKey(m_id, m_keyId, certName);
   m_hasDefaultCertificate = true;
   return m_defaultCertificate;
 }
 
-const v1::IdentityCertificate&
-Key::setDefaultCertificate(const v1::IdentityCertificate& certificate)
+const v2::Certificate&
+Key::setDefaultCertificate(const v2::Certificate& certificate)
 {
   addCertificate(certificate);
   return setDefaultCertificate(certificate.getName());
 }
 
-const v1::IdentityCertificate&
+const v2::Certificate&
 Key::getDefaultCertificate() const
 {
   validityCheck();
 
   if (!m_hasDefaultCertificate) {
-    m_defaultCertificate = m_impl->getDefaultCertificateOfKey(m_id, m_keyId);
+    m_defaultCertificate = m_impl->getDefaultCertificateOfKey(m_keyName);
     m_hasDefaultCertificate = true;
   }
 
@@ -197,6 +195,8 @@
     BOOST_THROW_EXCEPTION(std::domain_error("Invalid Key instance"));
 }
 
+} // namespace pib
+
 namespace v2 {
 
 Name
@@ -209,6 +209,24 @@
   return keyName;
 }
 
+bool
+isValidKeyName(const Name& keyName)
+{
+  return (keyName.size() > Certificate::MIN_KEY_NAME_LENGTH &&
+          keyName.get(-Certificate::MIN_KEY_NAME_LENGTH) == Certificate::KEY_COMPONENT);
+}
+
+Name
+extractIdentityFromKeyName(const Name& keyName)
+{
+  if (!isValidKeyName(keyName)) {
+    BOOST_THROW_EXCEPTION(std::invalid_argument("Key name `" + keyName.toUri() + "` "
+                                                "does not follow the naming conventions"));
+  }
+
+  return keyName.getPrefix(-Certificate::MIN_KEY_NAME_LENGTH); // trim everything after and including "KEY"
+}
+
 } // namespace v2
 
 } // namespace security
diff --git a/src/security/pib/key.hpp b/src/security/pib/key.hpp
index 53a0ba1..d99e427 100644
--- a/src/security/pib/key.hpp
+++ b/src/security/pib/key.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,34 +22,30 @@
 #ifndef NDN_SECURITY_PIB_KEY_HPP
 #define NDN_SECURITY_PIB_KEY_HPP
 
-#include "../v1/identity-certificate.hpp"
+#include "../../data.hpp"
 #include "certificate-container.hpp"
+#include "../security-common.hpp"
 
 namespace ndn {
 namespace security {
 
+class KeyChain;
+
+namespace pib {
+
 class PibImpl;
-class Identity;
-class KeyContainer;
 
 /**
  * @brief represents a key
  *
- * Key is at the second level in PIB's Identity-Key-Certificate hierarchy.
- * An Key has a Name (identity + keyId), and contains one or more certificates,
- * one of which is set as the default certificate of this key.  A certificate
- * can be directly accessed from a Key object.
- *
- * @throw PibImpl::Error when underlying implementation has non-semantic error.
+ * Key is at the second level in PIB's Identity-Key-Certificate hierarchy.  A Key has a Name
+ * (identity + "KEY" + keyId), and contains one or more certificates, one of which is set as
+ * the default certificate of this key.  A certificate can be directly accessed from a Key
+ * object.
  */
 class Key
 {
 public:
-  friend class Identity;
-  friend class KeyContainer;
-  friend class KeyChain;
-
-public:
   /**
    * @brief Default Constructor
    *
@@ -59,18 +55,39 @@
    *
    *   Key key;
    *   try {
-   *     key = Identity.getKey(...);
+   *     key = identity.getKey(...);
    *   }
-   *   catch (Pib::Error&) {
+   *   catch (const Pib::Error&) {
    *     ...
    *   }
    *
-   * A Key instance created using the constructor is invalid. Calling a
+   * A Key instance created using this constructor is invalid. Calling a
    * member method on an invalid Key instance may cause an std::domain_error.
    */
   Key();
 
-  /// @brief Get the name of the key.
+  /**
+   * @brief Create a Key with @p keyName
+   *
+   * If the key/identity does not exist in the backend, create it in backend.
+   *
+   * @param keyName Key name
+   * @param key The public key to add.
+   * @param keyLen The length of the key.
+   * @param impl The actual backend implementation.
+   */
+  Key(const Name& keyName, const uint8_t* key, size_t keyLen, shared_ptr<PibImpl> impl);
+
+  /**
+   * @brief Create a Key with @p keyName
+   *
+   * @param keyName Key name
+   * @param impl The actual backend implementation.
+   * @throws Pib::Error if the key does not exist.
+   */
+  Key(const Name& keyName, shared_ptr<PibImpl> impl);
+
+  /// @brief Get the key name.
   const Name&
   getName() const;
 
@@ -78,12 +95,15 @@
   const Name&
   getIdentity() const;
 
-  /// @brief Get the key id of the key.
-  const name::Component&
-  getKeyId() const;
+  /// @brief Get key type.
+  KeyType
+  getKeyType() const
+  {
+    return m_keyType;
+  }
 
-  /// @brief Get public key
-  const v1::PublicKey&
+  /// @brief Get public key.
+  const Buffer&
   getPublicKey() const;
 
   /**
@@ -92,10 +112,10 @@
    * @return the certificate
    * @throws Pib::Error if the certificate does not exist.
    */
-  v1::IdentityCertificate
+  v2::Certificate
   getCertificate(const Name& certName) const;
 
-  /// @brief Get all the certificates for this key.
+  /// @brief Get all certificates for this key.
   const CertificateContainer&
   getCertificates() const;
 
@@ -104,7 +124,7 @@
    *
    * @throws Pib::Error if the default certificate does not exist.
    */
-  const v1::IdentityCertificate&
+  const v2::Certificate&
   getDefaultCertificate() const;
 
   /// @brief Check if the Key instance is valid
@@ -115,14 +135,13 @@
   operator!() const;
 
 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE: // write operations should be private
-
   /**
    * @brief Add a certificate.
    *
    * @param certificate The certificate to add.
    */
   void
-  addCertificate(const v1::IdentityCertificate& certificate);
+  addCertificate(const v2::Certificate& certificate);
 
   /**
    * @brief Remove a certificate.
@@ -139,7 +158,7 @@
    * @return the default certificate
    * @throws Pib::Error if the certificate does not exist.
    */
-  const v1::IdentityCertificate&
+  const v2::Certificate&
   setDefaultCertificate(const Name& certName);
 
   /**
@@ -151,34 +170,11 @@
    * @param certificate The certificate to add.
    * @return the default certificate
    */
-  const v1::IdentityCertificate&
-  setDefaultCertificate(const v1::IdentityCertificate& certificate);
+  const v2::Certificate&
+  setDefaultCertificate(const v2::Certificate& certificate);
 
 NDN_CXX_PUBLIC_WITH_TESTS_ELSE_PRIVATE:
   /**
-   * @brief Create a Key with @p identityName and @p keyId.
-   *
-   * If the key/identity does not exist in the backend, create it in backend.
-   *
-   * @param identityName The name of the Identity.
-   * @param keyId The key id of the key.
-   * @param publicKey The public key to add.
-   * @param impl The actual backend implementation.
-   */
-  Key(const Name& identityName, const name::Component& keyId,
-      const v1::PublicKey& publicKey, shared_ptr<PibImpl> impl);
-
-  /**
-   * @brief Create an KeyEntry with @p identityName and @p keyId.
-   *
-   * @param identityName The name of the Identity.
-   * @param keyId The key id of the key.
-   * @param impl The actual backend implementation.
-   * @throws Pib::Error if the key does not exist.
-   */
-  Key(const Name& identityName, const name::Component& keyId, shared_ptr<PibImpl> impl);
-
-  /**
    * @brief Check the validity of this instance
    *
    * @throws std::domain_error if the instance is invalid
@@ -187,13 +183,13 @@
   validityCheck() const;
 
 private:
-  Name m_id;
-  name::Component m_keyId;
+  Name m_identity;
   Name m_keyName;
-  v1::PublicKey m_key;
+  Buffer m_key;
+  KeyType m_keyType;
 
   mutable bool m_hasDefaultCertificate;
-  mutable v1::IdentityCertificate m_defaultCertificate;
+  mutable v2::Certificate m_defaultCertificate;
 
   mutable bool m_needRefreshCerts;
   mutable CertificateContainer m_certificates;
@@ -201,6 +197,10 @@
   shared_ptr<PibImpl> m_impl;
 };
 
+} // namespace pib
+
+using pib::Key;
+
 namespace v2 {
 
 /**
@@ -209,6 +209,18 @@
 Name
 constructKeyName(const Name& identity, const name::Component& keyId);
 
+/**
+ * @brief Check if @p keyName follow the naming conventions for the key name
+ */
+bool
+isValidKeyName(const Name& keyName);
+
+/**
+ * @brief Extract identity namespace from the key name @p keyName
+ */
+Name
+extractIdentityFromKeyName(const Name& keyName);
+
 } // namespace v2
 
 } // namespace security
diff --git a/src/security/pib/pib-impl.hpp b/src/security/pib/pib-impl.hpp
index 7aa47a2..6f233f1 100644
--- a/src/security/pib/pib-impl.hpp
+++ b/src/security/pib/pib-impl.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -23,10 +23,11 @@
 #define NDN_SECURITY_PIB_PIB_IMPL_HPP
 
 #include <set>
-#include "../v1/identity-certificate.hpp"
+#include "../v2/certificate.hpp"
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 /**
  * @brief Abstract class of PIB implementation
@@ -34,7 +35,7 @@
  * This class defines the interface that an actual PIB (e.g., one based on sqlite3)
  * implementation should provide.
  */
-class PibImpl
+class PibImpl : noncopyable
 {
 public:
   /**
@@ -54,14 +55,10 @@
   };
 
 public:
-
   virtual
-  ~PibImpl()
-  {
-  }
+  ~PibImpl() = default;
 
 public: // TpmLocator management
-
   /**
    * @brief Set the corresponding TPM information to @p tpmLocator.
    *
@@ -80,7 +77,6 @@
   getTpmLocator() const = 0;
 
 public: // Identity management
-
   /**
    * @brief Check the existence of an identity.
    *
@@ -137,16 +133,13 @@
   getDefaultIdentity() const = 0;
 
 public: // Key management
-
   /**
-   * @brief Check the existence of a key.
+   * @brief Check the existence of a key with @p keyName.
    *
-   * @param identity The name of the belonged identity.
-   * @param keyId The key id component.
    * @return true if the key exists, otherwise false. Return false if the identity does not exist
    */
   virtual bool
-  hasKey(const Name& identity, const name::Component& keyId) const = 0;
+  hasKey(const Name& keyName) const = 0;
 
   /**
    * @brief Add a key.
@@ -157,67 +150,59 @@
    * key of the identity.
    *
    * @param identity The name of the belonged identity.
-   * @param keyId The key id component.
-   * @param publicKey The public key bits.
+   * @param keyName The key name.
+   * @param key The public key bits.
+   * @param keyLen The length of the public key.
    */
   virtual void
-  addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) = 0;
+  addKey(const Name& identity, const Name& keyName, const uint8_t* key, size_t keyLen) = 0;
 
   /**
-   * @brief Remove a key.
+   * @brief Remove a key with @p keyName
    *
    * If the key does not exist, do nothing.
    * Remove related certificates as well.
-   *
-   * @param identity The name of the belonged identity.
-   * @param keyId The key id component.
    */
   virtual void
-  removeKey(const Name& identity, const name::Component& keyId) = 0;
+  removeKey(const Name& keyName) = 0;
 
   /**
-   * @brief Get the key bits of a key.
+   * @brief Get the key bits of a key with name @p keyName.
    *
-   * @param identity The name of the belonged identity.
-   * @param keyId The key id component.
    * @return key bits
    * @throws Pib::Error if the key does not exist.
    */
-  virtual v1::PublicKey
-  getKeyBits(const Name& identity, const name::Component& keyId) const = 0;
+  virtual Buffer
+  getKeyBits(const Name& keyName) const = 0;
 
   /**
-   * @brief Get all the key ids of an identity with name @p identity
+   * @brief Get all the key names of an identity with name @p identity
    *
-   * The returned key ids can be used to create a KeyContainer.
-   * With key id, identity name, backend implementation, one can create a Key frontend instance.
+   * The returned key names can be used to create a KeyContainer.
+   * With key name, identity name, backend implementation, one can create a Key frontend instance.
    *
-   * @return the key id name component set. If the identity does not exist, return an empty set.
+   * @return the key name component set. If the identity does not exist, return an empty set.
    */
-  virtual std::set<name::Component>
+  virtual std::set<Name>
   getKeysOfIdentity(const Name& identity) const = 0;
 
   /**
-   * @brief Set an key with id @p keyId as the default key of an identity with name @p identity.
+   * @brief Set an key with @p keyName as the default key of an identity with name @p identity.
    *
-   * @param identity The name of the belonged identity.
-   * @param keyId The key id component.
    * @throws Pib::Error if the key does not exist.
    */
   virtual void
-  setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId) = 0;
+  setDefaultKeyOfIdentity(const Name& identity, const Name& keyName) = 0;
 
   /**
-   * @brief Get the id of the default key of an identity with name @p identity.
+   * @return The name of the default key of an identity with name @p identity.
    *
-   * @param identity The name of the belonged identity.
    * @throws Pib::Error if no default key or the identity does not exist.
    */
-  virtual name::Component
+  virtual Name
   getDefaultKeyOfIdentity(const Name& identity) const = 0;
 
 public: // Certificate Management
-
   /**
    * @brief Check the existence of a certificate with name @p certName.
    *
@@ -238,7 +223,7 @@
    * @param certificate The certificate to add.
    */
   virtual void
-  addCertificate(const v1::IdentityCertificate& certificate) = 0;
+  addCertificate(const v2::Certificate& certificate) = 0;
 
   /**
    * @brief Remove a certificate with name @p certName.
@@ -257,47 +242,38 @@
    * @return the certificate.
    * @throws Pib::Error if the certificate does not exist.
    */
-  virtual v1::IdentityCertificate
+  virtual v2::Certificate
   getCertificate(const Name& certName) const = 0;
 
   /**
-   * @brief Get a list of certificate names of a key with id @p keyId of @p identity.
+   * @brief Get a list of certificate names of a key with id @p keyName.
    *
    * The returned certificate names can be used to create a CertificateContainer.
    * With certificate name and backend implementation, one can obtain the certificate directly.
    *
-   * @param identity The name of the belonging identity.
-   * @param keyId The key id.
    * @return The certificate name set. If the key does not exist, return an empty set.
    */
   virtual std::set<Name>
-  getCertificatesOfKey(const Name& identity, const name::Component& keyId) const = 0;
+  getCertificatesOfKey(const Name& keyName) const = 0;
 
   /**
-   * @brief Set a cert with name @p certName as the default of a key with id @p keyId of @p identity.
+   * @brief Set a cert with name @p certName as the default of a key with @p keyName.
    *
-   * @param identity The name of the belonging identity.
-   * @param keyId The key id.
-   * @param certName The name of the certificate.
    * @throws Pib::Error if the certificate with name @p certName does not exist.
    */
   virtual void
-  setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId,
-                             const Name& certName) = 0;
+  setDefaultCertificateOfKey(const Name& keyName, const Name& certName) = 0;
 
   /**
-   * @brief Get the default certificate of a key with id @p keyId of @p identity.
+   * @return Get the default certificate of a key with @p keyName.
    *
-   * @param identity The name of the belonging identity.
-   * @param keyId The key id.
-   * @return a pointer to the certificate, null if no default certificate for the key.
    * @throws Pib::Error if the default certificate does not exist.
    */
-  virtual v1::IdentityCertificate
-  getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const = 0;
-
+  virtual v2::Certificate
+  getDefaultCertificateOfKey(const Name& keyName) const = 0;
 };
 
+} // namespace pib
 } // namespace security
 } // namespace ndn
 
diff --git a/src/security/pib/pib-memory.cpp b/src/security/pib/pib-memory.cpp
index c472863..719d0c4 100644
--- a/src/security/pib/pib-memory.cpp
+++ b/src/security/pib/pib-memory.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -21,9 +21,11 @@
 
 #include "pib-memory.hpp"
 #include "pib.hpp"
+#include "../security-common.hpp"
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 PibMemory::PibMemory()
   : m_hasDefaultIdentity(false)
@@ -33,6 +35,7 @@
 void
 PibMemory::setTpmLocator(const std::string& tpmLocator)
 {
+  // The locator of PibMemory is always 'tpm-memory:'
   BOOST_THROW_EXCEPTION(Error("PibMemory does not need a locator"));
 }
 
@@ -66,9 +69,9 @@
   if (identity == m_defaultIdentity)
     m_hasDefaultIdentity = false;
 
-  auto keyIds = this->getKeysOfIdentity(identity);
-  for (const name::Component& keyId : keyIds) {
-    this->removeKey(identity, keyId);
+  auto keyNames = this->getKeysOfIdentity(identity);
+  for (const Name& keyName : keyNames) {
+    this->removeKey(keyName);
   }
 }
 
@@ -96,85 +99,75 @@
 }
 
 bool
-PibMemory::hasKey(const Name& identity, const name::Component& keyId) const
+PibMemory::hasKey(const Name& keyName) const
 {
-  return (m_keys.count(getKeyName(identity, keyId)) > 0);
+  return (m_keys.count(keyName) > 0);
 }
 
 void
-PibMemory::addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey)
+PibMemory::addKey(const Name& identity, const Name& keyName,
+                  const uint8_t* key, size_t keyLen)
 {
   this->addIdentity(identity);
 
