diff --git a/Makefile.am b/Makefile.am
index e67a5bf..f65bdaf 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -64,6 +64,9 @@
   ndn-cpp/encoding/wire-format.cpp ndn-cpp/encoding/wire-format.hpp \
   ndn-cpp/security/security-common.hpp \
   ndn-cpp/security/key-chain.cpp ndn-cpp/security/key-chain.hpp \
+  ndn-cpp/security/security-exception.cpp ndn-cpp/security/security-exception.hpp \
+  ndn-cpp/security/certificate/oid.cpp ndn-cpp/security/certificate/oid.hpp \
+  ndn-cpp/security/certificate/public-key.cpp ndn-cpp/security/certificate/public-key.hpp \
   ndn-cpp/security/identity/identity-manager.cpp ndn-cpp/security/identity/identity-manager.hpp \
   ndn-cpp/security/identity/private-key-storage.cpp ndn-cpp/identity/security/private-key-storage.hpp \
   ndn-cpp/c/transport/socket-transport.h ndn-cpp/c/transport/tcp-transport.h ndn-cpp/transport/tcp-transport.cpp ndn-cpp/transport/tcp-transport.hpp \
diff --git a/Makefile.in b/Makefile.in
index 4e78d17..ab3b7e7 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -160,6 +160,9 @@
 	ndn-cpp/encoding/binary-xml-element-reader.lo \
 	ndn-cpp/encoding/binary-xml-wire-format.lo \
 	ndn-cpp/encoding/wire-format.lo ndn-cpp/security/key-chain.lo \
+	ndn-cpp/security/security-exception.lo \
+	ndn-cpp/security/certificate/oid.lo \
+	ndn-cpp/security/certificate/public-key.lo \
 	ndn-cpp/security/identity/identity-manager.lo \
 	ndn-cpp/security/identity/private-key-storage.lo \
 	ndn-cpp/transport/tcp-transport.lo \
@@ -524,6 +527,9 @@
   ndn-cpp/encoding/wire-format.cpp ndn-cpp/encoding/wire-format.hpp \
   ndn-cpp/security/security-common.hpp \
   ndn-cpp/security/key-chain.cpp ndn-cpp/security/key-chain.hpp \
+  ndn-cpp/security/security-exception.cpp ndn-cpp/security/security-exception.hpp \
+  ndn-cpp/security/certificate/oid.cpp ndn-cpp/security/certificate/oid.hpp \
+  ndn-cpp/security/certificate/public-key.cpp ndn-cpp/security/certificate/public-key.hpp \
   ndn-cpp/security/identity/identity-manager.cpp ndn-cpp/security/identity/identity-manager.hpp \
   ndn-cpp/security/identity/private-key-storage.cpp ndn-cpp/identity/security/private-key-storage.hpp \
   ndn-cpp/c/transport/socket-transport.h ndn-cpp/c/transport/tcp-transport.h ndn-cpp/transport/tcp-transport.cpp ndn-cpp/transport/tcp-transport.hpp \
@@ -756,6 +762,21 @@
 	@: > ndn-cpp/security/$(DEPDIR)/$(am__dirstamp)
 ndn-cpp/security/key-chain.lo: ndn-cpp/security/$(am__dirstamp) \
 	ndn-cpp/security/$(DEPDIR)/$(am__dirstamp)
+ndn-cpp/security/security-exception.lo:  \
+	ndn-cpp/security/$(am__dirstamp) \
+	ndn-cpp/security/$(DEPDIR)/$(am__dirstamp)
+ndn-cpp/security/certificate/$(am__dirstamp):
+	@$(MKDIR_P) ndn-cpp/security/certificate
+	@: > ndn-cpp/security/certificate/$(am__dirstamp)
+ndn-cpp/security/certificate/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ndn-cpp/security/certificate/$(DEPDIR)
+	@: > ndn-cpp/security/certificate/$(DEPDIR)/$(am__dirstamp)
+ndn-cpp/security/certificate/oid.lo:  \
+	ndn-cpp/security/certificate/$(am__dirstamp) \
+	ndn-cpp/security/certificate/$(DEPDIR)/$(am__dirstamp)
+ndn-cpp/security/certificate/public-key.lo:  \
+	ndn-cpp/security/certificate/$(am__dirstamp) \
+	ndn-cpp/security/certificate/$(DEPDIR)/$(am__dirstamp)
 ndn-cpp/security/identity/$(am__dirstamp):
 	@$(MKDIR_P) ndn-cpp/security/identity
 	@: > ndn-cpp/security/identity/$(am__dirstamp)
@@ -900,6 +921,8 @@
 	-rm -f ndn-cpp/encoding/*.lo
 	-rm -f ndn-cpp/security/*.$(OBJEXT)
 	-rm -f ndn-cpp/security/*.lo
+	-rm -f ndn-cpp/security/certificate/*.$(OBJEXT)
+	-rm -f ndn-cpp/security/certificate/*.lo
