Merge 'management' branch into master
diff --git a/tools/ndnsec-cert-dump.hpp b/tools/ndnsec-cert-dump.hpp
index 2adca8d..10d0fe5 100644
--- a/tools/ndnsec-cert-dump.hpp
+++ b/tools/ndnsec-cert-dump.hpp
@@ -11,7 +11,7 @@
 #include "ndnsec-util.hpp"
 
 int
-ndnsec_cert_dump(int argc, char** argv)	
+ndnsec_cert_dump(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
@@ -28,8 +28,8 @@
   std::string repoPort = "7376";
   // bool isDnsOut = false;
 
-  po::options_description desc("General Usage\n  ndnsec cert-dump [-h] [-p] [-d] [-r [-H repo-host] [-P repor-port] ] [-i|k|f] name\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec cert-dump [-h] [-p] [-d] [-r [-H repo-host] [-P repor-port] ] [-i|k|f] name\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
     ("pretty,p", "optional, if specified, display certificate in human readable format")
     ("identity,i", "optional, if specified, name is identity name (e.g. /ndn/edu/ucla/alice), otherwise certificate name")
@@ -44,49 +44,59 @@
 
   po::positional_options_description p;
   p.add("name", 1);
-  
-  po::variables_map vm;
-  po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
-  po::notify(vm);
 
-  if (vm.count("help")) 
+  po::variables_map vm;
+  try
     {
-      std::cerr << desc << std::endl;
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
+      po::notify(vm);
+    }
+  catch (const std::exception& e)
+    {
+      std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
+    }
+
+  if (vm.count("help") != 0)
+    {
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  if (0 == vm.count("name"))
+  if (vm.count("name") == 0)
     {
       std::cerr << "identity_name must be specified" << std::endl;
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
-  
-  if (vm.count("key"))
+
+  if (vm.count("key") != 0)
     {
       isCertName = false;
       isKeyName = true;
     }
-  else if (vm.count("identity"))
+  else if (vm.count("identity") != 0)
     {
       isCertName = false;
       isIdentityName = true;
     }
-  else if (vm.count("file"))
+  else if (vm.count("file") != 0)
     {
       isCertName = false;
       // isFileName = true;
-    }    
-    
-  if (vm.count("pretty"))
+    }
+
+  if (vm.count("pretty") != 0)
     isPretty = true;
 
-  if (vm.count("repo-output"))
+  if (vm.count("repo-output") != 0)
     {
       isRepoOut = true;
       isStdOut = false;
     }
-  else if(vm.count("dns-output"))
+  else if (vm.count("dns-output") != 0)
     {
       // isDnsOut = true;
       isStdOut = false;
@@ -102,103 +112,64 @@
 
   shared_ptr<IdentityCertificate> certificate;
 
-  try
-    {
-      KeyChain keyChain;
+  KeyChain keyChain;
 
-      if(isIdentityName || isKeyName || isCertName)
+  if (isIdentityName || isKeyName || isCertName)
+    {
+      if (isIdentityName)
         {
-          if(isIdentityName)
-            {
-              Name certName = keyChain.getDefaultCertificateNameForIdentity(name);
-              certificate = keyChain.getCertificate(certName);
-            }
-          else if(isKeyName)
-            {
-              Name certName = keyChain.getDefaultCertificateNameForKey(name);
-              certificate = keyChain.getCertificate(certName);
-            }
-          else
-            certificate = keyChain.getCertificate(name);
-          
-          if(NULL == certificate)
-            {
-              std::cerr << "No certificate found!" << std::endl;
-              return 1;
-            }
+          Name certName = keyChain.getDefaultCertificateNameForIdentity(name);
+          certificate = keyChain.getCertificate(certName);
+        }
+      else if (isKeyName)
+        {
+          Name certName = keyChain.getDefaultCertificateNameForKey(name);
+          certificate = keyChain.getCertificate(certName);
         }
       else
+        certificate = keyChain.getCertificate(name);
+
+      if (!static_cast<bool>(certificate))
         {
-          certificate = getIdentityCertificate(name);
-          if(!static_cast<bool>(certificate))
-            {
-              std::cerr << "No certificate read!" << std::endl;
-              return 1;
-            }
+          std::cerr << "No certificate found!" << std::endl;
+          return 1;
         }
     }
-  catch(SecPublicInfo::Error& e)
-    {
-      std::cerr << e.what() << std::endl;
-      return 1;
-    }
-  catch(SecTpm::Error& e)
-    {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
-    }
-      
-  if(isPretty)
-    {
-      std::cout << *certificate << std::endl;
-      // cout << "Certificate name: " << std::endl;
-      // cout << "  " << certificate->getName() << std::endl;
-      // cout << "Validity: " << std::endl;
-      // cout << "  NotBefore: " << boost::posix_time::to_simple_string(certificate->getNotBefore()) << std::endl;
-      // cout << "  NotAfter: " << boost::posix_time::to_simple_string(certificate->getNotAfter()) << std::endl;
-      // cout << "Subject Description: " << std::endl;
-      // const vector<CertificateSubjectDescription>& SubDescriptionList = certificate->getSubjectDescriptionList();
-      // vector<CertificateSubjectDescription>::const_iterator it = SubDescriptionList.begin();
-      // for(; it != SubDescriptionList.end(); it++)
-      //   cout << "  " << it->getOidStr() << ": " << it->getValue() << std::endl;
-      // cout << "Public key bits: " << std::endl;
-      // const Blob& keyBlob = certificate->getPublicKeygetKeyBlob();
-      // std::string encoded;
-      // CryptoPP::StringSource ss(reinterpret_cast<const unsigned char *>(keyBlob.buf()), keyBlob.size(), true,
-      //                           new CryptoPP::Base64Encoder(new CryptoPP::StringSink(encoded), true, 64));
-      // cout << encoded;        
-    }
   else
     {
-      if(isStdOut)
+      certificate = getIdentityCertificate(name);
+      if (!static_cast<bool>(certificate))
         {
-          try
-            {
-              using namespace CryptoPP;
-              StringSource ss(certificate->wireEncode().wire(), certificate->wireEncode().size(), true,
-                              new Base64Encoder(new FileSink(std::cout), true, 64));
-              return 0;
-            }
-          catch(CryptoPP::Exception& e)
-            {
-              std::cerr << e.what() << std::endl;
-              return 1;
-            }
+          std::cerr << "No certificate read!" << std::endl;
+          return 1;
         }
-      if(isRepoOut)
+    }
+
+  if (isPretty)
+    {
+      std::cout << *certificate << std::endl;
+    }
+  else
+    {
+      if (isStdOut)
+        {
+          io::save(*certificate, std::cout);
+          return 0;
+        }
+      if (isRepoOut)
         {
           using namespace boost::asio::ip;
           tcp::iostream request_stream;
-#if (BOOST_VERSION >= 104700)
           request_stream.expires_from_now(boost::posix_time::milliseconds(3000));
-#endif
-          request_stream.connect(repoHost,repoPort);
-          if(!request_stream)
+          request_stream.connect(repoHost, repoPort);
+          if (!request_stream)
             {
               std::cerr << "fail to open the stream!" << std::endl;
               return 1;
             }
-          request_stream.write(reinterpret_cast<const char*>(certificate->wireEncode().wire()), certificate->wireEncode().size());
+          request_stream.write(reinterpret_cast<const char*>(certificate->wireEncode().wire()),
+                               certificate->wireEncode().size());
+
           return 0;
         }
     }
diff --git a/tools/ndnsec-cert-gen.hpp b/tools/ndnsec-cert-gen.hpp
index 363dd57..197cc6b 100644
--- a/tools/ndnsec-cert-gen.hpp
+++ b/tools/ndnsec-cert-gen.hpp
@@ -10,7 +10,7 @@
 
 #include "ndnsec-util.hpp"
 
-int 
+int
 ndnsec_cert_gen(int argc, char** argv)
 {
   using boost::tokenizer;
@@ -21,23 +21,23 @@
 
   std::string notBeforeStr;
   std::string notAfterStr;
-  std::string sName;
-  std::string reqFile;
+  std::string subjectName;
+  std::string requestFile("-");
   std::string signId;
-  std::string subInfo;
+  std::string subjectInfo;
   bool isSelfSigned = false;
-  bool nack = false;
+  bool isNack = false;
 
-  po::options_description desc("General Usage\n  ndnsec cert-gen [-h] [-S date] [-E date] [-N subject-name] [-I subject-info] [-s sign-id] request\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec cert-gen [-h] [-S date] [-E date] [-N subject-name] [-I subject-info] [-s sign-id] request\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
     ("not-before,S", po::value<std::string>(&notBeforeStr), "certificate starting date, YYYYMMDDhhmmss")
     ("not-after,E", po::value<std::string>(&notAfterStr), "certificate ending date, YYYYMMDDhhmmss")
-    ("subject-name,N", po::value<std::string>(&sName), "subject name")
-    ("subject-info,I", po::value<std::string>(&subInfo), "subject info, pairs of OID and string description: \"2.5.4.10 'University of California, Los Angeles'\"")
+    ("subject-name,N", po::value<std::string>(&subjectName), "subject name")
+    ("subject-info,I", po::value<std::string>(&subjectInfo), "subject info, pairs of OID and string description: \"2.5.4.10 'University of California, Los Angeles'\"")
     ("nack", "Generate revocation certificate (NACK)")
     ("sign-id,s", po::value<std::string>(&signId), "signing Identity, self-signed if not specified")
-    ("request,r", po::value<std::string>(&reqFile), "request file name, - for stdin")
+    ("request,r", po::value<std::string>(&requestFile), "request file name, - for stdin")
     ;
 
   po::positional_options_description p;
@@ -46,100 +46,96 @@
   po::variables_map vm;
   try
     {
-      po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
       po::notify(vm);
     }
-  catch (std::exception &e)
+  catch (const std::exception& e)
     {
       std::cerr << "ERROR: " << e.what() << std::endl;
       return 1;
     }
 
-  if (vm.count("help"))
+  if (vm.count("help") != 0)
     {
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  if (0 == vm.count("sign-id"))
-    {     
+  if (vm.count("sign-id") == 0)
+    {
       isSelfSigned = true;
     }
 
-  if (vm.count("nack"))
+  if (vm.count("nack") != 0)
     {
-      nack = true;
+      isNack = true;
     }
 
   std::vector<CertificateSubjectDescription> otherSubDescrypt;
-  tokenizer<escaped_list_separator<char> > subInfoItems(subInfo, escaped_list_separator<char> ("\\", " \t", "'\""));
+  tokenizer<escaped_list_separator<char> > subjectInfoItems
+    (subjectInfo, escaped_list_separator<char> ("\\", " \t", "'\""));
 