-  Name keyName = getKeyName(identity, keyId);
-  m_keys[keyName] = publicKey;
+  m_keys[keyName] = Buffer(key, keyLen);
 
   if (m_defaultKey.find(identity) == m_defaultKey.end())
     m_defaultKey[identity] = keyName;
 }
 
 void
-PibMemory::removeKey(const Name& identity, const name::Component& keyId)
+PibMemory::removeKey(const Name& keyName)
 {
-  Name keyName = getKeyName(identity, keyId);
+  Name identity = v2::extractIdentityFromKeyName(keyName);
+
   m_keys.erase(keyName);
   m_defaultKey.erase(identity);
 
-
-  auto certNames = this->getCertificatesOfKey(identity, keyId);
+  auto certNames = this->getCertificatesOfKey(keyName);
   for (const auto& certName : certNames) {
     this->removeCertificate(certName);
   }
 }
 
-v1::PublicKey
-PibMemory::getKeyBits(const Name& identity, const name::Component& keyId) const
+Buffer
+PibMemory::getKeyBits(const Name& keyName) const
 {
-  if (!hasKey(identity, keyId))
-    BOOST_THROW_EXCEPTION(Pib::Error("No key"));
+  if (!hasKey(keyName))
+    BOOST_THROW_EXCEPTION(Pib::Error("Key `" + keyName.toUri() + "` not found"));
 
-  auto it = m_keys.find(getKeyName(identity, keyId));
+  auto it = m_keys.find(keyName);
   return it->second;
 }
 
-std::set<name::Component>
+std::set<Name>
 PibMemory::getKeysOfIdentity(const Name& identity) const
 {
-  std::set<name::Component> ids;
+  std::set<Name> ids;
   for (const auto& it : m_keys) {
-    if (identity == it.first.getPrefix(-1))
-      ids.insert(it.first.get(-1));
+    if (identity == v2::extractIdentityFromKeyName(it.first))
+      ids.insert(it.first);
   }
   return ids;
 }
 
 void
-PibMemory::setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId)
+PibMemory::setDefaultKeyOfIdentity(const Name& identity, const Name& keyName)
 {
-  Name keyName = getKeyName(identity, keyId);
-
-  if (!hasKey(identity, keyId))
-    BOOST_THROW_EXCEPTION(Pib::Error("No key"));
+  if (!hasKey(keyName))
+    BOOST_THROW_EXCEPTION(Pib::Error("Key `" + keyName.toUri() + "` not found"));
 
   m_defaultKey[identity] = keyName;
 }
 
-name::Component
+Name
 PibMemory::getDefaultKeyOfIdentity(const Name& identity) const
 {
   auto it = m_defaultKey.find(identity);
   if (it == m_defaultKey.end())
-    BOOST_THROW_EXCEPTION(Pib::Error("No default key"));
+    BOOST_THROW_EXCEPTION(Pib::Error("No default key for identity `" + identity.toUri() + "`"));
 
-  return it->second.get(-1);
-}
-
-Name
-PibMemory::getKeyName(const Name& identity, const name::Component& keyId) const
-{
-  Name keyName = identity;
-  keyName.append(keyId);
-  return keyName;
+  return it->second;
 }
 
 bool
@@ -184,74 +177,70 @@
 }
 
 void
-PibMemory::addCertificate(const v1::IdentityCertificate& certificate)
+PibMemory::addCertificate(const v2::Certificate& certificate)
 {
-  this->addKey(certificate.getPublicKeyName().getPrefix(-1),
-               certificate.getPublicKeyName().get(-1),
-               certificate.getPublicKeyInfo());
+  Name certName = certificate.getName();
+  Name keyName = certificate.getKeyName();
+  Name identity = certificate.getIdentity();
 
-  m_certs[certificate.getName()] = certificate;
+  this->addKey(identity, keyName, certificate.getContent().value(), certificate.getContent().value_size());
 
-  const Name& keyName = certificate.getPublicKeyName();
+  m_certs[certName] = certificate;
   if (m_defaultCert.find(keyName) == m_defaultCert.end())
-    m_defaultCert[keyName] = certificate.getName();
+    m_defaultCert[keyName] = certName;
 }
 
 void
 PibMemory::removeCertificate(const Name& certName)
 {
   m_certs.erase(certName);
-  m_defaultCert.erase(v1::IdentityCertificate::certificateNameToPublicKeyName(certName));
+  m_defaultCert.erase(v2::extractKeyNameFromCertName(certName));
 }
 
-v1::IdentityCertificate
+v2::Certificate
 PibMemory::getCertificate(const Name& certName) const
 {
   if (!hasCertificate(certName))
-    BOOST_THROW_EXCEPTION(Pib::Error("No cert"));
+    BOOST_THROW_EXCEPTION(Pib::Error("Certificate `" + certName.toUri() +  "` does not exist"));
 
   auto it = m_certs.find(certName);
   return it->second;
 }
 
 std::set<Name>
-PibMemory::getCertificatesOfKey(const Name& identity, const name::Component& keyId) const
+PibMemory::getCertificatesOfKey(const Name& keyName) const
 {
-  Name keyName = getKeyName(identity, keyId);
-
   std::set<Name> certNames;
   for (const auto& it : m_certs) {
-    if (it.second.getPublicKeyName() == keyName)
+    if (v2::extractKeyNameFromCertName(it.second.getName()) == keyName)
       certNames.insert(it.first);
   }
   return certNames;
 }
 
 void
-PibMemory::setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId, const Name& certName)
+PibMemory::setDefaultCertificateOfKey(const Name& keyName, const Name& certName)
 {
   if (!hasCertificate(certName))
-    BOOST_THROW_EXCEPTION(Pib::Error("No cert"));
+    BOOST_THROW_EXCEPTION(Pib::Error("Certificate `" + certName.toUri() +  "` does not exist"));
 
-  Name keyName = getKeyName(identity, keyId);
   m_defaultCert[keyName] = certName;
 }
 
-v1::IdentityCertificate
-PibMemory::getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const
+v2::Certificate
+PibMemory::getDefaultCertificateOfKey(const Name& keyName) const
 {
-  Name keyName = getKeyName(identity, keyId);
-
   auto it = m_defaultCert.find(keyName);
   if (it == m_defaultCert.end())
-    BOOST_THROW_EXCEPTION(Pib::Error("No default certificate"));
+    BOOST_THROW_EXCEPTION(Pib::Error("No default certificate for key `" + keyName.toUri() + "`"));
 
   auto certIt = m_certs.find(it->second);
   if (certIt == m_certs.end())
-    BOOST_THROW_EXCEPTION(Pib::Error("No default certificate"));
+    BOOST_THROW_EXCEPTION(Pib::Error("No default certificate for key `" + keyName.toUri() + "`"));
   else
     return certIt->second;
 }
 
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/src/security/pib/pib-memory.hpp b/src/security/pib/pib-memory.hpp
index 0cfe7c1..8bacf5c 100644
--- a/src/security/pib/pib-memory.hpp
+++ b/src/security/pib/pib-memory.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -26,6 +26,7 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 /**
  * @brief An in-memory implementation of Pib
@@ -80,73 +81,68 @@
 public: // Key management
 
   bool
-  hasKey(const Name& identity, const name::Component& keyId) const override;
+  hasKey(const Name& keyName) const override;
 
   void
-  addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) override;
+  addKey(const Name& identity, const Name& keyName, const uint8_t* key, size_t keyLen) override;
 
   void
-  removeKey(const Name& identity, const name::Component& keyId) override;
+  removeKey(const Name& keyName) override;
 
-  v1::PublicKey
-  getKeyBits(const Name& identity, const name::Component& keyId) const override;
+  Buffer
+  getKeyBits(const Name& keyName) const override;
 
-  std::set<name::Component>
+  std::set<Name>
   getKeysOfIdentity(const Name& identity) const override;
 
   void
-  setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId) override;
+  setDefaultKeyOfIdentity(const Name& identity, const Name& keyName) override;
 
-  name::Component
+  Name
   getDefaultKeyOfIdentity(const Name& identity) const override;
 
 public: // Certificate management
-
   bool
   hasCertificate(const Name& certName) const override;
 
   void
-  addCertificate(const v1::IdentityCertificate& certificate) override;
+  addCertificate(const v2::Certificate& certificate) override;
 
   void
   removeCertificate(const Name& certName) override;
 
-  v1::IdentityCertificate
+  v2::Certificate
   getCertificate(const Name& certName) const override;
 
   std::set<Name>
-  getCertificatesOfKey(const Name& identity, const name::Component& keyId) const override;
+  getCertificatesOfKey(const Name& keyName) const override;
 
   void
-  setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId, const Name& certName) override;
+  setDefaultCertificateOfKey(const Name& keyName, const Name& certName) override;
 
-  v1::IdentityCertificate
-  getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const override;
-
-private: // Key management
-
-  Name
-  getKeyName(const Name& identity, const name::Component& keyId) const;
+  v2::Certificate
+  getDefaultCertificateOfKey(const Name& keyName) const override;
 
 private:
-
-  std::set<Name> m_identities;
   bool m_hasDefaultIdentity;
   Name m_defaultIdentity;
 
-  /// @brief keyName => keyBits
-  std::map<Name, v1::PublicKey> m_keys;
+  std::set<Name> m_identities;
 
   /// @brief identity => default key Name
   std::map<Name, Name> m_defaultKey;
 
-  /// @brief certificate Name => certificate
-  std::map<Name, v1::IdentityCertificate> m_certs;
+  /// @brief keyName => keyBits
+  std::map<Name, Buffer> m_keys;
 
   /// @brief keyName => default certificate Name
   std::map<Name, Name> m_defaultCert;
+
+  /// @brief certificate Name => certificate
+  std::map<Name, v2::Certificate> m_certs;
 };
 
+} // namespace pib
 } // namespace security
 } // namespace ndn
 
diff --git a/src/security/pib/pib-sqlite3.cpp b/src/security/pib/pib-sqlite3.cpp
index dc21610..829a509 100644
--- a/src/security/pib/pib-sqlite3.cpp
+++ b/src/security/pib/pib-sqlite3.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -20,10 +20,9 @@
  */
 
 #include "pib-sqlite3.hpp"
-
-#include "common.hpp"
 #include "pib.hpp"
-#include "util/sqlite3-statement.hpp"
+#include "../security-common.hpp"
+#include "../../util/sqlite3-statement.hpp"
 
 #include <sqlite3.h>
 #include <boost/filesystem.hpp>
@@ -31,6 +30,7 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 using std::string;
 using util::Sqlite3Statement;
@@ -100,7 +100,6 @@
   "    id                    INTEGER PRIMARY KEY,\n"
   "    identity_id           INTEGER NOT NULL,   \n"
   "    key_name              BLOB NOT NULL,      \n"
-  "    key_type              INTEGER NOT NULL,   \n"
   "    key_bits              BLOB NOT NULL,      \n"
   "    is_default            INTEGER DEFAULT 0,  \n"
   "    FOREIGN KEY(identity_id)                  \n"
@@ -203,39 +202,28 @@
   "      WHERE key_id=NEW.key_id;                \n"
   "  END;                                        \n";
 
-static Name
-getKeyName(const Name& identity, const name::Component& keyId)
-{
-  Name keyName = identity;
-  keyName.append(keyId);
-  return keyName;
-}
-
 PibSqlite3::PibSqlite3(const string& dir)
 {
   // Determine the path of PIB DB
-  boost::filesystem::path actualDir;
-  if (dir == "") {
+  boost::filesystem::path dbDir;
+  if (!dir.empty()) {
+    dbDir = boost::filesystem::path(dir);
+  }
 #ifdef NDN_CXX_HAVE_TESTS
-    if (getenv("TEST_HOME") != nullptr) {
-      actualDir = boost::filesystem::path(getenv("TEST_HOME")) / ".ndn";
-    }
-    else
+  else if (getenv("TEST_HOME") != nullptr) {
+    dbDir = boost::filesystem::path(getenv("TEST_HOME")) / ".ndn";
+  }
 #endif // NDN_CXX_HAVE_TESTS
-    if (getenv("HOME") != nullptr) {
-      actualDir = boost::filesystem::path(getenv("HOME")) / ".ndn";
-    }
-    else {
-      actualDir = boost::filesystem::path(".") / ".ndn";
-    }
+  else if (getenv("HOME") != nullptr) {
+    dbDir = boost::filesystem::path(getenv("HOME")) / ".ndn";
   }
   else {
-    actualDir = boost::filesystem::path(dir);
+    dbDir = boost::filesystem::current_path() / ".ndn";
   }
-  boost::filesystem::create_directories(actualDir);
+  boost::filesystem::create_directories(dbDir);
 
   // Open PIB
-  int result = sqlite3_open_v2((actualDir / "pib.db").c_str(), &m_database,
+  int result = sqlite3_open_v2((dbDir / "pib.db").c_str(), &m_database,
                                SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
 #ifdef NDN_CXX_DISABLE_SQLITE3_FS_LOCKING
                                "unix-dotfile"
@@ -244,9 +232,9 @@
 #endif
                                );
 
-  if (result != SQLITE_OK)
-    BOOST_THROW_EXCEPTION(PibImpl::Error("PIB DB cannot be opened/created: " + dir));
-
+  if (result != SQLITE_OK) {
+    BOOST_THROW_EXCEPTION(PibImpl::Error("PIB database cannot be opened/created in " + dir));
+  }
 
   // enable foreign key
   sqlite3_exec(m_database, "PRAGMA foreign_keys=ON", nullptr, nullptr, nullptr);
@@ -272,8 +260,8 @@
   statement.bind(1, tpmLocator, SQLITE_TRANSIENT);
   statement.step();
 
-  // no row is updated, tpm_locator does not exist, insert it directly
-  if (0 == sqlite3_changes(m_database)) {
+  if (sqlite3_changes(m_database) == 0) {
+    // no row is updated, tpm_locator does not exist, insert it directly
     Sqlite3Statement insertStatement(m_database, "INSERT INTO tpmInfo (tpm_locator) values (?)");
     insertStatement.bind(1, tpmLocator, SQLITE_TRANSIENT);
     insertStatement.step();
@@ -349,10 +337,8 @@
 }
 
 bool
-PibSqlite3::hasKey(const Name& identity, const name::Component& keyId) const
+PibSqlite3::hasKey(const Name& keyName) const
 {
-  Name keyName = getKeyName(identity, keyId);
-
   Sqlite3Statement statement(m_database, "SELECT id FROM keys WHERE key_name=?");
   statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
 
@@ -360,56 +346,49 @@
 }
 
 void
-PibSqlite3::addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey)
+PibSqlite3::addKey(const Name& identity, const Name& keyName,
+                   const uint8_t* key, size_t keyLen)
 {
-  if (hasKey(identity, keyId)) {
+  if (hasKey(keyName)) {
     return;
   }
 
   // ensure identity exists
   addIdentity(identity);
 
-  // add key
-  Name keyName = getKeyName(identity, keyId);
-
   Sqlite3Statement statement(m_database,
-                             "INSERT INTO keys (identity_id, key_name, key_type, key_bits) "
-                             "VALUES ((SELECT id FROM identities WHERE identity=?), ?, ?, ?)");
+                             "INSERT INTO keys (identity_id, key_name, key_bits) "
+                             "VALUES ((SELECT id FROM identities WHERE identity=?), ?, ?)");
   statement.bind(1, identity.wireEncode(), SQLITE_TRANSIENT);
   statement.bind(2, keyName.wireEncode(), SQLITE_TRANSIENT);
-  statement.bind(3, static_cast<int>(publicKey.getKeyType()));
-  statement.bind(4, publicKey.get().buf(), publicKey.get().size(), SQLITE_STATIC);
+  statement.bind(3, key, keyLen, SQLITE_STATIC);
   statement.step();
 }
 
 void
-PibSqlite3::removeKey(const Name& identity, const name::Component& keyId)
+PibSqlite3::removeKey(const Name& keyName)
 {
-  Name keyName = getKeyName(identity, keyId);
-
   Sqlite3Statement statement(m_database, "DELETE FROM keys WHERE key_name=?");
   statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
   statement.step();
 }
 
-v1::PublicKey
-PibSqlite3::getKeyBits(const Name& identity, const name::Component& keyId) const
+Buffer
+PibSqlite3::getKeyBits(const Name& keyName) const
 {
-  Name keyName = getKeyName(identity, keyId);
-
   Sqlite3Statement statement(m_database, "SELECT key_bits FROM keys WHERE key_name=?");
   statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
 
   if (statement.step() == SQLITE_ROW)
-    return v1::PublicKey(statement.getBlob(0), statement.getSize(0));
+    return Buffer(statement.getBlob(0), statement.getSize(0));
   else
-    BOOST_THROW_EXCEPTION(Pib::Error("Key does not exist"));
+    BOOST_THROW_EXCEPTION(Pib::Error("Key `" + keyName.toUri() + "` does not exist"));
 }
 
-std::set<name::Component>
+std::set<Name>
 PibSqlite3::getKeysOfIdentity(const Name& identity) const
 {
-  std::set<name::Component> keyNames;
+  std::set<Name> keyNames;
 
   Sqlite3Statement statement(m_database,
                              "SELECT key_name "
@@ -418,20 +397,17 @@
   statement.bind(1, identity.wireEncode(), SQLITE_TRANSIENT);
 
   while (statement.step() == SQLITE_ROW) {
-    Name keyName(statement.getBlock(0));
-    keyNames.insert(keyName.get(-1));
+    keyNames.insert(Name(statement.getBlock(0)));
   }
 
   return keyNames;
 }
 
 void
-PibSqlite3::setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId)
+PibSqlite3::setDefaultKeyOfIdentity(const Name& identity, const Name& keyName)
 {
-  Name keyName = getKeyName(identity, keyId);
-
-  if (!hasKey(identity, keyId)) {
-    BOOST_THROW_EXCEPTION(Pib::Error("No such key"));
+  if (!hasKey(keyName)) {
+    BOOST_THROW_EXCEPTION(Pib::Error("Key `" + keyName.toUri() + "` does not exist"));
   }
 