 	-rm -f ndn-cpp/security/identity/*.$(OBJEXT)
 	-rm -f ndn-cpp/security/identity/*.lo
 	-rm -f ndn-cpp/transport/*.$(OBJEXT)
@@ -942,6 +965,9 @@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/encoding/$(DEPDIR)/binary-xml-wire-format.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/encoding/$(DEPDIR)/wire-format.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/$(DEPDIR)/key-chain.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/$(DEPDIR)/security-exception.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/certificate/$(DEPDIR)/oid.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/certificate/$(DEPDIR)/public-key.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/identity/$(DEPDIR)/identity-manager.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/identity/$(DEPDIR)/private-key-storage.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/transport/$(DEPDIR)/tcp-transport.Plo@am__quote@
@@ -1017,6 +1043,7 @@
 	-rm -rf ndn-cpp/c/util/.libs ndn-cpp/c/util/_libs
 	-rm -rf ndn-cpp/encoding/.libs ndn-cpp/encoding/_libs
 	-rm -rf ndn-cpp/security/.libs ndn-cpp/security/_libs
+	-rm -rf ndn-cpp/security/certificate/.libs ndn-cpp/security/certificate/_libs
 	-rm -rf ndn-cpp/security/identity/.libs ndn-cpp/security/identity/_libs
 	-rm -rf ndn-cpp/transport/.libs ndn-cpp/transport/_libs
 	-rm -rf ndn-cpp/util/.libs ndn-cpp/util/_libs
@@ -1295,6 +1322,8 @@
 	-rm -f ndn-cpp/encoding/$(am__dirstamp)
 	-rm -f ndn-cpp/security/$(DEPDIR)/$(am__dirstamp)
 	-rm -f ndn-cpp/security/$(am__dirstamp)
+	-rm -f ndn-cpp/security/certificate/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ndn-cpp/security/certificate/$(am__dirstamp)
 	-rm -f ndn-cpp/security/identity/$(DEPDIR)/$(am__dirstamp)
 	-rm -f ndn-cpp/security/identity/$(am__dirstamp)
 	-rm -f ndn-cpp/transport/$(DEPDIR)/$(am__dirstamp)
@@ -1314,7 +1343,7 @@
 
 distclean: distclean-am
 	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-	-rm -rf ndn-cpp/$(DEPDIR) ndn-cpp/c/$(DEPDIR) ndn-cpp/c/encoding/$(DEPDIR) ndn-cpp/c/transport/$(DEPDIR) ndn-cpp/c/util/$(DEPDIR) ndn-cpp/encoding/$(DEPDIR) ndn-cpp/security/$(DEPDIR) ndn-cpp/security/identity/$(DEPDIR) ndn-cpp/transport/$(DEPDIR) ndn-cpp/util/$(DEPDIR) tests/$(DEPDIR)
+	-rm -rf ndn-cpp/$(DEPDIR) ndn-cpp/c/$(DEPDIR) ndn-cpp/c/encoding/$(DEPDIR) ndn-cpp/c/transport/$(DEPDIR) ndn-cpp/c/util/$(DEPDIR) ndn-cpp/encoding/$(DEPDIR) ndn-cpp/security/$(DEPDIR) ndn-cpp/security/certificate/$(DEPDIR) ndn-cpp/security/identity/$(DEPDIR) ndn-cpp/transport/$(DEPDIR) ndn-cpp/util/$(DEPDIR) tests/$(DEPDIR)
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-hdr distclean-libtool distclean-tags
@@ -1362,7 +1391,7 @@
 maintainer-clean: maintainer-clean-am
 	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
 	-rm -rf $(top_srcdir)/autom4te.cache
-	-rm -rf ndn-cpp/$(DEPDIR) ndn-cpp/c/$(DEPDIR) ndn-cpp/c/encoding/$(DEPDIR) ndn-cpp/c/transport/$(DEPDIR) ndn-cpp/c/util/$(DEPDIR) ndn-cpp/encoding/$(DEPDIR) ndn-cpp/security/$(DEPDIR) ndn-cpp/security/identity/$(DEPDIR) ndn-cpp/transport/$(DEPDIR) ndn-cpp/util/$(DEPDIR) tests/$(DEPDIR)
+	-rm -rf ndn-cpp/$(DEPDIR) ndn-cpp/c/$(DEPDIR) ndn-cpp/c/encoding/$(DEPDIR) ndn-cpp/c/transport/$(DEPDIR) ndn-cpp/c/util/$(DEPDIR) ndn-cpp/encoding/$(DEPDIR) ndn-cpp/security/$(DEPDIR) ndn-cpp/security/certificate/$(DEPDIR) ndn-cpp/security/identity/$(DEPDIR) ndn-cpp/transport/$(DEPDIR) ndn-cpp/util/$(DEPDIR) tests/$(DEPDIR)
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
diff --git a/libtool b/libtool
index 53320ed..ad8e0f5 100755
--- a/libtool
+++ b/libtool
@@ -2,7 +2,7 @@
 
