security: Added EncryptionManager.
diff --git a/Makefile.am b/Makefile.am
index 4efdccc..26ead13 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -69,6 +69,7 @@
   ndn-cpp/security/security-exception.cpp ndn-cpp/security/security-exception.hpp \
   ndn-cpp/security/certificate/oid.cpp ndn-cpp/security/certificate/oid.hpp \
   ndn-cpp/security/certificate/public-key.cpp ndn-cpp/security/certificate/public-key.hpp \
+  ndn-cpp/security/encryption/encryption-manager.hpp \
   ndn-cpp/security/identity/identity-manager.cpp ndn-cpp/security/identity/identity-manager.hpp \
   ndn-cpp/security/identity/identity-storage.hpp \
   ndn-cpp/security/identity/memory-identity-storage.cpp ndn-cpp/security/identity/memory-identity-storage.hpp \
diff --git a/Makefile.in b/Makefile.in
index 7a3de7e..3a24a6a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -534,6 +534,7 @@
   ndn-cpp/security/security-exception.cpp ndn-cpp/security/security-exception.hpp \
   ndn-cpp/security/certificate/oid.cpp ndn-cpp/security/certificate/oid.hpp \
   ndn-cpp/security/certificate/public-key.cpp ndn-cpp/security/certificate/public-key.hpp \
+  ndn-cpp/security/encryption/encryption-manager.hpp \
   ndn-cpp/security/identity/identity-manager.cpp ndn-cpp/security/identity/identity-manager.hpp \
   ndn-cpp/security/identity/identity-storage.hpp \
   ndn-cpp/security/identity/memory-identity-storage.cpp ndn-cpp/security/identity/memory-identity-storage.hpp \
diff --git a/ndn-cpp/security/encryption/encryption-manager.hpp b/ndn-cpp/security/encryption/encryption-manager.hpp
new file mode 100644
index 0000000..88a69c8
--- /dev/null
+++ b/ndn-cpp/security/encryption/encryption-manager.hpp
@@ -0,0 +1,34 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_ENCRYPTION_MANAGER_HPP
+#define	NDN_ENCRYPTION_MANAGER_HPP
+
+#include "../../name.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+
+class EncryptionManager {
+public:
+  virtual ~EncryptionManager() {}
+    
+  virtual void 
+  createSymmetricKey(const Name& keyName, KeyType keyType, const Name& signkeyName = Name(), bool isSymmetric = true) = 0;
+
+  virtual Blob
+  encrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = false, 
+          EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) = 0;
+
+  virtual Blob
+  decrypt(const Name& keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = false, 
+          EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT) = 0;
+};
+
+}
+
+#endif
diff --git a/ndn-cpp/security/key-chain.hpp b/ndn-cpp/security/key-chain.hpp
index ff54aa9..5a1198a 100644
--- a/ndn-cpp/security/key-chain.hpp
+++ b/ndn-cpp/security/key-chain.hpp
@@ -10,6 +10,7 @@
 #include "../data.hpp"
 #include "../face.hpp"
 #include "identity/identity-manager.hpp"
+#include "encryption/encryption-manager.hpp"
 
 namespace ndn {
 
@@ -26,7 +27,7 @@
 typedef func_lib::function<void(const ptr_lib::shared_ptr<Data>& data)> OnVerifyFailed;
 
 /**
- * Keychain is main class of security library.
+ * Keychain is the main class of the security library.
  *
  * The Keychain class provides a set of interfaces to the security library such as identity management, policy configuration 
  * and packet signing and verification.
@@ -36,6 +37,126 @@
   KeyChain
     (const ptr_lib::shared_ptr<IdentityManager>& identityManager, const ptr_lib::shared_ptr<PolicyManager>& policyManager);
 