   Sqlite3Statement statement(m_database, "UPDATE keys SET is_default=1 WHERE key_name=?");
@@ -439,11 +415,11 @@
   statement.step();
 }
 
-name::Component
+Name
 PibSqlite3::getDefaultKeyOfIdentity(const Name& identity) const
 {
   if (!hasIdentity(identity)) {
-    BOOST_THROW_EXCEPTION(Pib::Error("Identity does not exist"));
+    BOOST_THROW_EXCEPTION(Pib::Error("Identity `" + identity.toUri() + "` does not exist"));
   }
 
   Sqlite3Statement statement(m_database,
@@ -453,11 +429,10 @@
   statement.bind(1, identity.wireEncode(), SQLITE_TRANSIENT);
 
   if (statement.step() == SQLITE_ROW) {
-    Name keyName(statement.getBlock(0));
-    return keyName.get(-1);
+    return Name(statement.getBlock(0));
   }
   else
-    BOOST_THROW_EXCEPTION(Pib::Error("No default key"));
+    BOOST_THROW_EXCEPTION(Pib::Error("No default key for identity `" + identity.toUri() + "`"));
 }
 
 bool
@@ -469,23 +444,18 @@
 }
 
 void
-PibSqlite3::addCertificate(const v1::IdentityCertificate& certificate)
+PibSqlite3::addCertificate(const v2::Certificate& certificate)
 {
-  const Name& certName = certificate.getName();
-  const Name& keyName = certificate.getPublicKeyName();
-
-  name::Component keyId = keyName.get(-1);
-  Name identityName = keyName.getPrefix(-1);
-
   // ensure key exists
-  addKey(identityName, keyId, certificate.getPublicKeyInfo());
+  const Block& content = certificate.getContent();
+  addKey(certificate.getIdentity(), certificate.getKeyName(), content.value(), content.value_size());
 
   Sqlite3Statement statement(m_database,
                              "INSERT INTO certificates "
                              "(key_id, certificate_name, certificate_data) "
                              "VALUES ((SELECT id FROM keys WHERE key_name=?), ?, ?)");
-  statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
-  statement.bind(2, certName.wireEncode(), SQLITE_TRANSIENT);
+  statement.bind(1, certificate.getKeyName().wireEncode(), SQLITE_TRANSIENT);
+  statement.bind(2, certificate.getName().wireEncode(), SQLITE_TRANSIENT);
   statement.bind(3, certificate.wireEncode(), SQLITE_STATIC);
   statement.step();
 }
@@ -498,7 +468,7 @@
   statement.step();
 }
 
-v1::IdentityCertificate
+v2::Certificate
 PibSqlite3::getCertificate(const Name& certName) const
 {
   Sqlite3Statement statement(m_database,
@@ -506,18 +476,16 @@
   statement.bind(1, certName.wireEncode(), SQLITE_TRANSIENT);
 
   if (statement.step() == SQLITE_ROW)
-    return v1::IdentityCertificate(statement.getBlock(0));
+    return v2::Certificate(statement.getBlock(0));
   else
-    BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exit"));
+    BOOST_THROW_EXCEPTION(Pib::Error("Certificate `" + certName.toUri() + "` does not exit"));
 }
 
 std::set<Name>
-PibSqlite3::getCertificatesOfKey(const Name& identity, const name::Component& keyId) const
+PibSqlite3::getCertificatesOfKey(const Name& keyName) const
 {
   std::set<Name> certNames;
 
-  Name keyName = getKeyName(identity, keyId);
-
   Sqlite3Statement statement(m_database,
                              "SELECT certificate_name "
                              "FROM certificates JOIN keys ON certificates.key_id=keys.id "
@@ -531,11 +499,10 @@
 }
 
 void
-PibSqlite3::setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId,
-                                       const Name& certName)
+PibSqlite3::setDefaultCertificateOfKey(const Name& keyName, const Name& certName)
 {
   if (!hasCertificate(certName)) {
-    BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exist"));
+    BOOST_THROW_EXCEPTION(Pib::Error("Certificate `" + certName.toUri() + "` does not exist"));
   }
 
   Sqlite3Statement statement(m_database,
@@ -544,11 +511,9 @@
   statement.step();
 }
 
-v1::IdentityCertificate
-PibSqlite3::getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const
+v2::Certificate
+PibSqlite3::getDefaultCertificateOfKey(const Name& keyName) const
 {
-  Name keyName = getKeyName(identity, keyId);
-
   Sqlite3Statement statement(m_database,
                              "SELECT certificate_data "
                              "FROM certificates JOIN keys ON certificates.key_id=keys.id "
@@ -556,10 +521,11 @@
   statement.bind(1, keyName.wireEncode(), SQLITE_TRANSIENT);
 
   if (statement.step() == SQLITE_ROW)
-    return v1::IdentityCertificate(statement.getBlock(0));
+    return v2::Certificate(statement.getBlock(0));
   else
-    BOOST_THROW_EXCEPTION(Pib::Error("Certificate does not exit"));
+    BOOST_THROW_EXCEPTION(Pib::Error("No default certificate for key `" + keyName.toUri() + "`"));
 }
 
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/src/security/pib/pib-sqlite3.hpp b/src/security/pib/pib-sqlite3.hpp
index 7e4b2c5..bd5819a 100644
--- a/src/security/pib/pib-sqlite3.hpp
+++ b/src/security/pib/pib-sqlite3.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,6 +28,7 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 /**
  * @brief Pib backend implementation based on SQLite3 database
@@ -87,56 +88,55 @@
   getDefaultIdentity() const final;
 
 public: // Key management
-
   bool
-  hasKey(const Name& identity, const name::Component& keyId) const final;
+  hasKey(const Name& keyName) const final;
 
   void
-  addKey(const Name& identity, const name::Component& keyId, const v1::PublicKey& publicKey) final;
+  addKey(const Name& identity, const Name& keyName,
+         const uint8_t* key, size_t keyLen) final;
 
   void
-  removeKey(const Name& identity, const name::Component& keyId) final;
+  removeKey(const Name& keyName) final;
 
-  v1::PublicKey
-  getKeyBits(const Name& identity, const name::Component& keyId) const final;
+  Buffer
+  getKeyBits(const Name& keyName) const final;
 
-  std::set<name::Component>
+  std::set<Name>
   getKeysOfIdentity(const Name& identity) const final;
 
   void
-  setDefaultKeyOfIdentity(const Name& identity, const name::Component& keyId) final;
+  setDefaultKeyOfIdentity(const Name& identity, const Name& keyName) final;
 
-  name::Component
+  Name
   getDefaultKeyOfIdentity(const Name& identity) const final;
 
 public: // Certificate Management
-
   bool
   hasCertificate(const Name& certName) const final;
 
   void
-  addCertificate(const v1::IdentityCertificate& certificate) final;
+  addCertificate(const v2::Certificate& certificate) final;
 
   void
   removeCertificate(const Name& certName) final;
 
-  v1::IdentityCertificate
+  v2::Certificate
   getCertificate(const Name& certName) const final;
 
   std::set<Name>
-  getCertificatesOfKey(const Name& identity, const name::Component& keyId) const final;
+  getCertificatesOfKey(const Name& keyName) const final;
 
   void
-  setDefaultCertificateOfKey(const Name& identity, const name::Component& keyId,
-                             const Name& certName) final;
+  setDefaultCertificateOfKey(const Name& keyName, const Name& certName) final;
 
-  v1::IdentityCertificate
-  getDefaultCertificateOfKey(const Name& identity, const name::Component& keyId) const final;
+  v2::Certificate
+  getDefaultCertificateOfKey(const Name& keyName) const final;
 
 private:
   sqlite3* m_database;
 };
 
+} // namespace pib
 } // namespace security
 } // namespace ndn
 
diff --git a/src/security/pib/pib.cpp b/src/security/pib/pib.cpp
index 511c96a..73f53d0 100644
--- a/src/security/pib/pib.cpp
+++ b/src/security/pib/pib.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -24,6 +24,7 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 
 Pib::Pib(const std::string scheme, const std::string& location, shared_ptr<PibImpl> impl)
   : m_scheme(scheme)
@@ -115,6 +116,6 @@
   return m_defaultIdentity;
 }
 
-
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/src/security/pib/pib.hpp b/src/security/pib/pib.hpp
index 5c5a11c..8f68f1f 100644
--- a/src/security/pib/pib.hpp
+++ b/src/security/pib/pib.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,6 +28,9 @@
 namespace security {
 
 class KeyChain;
+
+namespace pib {
+
 class PibImpl;
 
 /**
@@ -181,6 +184,10 @@
   shared_ptr<PibImpl> m_impl;
 };
 
+} // namespace pib
+
+using pib::Pib;
+
 } // namespace security
 } // namespace ndn
 
diff --git a/src/security/security-common.hpp b/src/security/security-common.hpp
index ef9a42b..7fec50b 100644
--- a/src/security/security-common.hpp
+++ b/src/security/security-common.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -19,8 +19,8 @@
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */
 
-#ifndef NDN_SECURITY_COMMON_HPP
-#define NDN_SECURITY_COMMON_HPP
+#ifndef NDN_SECURITY_SECURITY_COMMON_HPP
+#define NDN_SECURITY_SECURITY_COMMON_HPP
 
 #include "../common.hpp"
 
@@ -129,4 +129,4 @@
 
 } // namespace ndn
 
-#endif // NDN_SECURITY_COMMON_HPP
+#endif // NDN_SECURITY_SECURITY_COMMON_HPP
diff --git a/src/security/v2/certificate.cpp b/src/security/v2/certificate.cpp
index 75ee53c..b5188e9 100644
--- a/src/security/v2/certificate.cpp
+++ b/src/security/v2/certificate.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -132,6 +132,28 @@
           certName.get(Certificate::KEY_COMPONENT_OFFSET) == Certificate::KEY_COMPONENT);
 }
 
+Name
+extractIdentityFromCertName(const Name& certName)
+{
+  if (!Certificate::isValidName(certName)) {
+    BOOST_THROW_EXCEPTION(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
+                                                "does not follow the naming conventions"));
+  }
+
+  return certName.getPrefix(Certificate::KEY_COMPONENT_OFFSET); // trim everything after and including "KEY"
+}
+
+Name
+extractKeyNameFromCertName(const Name& certName)
+{
+  if (!Certificate::isValidName(certName)) {
+    BOOST_THROW_EXCEPTION(std::invalid_argument("Certificate name `" + certName.toUri() + "` "
+                                                "does not follow the naming conventions"));
+  }
+
+  return certName.getPrefix(Certificate::KEY_ID_OFFSET + 1); // trim everything after key id
+}
+
 } // namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/src/security/v2/certificate.hpp b/src/security/v2/certificate.hpp
index 19d377c..4e1b0eb 100644
--- a/src/security/v2/certificate.hpp
+++ b/src/security/v2/certificate.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -172,6 +172,18 @@
   static const name::Component KEY_COMPONENT;
 };
 
+/**
+ * @brief Extract identity namespace from the certificate name @p certName
+ */
+Name
+extractIdentityFromCertName(const Name& certName);
+
+/**
+ * @brief Extract key name from the certificate name @p certName
+ */
+Name
+extractKeyNameFromCertName(const Name& certName);
+
 } // namespace v2
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/pib/certificate-container.t.cpp b/tests/unit-tests/security/pib/certificate-container.t.cpp
index 514cc3d..5edbfb2 100644
--- a/tests/unit-tests/security/pib/certificate-container.t.cpp
+++ b/tests/unit-tests/security/pib/certificate-container.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,19 +28,24 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
+using namespace ndn::security::tests;
+
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(TestPib)
+BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_AUTO_TEST_SUITE(TestCertificateContainer)
 
+using pib::Pib;
+
 BOOST_FIXTURE_TEST_CASE(TestCertificateContainer, PibDataFixture)
 {
   auto pibImpl = make_shared<PibMemory>();
   Pib pib("pib-memory", "", pibImpl);
 
   Identity identity1 = pib.addIdentity(id1);
-  Key key11 = identity1.addKey(id1Key1, id1Key1Name.get(-1));
+  Key key11 = identity1.addKey(id1Key1.buf(), id1Key1.size(), id1Key1Name);
   key11.addCertificate(id1Key1Cert1);
   key11.addCertificate(id1Key1Cert2);
 
@@ -74,9 +79,10 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestCertificateContainer
-BOOST_AUTO_TEST_SUITE_END() // TestPib
+BOOST_AUTO_TEST_SUITE_END() // Pib
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/pib/identity-container.t.cpp b/tests/unit-tests/security/pib/identity-container.t.cpp
index 4cf57e9..b9af408 100644
--- a/tests/unit-tests/security/pib/identity-container.t.cpp
+++ b/tests/unit-tests/security/pib/identity-container.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,12 +28,17 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
+using namespace ndn::security::tests;
+
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(TestPib)
+BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_AUTO_TEST_SUITE(TestIdentityContainer)
 
+using pib::Pib;
+
 BOOST_FIXTURE_TEST_CASE(Basic, PibDataFixture)
 {
   auto pibImpl = make_shared<PibMemory>();
@@ -72,9 +77,10 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestIdentityContainer
-BOOST_AUTO_TEST_SUITE_END() // TestPib
+BOOST_AUTO_TEST_SUITE_END() // Pib
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/pib/identity.t.cpp b/tests/unit-tests/security/pib/identity.t.cpp
index d31f7c6..5c9a229 100644
--- a/tests/unit-tests/security/pib/identity.t.cpp
+++ b/tests/unit-tests/security/pib/identity.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,12 +28,17 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
+using namespace ndn::security::tests;
+
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(TestPib)
+BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_FIXTURE_TEST_SUITE(TestIdentity, PibDataFixture)
 
+using pib::Pib;
+
 BOOST_AUTO_TEST_CASE(ValidityChecking)
 {
   // identity
@@ -65,26 +70,44 @@
 
   Identity identity1(id1, pibImpl, true);
 
-  BOOST_CHECK_THROW(identity1.getKey(id1Key1Name.get(-1)), Pib::Error);
-  Key key11 = identity1.addKey(id1Key1, id1Key1Name.get(-1));
-  BOOST_CHECK_NO_THROW(identity1.getKey(id1Key1Name.get(-1)));
-  identity1.removeKey(id1Key1Name.get(-1));
-  BOOST_CHECK_THROW(identity1.getKey(id1Key1Name.get(-1)), Pib::Error);
+  // Key does not exist, throw Error
+  BOOST_CHECK_THROW(identity1.getKey(id1Key1Name), Pib::Error);
+  // Key name does not match identity name, throw Error
+  BOOST_CHECK_THROW(identity1.getKey(id2Key1Name), Pib::Error);
 
+  // Add key
+  Key key11 = identity1.addKey(id1Key1.buf(), id1Key1.size(), id1Key1Name);
+  BOOST_CHECK_NO_THROW(identity1.getKey(id1Key1Name));
+  // Key name does not match identity name, throw Error
+  BOOST_CHECK_THROW(identity1.addKey(id2Key1.buf(), id2Key1.size(), id2Key1Name), Pib::Error);
+
+  // Remove key
+  identity1.removeKey(id1Key1Name);
+  BOOST_CHECK_THROW(identity1.getKey(id1Key1Name), Pib::Error);
+  // Key name does not match identity name, throw Error
+  BOOST_CHECK_THROW(identity1.removeKey(id2Key1Name), Pib::Error);
+
+  // Default key does not exist, throw Error
   BOOST_CHECK_THROW(identity1.getDefaultKey(), Pib::Error);
-  BOOST_REQUIRE_THROW(identity1.setDefaultKey(id1Key1Name.get(-1)), Pib::Error);
-  BOOST_REQUIRE_NO_THROW(identity1.setDefaultKey(id1Key1, id1Key1Name.get(-1)));
-  BOOST_REQUIRE_NO_THROW(identity1.getDefaultKey());
-  BOOST_CHECK_EQUAL(identity1.getDefaultKey().getKeyId(), id1Key1Name.get(-1));
-  identity1.removeKey(id1Key1Name.get(-1));
-  BOOST_CHECK_THROW(identity1.getKey(id1Key1Name.get(-1)), Pib::Error);
+
+  // Set default key but the key does not exist, throw Error
+  BOOST_CHECK_THROW(identity1.setDefaultKey(id1Key1Name), Pib::Error);
+  // Set default key
+  BOOST_REQUIRE_NO_THROW(identity1.setDefaultKey(id1Key1.buf(), id1Key1.size(), id1Key1Name));
+  BOOST_CHECK_NO_THROW(identity1.getDefaultKey());
+  BOOST_CHECK_EQUAL(identity1.getDefaultKey().getName(), id1Key1Name);
+
+  // Remove the default key
+  identity1.removeKey(id1Key1Name);
+  BOOST_CHECK_THROW(identity1.getKey(id1Key1Name), Pib::Error);
   BOOST_CHECK_THROW(identity1.getDefaultKey(), Pib::Error);
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestIdentity
-BOOST_AUTO_TEST_SUITE_END() // TestPib
+BOOST_AUTO_TEST_SUITE_END() // Pib
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/pib/key-container.t.cpp b/tests/unit-tests/security/pib/key-container.t.cpp
index ee5bf1c..812fab4 100644
--- a/tests/unit-tests/security/pib/key-container.t.cpp
+++ b/tests/unit-tests/security/pib/key-container.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,12 +28,17 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
+using namespace ndn::security::tests;
+
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(TestPib)
+BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_AUTO_TEST_SUITE(TestKeyContainer)
 
+using pib::Pib;
+
 BOOST_FIXTURE_TEST_CASE(Basic, PibDataFixture)
 {
   auto pibImpl = make_shared<PibMemory>();
@@ -41,24 +46,24 @@
 
   Identity identity1 = pib.addIdentity(id1);
 