 # libtool - Provide generalized library-building support services.
 # Generated automatically by config.status (ndn-cpp) 0.5
-# Libtool was configured on host toro.remap.ucla.edu:
+# Libtool was configured on host liger.remap.ucla.edu:
 # NOTE: Changes made to this file will be lost: look at ltmain.sh.
 #
 #   Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
diff --git a/ndn-cpp/security/certificate/oid.cpp b/ndn-cpp/security/certificate/oid.cpp
new file mode 100644
index 0000000..6ae1942
--- /dev/null
+++ b/ndn-cpp/security/certificate/oid.cpp
@@ -0,0 +1,67 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#include <stdlib.h>
+#include <sstream>
+
+#include "oid.hpp"
+
+using namespace std;
+
+namespace ndn {
+
+OID::OID(const string& oid)
+{
+  string str = oid + ".";
+
+  size_t pos = 0;
+  size_t ppos = 0;
+
+  while(string::npos != pos){
+    ppos = pos;
+
+    pos = str.find_first_of('.', pos);
+    if(pos == string::npos)
+	    break;
+
+    oid_.push_back(atoi(str.substr(ppos, pos - ppos).c_str()));
+
+    pos++;
+  }
+}
+
+string OID::toString()
+{
+  ostringstream convert;
+  
+  vector<int>::iterator it = oid_.begin();
+  for(; it < oid_.end(); it++){
+    if(it != oid_.begin())
+      convert << ".";
+    convert << *it;
+  }
+  
+  return convert.str();
+}
+
+bool OID::equal(const OID& oid)
+{
+  vector<int>::const_iterator i = oid_.begin();
+  vector<int>::const_iterator j = oid.oid_.begin();
+    
+  for (; i != oid_.end () && j != oid.oid_.end (); i++, j++) {
+    if(*i != *j)
+      return false;
+  }
+
+  if (i == oid_.end () && j == oid.oid_.end ())
+    return true;
+  else
+    return false;
+}
+
+}
diff --git a/ndn-cpp/security/certificate/oid.hpp b/ndn-cpp/security/certificate/oid.hpp
new file mode 100644
index 0000000..bcbcfe9
--- /dev/null
+++ b/ndn-cpp/security/certificate/oid.hpp
@@ -0,0 +1,62 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_OID_HPP
+#define	NDN_OID_HPP
+
+#include <vector>
+#include <string>
+
+namespace ndn {
+
+class OID {
+public:
+  OID () 
+  {
+  }
+    
+  OID(const std::string& oid);
+
+  OID(const std::vector<int>& oid)
+  : oid_(oid)
+  {
+  }
+
+  const std::vector<int> &
+  getIntegerList() const
+  {
+    return oid_;
+  }
+
+  void
+  setIntegerList(const std::vector<int>& value){
+    oid_ = value;
+  }
+
+  std::string 
+  toString();
+
+  bool operator == (const OID& oid)
+  {
+    return equal(oid);
+  }
+
+  bool operator != (const OID& oid)
+  {
+    return !equal(oid);
+  }
+  
+private:
+  bool equal(const OID& oid);
+
+  std::vector<int> oid_;
+};
+
+}
+
+#endif
diff --git a/ndn-cpp/security/certificate/public-key.cpp b/ndn-cpp/security/certificate/public-key.cpp
new file mode 100644
index 0000000..1f64c07
--- /dev/null
+++ b/ndn-cpp/security/certificate/public-key.cpp
@@ -0,0 +1,57 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#include "../security-exception.hpp"
+#include "../../c/util/crypto.h"
+#include "public-key.hpp"
+
+using namespace std;
+using namespace ndn::ptr_lib;
+
+namespace ndn {
+
+#if 0
+Ptr<der::DerNode>
+PublicKey::toDER()
+{
+  boost::iostreams::stream
+    <boost::iostreams::array_source> is (m_key.buf (), m_key.size ());
+
+  return der::DerNode::parse(reinterpret_cast<InputIterator &> (is));
+}
+#endif
+
+static int RSA_OID[] = { 1, 2, 840, 113549, 1, 1, 1 };
+
+shared_ptr<PublicKey>
+PublicKey::fromDer(const Blob& keyDer)
+{
+  // Use a temporary pointer since d2i updates it.