-  tokenizer<escaped_list_separator<char> >::iterator it = subInfoItems.begin();
-  try
+  tokenizer<escaped_list_separator<char> >::iterator it =
+    subjectInfoItems.begin();
+
+  while (it != subjectInfoItems.end())
     {
-      while (it != subInfoItems.end())
+      std::string oid = *it;
+
+      it++;
+      if (it == subjectInfoItems.end())
         {
-          std::string oid = *it;
-
-          it++;
-          if (it == subInfoItems.end ())
-            {
-              std::cerr << "ERROR: unmatched info for oid [" << oid << "]" << std::endl;
-              return 1;
-            }
-
-          std::string value = *it;
-
-          otherSubDescrypt.push_back (CertificateSubjectDescription(oid, value));
-
-          it++;
+          std::cerr << "ERROR: unmatched info for oid [" << oid << "]" << std::endl;
+          return 1;
         }
-    }
-  catch (std::exception &e)
-    {
-      std::cerr << "error in parsing subject info" << std::endl;
-      return 1;
+
+      std::string value = *it;
+
+      otherSubDescrypt.push_back(CertificateSubjectDescription(oid, value));
+
+      it++;
     }
 
   time::system_clock::TimePoint notBefore;
   time::system_clock::TimePoint notAfter;
-  try{
-    if (0 == vm.count("not-before"))
-      {
-        notBefore = time::system_clock::now();
-      }
-    else
-      {
-        notBefore = time::fromIsoString(notBeforeStr.substr(0, 8) + "T" + notBeforeStr.substr(8, 6));
-      }
 
+  if (vm.count("not-before") == 0)
+    {
+      notBefore = time::system_clock::now();
+    }
+  else
+    {
+      notBefore = time::fromIsoString(notBeforeStr.substr(0, 8) + "T" +
+                                      notBeforeStr.substr(8, 6));
+    }
 
-    if (0 == vm.count("not-after"))
-      {
-        notAfter = notBefore + time::days(365);
-      }
-    else
-      {
-        notAfter = time::fromIsoString(notAfterStr.substr(0, 8) + "T" + notAfterStr.substr(8, 6));
-        if(notAfter < notBefore)
-          {
-            std::cerr << "not-before is later than not-after" << std::endl;
-            return 1;
-          }
-      }
-  }catch(std::exception & e){
-    std::cerr << "Error in converting validity timestamp!" << std::endl;
-    return 1;
-  }
+  if (vm.count("not-after") == 0)
+    {
+      notAfter = notBefore + time::days(365);
+    }
+  else
+    {
+      notAfter = time::fromIsoString(notAfterStr.substr(0, 8) + "T" +
+                                     notAfterStr.substr(8, 6));
 
-  if (0 == vm.count("request"))
+      if (notAfter < notBefore)
+        {
+          std::cerr << "not-before is later than not-after" << std::endl;
+          return 1;
+        }
+    }
+
+  if (vm.count("request") == 0)
     {
       std::cerr << "request file must be specified" << std::endl;
       return 1;
     }
 
-  shared_ptr<IdentityCertificate> selfSignedCertificate = getIdentityCertificate(reqFile);
-  if(!static_cast<bool>(selfSignedCertificate))
+  shared_ptr<IdentityCertificate> selfSignedCertificate
+    = getIdentityCertificate(requestFile);
+
+  if (!static_cast<bool>(selfSignedCertificate))
     {
       std::cerr << "ERROR: input error" << std::endl;
       return 1;
@@ -149,7 +145,7 @@
   Name signIdName;
   Name certName;
 
-  if(isSelfSigned)
+  if (isSelfSigned)
     {
       certName = keyName.getPrefix(keyName.size()-1);
       certName.append("KEY").append(keyName.get(-1)).append("ID-CERT").appendVersion();
@@ -157,72 +153,64 @@
   else
     {
       signIdName = Name(signId);
-  
+
+      int count = 0;
       Name::const_iterator i = keyName.begin();
       Name::const_iterator j = signIdName.begin();
-      int count = 0;
-      for(; i != keyName.end() && j != signIdName.end(); i++, j++, count++)
+      for (; i != keyName.end() && j != signIdName.end(); i++, j++)
         {
-          if(*i != *j)
+          if (*i != *j)
             break;
+
+          count++;
         }
-      
-      if(j != signIdName.end() || i == keyName.end())
+
+      if (j != signIdName.end() || i == keyName.end())
         {
           std::cerr << "wrong signing identity!" << std::endl;
           return 1;
         }
 
       certName = keyName.getSubName(0, count);
-      certName.append("KEY").append(keyName.getSubName(count, keyName.size()-count));
-      certName.append("ID-CERT").appendVersion ();
+      certName.append("KEY")
+        .append(keyName.getSubName(count, keyName.size() - count))
+        .append("ID-CERT")
+        .appendVersion ();
     }
 
   Block wire;
 
-  if (!nack)
+  if (!isNack)
     {
-      if (0 == vm.count("subject-name"))
+      if (vm.count("subject-name") == 0)
         {
           std::cerr << "subject_name must be specified" << std::endl;
           return 1;
         }
 
-      try
-        {
-          CertificateSubjectDescription subDescryptName("2.5.4.41", sName);
-          IdentityCertificate certificate;
-          certificate.setName(certName);
-          certificate.setNotBefore(notBefore);
-          certificate.setNotAfter(notAfter);
-          certificate.setPublicKeyInfo(selfSignedCertificate->getPublicKeyInfo());
-          certificate.addSubjectDescription(subDescryptName);
-          for (size_t i = 0; i < otherSubDescrypt.size(); i++)
-            certificate.addSubjectDescription(otherSubDescrypt[i]);
-          certificate.encode();
+      CertificateSubjectDescription subDescryptName("2.5.4.41", subjectName);
+      IdentityCertificate certificate;
+      certificate.setName(certName);
+      certificate.setNotBefore(notBefore);
+      certificate.setNotAfter(notAfter);
+      certificate.setPublicKeyInfo(selfSignedCertificate->getPublicKeyInfo());
+      certificate.addSubjectDescription(subDescryptName);
+      for (size_t i = 0; i < otherSubDescrypt.size(); i++)
+        certificate.addSubjectDescription(otherSubDescrypt[i]);
+      certificate.encode();
 
-          KeyChain keyChain;
+      KeyChain keyChain;
 
-          if(isSelfSigned)
-            keyChain.selfSign(certificate);
-          else
-            {
-              Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(Name(signId));
-              
-              keyChain.sign(certificate, signingCertificateName);
-            }
-          wire = certificate.wireEncode();
-        }
-      catch(SecPublicInfo::Error& e)
+      if (isSelfSigned)
+        keyChain.selfSign(certificate);
+      else
         {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          return 1;
+          Name signingCertificateName =
+            keyChain.getDefaultCertificateNameForIdentity(Name(signId));
+
+          keyChain.sign(certificate, signingCertificateName);
         }
-      catch(SecTpm::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          return 1;
-        }
+      wire = certificate.wireEncode();
     }
   else
     {
@@ -230,25 +218,13 @@
       // revocationCert.setContent(void*, 0); // empty content
       revocationCert.setName(certName);
 
-      try
-        {
-          KeyChain keyChain;
-          
-          Name signingCertificateName = keyChain.getDefaultCertificateNameForIdentity(Name(signId));
-          
-          keyChain.sign (revocationCert, signingCertificateName);
-          wire = revocationCert.wireEncode();
-        }
-      catch(SecPublicInfo::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          return 1;
-        }
-      catch(SecTpm::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          return 1;
-        }
+      KeyChain keyChain;
+
+      Name signingCertificateName =
+        keyChain.getDefaultCertificateNameForIdentity(signId);
+
+      keyChain.sign(revocationCert, signingCertificateName);
+      wire = revocationCert.wireEncode();
     }
 
   try
@@ -257,7 +233,7 @@
       StringSource ss(wire.wire(), wire.size(), true,
                       new Base64Encoder(new FileSink(std::cout), true, 64));
     }
-  catch(CryptoPP::Exception& e)
+  catch (const CryptoPP::Exception& e)
     {
       std::cerr << "ERROR: " << e.what() << std::endl;
       return 1;
diff --git a/tools/ndnsec-cert-install.hpp b/tools/ndnsec-cert-install.hpp
index 12c036c..f23eb7a 100644
--- a/tools/ndnsec-cert-install.hpp
+++ b/tools/ndnsec-cert-install.hpp
@@ -11,95 +11,89 @@
 #include "ndnsec-util.hpp"
 
 
-struct HttpException : public std::exception
+class HttpException : public std::runtime_error
 {
-  HttpException(const std::string &reason)
-    : m_reason(reason)
+public:
+  explicit
+  HttpException(const std::string& what)
+    : std::runtime_error(what)
   {
   }
-  ~HttpException() throw()
-  {
-  }
-
-  const char* what() const throw()
-  {
-    return m_reason.c_str();
-  }
-
-private:
-  std::string m_reason;
 };
 
 ndn::shared_ptr<ndn::IdentityCertificate>
-getCertificateHttp(const std::string &host, const std::string &port, const std::string &path)
+getCertificateHttp(const std::string& host, const std::string& port, const std::string& path)
 {
   using namespace boost::asio::ip;
-  tcp::iostream request_stream;
-#if (BOOST_VERSION >= 104700)
-  request_stream.expires_from_now(boost::posix_time::milliseconds(3000));
-#endif
-  request_stream.connect(host,port);
-  if(!request_stream)
+  tcp::iostream requestStream;
+
+  requestStream.expires_from_now(boost::posix_time::milliseconds(3000));
+
+  requestStream.connect(host, port);
+  if (!static_cast<bool>(requestStream))
     {
       throw HttpException("HTTP connection error");
     }
-  request_stream << "GET " << path << " HTTP/1.0\r\n";
-  request_stream << "Host: " << host << "\r\n";
-  request_stream << "Accept: */*\r\n";
-  request_stream << "Cache-Control: no-cache\r\n";
-  request_stream << "Connection: close\r\n\r\n";
-  request_stream.flush();
+  requestStream << "GET " << path << " HTTP/1.0\r\n";
+  requestStream << "Host: " << host << "\r\n";
+  requestStream << "Accept: */*\r\n";
+  requestStream << "Cache-Control: no-cache\r\n";
+  requestStream << "Connection: close\r\n\r\n";
+  requestStream.flush();
 
-  std::string line1;
-  std::getline(request_stream,line1);
-  if (!request_stream)
+  std::string statusLine;
+  std::getline(requestStream, statusLine);
+  if (!static_cast<bool>(requestStream))
     {
       throw HttpException("HTTP communication error");
     }
 
-  std::stringstream response_stream(line1);
-  std::string http_version;
-  response_stream >> http_version;
-  unsigned int status_code;
-  response_stream >> status_code;
-  std::string status_message;
+  std::stringstream responseStream(statusLine);
+  std::string httpVersion;
+  responseStream >> httpVersion;
+  unsigned int statusCode;
+  responseStream >> statusCode;
+  std::string statusMessage;
 