-  Key key11 = identity1.addKey(id1Key1, id1Key1Name.get(-1));
-  Key key12 = identity1.addKey(id1Key2, id1Key2Name.get(-1));
+  Key key11 = identity1.addKey(id1Key1.buf(), id1Key1.size(), id1Key1Name);
+  Key key12 = identity1.addKey(id1Key2.buf(), id1Key2.size(), id1Key2Name);
 
   KeyContainer container = identity1.getKeys();
   BOOST_CHECK_EQUAL(container.size(), 2);
-  BOOST_CHECK(container.find(id1Key1Name.get(-1)) != container.end());
-  BOOST_CHECK(container.find(id1Key2Name.get(-1)) != container.end());
+  BOOST_CHECK(container.find(id1Key1Name) != container.end());
+  BOOST_CHECK(container.find(id1Key2Name) != container.end());
 
-  std::set<name::Component> keyNames;
-  keyNames.insert(id1Key1Name.get(-1));
-  keyNames.insert(id1Key2Name.get(-1));
+  std::set<Name> keyNames;
+  keyNames.insert(id1Key1Name);
+  keyNames.insert(id1Key2Name);
 
   KeyContainer::const_iterator it = container.begin();
-  std::set<name::Component>::const_iterator testIt = keyNames.begin();
-  BOOST_CHECK_EQUAL((*it).getKeyId(), *testIt);
+  std::set<Name>::const_iterator testIt = keyNames.begin();
+  BOOST_CHECK_EQUAL((*it).getName(), *testIt);
   it++;
   testIt++;
-  BOOST_CHECK_EQUAL((*it).getKeyId(), *testIt);
+  BOOST_CHECK_EQUAL((*it).getName(), *testIt);
   ++it;
   testIt++;
   BOOST_CHECK(it == container.end());
@@ -67,7 +72,7 @@
   testIt = keyNames.begin();
   for (const auto& key : container) {
     BOOST_CHECK_EQUAL(key.getIdentity(), id1);
-    BOOST_CHECK_EQUAL(key.getKeyId(), *testIt);
+    BOOST_CHECK_EQUAL(key.getName(), *testIt);
     testIt++;
     count++;
   }
@@ -75,9 +80,10 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestKeyContainer
-BOOST_AUTO_TEST_SUITE_END() // TestPib
+BOOST_AUTO_TEST_SUITE_END() // Pib
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/pib/key.t.cpp b/tests/unit-tests/security/pib/key.t.cpp
index 673c149..6a543f6 100644
--- a/tests/unit-tests/security/pib/key.t.cpp
+++ b/tests/unit-tests/security/pib/key.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,15 +28,19 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
+using namespace ndn::security::tests;
+
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(TestPib)
+BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_FIXTURE_TEST_SUITE(TestKey, PibDataFixture)
 
+using pib::Pib;
+
 BOOST_AUTO_TEST_CASE(ValidityChecking)
 {
-  // key
   Key key;
 
   BOOST_CHECK_EQUAL(static_cast<bool>(key), false);
@@ -47,8 +51,7 @@
   else
     BOOST_CHECK(true);
 
-  auto pibImpl = make_shared<PibMemory>();
-  key = Key(id1, id1Key1Name.get(-1), id1Key1, pibImpl);
+  key = Key(id1Key1Name, id1Key1.buf(), id1Key1.size(), make_shared<PibMemory>());
 
   BOOST_CHECK_EQUAL(static_cast<bool>(key), true);
   BOOST_CHECK_EQUAL(!key, false);
@@ -61,9 +64,7 @@
 
 BOOST_AUTO_TEST_CASE(CertificateOperations)
 {
-  auto pibImpl = make_shared<PibMemory>();
-
-  Key key11(id1, id1Key1Name.get(-1), id1Key1, pibImpl);
+  Key key11(id1Key1Name, id1Key1.buf(), id1Key1.size(), make_shared<PibMemory>());
 
   BOOST_CHECK_THROW(key11.getCertificate(id1Key1Cert1.getName()), Pib::Error);
   key11.addCertificate(id1Key1Cert1);
@@ -76,7 +77,7 @@
   BOOST_REQUIRE_NO_THROW(key11.setDefaultCertificate(id1Key1Cert1));
   BOOST_REQUIRE_NO_THROW(key11.getDefaultCertificate());
 
-  const v1::IdentityCertificate& defaultCert = key11.getDefaultCertificate();
+  const auto& defaultCert = key11.getDefaultCertificate();
   BOOST_CHECK_EQUAL_COLLECTIONS(defaultCert.wireEncode().wire(),
                                 defaultCert.wireEncode().wire() + defaultCert.wireEncode().size(),
                                 id1Key1Cert1.wireEncode().wire(),
@@ -88,9 +89,10 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestKey
-BOOST_AUTO_TEST_SUITE_END() // TestPib
+BOOST_AUTO_TEST_SUITE_END() // Pib
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/pib/pib-data-fixture.cpp b/tests/unit-tests/security/pib/pib-data-fixture.cpp
index 25eb83c..c8144cd 100644
--- a/tests/unit-tests/security/pib/pib-data-fixture.cpp
+++ b/tests/unit-tests/security/pib/pib-data-fixture.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,307 +22,319 @@
 #include "pib-data-fixture.hpp"
 #include "../../identity-management-time-fixture.hpp"
 
+#include "util/string-helper.hpp"
+
 namespace ndn {
 namespace security {
 namespace tests {
 
-/**
- * The test data can be generated with a TestCertDataGenerator defined as below:
- *
- * TestCertDataGenerator g;
- *
- * g.printTestDataForId(Name("/pib/interface/id/1"));
- * g.printTestDataForId(Name("/pib/interface/id/2"));
- *
- * class TestCertDataGenerator : public IdentityManagementTimeFixture
- * {
- * public:
- *   void
- *   printTestDataForId(const Name& id)
- *   {
- *     addIdentity(id, EcdsaKeyParams());
- *
- *     Name key1Name = m_keyChain.getDefaultKeyNameForIdentity(id);
- *     shared_ptr<PublicKey> key1 = m_keyChain.getPublicKey(key1Name);
- *     printBytes(key1->get());
- *
- *     Name key1Cert1Name = m_keyChain.getDefaultCertificateNameForKey(key1Name);
- *     shared_ptr<IdentityCertificate> key1Cert1 = m_keyChain.getCertificate(key1Cert1Name);
- *     printBytes(key1Cert1->wireEncode());
- *
- *     Name key2Name = m_keyChain.generateEcdsaKeyPair(id, true);
- *     shared_ptr<PublicKey> key2 = m_keyChain.getPublicKey(key2Name);
- *     printBytes(key2->get());
- *
- *     shared_ptr<IdentityCertificate> key2Cert1 = m_keyChain.selfSign(key2Name);
- *     printBytes(key2Cert1->wireEncode());
- *
- *     advanceClocks(time::seconds(20));
- *
- *     shared_ptr<IdentityCertificate> key1Cert2 = m_keyChain.selfSign(key1Name);
- *     printBytes(key1Cert2->wireEncode());
- *
- *     shared_ptr<IdentityCertificate> key2Cert2 = m_keyChain.selfSign(key2Name);
- *     printBytes(key2Cert2->wireEncode());
- *   }
- *
- *   void
- *   printBytes(const Block& block)
- *   {
- *     printBytes(block.wire(), block.size());
- *   }
- *
- *   void
- *   printBytes(const Buffer& buffer)
- *   {
- *     printBytes(buffer.buf(), buffer.size());
- *   }
- *
- *   void
- *   printBytes(const uint8_t* buf, size_t size)
- *   {
- *     using namespace CryptoPP;
- *
- *     std::string hex = toHex(buf, size);
- *
- *     for (int i = 0; i < hex.size(); i++) {
- *       if (i % 40 == 0)
- *         std::cout << std::endl;
- *
- *       std::cout << "0x" << hex[i];
- *       std::cout << hex[++i];
- *
- *       if ((i + 1) != hex.size())
- *         std::cout << ", ";
- *     }
- *     std::cout << std::endl;
- *   }
- * };
- */
+// class TestCertDataGenerator : public ndn::tests::IdentityManagementTimeFixture
+// {
+// public:
+//   void
+//   printTestDataForId(const std::string& prefix, const Name& id)
+//   {
+//     addIdentity(id, EcdsaKeyParams());
+
+//     Name key1Name = m_keyChain.getDefaultKeyNameForIdentity(id);
+//     shared_ptr<PublicKey> key1 = m_keyChain.getPublicKey(key1Name);
+//     printBytes(prefix + "_KEY1", key1->get());
+
+//     Name key1Cert1Name = m_keyChain.getDefaultCertificateNameForKey(key1Name);
+//     shared_ptr<IdentityCertificate> key1Cert1 = m_keyChain.getCertificate(key1Cert1Name);
+//     printBytes(prefix + "_KEY1_CERT1", key1Cert1->wireEncode());
+
+//     advanceClocks(time::seconds(10));
+
+//     Name key2Name = m_keyChain.generateEcdsaKeyPair(id, true);
+//     shared_ptr<PublicKey> key2 = m_keyChain.getPublicKey(key2Name);
+//     printBytes(prefix + "_KEY2", key2->get());
+
+//     shared_ptr<IdentityCertificate> key2Cert1 = m_keyChain.selfSign(key2Name);
+//     printBytes(prefix + "_KEY2_CERT1", key2Cert1->wireEncode());
+
+//     advanceClocks(time::seconds(20));
+
+//     shared_ptr<IdentityCertificate> key1Cert2 = m_keyChain.selfSign(key1Name);
+//     printBytes(prefix + "_KEY1_CERT2", key1Cert2->wireEncode());
+
+//     shared_ptr<IdentityCertificate> key2Cert2 = m_keyChain.selfSign(key2Name);
+//     printBytes(prefix + "_KEY2_CERT2", key2Cert2->wireEncode());
+//   }
+
+//   void
+//   printBytes(const std::string& name, const Block& block)
+//   {
+//     printBytes(name, block.wire(), block.size());
+//   }
+
+//   void
+//   printBytes(const std::string& name, const Buffer& buffer)
+//   {
+//     printBytes(name, buffer.buf(), buffer.size());
+//   }
+
+//   void
+//   printBytes(const std::string& name, const uint8_t* buf, size_t size)
+//   {
+//     std::cout << "\nconst uint8_t " << name << "[] = {\n"
+//               << "  ";
+
+//     std::string hex = toHex(buf, size);
+
+//     for (size_t i = 0; i < hex.size(); i++) {
+//       if (i > 0 && i % 40 == 0)
+//         std::cout << "\n  ";
+
+//       std::cout << "0x" << hex[i];
+//       std::cout << hex[++i];
+
+//       if ((i + 1) != hex.size())
+//         std::cout << ", ";
+//     }
+//     std::cout << "\n"
+//               << "};" << std::endl;
+//   }
+// };
+
+// // The test data can be generated using this test case
+// BOOST_FIXTURE_TEST_CASE(GenerateTestCertData, TestCertDataGenerator)
+// {
+//   printTestDataForId("ID1", Name("/pib/interface/id/1"));
+//   printTestDataForId("ID2", Name("/pib/interface/id/2"));
+// }
 
 const uint8_t ID1_KEY1[] = {
   0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
-  0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xFF, 0xF9, 0x1E, 0x85, 0x6C, 0x29, 0x5F, 0x98, 0xB1, 0x2E, 0xD5, 0x3D, 0xCA,
-  0xE2, 0x00, 0x52, 0x7A, 0x55, 0x93, 0x96, 0xD1, 0x7F, 0x03, 0x20, 0x25, 0xA7, 0xE5, 0xB8, 0xF8, 0x5D, 0xF0, 0x2E, 0x3E,
-  0x60, 0x40, 0x19, 0x73, 0x00, 0x4F, 0x5A, 0xA7, 0x66, 0xFB, 0x38, 0xE6, 0xEB, 0xD5, 0xA4, 0x32, 0x1F, 0x5F, 0xC6, 0x7D,
-  0x4B, 0xD4, 0xBB, 0x1E, 0x15, 0x29, 0x3E, 0x40, 0x22, 0x4E, 0xE7
+  0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x16, 0xEC, 0xC6, 0xD1, 0xE1, 0x53, 0xCC, 0x8E, 0xE6, 0x4A, 0xF3, 0x93, 0x0A,
+  0x0E, 0xFA, 0xA7, 0xDB, 0xBE, 0xFB, 0x61, 0xD1, 0xCA, 0x91, 0x98, 0x11, 0x0D, 0x0C, 0xC2, 0xF4, 0xF4, 0x8D, 0x9E, 0x9F,
+  0x42, 0x4B, 0x5E, 0xFC, 0x11, 0x63, 0x3A, 0x7E, 0x6B, 0x48, 0x82, 0x82, 0x5F, 0x1E, 0x90, 0xB1, 0x5E, 0x30, 0x2D, 0x83,
+  0x7E, 0xA9, 0x84, 0x8A, 0xCE, 0xBC, 0x2A, 0xA4, 0x05, 0xC8, 0x04
 };
 
 const uint8_t ID1_KEY1_CERT1[] = {
-  0x06, 0xFD, 0x01, 0x88, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
+  0x06, 0xFD, 0x01, 0x8F, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
   0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
   0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
-  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x59, 0x8C, 0xA0, 0x14, 0x03, 0x18, 0x01, 0x02, 0x15, 0xB2,
-  0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x30, 0x35, 0x33, 0x35, 0x33,
-  0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35, 0x33, 0x35, 0x33, 0x32, 0x5A, 0x30,
-  0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62, 0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72,
-  0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x31, 0x2F, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38,
-  0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
-  0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xFF, 0xF9, 0x1E, 0x85, 0x6C, 0x29,
-  0x5F, 0x98, 0xB1, 0x2E, 0xD5, 0x3D, 0xCA, 0xE2, 0x00, 0x52, 0x7A, 0x55, 0x93, 0x96, 0xD1, 0x7F, 0x03, 0x20, 0x25, 0xA7,
-  0xE5, 0xB8, 0xF8, 0x5D, 0xF0, 0x2E, 0x3E, 0x60, 0x40, 0x19, 0x73, 0x00, 0x4F, 0x5A, 0xA7, 0x66, 0xFB, 0x38, 0xE6, 0xEB,
-  0xD5, 0xA4, 0x32, 0x1F, 0x5F, 0xC6, 0x7D, 0x4B, 0xD4, 0xBB, 0x1E, 0x15, 0x29, 0x3E, 0x40, 0x22, 0x4E, 0xE7, 0x16, 0x3F,
-  0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66,
-  0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B,
-  0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43,
-  0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x21, 0x00, 0xAE, 0x85, 0xB6, 0xDE, 0x1B, 0x3B, 0xC0, 0x46, 0x93, 0xEF,
-  0x49, 0x26, 0x98, 0x4B, 0x20, 0x77, 0xAB, 0xF6, 0x83, 0x41, 0x72, 0x1D, 0x99, 0xBE, 0x85, 0xC9, 0xC8, 0xA6, 0x14, 0x50,
-  0xA6, 0x3E, 0x02, 0x20, 0x5A, 0xC6, 0x1F, 0xF7, 0x72, 0xB4, 0x3A, 0xA1, 0x1D, 0x5E, 0xF7, 0xF3, 0x3C, 0x83, 0xF7, 0xD8,
-  0x27, 0x13, 0x65, 0x4D, 0x5D, 0x1A, 0x23, 0x5F, 0xA9, 0xFC, 0x53, 0x22, 0x86, 0xBD, 0x92, 0x01
-};
-
-const uint8_t ID1_KEY1_CERT2[] = {
-  0x06, 0xFD, 0x01, 0x88, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
-  0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
-  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
-  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x59, 0xB3, 0xB0, 0x14, 0x03, 0x18, 0x01, 0x02, 0x15, 0xB2,
-  0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x30, 0x35, 0x33, 0x35, 0x34,
-  0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35, 0x33, 0x35, 0x34, 0x32, 0x5A, 0x30,
-  0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62, 0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72,
-  0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x31, 0x2F, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38,
-  0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
-  0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xFF, 0xF9, 0x1E, 0x85, 0x6C, 0x29,
-  0x5F, 0x98, 0xB1, 0x2E, 0xD5, 0x3D, 0xCA, 0xE2, 0x00, 0x52, 0x7A, 0x55, 0x93, 0x96, 0xD1, 0x7F, 0x03, 0x20, 0x25, 0xA7,
-  0xE5, 0xB8, 0xF8, 0x5D, 0xF0, 0x2E, 0x3E, 0x60, 0x40, 0x19, 0x73, 0x00, 0x4F, 0x5A, 0xA7, 0x66, 0xFB, 0x38, 0xE6, 0xEB,
-  0xD5, 0xA4, 0x32, 0x1F, 0x5F, 0xC6, 0x7D, 0x4B, 0xD4, 0xBB, 0x1E, 0x15, 0x29, 0x3E, 0x40, 0x22, 0x4E, 0xE7, 0x16, 0x3F,
-  0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66,
-  0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B,
-  0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43,
-  0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x20, 0x12, 0xA8, 0xF5, 0x30, 0xE1, 0x57, 0xD1, 0x39, 0xB2, 0x46, 0x0A,
-  0x82, 0x58, 0x8A, 0xCD, 0xB3, 0x6F, 0x2F, 0x1B, 0xB8, 0x6A, 0x99, 0xAB, 0x0C, 0xB2, 0xB7, 0xE2, 0x01, 0xE4, 0xD8, 0xC8,
-  0x9C, 0x02, 0x21, 0x00, 0xDA, 0xCD, 0x11, 0x28, 0x96, 0xC6, 0xB6, 0x31, 0x6E, 0xDF, 0xCA, 0x79, 0xDE, 0x26, 0x44, 0xCA,
-  0x09, 0x74, 0xF1, 0xB1, 0x7C, 0x9B, 0xFA, 0x67, 0x22, 0x55, 0x18, 0xA5, 0x05, 0x48, 0x7D, 0x65
+  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x59, 0x8C, 0xA0, 0x14, 0x09, 0x18, 0x01, 0x02, 0x19, 0x04,
+  0x00, 0x36, 0xEE, 0x80, 0x15, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31,
+  0x31, 0x30, 0x35, 0x33, 0x35, 0x33, 0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35,
+  0x33, 0x35, 0x33, 0x32, 0x5A, 0x30, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62,
+  0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x31, 0x2F, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A,
+  0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
+  0x16, 0xEC, 0xC6, 0xD1, 0xE1, 0x53, 0xCC, 0x8E, 0xE6, 0x4A, 0xF3, 0x93, 0x0A, 0x0E, 0xFA, 0xA7, 0xDB, 0xBE, 0xFB, 0x61,
+  0xD1, 0xCA, 0x91, 0x98, 0x11, 0x0D, 0x0C, 0xC2, 0xF4, 0xF4, 0x8D, 0x9E, 0x9F, 0x42, 0x4B, 0x5E, 0xFC, 0x11, 0x63, 0x3A,
+  0x7E, 0x6B, 0x48, 0x82, 0x82, 0x5F, 0x1E, 0x90, 0xB1, 0x5E, 0x30, 0x2D, 0x83, 0x7E, 0xA9, 0x84, 0x8A, 0xCE, 0xBC, 0x2A,
+  0xA4, 0x05, 0xC8, 0x04, 0x16, 0x3F, 0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09,
+  0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45,
+  0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30,
+  0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45, 0x52, 0x54, 0x17, 0x48, 0x30, 0x46, 0x02, 0x21, 0x00, 0xA0, 0x43, 0x43, 0xD2,
+  0x79, 0x76, 0x3D, 0x00, 0xA1, 0x85, 0xD0, 0x83, 0xD6, 0x2A, 0xBC, 0xAB, 0xAA, 0xC0, 0xA6, 0xF7, 0xBF, 0x53, 0x6C, 0xA8,
+  0x18, 0x14, 0x4B, 0x42, 0x21, 0x72, 0xFF, 0xA5, 0x02, 0x21, 0x00, 0xFB, 0xDE, 0x82, 0xBB, 0x81, 0x34, 0x97, 0x0E, 0xBA,
+  0x30, 0xEF, 0xD2, 0x14, 0x86, 0xE7, 0x83, 0xFB, 0x4C, 0x59, 0x4C, 0xD3, 0x41, 0x18, 0x2F, 0xE4, 0xDA, 0x33, 0xF0, 0x72,
+  0x3A, 0x28, 0xAE
 };
 