+  const unsigned char *derPointer = keyDer.buf();
+  RSA *publicKey = d2i_RSA_PUBKEY(NULL, &derPointer, keyDer.size());
+  if (!publicKey)
+    throw UnrecognizedKeyFormatException("Error decoding public key DER");  
+  RSA_free(publicKey);
+  
+  return shared_ptr<PublicKey>(new PublicKey(OID(vector<int>(RSA_OID, RSA_OID + sizeof(RSA_OID))), keyDer));
+}
+
+Blob
+PublicKey::getDigest(DigestAlgorithm digestAlgorithm) const
+{
+  if (digestAlgorithm == DIGEST_ALGORITHM_SHA256) {
+    unsigned char digest[SHA256_DIGEST_LENGTH];
+    ndn_digestSha256(keyDer_.buf(), keyDer_.size(), digest);
+    
+    return Blob(digest, sizeof(digest));
+  }
+  else
+    throw UnrecognizedDigestAlgorithmException("Wrong format!");
+}
+
+}
diff --git a/ndn-cpp/security/certificate/public-key.hpp b/ndn-cpp/security/certificate/public-key.hpp
new file mode 100644
index 0000000..7db3f49
--- /dev/null
+++ b/ndn-cpp/security/certificate/public-key.hpp
@@ -0,0 +1,72 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_PUBLIC_KEY_HPP
+#define	NDN_PUBLIC_KEY_HPP
+
+#include "../../util/blob.hpp"
+#include "oid.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+
+class PublicKey {
+public:    
+  /**
+   * The default constructor.
+   */
+  PublicKey() {}
+
+  /**
+   * Constructor
+   * @param algorithm The algorithm of the public key.
+   * @param keyDer The blob of the PublicKeyInfo in terms of DER.
+   */
+  PublicKey(const OID& algorithm, const Blob& keyDer)
+  : algorithm_(algorithm), keyDer_(keyDer)
+  {
+  }
+
+#if 0
+  /**
+   * Encode the public key into DER.
+   * @return the encoded DER syntax tree.
+   */
+  Ptr<der::DerNode>
+  toDer();
+#endif
+
+  /**
+   * Decode the public key from DER blob.
+   * @param keyDer The DER blob.
+   * @return The decoded public key.
+   */
+  static ptr_lib::shared_ptr<PublicKey>
+  fromDer(const Blob& keyDer);
+
+  /*
+   * @brief get the digest of the public key
+   * @param digestAlgorithm The digest algorithm. If omitted, use DIGEST_SHA256 by default.
+   */
+  Blob 
+  getDigest(DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256) const;
+
+  /*
+   * Get the raw bytes of the public key in DER format.
+   */
+  const Blob& 
+  getKeyDer() const { return keyDer_; }
+    
+private:
+  OID algorithm_; /**< Algorithm */
+  Blob keyDer_;   /**< PublicKeyInfo in DER */
+};
+
+}
+
+#endif
diff --git a/ndn-cpp/security/security-exception.cpp b/ndn-cpp/security/security-exception.cpp
new file mode 100644
index 0000000..b4bbd22
--- /dev/null
+++ b/ndn-cpp/security/security-exception.cpp
@@ -0,0 +1,23 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#include "security-exception.hpp"
+using namespace std;
+
+namespace ndn {
+
+SecurityException::SecurityException(const string& errorMessage) throw()
+: errorMessage_(errorMessage)
+{
+}
+
+SecurityException::~SecurityException() throw()
+{
+}
+
+}
diff --git a/ndn-cpp/security/security-exception.hpp b/ndn-cpp/security/security-exception.hpp
new file mode 100644
index 0000000..0a3d20c
--- /dev/null
+++ b/ndn-cpp/security/security-exception.hpp
@@ -0,0 +1,47 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson <jefft0@remap.ucla.edu>
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_SECURITY_EXCEPTION_HPP
+#define	NDN_SECURITY_EXCEPTION_HPP
+
+#include <exception>
+#include <string>
+
+namespace ndn {
+
+class SecurityException : public std::exception {
+public:
+  SecurityException(const std::string& errorMessage) throw();
+    
+  virtual ~SecurityException() throw();
+    
+  inline std::string Msg() { return errorMessage_; }
+    
+private:
+  const std::string errorMessage_;
+};
+
+class UnrecognizedKeyFormatException : public SecurityException {
+public:
+  UnrecognizedKeyFormatException(const std::string& errorMessage)
+  : SecurityException(errorMessage)
+  {
+  }
+};
+
+class UnrecognizedDigestAlgorithmException : public SecurityException {
+public:
+  UnrecognizedDigestAlgorithmException(const std::string& errorMessage)
+  : SecurityException(errorMessage)
+  {
+  }
+};
+
+}
+
+#endif