-  std::getline(response_stream,status_message);
-  if (!response_stream || http_version.substr(0,5)!="HTTP/")
+  std::getline(responseStream, statusMessage);
+  if (!static_cast<bool>(requestStream) || httpVersion.substr(0, 5) != "HTTP/")
     {
       throw HttpException("HTTP communication error");
     }
-  if (status_code!=200)
+  if (statusCode != 200)
     {
       throw HttpException("HTTP server error");
     }
   std::string header;
-  while (std::getline(request_stream, header) && header != "\r") ;
+  while (std::getline(requestStream, header) && header != "\r")
+    ;
 
   ndn::OBufferStream os;
-  CryptoPP::FileSource ss2(request_stream, true, new CryptoPP::Base64Decoder(new CryptoPP::FileSink(os)));
+  {
+    using namespace CryptoPP;
+    FileSource ss2(requestStream, true, new Base64Decoder(new FileSink(os)));
+  }
 
-  ndn::shared_ptr<ndn::IdentityCertificate> identityCertificate = ndn::make_shared<ndn::IdentityCertificate>();
+  ndn::shared_ptr<ndn::IdentityCertificate> identityCertificate =
+    ndn::make_shared<ndn::IdentityCertificate>();
   identityCertificate->wireDecode(ndn::Block(os.buf()));
 
   return identityCertificate;
 }
 
-int 
+int
 ndnsec_cert_install(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
 
   std::string certFileName;
-  bool systemDefault = true;
-  bool identityDefault = false;
-  bool keyDefault = false;
-  // bool noDefault = false;
-  bool any = false;
+  bool isSystemDefault = true;
+  bool isIdentityDefault = false;
+  bool isKeyDefault = false;
 
-  po::options_description desc("General Usage\n  ndnsec cert-install [-h] [-I|K|N] cert-file\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec cert-install [-h] [-I|K|N] cert-file\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
     ("cert-file,f", po::value<std::string>(&certFileName), "file name of the ceritificate, - for stdin. "
                                                       "If starts with http://, will try to fetch "
@@ -114,131 +108,112 @@
   po::variables_map vm;
   try
     {
-      po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
       po::notify(vm);
     }
-  catch (std::exception &e)
+  catch (const std::exception& e)
     {
       std::cerr << "ERROR: " << e.what() << std::endl;
       return 1;
     }
 
-  if (vm.count("help"))
+  if (vm.count("help") != 0)
     {
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  if (0 == vm.count("cert-file"))
+  if (vm.count("cert-file") == 0)
     {
       std::cerr << "cert_file must be specified" << std::endl;
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
 
-  if (vm.count("identity-default"))
+  if (vm.count("identity-default") != 0)
     {
-      identityDefault = true;
-      systemDefault = false;
+      isIdentityDefault = true;
+      isSystemDefault = false;
     }
-  else if (vm.count("key-default"))
+  else if (vm.count("key-default") != 0)
     {
-      keyDefault = true;
-      systemDefault = false;
+      isKeyDefault = true;
+      isSystemDefault = false;
     }
-  else if (vm.count("no-default"))
+  else if (vm.count("no-default") != 0)
     {
       // noDefault = true;
-      systemDefault = false;
+      isSystemDefault = false;
     }
 
-  try
+  shared_ptr<IdentityCertificate> cert;
+
+  if (certFileName.find("http://") == 0)
     {
-      shared_ptr<IdentityCertificate> cert;
+      std::string host;
+      std::string port;
+      std::string path;
 
-      if(certFileName.find("http://") == 0)
+      size_t pos = 7; // offset of "http://"
+      size_t posSlash = certFileName.find("/", pos);
+
+      if (posSlash == std::string::npos)
+        throw HttpException("Request line is not correctly formatted");
+
+      size_t posPort = certFileName.find(":", pos);
+
+      if (posPort != std::string::npos && posPort < posSlash) // port is specified
         {
-          std::string host;
-          std::string port;
-          std::string path;
-
-          size_t pos = 7;
-          size_t posSlash = certFileName.find ("/", pos);
-
-          if (posSlash == std::string::npos)
-            throw HttpException("Request line is not correctly formatted");
-
-          size_t posPort = certFileName.find (":", pos);
-
-          if (posPort != std::string::npos && posPort < posSlash) // port is specified
-            {
-              port = certFileName.substr (posPort + 1, posSlash - posPort - 1);
-              host = certFileName.substr (pos, posPort-pos);
-            }
-          else
-            {
-              port = "80";
-              host = certFileName.substr (pos, posSlash-pos);
-            }
-
-          path = certFileName.substr (posSlash, certFileName.size () - posSlash);
-
-          cert = getCertificateHttp(host, port, path);
+          port = certFileName.substr(posPort + 1, posSlash - posPort - 1);
+          host = certFileName.substr(pos, posPort - pos);
         }
       else
         {
-          cert = getIdentityCertificate(certFileName);
+          port = "80";
+          host = certFileName.substr(pos, posSlash - pos);
         }
 
-      if(!static_cast<bool>(cert))
-        return 1;
+      path = certFileName.substr(posSlash, certFileName.size () - posSlash);
 
-      KeyChain keyChain;
-
-      if(systemDefault)
-        {
-          keyChain.addCertificateAsIdentityDefault(*cert);
-          Name keyName = cert->getPublicKeyName();
-          Name identity = keyName.getSubName(0, keyName.size()-1);
-          keyChain.setDefaultIdentity(identity);
-        }
-      else if(identityDefault)
-        {
-          keyChain.addCertificateAsIdentityDefault(*cert);
-        }
-      else if(keyDefault)
-        {
-          keyChain.addCertificateAsKeyDefault(*cert);
-        }
-      else
-        {
-          keyChain.addCertificate(*cert);
-        }
-
-      std::cerr << "OK: certificate with name [" << cert->getName().toUri() << "] has been successfully installed" << std::endl;
-
-      return 0;
+      cert = getCertificateHttp(host, port, path);
     }
-  catch(SecPublicInfo::Error& e)
+  else
     {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
+      cert = getIdentityCertificate(certFileName);
     }
-  catch(SecTpm::Error& e)
+
+  if (!static_cast<bool>(cert))
+    return 1;
+
+  KeyChain keyChain;
+
+  if (isSystemDefault)
     {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
+      keyChain.addCertificateAsIdentityDefault(*cert);
+      Name keyName = cert->getPublicKeyName();
+      Name identity = keyName.getSubName(0, keyName.size()-1);
+      keyChain.setDefaultIdentity(identity);
     }
-  catch(std::exception &e)
+  else if (isIdentityDefault)
     {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
+      keyChain.addCertificateAsIdentityDefault(*cert);
     }
-  catch(...)
+  else if (isKeyDefault)
     {
-      std::cerr << "ERROR: unknown error" << std::endl;
-      return 1;
+      keyChain.addCertificateAsKeyDefault(*cert);
     }
+  else
+    {
+      keyChain.addCertificate(*cert);
+    }
+
+  std::cerr << "OK: certificate with name ["
+            << cert->getName().toUri()
+            << "] has been successfully installed"
+            << std::endl;
+
+  return 0;
 }
 
 #endif //NDNSEC_CERT_INSTALL_HPP
diff --git a/tools/ndnsec-delete.hpp b/tools/ndnsec-delete.hpp
index 2536344..bdce78f 100644
--- a/tools/ndnsec-delete.hpp
+++ b/tools/ndnsec-delete.hpp
@@ -10,89 +10,86 @@
 
 #include "ndnsec-util.hpp"
 
-int 
-ndnsec_delete(int argc, char** argv)	
+int
+ndnsec_delete(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
 
   // bool deleteId = true;
-  bool deleteKey = false;
-  bool deleteCert = false;
+  bool isDeleteKey = false;
+  bool isDeleteCert = false;
   std::string name;
 
-  po::options_description desc("General Usage\n  ndnsec delete [-h] [-K|C] name\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec delete [-h] [-k|c] name\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
-    ("delete_key,K", "(Optional) delete a key if specified.")
-    ("delete_cert,C", "(Optional) delete a certificate if specified.")
+    ("delete-key,k", "(Optional) delete a key if specified.")
+    ("delete-key2,K", "(Optional) delete a key if specified.")
+    ("delete-cert,c", "(Optional) delete a certificate if specified.")
+    ("delete-cert2,C", "(Optional) delete a certificate if specified.")
     ("name,n", po::value<std::string>(&name), "By default, it refers to an identity."
-     "If -K is specified, it refers to a key."
-     "If -C is specified, it refers to a certificate.");
+     "If -k is specified, it refers to a key."
+     "If -c is specified, it refers to a certificate.");
     ;
 
   po::positional_options_description p;
   p.add("name", 1);
-  
+
   po::variables_map vm;
   try
     {
-      po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
       po::notify(vm);
     }
-  catch (std::exception &e)
+  catch (const std::exception& e)
     {
       std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
 
-  if (vm.count("help")) 
+  if (vm.count("help") != 0)
     {
-      std::cerr << desc << std::endl;;
+      std::cerr << description << std::endl;;
       return 0;
     }
 
-  if(vm.count("delete_cert"))
+  if (vm.count("name") == 0)
     {
-      deleteCert = true;
-      // deleteId = false;
+      std::cerr << "ERROR: name must be specified" << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
     }
-  else if(vm.count("delete_key"))
-    {
-      deleteKey = true;
-      // deleteId = false;
-    }
-  
-  try
-    {
-      KeyChain keyChain;
 
-      if(deleteCert)
-        {
-          keyChain.deleteCertificate(name);
-        }
-      else if(deleteKey)
-        {
-          keyChain.deleteKey(name);
-        }
-      else
-        {
-          keyChain.deleteIdentity(name);
-        }
-      
-      return 0;
-      
-    }
-  catch(SecPublicInfo::Error& e)
+  if (vm.count("delete-cert") != 0 || vm.count("delete-cert2") != 0)
     {
-      std::cerr << e.what() << std::endl;
-      return 1;
+      isDeleteCert = true;
+      // deleteId = false;
     }
-  catch(SecTpm::Error& e)
+  else if (vm.count("delete-key") != 0 || vm.count("delete-key2") != 0)
     {
-      std::cerr << e.what() << std::endl;
-      return 1;
+      isDeleteKey = true;
+      // deleteId = false;
     }
+
+  KeyChain keyChain;
+
+  if (isDeleteCert)
+    {
+      keyChain.deleteCertificate(name);
+    }
+  else if (isDeleteKey)
+    {
+      keyChain.deleteKey(name);
+    }
+  else
+    {
+      keyChain.deleteIdentity(name);
+    }
+
+  return 0;
 }
 
 #endif //NDNSEC_DELETE_HPP
diff --git a/tools/ndnsec-dsk-gen.hpp b/tools/ndnsec-dsk-gen.hpp
index b7d95e8..08332ee 100644
--- a/tools/ndnsec-dsk-gen.hpp
+++ b/tools/ndnsec-dsk-gen.hpp
@@ -10,7 +10,7 @@
 
 #include "ndnsec-util.hpp"
 
-int 
+int
 ndnsec_dsk_gen(int argc, char** argv)
 {
   using namespace ndn;
@@ -20,8 +20,8 @@
   char keyType = 'r';
   int keySize = 2048;
 