 const uint8_t ID1_KEY2[] = {
   0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
-  0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xC2, 0xE0, 0xEC, 0xC7, 0xED, 0x65, 0xDE, 0x0A, 0x46, 0xCE, 0x38, 0xC2, 0x68,
-  0x77, 0x4F, 0xE3, 0xE1, 0xDF, 0x37, 0x7D, 0xA3, 0x56, 0x0D, 0xF9, 0x66, 0x43, 0x37, 0x60, 0x42, 0x7E, 0x96, 0x93, 0x7E,
-  0x35, 0xA0, 0xD5, 0xC8, 0x59, 0x8F, 0x36, 0x85, 0x11, 0xBF, 0xFA, 0x85, 0x1A, 0x7B, 0x61, 0xE6, 0xEB, 0xD1, 0x46, 0x99,
-  0x67, 0x6B, 0xDB, 0x83, 0x26, 0x1F, 0x75, 0x7A, 0x93, 0xA2, 0xAE
+  0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xCB, 0xB2, 0x23, 0x26, 0x20, 0x19, 0x08, 0x23, 0xBA, 0xD4, 0x1D, 0x64, 0x53,
+  0xBB, 0xA5, 0xDC, 0x13, 0xD3, 0xB1, 0xEF, 0x32, 0x9E, 0xB9, 0x25, 0x68, 0x1A, 0x89, 0xCC, 0xC5, 0x63, 0x93, 0xDA, 0x5F,
+  0xF1, 0x70, 0xA3, 0xCF, 0xB8, 0x8A, 0xC9, 0xBF, 0xCC, 0xC7, 0x08, 0x9B, 0x27, 0x85, 0xB2, 0xC2, 0xFD, 0xF7, 0x86, 0x81,
+  0xE4, 0x40, 0xE8, 0x5C, 0x01, 0x35, 0xC4, 0x0B, 0x11, 0x00, 0xD4
 };
 
 const uint8_t ID1_KEY2_CERT1[] = {
-  0x06, 0xFD, 0x01, 0x88, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
+  0x06, 0xFD, 0x01, 0x8D, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
   0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
-  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
-  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x59, 0xDA, 0xC0, 0x14, 0x03, 0x18, 0x01, 0x02, 0x15, 0xB2,
-  0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x30, 0x35, 0x33, 0x35, 0x35,
-  0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35, 0x33, 0x35, 0x35, 0x32, 0x5A, 0x30,
-  0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62, 0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72,
-  0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x31, 0x2F, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38,
-  0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
-  0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xC2, 0xE0, 0xEC, 0xC7, 0xED, 0x65,
-  0xDE, 0x0A, 0x46, 0xCE, 0x38, 0xC2, 0x68, 0x77, 0x4F, 0xE3, 0xE1, 0xDF, 0x37, 0x7D, 0xA3, 0x56, 0x0D, 0xF9, 0x66, 0x43,
-  0x37, 0x60, 0x42, 0x7E, 0x96, 0x93, 0x7E, 0x35, 0xA0, 0xD5, 0xC8, 0x59, 0x8F, 0x36, 0x85, 0x11, 0xBF, 0xFA, 0x85, 0x1A,
-  0x7B, 0x61, 0xE6, 0xEB, 0xD1, 0x46, 0x99, 0x67, 0x6B, 0xDB, 0x83, 0x26, 0x1F, 0x75, 0x7A, 0x93, 0xA2, 0xAE, 0x16, 0x3F,
-  0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66,
-  0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B,
-  0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43,
-  0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x20, 0x24, 0x26, 0x28, 0xA1, 0xD2, 0xCA, 0x46, 0xDB, 0x15, 0x5A, 0xB8,
-  0x15, 0x58, 0x3B, 0x1C, 0xEC, 0xDF, 0x9E, 0xF9, 0x35, 0x32, 0x61, 0x0B, 0xC3, 0x9B, 0xA2, 0x1F, 0x05, 0xAA, 0x04, 0xE4,
-  0x40, 0x02, 0x21, 0x00, 0xEA, 0x37, 0xA3, 0x1E, 0xD6, 0x20, 0x73, 0xD8, 0x55, 0xE6, 0x62, 0xB1, 0x23, 0xBC, 0x32, 0x08,
-  0x1A, 0x0F, 0x4B, 0x94, 0xBE, 0x28, 0xCE, 0xE7, 0x0A, 0x8A, 0xB4, 0xD5, 0xEA, 0x8D, 0x20, 0x95
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x34, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
+  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x59, 0xB3, 0xB0, 0x14, 0x09, 0x18, 0x01, 0x02, 0x19, 0x04,
+  0x00, 0x36, 0xEE, 0x80, 0x15, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31,
+  0x31, 0x30, 0x35, 0x33, 0x35, 0x34, 0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35,
+  0x33, 0x35, 0x34, 0x32, 0x5A, 0x30, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62,
+  0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x31, 0x2F, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x34, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A,
+  0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
+  0xCB, 0xB2, 0x23, 0x26, 0x20, 0x19, 0x08, 0x23, 0xBA, 0xD4, 0x1D, 0x64, 0x53, 0xBB, 0xA5, 0xDC, 0x13, 0xD3, 0xB1, 0xEF,
+  0x32, 0x9E, 0xB9, 0x25, 0x68, 0x1A, 0x89, 0xCC, 0xC5, 0x63, 0x93, 0xDA, 0x5F, 0xF1, 0x70, 0xA3, 0xCF, 0xB8, 0x8A, 0xC9,
+  0xBF, 0xCC, 0xC7, 0x08, 0x9B, 0x27, 0x85, 0xB2, 0xC2, 0xFD, 0xF7, 0x86, 0x81, 0xE4, 0x40, 0xE8, 0x5C, 0x01, 0x35, 0xC4,
+  0x0B, 0x11, 0x00, 0xD4, 0x16, 0x3F, 0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09,
+  0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45,
+  0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x34, 0x32, 0x30, 0x30, 0x30,
+  0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45, 0x52, 0x54, 0x17, 0x46, 0x30, 0x44, 0x02, 0x20, 0x51, 0x04, 0xC9, 0xC6, 0x19,
+  0x06, 0x91, 0x52, 0x9F, 0x58, 0xFD, 0xDC, 0xF0, 0xC0, 0xB7, 0xFA, 0x88, 0xF7, 0x49, 0xE6, 0xDD, 0xE4, 0xB9, 0x49, 0x2C,
+  0x52, 0xB1, 0xAA, 0xB2, 0x62, 0x48, 0x88, 0x02, 0x20, 0x09, 0xAF, 0x0D, 0xB9, 0x94, 0xD5, 0x7A, 0x1E, 0x7D, 0x31, 0x90,
+  0x45, 0x3A, 0xF4, 0x82, 0x54, 0x87, 0xD6, 0x73, 0x84, 0xD0, 0x59, 0xC6, 0xBC, 0x8E, 0x5F, 0xBA, 0xA5, 0xD6, 0x35, 0x91,
+  0xF3
+};
+
+const uint8_t ID1_KEY1_CERT2[] = {
+  0x06, 0xFD, 0x01, 0x8D, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
+  0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
+  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x5A, 0x01, 0xD0, 0x14, 0x09, 0x18, 0x01, 0x02, 0x19, 0x04,
+  0x00, 0x36, 0xEE, 0x80, 0x15, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31,
+  0x31, 0x30, 0x35, 0x33, 0x36, 0x30, 0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35,
+  0x33, 0x36, 0x30, 0x32, 0x5A, 0x30, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62,
+  0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x31, 0x2F, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A,
+  0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
+  0x16, 0xEC, 0xC6, 0xD1, 0xE1, 0x53, 0xCC, 0x8E, 0xE6, 0x4A, 0xF3, 0x93, 0x0A, 0x0E, 0xFA, 0xA7, 0xDB, 0xBE, 0xFB, 0x61,
+  0xD1, 0xCA, 0x91, 0x98, 0x11, 0x0D, 0x0C, 0xC2, 0xF4, 0xF4, 0x8D, 0x9E, 0x9F, 0x42, 0x4B, 0x5E, 0xFC, 0x11, 0x63, 0x3A,
+  0x7E, 0x6B, 0x48, 0x82, 0x82, 0x5F, 0x1E, 0x90, 0xB1, 0x5E, 0x30, 0x2D, 0x83, 0x7E, 0xA9, 0x84, 0x8A, 0xCE, 0xBC, 0x2A,
+  0xA4, 0x05, 0xC8, 0x04, 0x16, 0x3F, 0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09,
+  0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45,
+  0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30,
+  0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45, 0x52, 0x54, 0x17, 0x46, 0x30, 0x44, 0x02, 0x20, 0x0C, 0x4E, 0xBC, 0xA2, 0xA0,
+  0xCC, 0xBA, 0xD7, 0xFD, 0xCB, 0xFE, 0x7D, 0x28, 0x9C, 0xAC, 0x75, 0xF8, 0x49, 0x8F, 0xF4, 0x6F, 0xE2, 0xF6, 0x2A, 0xE5,
+  0x40, 0x5A, 0xCC, 0x91, 0x07, 0xEF, 0xF1, 0x02, 0x20, 0x39, 0x2A, 0x12, 0xDE, 0xF1, 0x4D, 0xB5, 0x13, 0xAC, 0x9F, 0xE7,
+  0xB3, 0xE5, 0xB3, 0xEF, 0x5F, 0xC0, 0x95, 0xEC, 0x3C, 0x8B, 0x11, 0x5A, 0xF5, 0x7B, 0xA1, 0xA7, 0x2A, 0x5D, 0x01, 0x02,
+  0xEE
 };
 
 const uint8_t ID1_KEY2_CERT2[] = {
-  0x06, 0xFD, 0x01, 0x88, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
+  0x06, 0xFD, 0x01, 0x8E, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
   0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
-  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
-  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x5A, 0x01, 0xD0, 0x14, 0x03, 0x18, 0x01, 0x02, 0x15, 0xB2,
-  0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x30, 0x35, 0x33, 0x36, 0x30,
-  0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35, 0x33, 0x36, 0x30, 0x32, 0x5A, 0x30,
-  0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62, 0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72,
-  0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x31, 0x2F, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38,
-  0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
-  0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xC2, 0xE0, 0xEC, 0xC7, 0xED, 0x65,
-  0xDE, 0x0A, 0x46, 0xCE, 0x38, 0xC2, 0x68, 0x77, 0x4F, 0xE3, 0xE1, 0xDF, 0x37, 0x7D, 0xA3, 0x56, 0x0D, 0xF9, 0x66, 0x43,
-  0x37, 0x60, 0x42, 0x7E, 0x96, 0x93, 0x7E, 0x35, 0xA0, 0xD5, 0xC8, 0x59, 0x8F, 0x36, 0x85, 0x11, 0xBF, 0xFA, 0x85, 0x1A,
-  0x7B, 0x61, 0xE6, 0xEB, 0xD1, 0x46, 0x99, 0x67, 0x6B, 0xDB, 0x83, 0x26, 0x1F, 0x75, 0x7A, 0x93, 0xA2, 0xAE, 0x16, 0x3F,
-  0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66,
-  0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B,
-  0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43,
-  0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x20, 0x3B, 0x82, 0xAE, 0xFD, 0x8B, 0x6D, 0xBA, 0x1D, 0x77, 0x70, 0x86,
-  0xAB, 0xF1, 0x37, 0x38, 0x90, 0x04, 0x83, 0x33, 0xF8, 0xF2, 0x2C, 0xD6, 0x50, 0x32, 0x19, 0xEA, 0xD6, 0xBB, 0x40, 0x58,
-  0x8F, 0x02, 0x21, 0x00, 0x93, 0x01, 0x54, 0x5C, 0x8C, 0x60, 0x81, 0x89, 0xBE, 0x5E, 0x42, 0x31, 0x39, 0xF8, 0x12, 0xFD,
-  0x31, 0x48, 0xB0, 0x96, 0x41, 0x40, 0x98, 0x68, 0xF9, 0x7C, 0x01, 0x94, 0xD0, 0xA3, 0xF3, 0xC7
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x34, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
+  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x5A, 0x01, 0xD0, 0x14, 0x09, 0x18, 0x01, 0x02, 0x19, 0x04,
+  0x00, 0x36, 0xEE, 0x80, 0x15, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31,
+  0x31, 0x30, 0x35, 0x33, 0x36, 0x30, 0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35,
+  0x33, 0x36, 0x30, 0x32, 0x5A, 0x30, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62,
+  0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x31, 0x2F, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x34, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A,
+  0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
+  0xCB, 0xB2, 0x23, 0x26, 0x20, 0x19, 0x08, 0x23, 0xBA, 0xD4, 0x1D, 0x64, 0x53, 0xBB, 0xA5, 0xDC, 0x13, 0xD3, 0xB1, 0xEF,
+  0x32, 0x9E, 0xB9, 0x25, 0x68, 0x1A, 0x89, 0xCC, 0xC5, 0x63, 0x93, 0xDA, 0x5F, 0xF1, 0x70, 0xA3, 0xCF, 0xB8, 0x8A, 0xC9,
+  0xBF, 0xCC, 0xC7, 0x08, 0x9B, 0x27, 0x85, 0xB2, 0xC2, 0xFD, 0xF7, 0x86, 0x81, 0xE4, 0x40, 0xE8, 0x5C, 0x01, 0x35, 0xC4,
+  0x0B, 0x11, 0x00, 0xD4, 0x16, 0x3F, 0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09,
+  0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x31, 0x08, 0x03, 0x4B, 0x45,
+  0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x34, 0x32, 0x30, 0x30, 0x30,
+  0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x20, 0x61, 0xF2, 0xE3, 0x70, 0xF6,
+  0x9C, 0xAC, 0x33, 0x65, 0xA7, 0xBE, 0x5D, 0x14, 0x9F, 0x9F, 0xBD, 0xC0, 0x9B, 0x22, 0xA9, 0xB1, 0x27, 0xBC, 0x30, 0xEF,
+  0x6A, 0xE5, 0x57, 0x04, 0x7A, 0x1A, 0xF1, 0x02, 0x21, 0x00, 0xC0, 0xAF, 0xC6, 0x2B, 0xB6, 0x10, 0xD2, 0x3C, 0x3C, 0x6B,
+  0x60, 0x93, 0x70, 0x4C, 0x49, 0x49, 0x7F, 0xF2, 0x11, 0x6C, 0x3A, 0x30, 0x26, 0x12, 0xF6, 0x82, 0x8A, 0xE8, 0x9A, 0xDE,
+  0xEC, 0x26
 };
 