+  /*****************************************
+   *          Identity Management          *
+   *****************************************/
+
+#if 0
+  /**
+   * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK.
+   * @param identityName The name of the identity.
+   * @return The key name of the auto-generated KSK of the identity.
+   */
+  Name
+  createIdentity(const Name& identityName)
+  {
+    return identityManager_->createIdentity(identityName);
+  }
+#endif
+
+  /**
+   * Get the default identity.
+   * @return The default identity name.
+   */
+  Name
+  getDefaultIdentity()
+  {
+    return identityManager_->getDefaultIdentity();
+  }
+  
+#if 0
+  /**
+   * Generate a pair of RSA keys for the specified identity
+   * @param identity the name of the identity
+   * @param ksk create a KSK or not, true for KSK, false for DSK 
+   * @param keySize the size of the key
+   * @return the generated key name 
+   */
+  Name
+  generateRSAKeyPair (const Name& identity, bool ksk = false, int keySize = 2048);
+
+  /**
+   * Set a key as the default key of an identity
+   * @param keyName the name of the key
+   * @param identity the name of the identity, if not specified the identity name can be inferred from the keyName
+   */
+  void
+  setDefaultKeyForIdentity (const Name& keyName, const Name& identity = Name());
+
+  /**
+   * Generate a pair of RSA keys for the specified identity and set it as default key of the identity
+   * @param identity the name of the identity
+   * @param ksk create a KSK or not, true for KSK, false for DSK 
+   * @param keySize the size of the key
+   * @return the generated key name
+   */
+  Name
+  generateRSAKeyPairAsDefault (const Name& identity, bool ksk = false, int keySize = 2048);
+
+  /**
+   * Create a public key signing request
+   * @param keyName the name of the key
+   * @returns signing request blob
+   */
+  Ptr<Blob> 
+  createSigningRequest(const Name& keyName);
+
+  /**
+   * Install a certificate into identity
+   * @param certificate the certificate in terms of Data packet
+   */
+  void 
+  installCertificate(Ptr<Certificate> certificate);
+
+  /**
+   * Set a certificate as the default certificate name of the corresponding key
+   * @param certificateName the name of the certificate
+   */
+  void
+  setDefaultCertificateForKey(const Name& certificateName);
+
+  /**
+   * Get certificate
+   * @param certificateName name of the certificate
+   * @returns certificate that is valid 
+   */
+  Ptr<Certificate> 
+  getCertificate(const Name& certificateName);
+
+  /**
+   * Get certificate even if it is not valid
+   * @param certificateName name of the certificate
+   * @returns certificate that is valid 
+   */
+  Ptr<Certificate>
+  getAnyCertificate(const Name& certName);
+
+  /**
+   * Revoke a key
+   * @param keyName the name of the key that will be revoked
+   */
+  void 
+  revokeKey(const Name & keyName);
+
+  /**
+   * Revoke a certificate
+   * @param certificateName the name of the certificate that will be revoked
+   */
+  void 
+  revokeCertificate(const Name & certificateName);
+#endif
+
+  /*****************************************
+   *           Policy Management           *
+   *****************************************/
+
+  const ptr_lib::shared_ptr<PolicyManager>&
+  getPolicyManager() { return policyManager_; }
+  
+  /*****************************************
+   *              Sign/Verify              *
+   *****************************************/
+
   /**
    * Wire encode the Data object, sign it and set its signature.
    * Note: the caller must make sure the timestamp is correct, for example with 
@@ -46,7 +167,7 @@
    */
   void 
   sign(Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
-
+  
   /**
    * Wire encode the Data object, sign it and set its signature.
    * Note: the caller must make sure the timestamp is correct, for example with 
@@ -70,6 +191,53 @@
   verifyData
     (const ptr_lib::shared_ptr<Data>& data, const OnVerified& onVerified, const OnVerifyFailed& onVerifyFailed, int stepCount = 0);
 
+  /*****************************************
+   *           Encrypt/Decrypt             *
+   *****************************************/
+
+  /**
+   * Generate a symmetric key.
+   * @param keyName The name of the generated key.
+   * @param keyType The type of the key, e.g. KEY_TYPE_AES
+   */
+  void 
+  generateSymmetricKey(const Name& keyName, KeyType keyType)
+  {
+    encryptionManager_->createSymmetricKey(keyName, keyType);
+  }
+
+  /**
+   * Encrypt a byte array.
+   * @param keyName The name of the encrypting key.
+   * @param data The byte array that will be encrypted.
+   * @param dataLength The length of data.
+   * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
+   * @param encryptMode the encryption mode
+   * @return the encrypted data as an immutable Blob.
+   */
+  Blob
+  encrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true, 
+          EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
+  {
+    return encryptionManager_->encrypt(keyName, data, dataLength, useSymmetric, encryptMode);
+  }
+
+  /**
+   * Decrypt a byte array.
+   * @param keyName The name of the decrypting key.
+   * @param data The byte array that will be decrypted.
+   * @param dataLength The length of data.
+   * @param useSymmetric If true then symmetric encryption is used, otherwise asymmetric encryption is used.
+   * @param encryptMode the encryption mode
+   * @return the decrypted data as an immutable Blob.
+   */
+  Blob
+  decrypt(const Name &keyName, const uint8_t* data, size_t dataLength, bool useSymmetric = true, 
+          EncryptMode encryptMode = ENCRYPT_MODE_DEFAULT)
+  {
+     return encryptionManager_->decrypt(keyName, data, dataLength, useSymmetric, encryptMode);
+  }
+  
   /**
    * Set the Face which will be used to fetch required certificates.
    * @param face A pointer to the Face object.
@@ -80,6 +248,7 @@
 private:
   ptr_lib::shared_ptr<IdentityManager> identityManager_;
   ptr_lib::shared_ptr<PolicyManager> policyManager_;
+  ptr_lib::shared_ptr<EncryptionManager> encryptionManager_;
   Face* face_;
   const int maxSteps_;
 };
diff --git a/ndn-cpp/security/security-common.hpp b/ndn-cpp/security/security-common.hpp
index c9693a8..1222480 100644
--- a/ndn-cpp/security/security-common.hpp
+++ b/ndn-cpp/security/security-common.hpp
@@ -37,9 +37,9 @@
 };
 
 enum EncryptMode {
-  ENCRYPTION_MODE_DEFAULT,
-  ENCRYPTION_MODE_CFB_AES,
-  // ENCRYPTION_MODE_CBC_AES
+  ENCRYPT_MODE_DEFAULT,
+  ENCRYPT_MODE_CFB_AES,
+  // ENCRYPT_MODE_CBC_AES
 };
 
 }