-  po::options_description desc("General Usage\n  ndnsec dsk-gen [-h] identity\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec dsk-gen [-h] identity\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
     ("identity,i", po::value<std::string>(&identityName), "identity name, for example, /ndn/ucla.edu/alice")
     // ("type,t", po::value<char>(&keyType)->default_value('r'), "optional, key type, r for RSA key (default)")
@@ -32,128 +32,112 @@
   p.add("identity", 1);
 
   po::variables_map vm;
-  po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
-  po::notify(vm);
-
-  if (vm.count("help"))
+  try
     {
-      std::cerr << desc << std::endl;
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
+      po::notify(vm);
+    }
+  catch (const std::exception& e)
+    {
+      std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
+    }
+
+  if (vm.count("help") != 0)
+    {
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  if (0 == vm.count("identity"))
+  if (vm.count("identity") == 0)
     {
       std::cerr << "identity must be specified" << std::endl;
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
 
   shared_ptr<IdentityCertificate> kskCert;
   Name signingCertName;
-  try
+
+  KeyChain keyChain;
+
+  Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName);
+  bool isDefaultDsk = false;
+  if (defaultCertName.get(-3).toEscapedString().substr(0,4) == "dsk-")
+    isDefaultDsk = true;
+
+  if (isDefaultDsk)
     {
-      KeyChain keyChain;
+      shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName);
+      SignatureSha256WithRsa sha256sig(dskCert->getSignature());
 
-      Name defaultCertName = keyChain.getDefaultCertificateNameForIdentity(identityName);
-      bool isDefaultDsk = false;
-      if(defaultCertName.get(-3).toEscapedString().substr(0,4) == "dsk-")
-        isDefaultDsk = true;
+      Name keyLocatorName = sha256sig.getKeyLocator().getName(); // will throw exception if keylocator is absent or it is not a name
 
-      if(isDefaultDsk)
-        {
-          shared_ptr<IdentityCertificate> dskCert = keyChain.getCertificate(defaultCertName);
-          SignatureSha256WithRsa sha256sig(dskCert->getSignature());
-
-          Name keyLocatorName = sha256sig.getKeyLocator().getName(); // will throw exception if keylocator is absent or it is not a name
-
-          Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
-          Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName);
-          signingCertName = kskCertName;
-          kskCert = keyChain.getCertificate(kskCertName);
-        }
-      else
-        {
-          signingCertName = defaultCertName;
-          kskCert = keyChain.getCertificate(defaultCertName);
-        }
+      Name kskName = IdentityCertificate::certificateNameToPublicKeyName(keyLocatorName);
+      Name kskCertName = keyChain.getDefaultCertificateNameForKey(kskName);
+      signingCertName = kskCertName;
+      kskCert = keyChain.getCertificate(kskCertName);
     }
-  catch(SignatureSha256WithRsa::Error& e)
+  else
     {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
-    }
-  catch(KeyLocator::Error& e)
-    {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
-    }
-  catch(SecPublicInfo::Error& e)
-    {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
+      signingCertName = defaultCertName;
+      kskCert = keyChain.getCertificate(defaultCertName);
     }
 
-  if(!static_cast<bool>(kskCert))
+  if (!static_cast<bool>(kskCert))
     {
       std::cerr << "ERROR: no KSK certificate." << std::endl;
       return 1;
     }
 
-  try
+  Name newKeyName;
+  switch (keyType)
     {
-      KeyChain keyChain;
-      Name newKeyName;
-      switch(keyType)
-        {
-        case 'r':
+    case 'r':
+      {
+        newKeyName = keyChain.generateRSAKeyPair(Name(identityName), false, keySize);
+        if (0 == newKeyName.size())
           {
-            newKeyName = keyChain.generateRSAKeyPair(Name(identityName), false, keySize);
-            if(0 == newKeyName.size())
-              {
-                std::cerr << "fail to generate key!" << std::endl;
-                return 1;
-              }
-            break;
+            std::cerr << "fail to generate key!" << std::endl;
+            return 1;
           }
-        default:
-          std::cerr << "Unrecongized key type" << "\n";
-          std::cerr << desc << std::endl;
-          return 1;
-        }
-    
-      Name certName = newKeyName.getPrefix(-1);
-      certName.append("KEY").append(newKeyName.get(-1)).append("ID-CERT").appendVersion();
-
-      shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
-      certificate->setName(certName);
-      certificate->setNotBefore(kskCert->getNotBefore());
-      certificate->setNotAfter(kskCert->getNotAfter());
-
-      certificate->setPublicKeyInfo(*keyChain.getPublicKey(newKeyName));
-
-      const std::vector<CertificateSubjectDescription>& subList = kskCert->getSubjectDescriptionList();
-      std::vector<CertificateSubjectDescription>::const_iterator it = subList.begin();
-      for(; it != subList.end(); it++)
-        certificate->addSubjectDescription(*it);
-      
-      certificate->encode();
-
-      keyChain.sign(*certificate, signingCertName);
-
-      keyChain.addCertificateAsIdentityDefault(*certificate);
-
-      return 0;
-    }
-  catch(SecPublicInfo::Error& e)
-    {
-      std::cerr << "ERROR: " << e.what() << std::endl;
+        break;
+      }
+    default:
+      std::cerr << "Unrecongized key type" << "\n";
+      std::cerr << description << std::endl;
       return 1;
     }
-  catch(SecTpm::Error& e)
-    {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
-    }
+
+  Name certName = newKeyName.getPrefix(-1);
+  certName.append("KEY")
+    .append(newKeyName.get(-1))
+    .append("ID-CERT")
+    .appendVersion();
+
+  shared_ptr<IdentityCertificate> certificate = make_shared<IdentityCertificate>();
+  certificate->setName(certName);
+  certificate->setNotBefore(kskCert->getNotBefore());
+  certificate->setNotAfter(kskCert->getNotAfter());
+
+  certificate->setPublicKeyInfo(*keyChain.getPublicKey(newKeyName));
+
+  const std::vector<CertificateSubjectDescription>& subList =
+    kskCert->getSubjectDescriptionList();
+
+  for (std::vector<CertificateSubjectDescription>::const_iterator it = subList.begin();
+       it != subList.end(); it++)
+    certificate->addSubjectDescription(*it);
+
+  certificate->encode();
+
+  keyChain.sign(*certificate, signingCertName);
+
+  keyChain.addCertificateAsIdentityDefault(*certificate);
+
+  return 0;
 }
 
 #endif //NDNSEC_DSK_GEN_HPP
diff --git a/tools/ndnsec-export.hpp b/tools/ndnsec-export.hpp
index ca3662f..f3773ac 100644
--- a/tools/ndnsec-export.hpp
+++ b/tools/ndnsec-export.hpp
@@ -10,7 +10,7 @@
 
 #include "ndnsec-util.hpp"
 
-int 
+int
 ndnsec_export(int argc, char** argv)
 {
   using namespace ndn;
@@ -19,10 +19,10 @@
   std::string identityStr;
   std::string output;
   std::string exportPassword;
-  bool privateExport = false;
+  bool isPrivateExport = false;
 
-  po::options_description desc("General Usage\n  ndnsec export [-h] [-o output] [-p] identity \nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec export [-h] [-o output] [-p] identity \nGeneral options");
+  description.add_options()
     ("help,h", "Produce help message")
     ("output,o", po::value<std::string>(&output), "(Optional) output file, stdout if not specified")
     ("private,p", "export info contains private key")
@@ -35,56 +35,49 @@
   po::variables_map vm;
   try
     {
-      po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
       po::notify(vm);
     }
-  catch (std::exception &e)
+  catch (const std::exception& e)
     {
       std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
 
-  if (vm.count("help"))
+  if (vm.count("help") != 0)
     {
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  if (vm.count("private"))
-    privateExport = true;
+  if (vm.count("identity") == 0)
+    {
+      std::cerr << "ERROR: identity must be specified" << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
+    }
 
-  if (!vm.count("output"))
+  if (vm.count("private") != 0)
+    isPrivateExport = true;
+
+  if (vm.count("output") == 0)
     output = "-";
 
   Name identity(identityStr);
-  if(!privateExport)
+  if (!isPrivateExport)
     {
-      try
-        {
-          KeyChain keyChain;
-          shared_ptr<IdentityCertificate> cert = keyChain.getCertificate(keyChain.getDefaultCertificateNameForIdentity(identity));          
-          if(output == "-")
-            io::save(*cert, std::cout);
-          else
-            io::save(*cert, output);
-            
-          return 0;
-        }
-      catch(SecPublicInfo::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          return 1;
-        }
-      catch(SecTpm::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          return 1;
-        }
-      catch(io::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          return 1;
-        }
+      KeyChain keyChain;
+      shared_ptr<IdentityCertificate> cert
+        = keyChain.getCertificate(keyChain.getDefaultCertificateNameForIdentity(identity));
+
+      if (output == "-")
+        io::save(*cert, std::cout);
+      else
+        io::save(*cert, output);
+
+      return 0;
     }
   else
     {
@@ -94,10 +87,10 @@
           KeyChain keyChain;
 
           int count = 3;
-          while(!getPassword(exportPassword, "Passphrase for the private key: "))
+          while (!getPassword(exportPassword, "Passphrase for the private key: "))
             {
               count--;
-              if(count <= 0)
+              if (count <= 0)
                 {
                   std::cerr << "ERROR: invalid password" << std::endl;
                   memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
@@ -106,27 +99,15 @@
             }
           shared_ptr<SecuredBag> securedBag = keyChain.exportIdentity(identity, exportPassword);
           memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
-          
-          if(output == "-")
+
+          if (output == "-")
             io::save(*securedBag, std::cout);
           else
             io::save(*securedBag, output);
 
           return 0;
         }
-      catch(io::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
-          return 1;
-        }
-      catch(SecPublicInfo::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
-          return 1;
-        }
-      catch(SecTpm::Error& e)
+      catch (const std::runtime_error& e)
         {
           std::cerr << "ERROR: " << e.what() << std::endl;
           memset(const_cast<char*>(exportPassword.c_str()), 0, exportPassword.size());
diff --git a/tools/ndnsec-get-default.hpp b/tools/ndnsec-get-default.hpp
index 7827d6a..ef7bcb8 100644
--- a/tools/ndnsec-get-default.hpp
+++ b/tools/ndnsec-get-default.hpp
@@ -11,120 +11,120 @@
 #include "ndnsec-util.hpp"
 
 
-int 
-ndnsec_get_default(int argc, char** argv)	
+int
+ndnsec_get_default(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
 
-  bool getDefaultId = true;
-  bool getDefaultKey = false;
-  bool getDefaultCert = false;
-  bool quiet = false;
-  std::string idName;
+  bool isGetDefaultId = true;
+  bool isGetDefaultKey = false;
+  bool isGetDefaultCert = false;
+  bool isQuiet = false;
+  std::string identityString;
   std::string keyName;
 