 const uint8_t ID2_KEY1[] = {
   0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
-  0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xA4, 0x25, 0xDB, 0xB0, 0xD7, 0xC6, 0x0D, 0xC6, 0x95, 0x97, 0x79, 0xFA, 0xE3,
-  0xC7, 0x90, 0xFB, 0x97, 0xAF, 0xCE, 0xDB, 0xC3, 0x50, 0x99, 0x1E, 0x39, 0xF5, 0x9A, 0xB6, 0xC9, 0x37, 0x1A, 0xE5, 0x0A,
-  0x56, 0xE0, 0x0C, 0x0D, 0x81, 0xC7, 0x29, 0xE4, 0x69, 0x06, 0xD1, 0x4A, 0x14, 0x75, 0x05, 0x95, 0xBE, 0xE7, 0x01, 0x45,
-  0x3C, 0xA7, 0x99, 0x09, 0x05, 0x9F, 0x65, 0x9A, 0xA5, 0x9C, 0xD5
+  0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x1D, 0x29, 0xB2, 0x71, 0x6E, 0xD9, 0x80, 0x4D, 0xA9, 0xB0, 0xED, 0x27, 0x6F,
+  0x2C, 0x5B, 0x30, 0xF5, 0x40, 0xE8, 0x9E, 0xB5, 0x80, 0x02, 0x7C, 0xFB, 0x7D, 0x01, 0x1F, 0x87, 0x13, 0xE7, 0x1A, 0x02,
+  0x8F, 0xA0, 0x56, 0xA1, 0xD4, 0xBA, 0xBC, 0x72, 0x42, 0xAD, 0x89, 0xFB, 0x75, 0x04, 0x86, 0x98, 0xD1, 0x99, 0xED, 0x06,
+  0x23, 0x15, 0x02, 0x2A, 0x48, 0xD6, 0xAC, 0xBE, 0x1B, 0x44, 0xF1
 };
 
 const uint8_t ID2_KEY1_CERT1[] = {
-  0x06, 0xFD, 0x01, 0x89, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
+  0x06, 0xFD, 0x01, 0x8E, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
   0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
-  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
-  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x59, 0x8C, 0xA0, 0x14, 0x03, 0x18, 0x01, 0x02, 0x15, 0xB2,
-  0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x30, 0x35, 0x33, 0x35, 0x33,
-  0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35, 0x33, 0x35, 0x33, 0x32, 0x5A, 0x30,
-  0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62, 0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72,
-  0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x32, 0x2F, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38,
-  0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
-  0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xA4, 0x25, 0xDB, 0xB0, 0xD7, 0xC6,
-  0x0D, 0xC6, 0x95, 0x97, 0x79, 0xFA, 0xE3, 0xC7, 0x90, 0xFB, 0x97, 0xAF, 0xCE, 0xDB, 0xC3, 0x50, 0x99, 0x1E, 0x39, 0xF5,
-  0x9A, 0xB6, 0xC9, 0x37, 0x1A, 0xE5, 0x0A, 0x56, 0xE0, 0x0C, 0x0D, 0x81, 0xC7, 0x29, 0xE4, 0x69, 0x06, 0xD1, 0x4A, 0x14,
-  0x75, 0x05, 0x95, 0xBE, 0xE7, 0x01, 0x45, 0x3C, 0xA7, 0x99, 0x09, 0x05, 0x9F, 0x65, 0x9A, 0xA5, 0x9C, 0xD5, 0x16, 0x3F,
-  0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66,
-  0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B,
-  0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43,
-  0x45, 0x52, 0x54, 0x17, 0x48, 0x30, 0x46, 0x02, 0x21, 0x00, 0xC4, 0x40, 0x87, 0xA7, 0xAA, 0xA7, 0x12, 0xE2, 0x7C, 0xE2,
-  0xA8, 0x27, 0x66, 0xCF, 0x45, 0x3E, 0x3D, 0xEC, 0x2C, 0x5C, 0x03, 0xD6, 0xB0, 0xD6, 0x5E, 0xE8, 0xB7, 0x03, 0x9C, 0x38,
-  0x75, 0xEA, 0x02, 0x21, 0x00, 0x8D, 0xF3, 0x9E, 0xC0, 0x18, 0xBD, 0xA1, 0x2B, 0xDB, 0x3D, 0xE0, 0x34, 0x14, 0x34, 0x65,
-  0x23, 0x37, 0x6E, 0x3C, 0xC0, 0xC4, 0x2F, 0xED, 0xBB, 0x9B, 0xB2, 0xEC, 0x2A, 0x96, 0xE6, 0xD2, 0x98
-};
-
-const uint8_t ID2_KEY1_CERT2[] = {
-  0x06, 0xFD, 0x01, 0x88, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
-  0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
-  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
-  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x59, 0xB3, 0xB0, 0x14, 0x03, 0x18, 0x01, 0x02, 0x15, 0xB2,
-  0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x30, 0x35, 0x33, 0x35, 0x34,
-  0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35, 0x33, 0x35, 0x34, 0x32, 0x5A, 0x30,
-  0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62, 0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72,
-  0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x32, 0x2F, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38,
-  0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
-  0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xA4, 0x25, 0xDB, 0xB0, 0xD7, 0xC6,
-  0x0D, 0xC6, 0x95, 0x97, 0x79, 0xFA, 0xE3, 0xC7, 0x90, 0xFB, 0x97, 0xAF, 0xCE, 0xDB, 0xC3, 0x50, 0x99, 0x1E, 0x39, 0xF5,
-  0x9A, 0xB6, 0xC9, 0x37, 0x1A, 0xE5, 0x0A, 0x56, 0xE0, 0x0C, 0x0D, 0x81, 0xC7, 0x29, 0xE4, 0x69, 0x06, 0xD1, 0x4A, 0x14,
-  0x75, 0x05, 0x95, 0xBE, 0xE7, 0x01, 0x45, 0x3C, 0xA7, 0x99, 0x09, 0x05, 0x9F, 0x65, 0x9A, 0xA5, 0x9C, 0xD5, 0x16, 0x3F,
-  0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66,
-  0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B,
-  0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x33, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43,
-  0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x21, 0x00, 0xAA, 0xFE, 0x76, 0xBE, 0x2C, 0x4D, 0xDA, 0x41, 0x27, 0x93,
-  0x11, 0x70, 0xEE, 0x33, 0x57, 0x37, 0xA2, 0x54, 0x01, 0x97, 0x82, 0x16, 0xB5, 0x8A, 0xFD, 0xE2, 0x5F, 0x2E, 0x05, 0x0A,
-  0xF5, 0xE6, 0x02, 0x20, 0x4F, 0xEF, 0x85, 0xC6, 0x91, 0xF3, 0x55, 0x2C, 0x4E, 0x98, 0x81, 0xD7, 0xF0, 0x63, 0x36, 0x91,
-  0xB3, 0x88, 0x9D, 0x99, 0x7E, 0x49, 0xD5, 0x72, 0x7F, 0x6F, 0x92, 0xCF, 0x0A, 0x56, 0xA6, 0xF9
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x36, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
+  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x5A, 0x01, 0xD0, 0x14, 0x09, 0x18, 0x01, 0x02, 0x19, 0x04,
+  0x00, 0x36, 0xEE, 0x80, 0x15, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31,
+  0x31, 0x30, 0x35, 0x33, 0x36, 0x30, 0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35,
+  0x33, 0x36, 0x30, 0x32, 0x5A, 0x30, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62,
+  0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x32, 0x2F, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x36, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A,
+  0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
+  0x1D, 0x29, 0xB2, 0x71, 0x6E, 0xD9, 0x80, 0x4D, 0xA9, 0xB0, 0xED, 0x27, 0x6F, 0x2C, 0x5B, 0x30, 0xF5, 0x40, 0xE8, 0x9E,
+  0xB5, 0x80, 0x02, 0x7C, 0xFB, 0x7D, 0x01, 0x1F, 0x87, 0x13, 0xE7, 0x1A, 0x02, 0x8F, 0xA0, 0x56, 0xA1, 0xD4, 0xBA, 0xBC,
+  0x72, 0x42, 0xAD, 0x89, 0xFB, 0x75, 0x04, 0x86, 0x98, 0xD1, 0x99, 0xED, 0x06, 0x23, 0x15, 0x02, 0x2A, 0x48, 0xD6, 0xAC,
+  0xBE, 0x1B, 0x44, 0xF1, 0x16, 0x3F, 0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09,
+  0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45,
+  0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x36, 0x32, 0x30, 0x30, 0x30,
+  0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x21, 0x00, 0xFE, 0x19, 0x3C, 0x02,
+  0x40, 0x87, 0x7D, 0x93, 0xD7, 0x99, 0xA3, 0x3A, 0x01, 0x25, 0xB9, 0x3C, 0x26, 0x64, 0x6A, 0x99, 0x7D, 0xA1, 0x21, 0x26,
+  0xB4, 0xC4, 0xB6, 0x60, 0xBE, 0x41, 0x24, 0xB4, 0x02, 0x20, 0x55, 0x6B, 0x86, 0xFF, 0xE2, 0x8A, 0x9F, 0x18, 0xBE, 0xA5,
+  0xA2, 0x74, 0xFC, 0x7C, 0x17, 0x68, 0x9F, 0x48, 0x71, 0x97, 0x64, 0x22, 0xB1, 0xB8, 0x05, 0xA6, 0x8F, 0x94, 0x42, 0xD8,
+  0x49, 0xE3
 };
 
 const uint8_t ID2_KEY2[] = {
   0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
-  0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x6C, 0x49, 0x20, 0x7E, 0x59, 0xAF, 0x48, 0x1C, 0x9B, 0xCB, 0x67, 0xD4, 0x6F,
-  0x43, 0x9D, 0xD8, 0xB5, 0x36, 0xDB, 0x72, 0xDA, 0x37, 0x55, 0x4B, 0x8C, 0x69, 0x17, 0x87, 0xF6, 0x06, 0xAB, 0x06, 0x70,
-  0x91, 0xBE, 0x02, 0x79, 0xB1, 0x14, 0x9C, 0xD0, 0x0B, 0x92, 0xD5, 0xC4, 0xF1, 0xEC, 0x23, 0x90, 0x95, 0xCB, 0x7D, 0x59,
-  0x62, 0x3B, 0x30, 0xFE, 0xCF, 0x05, 0xBE, 0x04, 0xC9, 0x78, 0x5C
+  0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x57, 0xE5, 0x0D, 0xDE, 0x12, 0xAD, 0xF2, 0xA7, 0x34, 0x4A, 0x80, 0xFD, 0x7E,
+  0x75, 0x87, 0x5F, 0xD6, 0x29, 0x97, 0x1A, 0x56, 0x25, 0xAD, 0x67, 0x3E, 0x0C, 0x80, 0x21, 0x30, 0x76, 0x4E, 0x23, 0x17,
+  0xE6, 0xF4, 0x0B, 0xAA, 0xD2, 0xAF, 0x11, 0x20, 0xFC, 0xE6, 0xB2, 0xA4, 0x97, 0xDE, 0x45, 0x28, 0x40, 0x80, 0x1F, 0x42,
+  0xEC, 0x72, 0x06, 0xF3, 0xE6, 0x68, 0xB3, 0x20, 0x42, 0x53, 0xA7
 };
 
 const uint8_t ID2_KEY2_CERT1[] = {
-  0x06, 0xFD, 0x01, 0x89, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
+  0x06, 0xFD, 0x01, 0x8E, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
   0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
-  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
-  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x59, 0xDA, 0xC0, 0x14, 0x03, 0x18, 0x01, 0x02, 0x15, 0xB2,
-  0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x30, 0x35, 0x33, 0x35, 0x35,
-  0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35, 0x33, 0x35, 0x35, 0x32, 0x5A, 0x30,
-  0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62, 0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72,
-  0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x32, 0x2F, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38,
-  0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
-  0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x6C, 0x49, 0x20, 0x7E, 0x59, 0xAF,
-  0x48, 0x1C, 0x9B, 0xCB, 0x67, 0xD4, 0x6F, 0x43, 0x9D, 0xD8, 0xB5, 0x36, 0xDB, 0x72, 0xDA, 0x37, 0x55, 0x4B, 0x8C, 0x69,
-  0x17, 0x87, 0xF6, 0x06, 0xAB, 0x06, 0x70, 0x91, 0xBE, 0x02, 0x79, 0xB1, 0x14, 0x9C, 0xD0, 0x0B, 0x92, 0xD5, 0xC4, 0xF1,
-  0xEC, 0x23, 0x90, 0x95, 0xCB, 0x7D, 0x59, 0x62, 0x3B, 0x30, 0xFE, 0xCF, 0x05, 0xBE, 0x04, 0xC9, 0x78, 0x5C, 0x16, 0x3F,
-  0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66,
-  0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B,
-  0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43,
-  0x45, 0x52, 0x54, 0x17, 0x48, 0x30, 0x46, 0x02, 0x21, 0x00, 0xB6, 0x8E, 0x31, 0xFB, 0x08, 0x34, 0xF3, 0x1C, 0xB5, 0x09,
-  0x7D, 0xD4, 0x17, 0x45, 0xC7, 0x6A, 0x81, 0xEE, 0x6F, 0x16, 0x76, 0xEE, 0xDC, 0x44, 0xB4, 0xD7, 0x1A, 0xD5, 0x61, 0x57,
-  0x80, 0xBD, 0x02, 0x21, 0x00, 0xF7, 0xDB, 0xDF, 0x89, 0xBC, 0xE8, 0x28, 0x26, 0xF8, 0xEE, 0x74, 0x2B, 0x9C, 0xF0, 0x7F,
-  0xB8, 0x3A, 0xEE, 0xBF, 0x1F, 0x51, 0x14, 0x6A, 0x8F, 0x2E, 0x5A, 0x60, 0xD8, 0x45, 0x87, 0x62, 0x51
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x37, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
+  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x5A, 0x28, 0xE0, 0x14, 0x09, 0x18, 0x01, 0x02, 0x19, 0x04,
+  0x00, 0x36, 0xEE, 0x80, 0x15, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31,
+  0x31, 0x30, 0x35, 0x33, 0x36, 0x31, 0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35,
+  0x33, 0x36, 0x31, 0x32, 0x5A, 0x30, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62,
+  0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x32, 0x2F, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x37, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A,
+  0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
+  0x57, 0xE5, 0x0D, 0xDE, 0x12, 0xAD, 0xF2, 0xA7, 0x34, 0x4A, 0x80, 0xFD, 0x7E, 0x75, 0x87, 0x5F, 0xD6, 0x29, 0x97, 0x1A,
+  0x56, 0x25, 0xAD, 0x67, 0x3E, 0x0C, 0x80, 0x21, 0x30, 0x76, 0x4E, 0x23, 0x17, 0xE6, 0xF4, 0x0B, 0xAA, 0xD2, 0xAF, 0x11,
+  0x20, 0xFC, 0xE6, 0xB2, 0xA4, 0x97, 0xDE, 0x45, 0x28, 0x40, 0x80, 0x1F, 0x42, 0xEC, 0x72, 0x06, 0xF3, 0xE6, 0x68, 0xB3,
+  0x20, 0x42, 0x53, 0xA7, 0x16, 0x3F, 0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09,
+  0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45,
+  0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x37, 0x32, 0x30, 0x30, 0x30,
+  0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x21, 0x00, 0xB2, 0xE6, 0x70, 0x55,
+  0x42, 0x4E, 0x57, 0x32, 0xAD, 0x99, 0x5B, 0x54, 0x27, 0x0E, 0xCD, 0x31, 0xE1, 0x37, 0xF9, 0x7A, 0xF0, 0x20, 0x68, 0xB6,
+  0xE8, 0x6B, 0x46, 0xFB, 0x18, 0x25, 0x0E, 0xCA, 0x02, 0x20, 0x03, 0xE9, 0xC3, 0xB4, 0xCE, 0xAF, 0xBA, 0x65, 0xA1, 0xB8,
+  0x16, 0x5A, 0x44, 0xFA, 0x08, 0x50, 0xED, 0x54, 0xF2, 0x8D, 0x51, 0x86, 0xF3, 0xD9, 0xDF, 0xFF, 0xAF, 0xA4, 0x57, 0x09,
+  0x15, 0x24
+};
+
+const uint8_t ID2_KEY1_CERT2[] = {
+  0x06, 0xFD, 0x01, 0x8E, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
+  0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x36, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
+  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x5A, 0x77, 0x00, 0x14, 0x09, 0x18, 0x01, 0x02, 0x19, 0x04,
+  0x00, 0x36, 0xEE, 0x80, 0x15, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31,
+  0x31, 0x30, 0x35, 0x33, 0x36, 0x33, 0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35,
+  0x33, 0x36, 0x33, 0x32, 0x5A, 0x30, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62,
+  0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x32, 0x2F, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x36, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A,
+  0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
+  0x1D, 0x29, 0xB2, 0x71, 0x6E, 0xD9, 0x80, 0x4D, 0xA9, 0xB0, 0xED, 0x27, 0x6F, 0x2C, 0x5B, 0x30, 0xF5, 0x40, 0xE8, 0x9E,
+  0xB5, 0x80, 0x02, 0x7C, 0xFB, 0x7D, 0x01, 0x1F, 0x87, 0x13, 0xE7, 0x1A, 0x02, 0x8F, 0xA0, 0x56, 0xA1, 0xD4, 0xBA, 0xBC,
+  0x72, 0x42, 0xAD, 0x89, 0xFB, 0x75, 0x04, 0x86, 0x98, 0xD1, 0x99, 0xED, 0x06, 0x23, 0x15, 0x02, 0x2A, 0x48, 0xD6, 0xAC,
+  0xBE, 0x1B, 0x44, 0xF1, 0x16, 0x3F, 0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09,
+  0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45,
+  0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x36, 0x32, 0x30, 0x30, 0x30,
+  0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x20, 0x08, 0x02, 0xFB, 0x78, 0xE0,
+  0xF6, 0x6F, 0xCB, 0x9E, 0xB3, 0xF9, 0xFC, 0xB5, 0xE0, 0x67, 0x20, 0xB1, 0xDF, 0x42, 0xBE, 0xA1, 0xD7, 0x31, 0x62, 0xCE,
+  0x2E, 0xC3, 0x02, 0x81, 0x6B, 0xAA, 0x4E, 0x02, 0x21, 0x00, 0xB6, 0xB8, 0x94, 0xA1, 0xFF, 0x1E, 0x4E, 0x36, 0x23, 0x40,
+  0xCF, 0xD9, 0x5B, 0x0E, 0xA3, 0xCE, 0xC1, 0x38, 0xE8, 0xCE, 0xA4, 0x83, 0xF0, 0xD4, 0x1F, 0x66, 0x44, 0x68, 0x0E, 0x24,
+  0x23, 0x7E
 };
 