-  po::options_description desc("General Usage\n  ndnsec get-default [-h] [-K|C] [-i identity|-k key] [-q]\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec get-default [-h] [-k|c] [-i identity|-K key] [-q]\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
-    ("default_key,K", "get default key")
-    ("default_cert,C", "get default certificate")
-    ("identity,i", po::value<std::string>(&idName), "target identity")
-    ("key,k", po::value<std::string>(&keyName), "target key")
+    ("default_key,k", "get default key")
+    ("default_cert,c", "get default certificate")
+    ("identity,i", po::value<std::string>(&identityString), "target identity")
+    ("key,K", po::value<std::string>(&keyName), "target key")
     ("quiet,q", "don't output trailing newline")
     ;
 
   po::variables_map vm;
-  po::store(po::parse_command_line(argc, argv, desc), vm);
-  po::notify(vm);
-
-  if (vm.count("help")) 
+  try
     {
-      std::cerr << desc << std::endl;;
+      po::store(po::parse_command_line(argc, argv, description), vm);
+      po::notify(vm);
+    }
+  catch (const std::exception& e)
+    {
+      std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
+    }
+
+  if (vm.count("help") != 0)
+    {
+      std::cerr << description << std::endl;;
       return 0;
     }
 
-  if(vm.count("default_cert"))
+  if (vm.count("default_cert") != 0)
     {
-      getDefaultCert = true;
-      getDefaultId = false;
+      isGetDefaultCert = true;
+      isGetDefaultId = false;
     }
-  else if(vm.count("default_key"))
+  else if (vm.count("default_key") != 0)
     {
-      getDefaultKey = true;
-      getDefaultId = false;
+      isGetDefaultKey = true;
+      isGetDefaultId = false;
     }
 
-  if(vm.count("quiet"))
+  if (vm.count("quiet") != 0)
     {
-      quiet = true;
+      isQuiet = true;
     }
-  
-  try
-    {
-      KeyChain keyChain;
 
-      if(vm.count("key"))
-        {
-          Name keyNdnName(keyName);
-          if(getDefaultCert)
-            {
-              std::cout << keyChain.getDefaultCertificateNameForKey(keyNdnName);
-              if (!quiet) std::cout << std::endl;
-              return 0;
-            }
-          return 1;
-        }
-      else if(vm.count("identity"))
-        {
-          Name idNdnName(idName);
-          
-          if(getDefaultKey)
-            {
-              std::cout << keyChain.getDefaultKeyNameForIdentity(idNdnName);
-              if (!quiet) std::cout << std::endl;
-              return 0;
-            }
-          if(getDefaultCert)
-            {
-              std::cout << keyChain.getDefaultCertificateNameForIdentity(idNdnName);
-              if (!quiet) std::cout << std::endl;
-              return 0;
-            }
-          return 1;
-        }
-      else
-        {
-          Name idNdnName = keyChain.getDefaultIdentity();
-          if(getDefaultId)
-            {
-              std::cout << idNdnName;
-              if (!quiet) std::cout << std::endl;
-              return 0;
-            }
-          if(getDefaultKey)
-            {
-              std::cout << keyChain.getDefaultKeyNameForIdentity(idNdnName);
-              if (!quiet) std::cout << std::endl;
-              return 0;
-            }
-          if(getDefaultCert)
-            {
-              std::cout << keyChain.getDefaultCertificateNameForIdentity(idNdnName);
-              if (!quiet) std::cout << std::endl;
-              return 0;
-            }
-          return 1;
-        }
-    }
-  catch(SecPublicInfo::Error& e)
+  KeyChain keyChain;
+
+  if (vm.count("key") != 0)
     {
-      std::cerr << "ERROR: " << e.what() << std::endl;
+      Name keyNdnName(keyName);
+      if (isGetDefaultCert)
+        {
+          std::cout << keyChain.getDefaultCertificateNameForKey(keyNdnName);
+          if (!isQuiet) std::cout << std::endl;
+          return 0;
+        }
       return 1;
     }
-  catch(SecTpm::Error& e)
+  else if (vm.count("identity") != 0)
     {
-      std::cerr << "ERROR: " << e.what() << std::endl;
+      Name identity(identityString);
+
+      if (isGetDefaultKey)
+        {
+          std::cout << keyChain.getDefaultKeyNameForIdentity(identity);
+          if (!isQuiet)
+            std::cout << std::endl;
+
+          return 0;
+        }
+      if (isGetDefaultCert)
+        {
+          std::cout << keyChain.getDefaultCertificateNameForIdentity(identity);
+          if (!isQuiet)
+            std::cout << std::endl;
+
+          return 0;
+        }
+      return 1;
+    }
+  else
+    {
+      Name identity = keyChain.getDefaultIdentity();
+      if (isGetDefaultId)
+        {
+          std::cout << identity;
+          if (!isQuiet) std::cout << std::endl;
+          return 0;
+        }
+      if (isGetDefaultKey)
+        {
+          std::cout << keyChain.getDefaultKeyNameForIdentity(identity);
+          if (!isQuiet) std::cout << std::endl;
+          return 0;
+        }
+      if (isGetDefaultCert)
+        {
+          std::cout << keyChain.getDefaultCertificateNameForIdentity(identity);
+          if (!isQuiet) std::cout << std::endl;
+          return 0;
+        }
       return 1;
     }
 }
diff --git a/tools/ndnsec-import.hpp b/tools/ndnsec-import.hpp
index 16c2f95..0dd6b89 100644
--- a/tools/ndnsec-import.hpp
+++ b/tools/ndnsec-import.hpp
@@ -10,18 +10,18 @@
 
 #include "ndnsec-util.hpp"
 
-int 
+int
 ndnsec_import(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
 
-  std::string input; 
+  std::string input("-");
   std::string importPassword;
-  bool privateImport = false;
+  bool isPrivateImport = false;
 
-  po::options_description desc("General Usage\n  ndnsec import [-h] [-p] input \nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec import [-h] [-p] input \nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
     ("private,p", "import info contains private key")
     ("input,i", po::value<std::string>(&input), "input source, stdin if -")
@@ -33,27 +33,30 @@
   po::variables_map vm;
   try
     {
-      po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
       po::notify(vm);
     }
-  catch (std::exception &e)
+  catch (const std::exception& e)
     {
       std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
 
-  if (vm.count("help"))
+  if (vm.count("help") != 0)
     {
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  if (vm.count("private"))
-    privateImport = true;
+  if (vm.count("private") != 0)
+    isPrivateImport = true;
 
-  if(!privateImport)
+  if (!isPrivateImport)
     {
-      std::cerr << "You are trying to import certificate!\nPlease use ndnsec cert-install!" << std::endl;
+      std::cerr << "You are trying to import certificate!\n"
+                << "Please use ndnsec cert-install!" << std::endl;
       return 1;
     }
   else
@@ -63,16 +66,16 @@
           KeyChain keyChain;
 
           shared_ptr<SecuredBag> securedBag;
-          if(input == "-")
+          if (input == "-")
             securedBag = io::load<SecuredBag>(std::cin);
           else
             securedBag = io::load<SecuredBag>(input);
-      
+
           int count = 3;
-          while(!getPassword(importPassword, "Passphrase for the private key: "))
+          while (!getPassword(importPassword, "Passphrase for the private key: "))
             {
               count--;
-              if(count <= 0)
+              if (count <= 0)
                 {
                   std::cerr << "ERROR: Fail to get password" << std::endl;
                   memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
@@ -82,19 +85,7 @@
           keyChain.importIdentity(*securedBag, importPassword);
           memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
         }
-      catch(io::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
-          return 1;
-        }
-      catch(SecPublicInfo::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
-          return 1;
-        }
-      catch(SecTpm::Error& e)
+      catch (const std::runtime_error& e)
         {
           std::cerr << "ERROR: " << e.what() << std::endl;
           memset(const_cast<char*>(importPassword.c_str()), 0, importPassword.size());
diff --git a/tools/ndnsec-key-gen.hpp b/tools/ndnsec-key-gen.hpp
index 3df9c6b..76aa69c 100644
--- a/tools/ndnsec-key-gen.hpp
+++ b/tools/ndnsec-key-gen.hpp
@@ -10,20 +10,20 @@
 
 #include "ndnsec-util.hpp"
 
-int 
-ndnsec_key_gen(int argc, char** argv)	
+int
+ndnsec_key_gen(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
 
   std::string identityName;
-  bool notDefault = false;
+  bool isDefault = true;
   char keyType = 'r';
   int keySize = 2048;
   std::string outputFilename;
 
-  po::options_description desc("General Usage\n  ndnsec key-gen [-h] [-n] identity\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec key-gen [-h] [-n] identity\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
     ("identity,i", po::value<std::string>(&identityName), "identity name, for example, /ndn/ucla.edu/alice")
     ("not_default,n", "optional, if not specified, the target identity will be set as the default identity of the system")
@@ -33,84 +33,64 @@
 
   po::positional_options_description p;
   p.add("identity", 1);
-  
-  po::variables_map vm;
-  po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
-  po::notify(vm);
 
-  if (vm.count("help")) 
+  po::variables_map vm;
+  try
     {
-      std::cerr << desc << std::endl;
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
+      po::notify(vm);
+    }
+  catch (const std::exception& e)
+    {
+      std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
+    }
+
+  if (vm.count("help") != 0)
+    {
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  if (0 == vm.count("identity"))
+  if (vm.count("identity") == 0)
     {
       std::cerr << "identity must be specified" << std::endl;
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
-  
-  if (vm.count("not_default"))
-    notDefault = true;
-  
-  if (true)
-    {
-      switch(keyType)
-        {
-        case 'r':
-          {
-            shared_ptr<IdentityCertificate> idcert;
-            try
-              {
-                KeyChain keyChain;
-                
-                Name keyName = keyChain.generateRSAKeyPair(Name(identityName), true, keySize);            
-                
-                if(0 == keyName.size())
-                  {                  
-                    return 1;
-                  }
-                
-                keyChain.setDefaultKeyNameForIdentity(keyName);
-            
-                idcert = keyChain.selfSign(keyName);
-                
-                if(!notDefault)
-                  {
-                    keyChain.setDefaultIdentity(Name(identityName));
-                  }
-              }
-            catch(const SecPublicInfo::Error& e)
-              {
-                std::cerr << "ERROR: " << e.what() << std::endl;
-                return 1;
-              }
-            catch(const SecTpm::Error& e)
-              {
-                std::cerr << "ERROR: " << e.what() << std::endl;
-                return 1;
-              }
 