 const uint8_t ID2_KEY2_CERT2[] = {
-  0x06, 0xFD, 0x01, 0x89, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
+  0x06, 0xFD, 0x01, 0x8D, 0x07, 0x43, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61,
   0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D,
-  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
-  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x5A, 0x01, 0xD0, 0x14, 0x03, 0x18, 0x01, 0x02, 0x15, 0xB2,
-  0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31, 0x31, 0x30, 0x35, 0x33, 0x36, 0x30,
-  0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35, 0x33, 0x36, 0x30, 0x32, 0x5A, 0x30,
-  0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62, 0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72,
-  0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x32, 0x2F, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38,
-  0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
-  0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x6C, 0x49, 0x20, 0x7E, 0x59, 0xAF,
-  0x48, 0x1C, 0x9B, 0xCB, 0x67, 0xD4, 0x6F, 0x43, 0x9D, 0xD8, 0xB5, 0x36, 0xDB, 0x72, 0xDA, 0x37, 0x55, 0x4B, 0x8C, 0x69,
-  0x17, 0x87, 0xF6, 0x06, 0xAB, 0x06, 0x70, 0x91, 0xBE, 0x02, 0x79, 0xB1, 0x14, 0x9C, 0xD0, 0x0B, 0x92, 0xD5, 0xC4, 0xF1,
-  0xEC, 0x23, 0x90, 0x95, 0xCB, 0x7D, 0x59, 0x62, 0x3B, 0x30, 0xFE, 0xCF, 0x05, 0xBE, 0x04, 0xC9, 0x78, 0x5C, 0x16, 0x3F,
-  0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66,
-  0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45, 0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B,
-  0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x35, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43,
-  0x45, 0x52, 0x54, 0x17, 0x48, 0x30, 0x46, 0x02, 0x21, 0x00, 0x9E, 0xA1, 0x49, 0xCB, 0x99, 0xB8, 0xB9, 0xD0, 0x86, 0x93,
-  0xB1, 0x5A, 0xD5, 0xAE, 0x2D, 0x32, 0xE8, 0xC1, 0x3F, 0x9E, 0x35, 0x7A, 0x45, 0xD7, 0x2F, 0x79, 0xE3, 0x76, 0x04, 0xCD,
-  0x66, 0x70, 0x02, 0x21, 0x00, 0x99, 0x04, 0x0A, 0x35, 0x3B, 0x53, 0x1B, 0x13, 0x14, 0xAC, 0xB5, 0x8E, 0x6F, 0x1A, 0x72,
-  0x2C, 0x3D, 0x86, 0xCF, 0xF6, 0x8D, 0x2F, 0x13, 0x60, 0x28, 0xB1, 0x13, 0xFE, 0x49, 0x3B, 0xA4, 0xAD
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x37, 0x32, 0x30, 0x30, 0x30, 0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45,
+  0x52, 0x54, 0x08, 0x09, 0xFD, 0x00, 0x00, 0x01, 0x49, 0x9D, 0x5A, 0x77, 0x00, 0x14, 0x09, 0x18, 0x01, 0x02, 0x19, 0x04,
+  0x00, 0x36, 0xEE, 0x80, 0x15, 0xB2, 0x30, 0x81, 0xAF, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x34, 0x31, 0x31, 0x31,
+  0x31, 0x30, 0x35, 0x33, 0x36, 0x33, 0x32, 0x5A, 0x18, 0x0F, 0x32, 0x30, 0x33, 0x34, 0x31, 0x31, 0x30, 0x36, 0x30, 0x35,
+  0x33, 0x36, 0x33, 0x32, 0x5A, 0x30, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x25, 0x2F, 0x70, 0x69, 0x62,
+  0x2F, 0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x2F, 0x69, 0x64, 0x2F, 0x32, 0x2F, 0x6B, 0x73, 0x6B, 0x2D,
+  0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x37, 0x32, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A,
+  0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
+  0x57, 0xE5, 0x0D, 0xDE, 0x12, 0xAD, 0xF2, 0xA7, 0x34, 0x4A, 0x80, 0xFD, 0x7E, 0x75, 0x87, 0x5F, 0xD6, 0x29, 0x97, 0x1A,
+  0x56, 0x25, 0xAD, 0x67, 0x3E, 0x0C, 0x80, 0x21, 0x30, 0x76, 0x4E, 0x23, 0x17, 0xE6, 0xF4, 0x0B, 0xAA, 0xD2, 0xAF, 0x11,
+  0x20, 0xFC, 0xE6, 0xB2, 0xA4, 0x97, 0xDE, 0x45, 0x28, 0x40, 0x80, 0x1F, 0x42, 0xEC, 0x72, 0x06, 0xF3, 0xE6, 0x68, 0xB3,
+  0x20, 0x42, 0x53, 0xA7, 0x16, 0x3F, 0x1B, 0x01, 0x03, 0x1C, 0x3A, 0x07, 0x38, 0x08, 0x03, 0x70, 0x69, 0x62, 0x08, 0x09,
+  0x69, 0x6E, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x08, 0x02, 0x69, 0x64, 0x08, 0x01, 0x32, 0x08, 0x03, 0x4B, 0x45,
+  0x59, 0x08, 0x11, 0x6B, 0x73, 0x6B, 0x2D, 0x31, 0x34, 0x31, 0x35, 0x36, 0x38, 0x34, 0x31, 0x37, 0x32, 0x30, 0x30, 0x30,
+  0x08, 0x07, 0x49, 0x44, 0x2D, 0x43, 0x45, 0x52, 0x54, 0x17, 0x46, 0x30, 0x44, 0x02, 0x20, 0x08, 0x60, 0xC2, 0x77, 0xFA,
+  0x21, 0x28, 0x15, 0x33, 0xF2, 0xFA, 0x5E, 0x3C, 0x70, 0x20, 0xDE, 0x7F, 0xCA, 0x02, 0xB8, 0x39, 0x9C, 0x2C, 0x9A, 0x16,
+  0x42, 0xBD, 0xB6, 0x8B, 0xBF, 0x48, 0xB4, 0x02, 0x20, 0x11, 0xCB, 0x62, 0xA3, 0xB0, 0xC0, 0xD8, 0xA7, 0x03, 0x9C, 0x6E,
+  0x63, 0xCB, 0x14, 0xBE, 0xA8, 0x1D, 0xC8, 0x38, 0x8A, 0xED, 0x31, 0x52, 0xC4, 0xD4, 0x18, 0x27, 0x83, 0x76, 0xB7, 0x50,
+  0xC8
 };
 
 PibDataFixture::PibDataFixture()
   : id1("/pib/interface/id/1")
   , id2("/pib/interface/id/2")
-  , id1Key1Name("/pib/interface/id/1/ksk-1415684132000")
-  , id1Key2Name("/pib/interface/id/1/ksk-1415684152000")
-  , id2Key1Name("/pib/interface/id/2/ksk-1415684132000")
-  , id2Key2Name("/pib/interface/id/2/ksk-1415684152000")
+  , id1Key1Name("/pib/interface/id/1/KEY/ksk-1415684132000")
+  , id1Key2Name("/pib/interface/id/1/KEY/ksk-1415684152000")
+  , id2Key1Name("/pib/interface/id/2/KEY/ksk-1415684132000")
+  , id2Key2Name("/pib/interface/id/2/KEY/ksk-1415684152000")
   , id1Key1(ID1_KEY1, sizeof(ID1_KEY1))
   , id1Key2(ID1_KEY2, sizeof(ID1_KEY2))
   , id2Key1(ID2_KEY1, sizeof(ID2_KEY1))
diff --git a/tests/unit-tests/security/pib/pib-data-fixture.hpp b/tests/unit-tests/security/pib/pib-data-fixture.hpp
index 2971cd5..82a8f3e 100644
--- a/tests/unit-tests/security/pib/pib-data-fixture.hpp
+++ b/tests/unit-tests/security/pib/pib-data-fixture.hpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,7 +22,7 @@
 #ifndef NDN_TESTS_SECURITY_PIB_DATA_FIXTURE_HPP
 #define NDN_TESTS_SECURITY_PIB_DATA_FIXTURE_HPP
 
-#include "security/v1/identity-certificate.hpp"
+#include "security/v2/certificate.hpp"
 
 #include "boost-test.hpp"
 
@@ -44,19 +44,19 @@
   Name id2Key1Name;
   Name id2Key2Name;
 
-  v1::PublicKey id1Key1;
-  v1::PublicKey id1Key2;
-  v1::PublicKey id2Key1;
-  v1::PublicKey id2Key2;
+  Buffer id1Key1;
+  Buffer id1Key2;
+  Buffer id2Key1;
+  Buffer id2Key2;
 
-  v1::IdentityCertificate id1Key1Cert1;
-  v1::IdentityCertificate id1Key1Cert2;
-  v1::IdentityCertificate id1Key2Cert1;
-  v1::IdentityCertificate id1Key2Cert2;
-  v1::IdentityCertificate id2Key1Cert1;
-  v1::IdentityCertificate id2Key1Cert2;
-  v1::IdentityCertificate id2Key2Cert1;
-  v1::IdentityCertificate id2Key2Cert2;
+  v2::Certificate id1Key1Cert1;
+  v2::Certificate id1Key1Cert2;
+  v2::Certificate id1Key2Cert1;
+  v2::Certificate id1Key2Cert2;
+  v2::Certificate id2Key1Cert1;
+  v2::Certificate id2Key1Cert2;
+  v2::Certificate id2Key2Cert1;
+  v2::Certificate id2Key2Cert2;
 };
 
 } // namespace tests
diff --git a/tests/unit-tests/security/pib/pib-impl.t.cpp b/tests/unit-tests/security/pib/pib-impl.t.cpp
index 9a0e85f..ccf54df 100644
--- a/tests/unit-tests/security/pib/pib-impl.t.cpp
+++ b/tests/unit-tests/security/pib/pib-impl.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -22,6 +22,7 @@
 #include "security/pib/pib-memory.hpp"
 #include "security/pib/pib-sqlite3.hpp"
 #include "security/pib/pib.hpp"
+#include "security/security-common.hpp"
 
 #include "boost-test.hpp"
 #include "pib-data-fixture.hpp"
@@ -31,12 +32,17 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
+using namespace ndn::security::tests;
+
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(TestPib)
+BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_AUTO_TEST_SUITE(TestPibImpl)
 
+using pib::Pib;
+
 class PibMemoryWrapper
 {
 public:
@@ -116,48 +122,47 @@
   BOOST_CHECK_THROW(pibImpl.getDefaultKeyOfIdentity(id1), Pib::Error);
 
   // check id1Key1, should not exist, neither should id1.
-  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1, id1Key1Name.get(-1)), false);
+  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1Key1Name), false);
   BOOST_CHECK_EQUAL(pibImpl.hasIdentity(id1), false);
 
   // add id1Key1, should be default, id1 should be added implicitly
-  pibImpl.addKey(id1, id1Key1Name.get(-1), id1Key1);
-  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1, id1Key1Name.get(-1)), true);
+  pibImpl.addKey(id1, id1Key1Name, id1Key1.buf(), id1Key1.size());
+  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1Key1Name), true);
   BOOST_CHECK_EQUAL(pibImpl.hasIdentity(id1), true);
-  const v1::PublicKey& keyBits = pibImpl.getKeyBits(id1, id1Key1Name.get(-1));
-  BOOST_CHECK_EQUAL_COLLECTIONS(keyBits.get().buf(), keyBits.get().buf() + keyBits.get().size(),
-                                id1Key1.get().buf(), id1Key1.get().buf() + id1Key1.get().size());
+  const Buffer& keyBits = pibImpl.getKeyBits(id1Key1Name);
+  BOOST_CHECK_EQUAL_COLLECTIONS(keyBits.begin(), keyBits.end(), id1Key1.begin(), id1Key1.end());
   BOOST_CHECK_NO_THROW(pibImpl.getDefaultKeyOfIdentity(id1));
-  BOOST_CHECK_EQUAL(pibImpl.getDefaultKeyOfIdentity(id1), id1Key1Name.get(-1));
+  BOOST_CHECK_EQUAL(pibImpl.getDefaultKeyOfIdentity(id1), id1Key1Name);
 
   // add id1Key2, should not be default
-  pibImpl.addKey(id1, id1Key2Name.get(-1), id1Key2);
-  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1, id1Key2Name.get(-1)), true);
-  BOOST_CHECK_EQUAL(pibImpl.getDefaultKeyOfIdentity(id1), id1Key1Name.get(-1));
+  pibImpl.addKey(id1, id1Key2Name, id1Key2.buf(), id1Key2.size());
+  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1Key2Name), true);
+  BOOST_CHECK_EQUAL(pibImpl.getDefaultKeyOfIdentity(id1), id1Key1Name);
 
   // set id1Key2 explicitly as default
-  pibImpl.setDefaultKeyOfIdentity(id1, id1Key2Name.get(-1));
-  BOOST_CHECK_EQUAL(pibImpl.getDefaultKeyOfIdentity(id1), id1Key2Name.get(-1));
+  pibImpl.setDefaultKeyOfIdentity(id1, id1Key2Name);
+  BOOST_CHECK_EQUAL(pibImpl.getDefaultKeyOfIdentity(id1), id1Key2Name);
 
   // set a non-existing key as default, throw Error
-  BOOST_CHECK_THROW(pibImpl.setDefaultKeyOfIdentity(id1, name::Component("non-existing")),
+  BOOST_CHECK_THROW(pibImpl.setDefaultKeyOfIdentity(id1, Name("/non-existing")),
                     Pib::Error);
 
   // remove id1Key2, should not have default key
-  pibImpl.removeKey(id1, id1Key2Name.get(-1));
-  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1, id1Key2Name.get(-1)), false);
-  BOOST_CHECK_THROW(pibImpl.getKeyBits(id1, id1Key2Name.get(-1)), Pib::Error);
+  pibImpl.removeKey(id1Key2Name);
+  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1Key2Name), false);
+  BOOST_CHECK_THROW(pibImpl.getKeyBits(id1Key2Name), Pib::Error);
   BOOST_CHECK_THROW(pibImpl.getDefaultKeyOfIdentity(id1), Pib::Error);
 
   // add id1Key2 back, should be default
-  pibImpl.addKey(id1, id1Key2Name.get(-1), id1Key2);
-  BOOST_CHECK_NO_THROW(pibImpl.getKeyBits(id1, id1Key2Name.get(-1)));
-  BOOST_CHECK_EQUAL(pibImpl.getDefaultKeyOfIdentity(id1), id1Key2Name.get(-1));
+  pibImpl.addKey(id1, id1Key2Name, id1Key2.buf(), id1Key2.size());
+  BOOST_CHECK_NO_THROW(pibImpl.getKeyBits(id1Key2Name));
+  BOOST_CHECK_EQUAL(pibImpl.getDefaultKeyOfIdentity(id1), id1Key2Name);
 
   // get all the keys: id1Key1 and id1Key2
-  std::set<name::Component> keyNames = pibImpl.getKeysOfIdentity(id1);
+  std::set<Name> keyNames = pibImpl.getKeysOfIdentity(id1);
   BOOST_CHECK_EQUAL(keyNames.size(), 2);
-  BOOST_CHECK_EQUAL(keyNames.count(id1Key1Name.get(-1)), 1);
-  BOOST_CHECK_EQUAL(keyNames.count(id1Key2Name.get(-1)), 1);
+  BOOST_CHECK_EQUAL(keyNames.count(id1Key1Name), 1);
+  BOOST_CHECK_EQUAL(keyNames.count(id1Key2Name), 1);
 
   // remove id1, should remove all the keys
   pibImpl.removeIdentity(id1);
@@ -171,66 +176,67 @@
   PibImpl& pibImpl = wrapper.impl;
 
   // no default setting, throw Error
-  BOOST_CHECK_THROW(pibImpl.getDefaultCertificateOfKey(id1, id1Key1Name.get(-1)), Pib::Error);
+  BOOST_CHECK_THROW(pibImpl.getDefaultCertificateOfKey(id1Key1Name), Pib::Error);
 
   // check id1Key1Cert1, should not exist, neither should id1 and id1Key1
   BOOST_CHECK_EQUAL(pibImpl.hasCertificate(id1Key1Cert1.getName()), false);
   BOOST_CHECK_EQUAL(pibImpl.hasIdentity(id1), false);
-  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1, id1Key1Name.get(-1)), false);
+  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1Key1Name), false);
 
   // add id1Key1Cert1, should be default, id1 and id1Key1 should be added implicitly
   pibImpl.addCertificate(id1Key1Cert1);
   BOOST_CHECK_EQUAL(pibImpl.hasCertificate(id1Key1Cert1.getName()), true);
   BOOST_CHECK_EQUAL(pibImpl.hasIdentity(id1), true);
-  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1, id1Key1Name.get(-1)), true);
-  const v1::IdentityCertificate& cert = pibImpl.getCertificate(id1Key1Cert1.getName());
+  BOOST_CHECK_EQUAL(pibImpl.hasKey(id1Key1Name), true);
+  const auto& cert = pibImpl.getCertificate(id1Key1Cert1.getName());
   BOOST_CHECK_EQUAL_COLLECTIONS(cert.wireEncode().wire(),
                                 cert.wireEncode().wire() + cert.wireEncode().size(),
                                 id1Key1Cert1.wireEncode().wire(),
                                 id1Key1Cert1.wireEncode().wire() + id1Key1Cert1.wireEncode().size());
-  BOOST_CHECK_NO_THROW(pibImpl.getDefaultCertificateOfKey(id1, id1Key1Name.get(-1)));
-  BOOST_CHECK_EQUAL(pibImpl.getDefaultCertificateOfKey(id1, id1Key1Name.get(-1)), id1Key1Cert1);
+  BOOST_CHECK_NO_THROW(pibImpl.getDefaultCertificateOfKey(id1Key1Name));
+  BOOST_CHECK_EQUAL(pibImpl.getDefaultCertificateOfKey(id1Key1Name), id1Key1Cert1);
 
   // add id1Key1Cert2, should not be default
   pibImpl.addCertificate(id1Key1Cert2);
   BOOST_CHECK_EQUAL(pibImpl.hasCertificate(id1Key1Cert2.getName()), true);
-  BOOST_CHECK_EQUAL(pibImpl.getDefaultCertificateOfKey(id1, id1Key1Name.get(-1)), id1Key1Cert1);
+  BOOST_CHECK_EQUAL(pibImpl.getDefaultCertificateOfKey(id1Key1Name), id1Key1Cert1);
 
   // set id1Key1Cert2 explicitly as default
-  pibImpl.setDefaultCertificateOfKey(id1, id1Key1Name.get(-1), id1Key1Cert2.getName());
-  BOOST_CHECK_EQUAL(pibImpl.getDefaultCertificateOfKey(id1, id1Key1Name.get(-1)), id1Key1Cert2);
+  pibImpl.setDefaultCertificateOfKey(id1Key1Name, id1Key1Cert2.getName());
+  BOOST_CHECK_EQUAL(pibImpl.getDefaultCertificateOfKey(id1Key1Name), id1Key1Cert2);
 
   // set a non-existing cert as default, throw Error
-  BOOST_CHECK_THROW(pibImpl.setDefaultCertificateOfKey(id1, id1Key1Name.get(-1), Name("/non-existing")),
+  BOOST_CHECK_THROW(pibImpl.setDefaultCertificateOfKey(id1Key1Name, Name("/non-existing")),
                     Pib::Error);
 
   // remove id1Key1Cert2, should not have default cert
   pibImpl.removeCertificate(id1Key1Cert2.getName());
   BOOST_CHECK_EQUAL(pibImpl.hasCertificate(id1Key1Cert2.getName()), false);
   BOOST_CHECK_THROW(pibImpl.getCertificate(id1Key1Cert2.getName()), Pib::Error);
-  BOOST_CHECK_THROW(pibImpl.getDefaultCertificateOfKey(id1, id1Key1Name.get(-1)), Pib::Error);
+  BOOST_CHECK_THROW(pibImpl.getDefaultCertificateOfKey(id1Key1Name), Pib::Error);
 
   // add id1Key1Cert2, should be default
   pibImpl.addCertificate(id1Key1Cert2);
   BOOST_CHECK_NO_THROW(pibImpl.getCertificate(id1Key1Cert1.getName()));
-  BOOST_CHECK_EQUAL(pibImpl.getDefaultCertificateOfKey(id1, id1Key1Name.get(-1)), id1Key1Cert2);
+  BOOST_CHECK_EQUAL(pibImpl.getDefaultCertificateOfKey(id1Key1Name), id1Key1Cert2);
 
   // get all certificates: id1Key1Cert1 and id1Key1Cert2
-  std::set<Name> certNames = pibImpl.getCertificatesOfKey(id1, id1Key1Name.get(-1));
+  std::set<Name> certNames = pibImpl.getCertificatesOfKey(id1Key1Name);
   BOOST_CHECK_EQUAL(certNames.size(), 2);
   BOOST_CHECK_EQUAL(certNames.count(id1Key1Cert1.getName()), 1);
   BOOST_CHECK_EQUAL(certNames.count(id1Key1Cert2.getName()), 1);
 
   // remove id1Key1, should remove all the certs
-  pibImpl.removeKey(id1, id1Key1Name.get(-1));
-  certNames = pibImpl.getCertificatesOfKey(id1, id1Key1Name.get(-1));
+  pibImpl.removeKey(id1Key1Name);
+  certNames = pibImpl.getCertificatesOfKey(id1Key1Name);
   BOOST_CHECK_EQUAL(certNames.size(), 0);
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestPibImpl
-BOOST_AUTO_TEST_SUITE_END() // TestPib
+BOOST_AUTO_TEST_SUITE_END() // Pib
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/pib/pib-memory.t.cpp b/tests/unit-tests/security/pib/pib-memory.t.cpp
index 9d2c3f8..b8bfb62 100644
--- a/tests/unit-tests/security/pib/pib-memory.t.cpp
+++ b/tests/unit-tests/security/pib/pib-memory.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -25,11 +25,12 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
 // most functionalities are tested in pib-impl.t.cpp
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(TestPib)
+BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_AUTO_TEST_SUITE(TestPibMemory)
 
 BOOST_AUTO_TEST_CASE(TpmLocatorManagement)
@@ -41,9 +42,10 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestPibMemory
-BOOST_AUTO_TEST_SUITE_END() // TestPib
+BOOST_AUTO_TEST_SUITE_END() // Pib
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/pib/pib-sqlite3.t.cpp b/tests/unit-tests/security/pib/pib-sqlite3.t.cpp
index 7055a37..aec65a1 100644
--- a/tests/unit-tests/security/pib/pib-sqlite3.t.cpp
+++ b/tests/unit-tests/security/pib/pib-sqlite3.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -28,10 +28,11 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(TestPib)
+BOOST_AUTO_TEST_SUITE(Pib)
 
 class PibSqlite3TestFixture
 {
@@ -56,42 +57,44 @@
 
 BOOST_FIXTURE_TEST_SUITE(TestPibSqlite3, PibSqlite3TestFixture)
 
+using pib::Pib;
+
 // most functionalities are tested in pib-impl.t.cpp
 
 const uint8_t SELF_SIGNED_ECDSA_CERT[] = {
-0x06, 0xfd, 0x01, 0x5b, 0x07, 0x33, 0x08, 0x05, 0x65, 0x63, 0x64, 0x73, 0x61, 0x08, 0x03,
-0x4b, 0x45, 0x59, 0x08, 0x11, 0x6b, 0x73, 0x6b, 0x2d, 0x31, 0x34, 0x31, 0x36, 0x35, 0x39,
-0x34, 0x35, 0x35, 0x32, 0x38, 0x32, 0x37, 0x08, 0x07, 0x49, 0x44, 0x2d, 0x43, 0x45, 0x52,
-0x54, 0x08, 0x09, 0xfd, 0x00, 0x00, 0x01, 0x49, 0xd3, 0x9d, 0x78, 0x00, 0x14, 0x03, 0x18,
-0x01, 0x02, 0x15, 0xa5, 0x30, 0x81, 0xa2, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x34,
-0x31, 0x31, 0x32, 0x31, 0x31, 0x38, 0x32, 0x39, 0x31, 0x32, 0x5a, 0x18, 0x0f, 0x32, 0x30,
-0x33, 0x34, 0x31, 0x31, 0x31, 0x36, 0x31, 0x38, 0x32, 0x39, 0x31, 0x32, 0x5a, 0x30, 0x21,
-0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x18, 0x2f, 0x65, 0x63, 0x64, 0x73, 0x61,
-0x2f, 0x6b, 0x73, 0x6b, 0x2d, 0x31, 0x34, 0x31, 0x36, 0x35, 0x39, 0x34, 0x35, 0x35, 0x32,
-0x38, 0x32, 0x37, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
-0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
-0x83, 0xe5, 0x81, 0x19, 0xd9, 0xfa, 0x64, 0x40, 0xad, 0x7c, 0x93, 0xfc, 0x15, 0x90, 0x6b,
-0x38, 0x1e, 0xc5, 0xca, 0xb1, 0x6b, 0x0b, 0x1f, 0x64, 0xbf, 0x48, 0xaa, 0xd0, 0x91, 0x5c,
-0x24, 0xd6, 0x78, 0x40, 0xfd, 0x95, 0x5d, 0x54, 0x64, 0xe1, 0x2d, 0x0e, 0x98, 0x66, 0x1d,
-0x7a, 0xb0, 0x61, 0x17, 0x05, 0x26, 0x13, 0x63, 0x25, 0x7c, 0xda, 0x87, 0x11, 0xc9, 0x67,
-0xcd, 0x12, 0x05, 0xf0, 0x16, 0x2f, 0x1b, 0x01, 0x03, 0x1c, 0x2a, 0x07, 0x28, 0x08, 0x05,
-0x65, 0x63, 0x64, 0x73, 0x61, 0x08, 0x03, 0x4b, 0x45, 0x59, 0x08, 0x11, 0x6b, 0x73, 0x6b,
-0x2d, 0x31, 0x34, 0x31, 0x36, 0x35, 0x39, 0x34, 0x35, 0x35, 0x32, 0x38, 0x32, 0x37, 0x08,
-0x07, 0x49, 0x44, 0x2d, 0x43, 0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x21, 0x00,
-0x9b, 0xae, 0xf4, 0x87, 0x55, 0xaa, 0x78, 0xbf, 0x00, 0xff, 0x1a, 0xbe, 0x90, 0x46, 0x6e,
-0xdd, 0xe6, 0x3b, 0x44, 0xfd, 0x41, 0x04, 0x86, 0xcc, 0x6a, 0x8b, 0x5a, 0x25, 0xbb, 0xf1,
-0x55, 0xcd, 0x02, 0x20, 0x0e, 0x67, 0xd8, 0x86, 0xe8, 0x7c, 0x90, 0x3c, 0x13, 0xfd, 0x36,
-0x9c, 0xbc, 0xa1, 0xc3, 0x7c, 0xe0, 0x0c, 0x6d, 0x64, 0xac, 0xdb, 0x69, 0x99, 0xde, 0x80,
-0x35, 0x3f, 0xf4, 0x6a, 0xcd, 0x6f
+  0x06, 0xfd, 0x01, 0x5b, 0x07, 0x33, 0x08, 0x05, 0x65, 0x63, 0x64, 0x73, 0x61, 0x08, 0x03,
+  0x4b, 0x45, 0x59, 0x08, 0x11, 0x6b, 0x73, 0x6b, 0x2d, 0x31, 0x34, 0x31, 0x36, 0x35, 0x39,
+  0x34, 0x35, 0x35, 0x32, 0x38, 0x32, 0x37, 0x08, 0x07, 0x49, 0x44, 0x2d, 0x43, 0x45, 0x52,
+  0x54, 0x08, 0x09, 0xfd, 0x00, 0x00, 0x01, 0x49, 0xd3, 0x9d, 0x78, 0x00, 0x14, 0x03, 0x18,
+  0x01, 0x02, 0x15, 0xa5, 0x30, 0x81, 0xa2, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x34,
+  0x31, 0x31, 0x32, 0x31, 0x31, 0x38, 0x32, 0x39, 0x31, 0x32, 0x5a, 0x18, 0x0f, 0x32, 0x30,
+  0x33, 0x34, 0x31, 0x31, 0x31, 0x36, 0x31, 0x38, 0x32, 0x39, 0x31, 0x32, 0x5a, 0x30, 0x21,
+  0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x29, 0x13, 0x18, 0x2f, 0x65, 0x63, 0x64, 0x73, 0x61,
+  0x2f, 0x6b, 0x73, 0x6b, 0x2d, 0x31, 0x34, 0x31, 0x36, 0x35, 0x39, 0x34, 0x35, 0x35, 0x32,
+  0x38, 0x32, 0x37, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+  0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
+  0x83, 0xe5, 0x81, 0x19, 0xd9, 0xfa, 0x64, 0x40, 0xad, 0x7c, 0x93, 0xfc, 0x15, 0x90, 0x6b,
+  0x38, 0x1e, 0xc5, 0xca, 0xb1, 0x6b, 0x0b, 0x1f, 0x64, 0xbf, 0x48, 0xaa, 0xd0, 0x91, 0x5c,
+  0x24, 0xd6, 0x78, 0x40, 0xfd, 0x95, 0x5d, 0x54, 0x64, 0xe1, 0x2d, 0x0e, 0x98, 0x66, 0x1d,
+  0x7a, 0xb0, 0x61, 0x17, 0x05, 0x26, 0x13, 0x63, 0x25, 0x7c, 0xda, 0x87, 0x11, 0xc9, 0x67,
+  0xcd, 0x12, 0x05, 0xf0, 0x16, 0x2f, 0x1b, 0x01, 0x03, 0x1c, 0x2a, 0x07, 0x28, 0x08, 0x05,
+  0x65, 0x63, 0x64, 0x73, 0x61, 0x08, 0x03, 0x4b, 0x45, 0x59, 0x08, 0x11, 0x6b, 0x73, 0x6b,
+  0x2d, 0x31, 0x34, 0x31, 0x36, 0x35, 0x39, 0x34, 0x35, 0x35, 0x32, 0x38, 0x32, 0x37, 0x08,
+  0x07, 0x49, 0x44, 0x2d, 0x43, 0x45, 0x52, 0x54, 0x17, 0x47, 0x30, 0x45, 0x02, 0x21, 0x00,
+  0x9b, 0xae, 0xf4, 0x87, 0x55, 0xaa, 0x78, 0xbf, 0x00, 0xff, 0x1a, 0xbe, 0x90, 0x46, 0x6e,
+  0xdd, 0xe6, 0x3b, 0x44, 0xfd, 0x41, 0x04, 0x86, 0xcc, 0x6a, 0x8b, 0x5a, 0x25, 0xbb, 0xf1,
+  0x55, 0xcd, 0x02, 0x20, 0x0e, 0x67, 0xd8, 0x86, 0xe8, 0x7c, 0x90, 0x3c, 0x13, 0xfd, 0x36,
+  0x9c, 0xbc, 0xa1, 0xc3, 0x7c, 0xe0, 0x0c, 0x6d, 0x64, 0xac, 0xdb, 0x69, 0x99, 0xde, 0x80,
+  0x35, 0x3f, 0xf4, 0x6a, 0xcd, 0x6f
 };
 
 BOOST_AUTO_TEST_CASE(TpmTest)
 {
   Block selfSignedCertBlock(SELF_SIGNED_ECDSA_CERT, sizeof(SELF_SIGNED_ECDSA_CERT));
-  v1::IdentityCertificate cert;
+  v2::Certificate cert;
   cert.wireDecode(selfSignedCertBlock);
-  Name identity = cert.getPublicKeyName().getPrefix(-1);
-  name::Component keyId = cert.getPublicKeyName().get(-1);
+  Name identity = cert.getIdentity();
+  Name keyName = cert.getKeyName();
   Name certName = cert.getName();
 
   // Basic getting and setting
@@ -102,13 +105,13 @@
   // Add cert, and do not change tpmLocator
   impl.addCertificate(cert);
   BOOST_CHECK(impl.hasIdentity(identity));
-  BOOST_CHECK(impl.hasKey(identity, keyId));
+  BOOST_CHECK(impl.hasKey(keyName));
   BOOST_CHECK(impl.hasCertificate(certName));
 
   // Set tpmLocator with the existing value, nothing should change.
   impl.setTpmLocator("tpmLocator");
   BOOST_CHECK(impl.hasIdentity(identity));
-  BOOST_CHECK(impl.hasKey(identity, keyId));
+  BOOST_CHECK(impl.hasKey(keyName));
   BOOST_CHECK(impl.hasCertificate(certName));
 
   // Change tpmLocator and ensure the pib is reset
@@ -117,13 +120,14 @@
 
   BOOST_CHECK_EQUAL(impl.getIdentities().size(), 0);
   BOOST_CHECK_EQUAL(impl.getKeysOfIdentity(identity).size(), 0);
-  BOOST_CHECK_EQUAL(impl.getCertificatesOfKey(identity, keyId).size(), 0);
+  BOOST_CHECK_EQUAL(impl.getCertificatesOfKey(keyName).size(), 0);
 }
 
 BOOST_AUTO_TEST_SUITE_END() // TestPibSqlite3
-BOOST_AUTO_TEST_SUITE_END() // TestPib
+BOOST_AUTO_TEST_SUITE_END() // Pib
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn
diff --git a/tests/unit-tests/security/pib/pib.t.cpp b/tests/unit-tests/security/pib/pib.t.cpp
index 7c6b47f..97e8568 100644
--- a/tests/unit-tests/security/pib/pib.t.cpp
+++ b/tests/unit-tests/security/pib/pib.t.cpp
@@ -1,6 +1,6 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /**
- * Copyright (c) 2013-2016 Regents of the University of California.
+ * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
@@ -27,12 +27,17 @@
 
 namespace ndn {
 namespace security {
+namespace pib {
 namespace tests {
 
+using namespace ndn::security::tests;
+
 BOOST_AUTO_TEST_SUITE(Security)
-BOOST_AUTO_TEST_SUITE(TestPib)
+BOOST_AUTO_TEST_SUITE(Pib)
 BOOST_FIXTURE_TEST_SUITE(Common, PibDataFixture)
 
+using pib::Pib;
+
 BOOST_AUTO_TEST_CASE(ValidityChecking)
 {
   auto pibImpl = make_shared<PibMemory>();
@@ -49,7 +54,7 @@
     BOOST_CHECK(false);
 
   // key
-  Key key = id.addKey(id1Key1, id1Key1Name.get(-1));
+  Key key = id.addKey(id1Key1.buf(), id1Key1.size(), id1Key1Name);
 
   BOOST_CHECK_EQUAL(bool(key), true);
   BOOST_CHECK_EQUAL(!key, false);
@@ -81,9 +86,10 @@
 }
 
 BOOST_AUTO_TEST_SUITE_END() // Common
-BOOST_AUTO_TEST_SUITE_END() // TestPib
+BOOST_AUTO_TEST_SUITE_END() // Pib
 BOOST_AUTO_TEST_SUITE_END() // Security
 
 } // namespace tests
+} // namespace pib
 } // namespace security
 } // namespace ndn