-            try
-              {
-                CryptoPP::StringSource ss(idcert->wireEncode().wire(), 
-                                          idcert->wireEncode().size(), 
-                                          true,
-                                          new CryptoPP::Base64Encoder(new CryptoPP::FileSink(std::cout), true, 64));
-                return 0;
-              }
-            catch(const CryptoPP::Exception& e)
-              {
-                std::cerr << "ERROR: " << e.what() << std::endl;
-                return 1;
-              }
-        }
-      default:
-        std::cerr << "Unrecongized key type" << "\n";
-        std::cerr << desc << std::endl;
-        return 1;
+  if (vm.count("not_default") != 0)
+    isDefault = false;
+
+  switch (keyType)
+    {
+    case 'r':
+      {
+        shared_ptr<IdentityCertificate> identityCert;
+
+        KeyChain keyChain;
+
+        Name keyName = keyChain.generateRSAKeyPair(Name(identityName), true, keySize);
+
+        if (0 == keyName.size())
+          return 1;
+
+        keyChain.setDefaultKeyNameForIdentity(keyName);
+
+        identityCert = keyChain.selfSign(keyName);
+
+        if (isDefault)
+          keyChain.setDefaultIdentity(Name(identityName));
+
+        io::save(*identityCert, std::cout);
+        return 0;
       }
+    default:
+      std::cerr << "Unrecongized key type" << "\n";
+      std::cerr << description << std::endl;
+      return 1;
     }
 
   return 0;
diff --git a/tools/ndnsec-list.hpp b/tools/ndnsec-list.hpp
index 3ebe2ca..db796c1 100644
--- a/tools/ndnsec-list.hpp
+++ b/tools/ndnsec-list.hpp
@@ -10,181 +10,222 @@
 
 #include "ndnsec-util.hpp"
 
-int 
-ndnsec_list(int argc, char** argv)	
+int
+ndnsec_list(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
 
-  bool getId = true;
-  bool getKey = false;
-  bool getCert = false;
+  bool isGetId = true;
+  bool isGetKey = false;
+  bool isGetCert = false;
 
-  po::options_description desc("General Usage\n  ndnsec list [-h] [-K|C]\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec list [-h] [-k|c]\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
-    ("key,K", "granularity: key")
-    ("cert,C", "granularity: certificate")
+    ("key,k", "granularity: key")
+    ("key2,K", "granularity: key")
+    ("cert,c", "granularity: certificate")
+    ("cert2,C", "granularity: certificate")
     ;
 
   po::variables_map vm;
-  po::store(po::parse_command_line(argc, argv, desc), vm);
-  po::notify(vm);
-
-  if (vm.count("help")) 
+  try
     {
-      std::cerr << desc << std::endl;;
+      po::store(po::parse_command_line(argc, argv, description), vm);
+      po::notify(vm);
+    }
+  catch (const std::exception& e)
+    {
+      std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
+    }
+
+  if (vm.count("help") != 0)
+    {
+      std::cerr << description << std::endl;;
       return 0;
     }
 
-  if (vm.count("cert"))
+  if (vm.count("cert") != 0 || vm.count("cert2") != 0)
     {
-      getCert = true;
-      getId = false;
+      isGetCert = true;
+      isGetId = false;
     }
-  else if(vm.count("key"))
+  else if(vm.count("key") != 0 || vm.count("key2") != 0)
     {
-      getKey = true;
-      getId = false;
+      isGetKey = true;
+      isGetId = false;
     }
 
-  try
+  KeyChain keyChain;
+
+  if (isGetId)
     {
-      KeyChain keyChain;
-      
-      if(getId)
-        {
-          std::vector<Name> defaultList;
-          keyChain.getAllIdentities(defaultList, true);
-          for(size_t i = 0; i < defaultList.size(); i++)
-            std::cout << "* " << defaultList[i] << std::endl;
-          std::vector<Name> otherList;
-          keyChain.getAllIdentities(otherList, false);
-          for(size_t i = 0; i < otherList.size(); i++)
-            std::cout << "  " << otherList[i] << std::endl;
-          return 0;
-        }
-      if(getKey)
-        {
-          std::vector<Name> defaultIdList;
-          keyChain.getAllIdentities(defaultIdList, true);
-          for(size_t i = 0; i < defaultIdList.size(); i++)
-            {
-              std::cout << "* " << defaultIdList[i] << std::endl;
-              std::vector<Name> defaultKeyList;
-              keyChain.getAllKeyNamesOfIdentity(defaultIdList[i], defaultKeyList, true);
-              for(size_t j = 0; j < defaultKeyList.size(); j++)
-                std::cout << "  +->* " << defaultKeyList[j] << std::endl;
-              std::vector<Name> otherKeyList;
-              keyChain.getAllKeyNamesOfIdentity(defaultIdList[i], otherKeyList, false);
-              for(size_t j = 0; j < otherKeyList.size(); j++)
-                std::cout << "  +->  " << otherKeyList[j] << std::endl;
-              std::cout << std::endl;
-            }
-          std::vector<Name> otherIdList;
-          keyChain.getAllIdentities(otherIdList, false);
-          for(size_t i = 0; i < otherIdList.size(); i++)
-            {
-              std::cout << "  " << otherIdList[i] << std::endl;
-              std::vector<Name> defaultKeyList;
-              keyChain.getAllKeyNamesOfIdentity(otherIdList[i], defaultKeyList, true);
-              for(size_t j = 0; j < defaultKeyList.size(); j++)
-                std::cout << "  +->* " << defaultKeyList[j] << std::endl;
-              std::vector<Name> otherKeyList;
-              keyChain.getAllKeyNamesOfIdentity(otherIdList[i], otherKeyList, false);
-              for(size_t j = 0; j < otherKeyList.size(); j++)
-                std::cout << "  +->  " << otherKeyList[j] << std::endl;
-              std::cout << std::endl;
-            }
-          return 0;
-        }
-      if(getCert)
-        {
-          std::vector<Name> defaultIdList;
-          keyChain.getAllIdentities(defaultIdList, true);
-          for(size_t i = 0; i < defaultIdList.size(); i++)
-            {
-              std::cout << "* " << defaultIdList[i] << std::endl;
-              std::vector<Name> defaultKeyList;
-              keyChain.getAllKeyNamesOfIdentity(defaultIdList[i], defaultKeyList, true);
-              for(size_t j = 0; j < defaultKeyList.size(); j++)
-                {
-                  std::cout << "  +->* " << defaultKeyList[j] << std::endl;
-                  std::vector<Name> defaultCertList;
-                  keyChain.getAllCertificateNamesOfKey(defaultKeyList[j], defaultCertList, true);
-                  for(size_t k = 0; k < defaultCertList.size(); k++)
-                    std::cout << "       +->* " << defaultCertList[k] << std::endl;
-                  std::vector<Name> otherCertList;
-                  keyChain.getAllCertificateNamesOfKey(defaultKeyList[j], otherCertList, false);
-                  for(size_t k = 0; k < otherCertList.size(); k++)
-                    std::cout << "       +->  " << otherCertList[k] << std::endl;
-                }
-              std::vector<Name> otherKeyList;
-              keyChain.getAllKeyNamesOfIdentity(defaultIdList[i], otherKeyList, false);
-              for(size_t j = 0; j < otherKeyList.size(); j++)
-                {
-                  std::cout << "  +->  " << otherKeyList[j] << std::endl;
-                  std::vector<Name> defaultCertList;
-                  keyChain.getAllCertificateNamesOfKey(otherKeyList[j], defaultCertList, true);
-                  for(size_t k = 0; k < defaultCertList.size(); k++)
-                    std::cout << "       +->* " << defaultCertList[k] << std::endl;
-                  std::vector<Name> otherCertList;
-                  keyChain.getAllCertificateNamesOfKey(otherKeyList[j], otherCertList, false);
-                  for(size_t k = 0; k < otherCertList.size(); k++)
-                    std::cout << "       +->  " << otherCertList[k] << std::endl;
-                }
-            
-              std::cout << std::endl;
-            }
-          std::vector<Name> otherIdList;
-          keyChain.getAllIdentities(otherIdList, false);
-          for(size_t i = 0; i < otherIdList.size(); i++)
-            {
-              std::cout << "  " << otherIdList[i] << std::endl;
-              std::vector<Name> defaultKeyList;
-              keyChain.getAllKeyNamesOfIdentity(otherIdList[i], defaultKeyList, true);
-              for(size_t j = 0; j < defaultKeyList.size(); j++)
-                {
-                  std::cout << "  +->* " << defaultKeyList[j] << std::endl;
-                  std::vector<Name> defaultCertList;
-                  keyChain.getAllCertificateNamesOfKey(defaultKeyList[j], defaultCertList, true);
-                  for(size_t k = 0; k < defaultCertList.size(); k++)
-                    std::cout << "       +->* " << defaultCertList[k] << std::endl;
-                  std::vector<Name> otherCertList;
-                  keyChain.getAllCertificateNamesOfKey(defaultKeyList[j], otherCertList, false);
-                  for(size_t k = 0; k < otherCertList.size(); k++)
-                    std::cout << "       +->  " << otherCertList[k] << std::endl;
-                }
-              std::vector<Name> otherKeyList;
-              keyChain.getAllKeyNamesOfIdentity(otherIdList[i], otherKeyList, false);
-              for(size_t j = 0; j < otherKeyList.size(); j++)
-                {
-                  std::cout << "  +->  " << otherKeyList[j] << std::endl;
-                  std::vector<Name> defaultCertList;
-                  keyChain.getAllCertificateNamesOfKey(otherKeyList[j], defaultCertList, true);
-                  for(size_t k = 0; k < defaultCertList.size(); k++)
-                    std::cout << "       +->* " << defaultCertList[k] << std::endl;
-                  std::vector<Name> otherCertList;
-                  keyChain.getAllCertificateNamesOfKey(otherKeyList[j], otherCertList, false);
-                  for(size_t k = 0; k < otherCertList.size(); k++)
-                    std::cout << "       +->  " << otherCertList[k] << std::endl;
-                }
-              std::cout << std::endl;
-            }
-          return 0;
-        }
-      return 1;
+      std::vector<Name> defaultIdentities;
+      keyChain.getAllIdentities(defaultIdentities, true);
+
+      for (size_t i = 0; i < defaultIdentities.size(); i++)
+        std::cout << "* " << defaultIdentities[i] << std::endl;
+
+      std::vector<Name> otherIdentities;
+      keyChain.getAllIdentities(otherIdentities, false);
+      for (size_t i = 0; i < otherIdentities.size(); i++)
+        std::cout << "  " << otherIdentities[i] << std::endl;
+
+      return 0;
     }
-  catch(const SecPublicInfo::Error& e)
+  if (isGetKey)
     {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
+      std::vector<Name> defaultIdentities;
+      keyChain.getAllIdentities(defaultIdentities, true);
+
+      for (size_t i = 0; i < defaultIdentities.size(); i++)
+        {
+          std::cout << "* " << defaultIdentities[i] << std::endl;
+
+          std::vector<Name> defaultKeys;
+          keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], defaultKeys, true);
+
+          for (size_t j = 0; j < defaultKeys.size(); j++)
+            std::cout << "  +->* " << defaultKeys[j] << std::endl;
+
+          std::vector<Name> otherKeys;
+          keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], otherKeys, false);
+
+          for (size_t j = 0; j < otherKeys.size(); j++)
+            std::cout << "  +->  " << otherKeys[j] << std::endl;
+
+          std::cout << std::endl;
+        }
+
+      std::vector<Name> otherIdentities;
+      keyChain.getAllIdentities(otherIdentities, false);
+
+      for (size_t i = 0; i < otherIdentities.size(); i++)
+        {
+          std::cout << "  " << otherIdentities[i] << std::endl;
+
+          std::vector<Name> defaultKeys;
+          keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], defaultKeys, true);
+
+          for (size_t j = 0; j < defaultKeys.size(); j++)
+            std::cout << "  +->* " << defaultKeys[j] << std::endl;
+
+          std::vector<Name> otherKeys;
+          keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], otherKeys, false);
+
+          for (size_t j = 0; j < otherKeys.size(); j++)
+            std::cout << "  +->  " << otherKeys[j] << std::endl;
+
+          std::cout << std::endl;
+        }
+      return 0;
     }
-  catch(const SecTpm::Error& e)
+  if (isGetCert)
     {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
+      std::vector<Name> defaultIdentities;
+      keyChain.getAllIdentities(defaultIdentities, true);
+
+      for (size_t i = 0; i < defaultIdentities.size(); i++)
+        {
+          std::cout << "* " << defaultIdentities[i] << std::endl;
+
+          std::vector<Name> defaultKeys;
+          keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], defaultKeys, true);
+
+          for (size_t j = 0; j < defaultKeys.size(); j++)
+            {
+              std::cout << "  +->* " << defaultKeys[j] << std::endl;
+
+              std::vector<Name> defaultCertificates;
+              keyChain.getAllCertificateNamesOfKey(defaultKeys[j], defaultCertificates, true);
+
+              for (size_t k = 0; k < defaultCertificates.size(); k++)
+                std::cout << "       +->* " << defaultCertificates[k] << std::endl;
+
+              std::vector<Name> otherCertificates;
+              keyChain.getAllCertificateNamesOfKey(defaultKeys[j], otherCertificates, false);
+
+              for (size_t k = 0; k < otherCertificates.size(); k++)
+                std::cout << "       +->  " << otherCertificates[k] << std::endl;
+            }
+
+          std::vector<Name> otherKeys;
+          keyChain.getAllKeyNamesOfIdentity(defaultIdentities[i], otherKeys, false);
+
+          for (size_t j = 0; j < otherKeys.size(); j++)
+            {
+              std::cout << "  +->  " << otherKeys[j] << std::endl;
+
+              std::vector<Name> defaultCertificates;
+              keyChain.getAllCertificateNamesOfKey(otherKeys[j], defaultCertificates, true);
+
+              for (size_t k = 0; k < defaultCertificates.size(); k++)
+                std::cout << "       +->* " << defaultCertificates[k] << std::endl;
+
+              std::vector<Name> otherCertificates;
+              keyChain.getAllCertificateNamesOfKey(otherKeys[j], otherCertificates, false);
+
+              for (size_t k = 0; k < otherCertificates.size(); k++)
+                std::cout << "       +->  " << otherCertificates[k] << std::endl;
+            }
+          std::cout << std::endl;
+        }
+
+      std::vector<Name> otherIdentities;
+      keyChain.getAllIdentities(otherIdentities, false);
+
+      for (size_t i = 0; i < otherIdentities.size(); i++)
+        {
+          std::cout << "  " << otherIdentities[i] << std::endl;
+
+          std::vector<Name> defaultKeys;
+          keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], defaultKeys, true);
+
+          for (size_t j = 0; j < defaultKeys.size(); j++)
+            {
+              std::cout << "  +->* " << defaultKeys[j] << std::endl;
+
+              std::vector<Name> defaultCertificates;
+              keyChain.getAllCertificateNamesOfKey(defaultKeys[j], defaultCertificates, true);
+
+              for (size_t k = 0; k < defaultCertificates.size(); k++)
+                std::cout << "       +->* " << defaultCertificates[k] << std::endl;
+
+              std::vector<Name> otherCertificates;
+              keyChain.getAllCertificateNamesOfKey(defaultKeys[j], otherCertificates, false);
+
+              for (size_t k = 0; k < otherCertificates.size(); k++)
+                std::cout << "       +->  " << otherCertificates[k] << std::endl;
+            }
+
+          std::vector<Name> otherKeys;
+          keyChain.getAllKeyNamesOfIdentity(otherIdentities[i], otherKeys, false);
+
+          for (size_t j = 0; j < otherKeys.size(); j++)
+            {
+              std::cout << "  +->  " << otherKeys[j] << std::endl;
+
+              std::vector<Name> defaultCertificates;
+              keyChain.getAllCertificateNamesOfKey(otherKeys[j], defaultCertificates, true);
+
+              for (size_t k = 0; k < defaultCertificates.size(); k++)
+                std::cout << "       +->* " << defaultCertificates[k] << std::endl;
+
+              std::vector<Name> otherCertificates;
+              keyChain.getAllCertificateNamesOfKey(otherKeys[j], otherCertificates, false);
+
+              for (size_t k = 0; k < otherCertificates.size(); k++)
+                std::cout << "       +->  " << otherCertificates[k] << std::endl;
+            }
+
+          std::cout << std::endl;
+        }
+      return 0;
     }
+  return 1;
 }
 
 #endif //NDNSEC_LIST_HPP
diff --git a/tools/ndnsec-op-tool.hpp b/tools/ndnsec-op-tool.hpp
index a8d9421..0501a06 100644
--- a/tools/ndnsec-op-tool.hpp
+++ b/tools/ndnsec-op-tool.hpp
@@ -19,75 +19,60 @@
   namespace po = boost::program_options;
 
   std::string command;
-  
-  po::options_description desc("General options");
-  desc.add_options()
+
+  po::options_description description("General options");
+  description.add_options()
     ("help,h", "produce this help message")
     ("command", po::value<std::string>(&command), "command")
     ;
 
   po::positional_options_description p;
   p.add("command", 1);
-  
+
   po::variables_map vm;
   try
     {
-      po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
       po::notify(vm);
     }
-  catch(std::exception &e)
+  catch (const std::exception& e)
     {
       std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
       return -1;
     }
-    
-  if (vm.count("help"))
+
+  if (vm.count("help") != 0)
     {
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 0;
     }
-  
-  if (0 == vm.count("command"))
+
+  if (vm.count("command") == 0)
     {
       std::cerr << "command must be specified" << std::endl;
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
 
   if (command == "sign") // the content to be signed from stdin
     {
-      try
+      KeyChain keyChain;
+
+      Buffer dataToSign((istreambuf_iterator<char>(cin)), istreambuf_iterator<char>());
+
+      Signature signature = keyChain.sign(dataToSign.buf(), dataToSign.size(),
+                                          keyChain.getDefaultCertificateName());
+
+      if (signature.getValue().value_size() == 0)
         {
-          KeyChain keyChain;
-
-          Buffer dataToSign((istreambuf_iterator<char>(cin)), istreambuf_iterator<char>());
-          
-          Signature signature = keyChain.sign(dataToSign.buf(), dataToSign.size(),
-                                              keyChain.getDefaultCertificateName());
-
-          if (signature.getValue().value_size() == 0)
-            {
-              std::cerr << "Error signing with default key" << std::endl;
-              return -1;
-            }
-
-          std::cout.write(reinterpret_cast<const char*>(signature.getValue().wire()), signature.getValue().size());
-        }
-      catch (boost::exception& e)
-        {
-          std::cerr << "ERROR: " << boost::diagnostic_information (e) << std::endl;
+          std::cerr << "Error signing with default key" << std::endl;
           return -1;
         }
-      catch (SecTpm::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          return -1;
-        }
-      catch (SecPublicInfo::Error& e)
-        {
-          std::cerr << "ERROR: " << e.what() << std::endl;
-          return -1;
-        }
+
+      std::cout.write(reinterpret_cast<const char*>(signature.getValue().wire()),
+                      signature.getValue().size());
     }
 
   return 0;
diff --git a/tools/ndnsec-set-acl.hpp b/tools/ndnsec-set-acl.hpp
index 2d64aca..7851322 100644
--- a/tools/ndnsec-set-acl.hpp
+++ b/tools/ndnsec-set-acl.hpp
@@ -16,11 +16,11 @@
   using namespace ndn;
   namespace po = boost::program_options;
 
-  std::string keyName; 
+  std::string keyName;
   std::string appPath;
 
-  po::options_description desc("General Usage\n  ndnsec set-acl [-h] keyName appPath \nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec set-acl [-h] keyName appPath \nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
     ("keyName,k", po::value<std::string>(&keyName), "Key name.")
     ("appPath,p", po::value<std::string>(&appPath), "Application path.")
@@ -33,39 +33,39 @@
   po::variables_map vm;
   try
     {
-      po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
       po::notify(vm);
     }
-  catch (std::exception &e)
+  catch (std::exception& e)
     {
       std::cerr << "ERROR: " << e.what() << std::endl;
       return 1;
     }
 
-  if (vm.count("help"))
+  if (vm.count("help") != 0)
     {
-      std::cerr << desc << std::endl;
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  try
+  if (vm.count("keyName") == 0)
     {
-      KeyChain keyChain;
-      keyChain.addAppToACL(keyName, KEY_CLASS_PRIVATE, appPath, ACL_TYPE_PRIVATE);
-
-    }
-  catch(const SecTpm::Error& e)
-    {
-      std::cerr << e.what() << std::endl;
-      return 1;
-    }
-  catch(const SecPublicInfo::Error& e)
-    {
-      std::cerr << e.what() << std::endl;
+      std::cerr << "ERROR: keyName is required!" << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
 
-  
+  if (vm.count("appPath") == 0)
+    {
+      std::cerr << "ERROR: appPath is required!" << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
+    }
+
+  KeyChain keyChain;
+  keyChain.addAppToACL(keyName, KEY_CLASS_PRIVATE, appPath, ACL_TYPE_PRIVATE);
+
   return 0;
 }
 
diff --git a/tools/ndnsec-set-default.hpp b/tools/ndnsec-set-default.hpp
index 86c831a..7003afc 100644
--- a/tools/ndnsec-set-default.hpp
+++ b/tools/ndnsec-set-default.hpp
@@ -8,86 +8,87 @@
 #ifndef NDNSEC_SET_DEFAULT_HPP
 #define NDNSEC_SET_DEFAULT_HPP
 
-int 
-ndnsec_set_default(int argc, char** argv)	
+int
+ndnsec_set_default(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
 
   std::string certFileName;
-  bool setDefaultId = true;
-  bool setDefaultKey = false;
-  bool setDefaultCert = false;
+  bool isSetDefaultId = true;
+  bool isSetDefaultKey = false;
+  bool isSetDefaultCert = false;
   std::string name;
 
-  po::options_description desc("General Usage\n  ndnsec set-default [-h] [-K|C] name\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec set-default [-h] [-k|c] name\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
-    ("default_key,K", "set default key of the identity")
-    ("default_cert,C", "set default certificate of the key")
+    ("default_key,k", "set default key of the identity")
+    ("default_cert,c", "set default certificate of the key")
     ("name,n", po::value<std::string>(&name), "the name to set")
     ;
 
   po::positional_options_description p;
   p.add("name", 1);
   po::variables_map vm;
-  po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
-
-  po::notify(vm);
-
-  if (vm.count("help")) 
+  try
     {
-      std::cerr << desc << std::endl;
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
+      po::notify(vm);
+    }
+  catch (const std::exception& e)
+    {
+      std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
+    }
+
+  if (vm.count("help") != 0)
+    {
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  try
+  if (vm.count("name") == 0)
     {
-      KeyChain keyChain;
-
-      if (vm.count("default_key"))
-        {
-          setDefaultKey = true;
-          setDefaultId = false;
-        }
-      else if(vm.count("default_cert"))
-        {
-          setDefaultCert = true;
-          setDefaultId = false;
-        }
-
-      if (setDefaultId)
-        {
-          Name idName(name);
-          keyChain.setDefaultIdentity(idName);
-          return 0;
-        }
-      if (setDefaultKey)
-        {
-          Name keyName(name);
-          keyChain.setDefaultKeyNameForIdentity(keyName);
-          return 0;
-        }
-
-      if (setDefaultCert)
-        {
-          keyChain.setDefaultCertificateNameForKey(name);
-          return 0;
-        }
-
-      return 1;
-
-    }
-  catch(SecPublicInfo::Error& e)
-    {
-      std::cerr << e.what() << std::endl;
-      return 1;
-    }
-  catch(SecTpm::Error& e)
-    {
-      std::cerr << e.what() << std::endl;
+      std::cerr << "ERROR: name is required!" << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
 
+  KeyChain keyChain;
+
+  if (vm.count("default_key") != 0)
+    {
+      isSetDefaultKey = true;
+      isSetDefaultId = false;
+    }
+  else if (vm.count("default_cert") != 0)
+    {
+      isSetDefaultCert = true;
+      isSetDefaultId = false;
+    }
+
+  if (isSetDefaultId)
+    {
+      Name idName(name);
+      keyChain.setDefaultIdentity(idName);
+      return 0;
+    }
+  if (isSetDefaultKey)
+    {
+      Name keyName(name);
+      keyChain.setDefaultKeyNameForIdentity(keyName);
+      return 0;
+    }
+
+  if (isSetDefaultCert)
+    {
+      keyChain.setDefaultCertificateNameForKey(name);
+      return 0;
+    }
+
+  return 1;
 }
 #endif //NDNSEC_SET_DEFAULT_HPP
diff --git a/tools/ndnsec-sign-req.hpp b/tools/ndnsec-sign-req.hpp
index 54a5c9a..1072372 100644
--- a/tools/ndnsec-sign-req.hpp
+++ b/tools/ndnsec-sign-req.hpp
@@ -10,8 +10,8 @@
 
 #include "ndnsec-util.hpp"
 
-int 
-ndnsec_sign_req(int argc, char** argv)	
+int
+ndnsec_sign_req(int argc, char** argv)
 {
   using namespace ndn;
   namespace po = boost::program_options;
@@ -19,8 +19,8 @@
   std::string name;
   bool isKeyName = false;
 
-  po::options_description desc("General Usage\n  ndnsec sign-req [-h] [-k] name\nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec sign-req [-h] [-k] name\nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
     ("key,k", "optional, if specified, name is keyName (e.g. /ndn/edu/ucla/alice/ksk-123456789), otherwise identity name")
     ("name,n", po::value<std::string>(&name), "name, for example, /ndn/edu/ucla/alice")
@@ -30,71 +30,51 @@
   p.add("name", 1);
 
   po::variables_map vm;
-  try {
-    po::store(po::command_line_parser(argc, argv).options(desc).positional(p).run(), vm);
-    po::notify(vm);
-  }
-  catch(const std::exception &e) {
-    std::cerr << "ERROR: " << e.what() << std::endl;
-    std::cerr << desc << std::endl;
-    return 1;
-  }
-
-  if (vm.count("help")) 
+  try
     {
-      std::cerr << desc << std::endl;
+      po::store(po::command_line_parser(argc, argv).options(description).positional(p).run(),
+                vm);
+      po::notify(vm);
+    }
+  catch (const std::exception& e)
+    {
+      std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
+      return 1;
+    }
+
+  if (vm.count("help") != 0)
+    {
+      std::cerr << description << std::endl;
       return 0;
     }
 
-  if (0 == vm.count("name"))
+  if (vm.count("name") == 0)
     {
-      std::cerr << "identity_name must be specified" << std::endl;
-      std::cerr << desc << std::endl;
+      std::cerr << "ERROR: name must be specified" << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
-  
-  if (vm.count("key"))
+
+  if (vm.count("key") != 0)
     isKeyName = true;
 
   shared_ptr<IdentityCertificate> selfSignCert;
 
-  try
+  KeyChain keyChain;
+
+  if (isKeyName)
     {
-      KeyChain keyChain;
-      
-      if(isKeyName)
-        {
-          selfSignCert = keyChain.selfSign(name);
-        }
-      else
-        {
-          Name keyName = keyChain.getDefaultKeyNameForIdentity(name);
-          selfSignCert = keyChain.selfSign(keyName);
-        }
+      selfSignCert = keyChain.selfSign(name);
     }
-  catch(SecPublicInfo::Error& e)
+  else
     {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
-    }
-  catch(SecTpm::Error& e)
-    {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
+      Name keyName = keyChain.getDefaultKeyNameForIdentity(name);
+      selfSignCert = keyChain.selfSign(keyName);
     }
 
-  try
-    {
-      using namespace CryptoPP;
-      StringSource ss(selfSignCert->wireEncode().wire(), selfSignCert->wireEncode().size(), true,
-                      new Base64Encoder(new FileSink(std::cout), true, 64));
-    }
-  catch(CryptoPP::Exception& e)
-    {
-      std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
-    }
-  
+  io::save(*selfSignCert, std::cout);
+
   return 0;
 }
 
diff --git a/tools/ndnsec-unlock-tpm.hpp b/tools/ndnsec-unlock-tpm.hpp
index 3ee4d7c..5d2dcff 100644
--- a/tools/ndnsec-unlock-tpm.hpp
+++ b/tools/ndnsec-unlock-tpm.hpp
@@ -16,48 +16,43 @@
   using namespace ndn;
   namespace po = boost::program_options;
 
-  std::string keyName; 
-  std::string appPath;
+  std::string keyName;
 
-  po::options_description desc("General Usage\n  ndnsec unlock-tpm [-h] \nGeneral options");
-  desc.add_options()
+  po::options_description description("General Usage\n  ndnsec unlock-tpm [-h] \nGeneral options");
+  description.add_options()
     ("help,h", "produce help message")
     ;
 
   po::variables_map vm;
-  po::store(po::parse_command_line(argc, argv, desc), vm);
-  po::notify(vm);
 
-  if (vm.count("help"))
-    {
-      std::cerr << desc << std::endl;
-      return 0;
-    }
-  
-  bool res = false;
-  
   try
     {
-      KeyChain keyChain;
-      
-      char* password;
-      password = getpass("Password to unlock the TPM: ");
-      res = keyChain.unlockTpm(password, strlen(password), true);
-      memset(password, 0, strlen(password));
-
+      po::store(po::parse_command_line(argc, argv, description), vm);
+      po::notify(vm);
     }
-  catch(const SecPublicInfo::Error& e)
+  catch (const std::exception& e)
     {
       std::cerr << "ERROR: " << e.what() << std::endl;
-      return 1;
-    }
-  catch(const SecTpm::Error& e)
-    {
-      std::cerr << "ERROR: " << e.what() << std::endl;
+      std::cerr << description << std::endl;
       return 1;
     }
 
-  if(res)
+  if (vm.count("help") != 0)
+    {
+      std::cerr << description << std::endl;
+      return 0;
+    }
+
+  bool isUnlocked = false;
+
+  KeyChain keyChain;
+
+  char* password;
+  password = getpass("Password to unlock the TPM: ");
+  isUnlocked = keyChain.unlockTpm(password, strlen(password), true);
+  memset(password, 0, strlen(password));
+
+  if (isUnlocked)
     {
       std::cerr << "OK: TPM is unlocked" << std::endl;
       return 0;
diff --git a/tools/ndnsec-util.hpp b/tools/ndnsec-util.hpp
index f2fc390..0934d90 100644
--- a/tools/ndnsec-util.hpp
+++ b/tools/ndnsec-util.hpp
@@ -31,27 +31,27 @@
 bool
 getPassword(std::string& password, const std::string& prompt)
 {
-  int result = false;
+  bool isReady = false;
 
-  char* pw0 = NULL;
+  char* pw0 = 0;
   
   pw0 = getpass(prompt.c_str());
-  if(!pw0) 
+  if (!pw0) 
     return false;
   std::string password1 = pw0;
   memset(pw0, 0, strlen(pw0));
 
   pw0 = getpass("Confirm:");
-  if(!pw0)
+  if (!pw0)
     {
       char* pw1 = const_cast<char*>(password1.c_str());
       memset(pw1, 0, password1.size());
       return false;
     }
 
-  if(!password1.compare(pw0))
+  if (!password1.compare(pw0))
     {
-      result = true;
+      isReady = true;
       password.swap(password1);
     }
 
@@ -59,17 +59,17 @@
   memset(pw1, 0, password1.size());
   memset(pw0, 0, strlen(pw0));
 
-  if(password.empty())
+  if (password.empty())
     return false;
 
-  return result;
+  return isReady;
 }
 
 ndn::shared_ptr<ndn::IdentityCertificate>
 getIdentityCertificate(const std::string& fileName)
 {
 
-  if(fileName == "-")
+  if (fileName == "-")
     return ndn::io::load<ndn::IdentityCertificate>(std::cin);
   else
     return ndn::io::load<ndn::IdentityCertificate>(fileName);
diff --git a/tools/ndnsec.cpp b/tools/ndnsec.cpp
index db1f50b..24026e0 100644
--- a/tools/ndnsec.cpp
+++ b/tools/ndnsec.cpp
@@ -31,7 +31,6 @@
   get-default  Get default setting info.\n\
   set-default  Configure default setting.\n\
   key-gen      Generate a Key-Signing-Key for an identity.\n\
-  dsk-gen      Generate a Data-Signing-Key for an identity.\n\
   sign-req     Generate a certificate signing request.\n\
   cert-gen     Generate an identity certificate.\n\
   cert-dump    Dump a certificate from PublicInfo.\n\
@@ -48,35 +47,42 @@
 int 
 main(int argc, char** argv)
 {
-  if (argc < 1)
+  if (argc < 2)
     {
       std::cerr << ndnsec_helper << std::endl;
       return 1;
     }
 
   std::string command(argv[1]);
-  
-  if (command == "help")              { std::cerr << ndnsec_helper << std::endl; }
-  else if (command == "list")         { return ndnsec_list(argc - 1, argv + 1); }
-  else if (command == "get-default")  { return ndnsec_get_default(argc - 1, argv + 1); }
-  else if (command == "set-default")  { return ndnsec_set_default(argc - 1, argv + 1); }
-  else if (command == "key-gen")      { return ndnsec_key_gen(argc - 1, argv + 1); }
-  else if (command == "dsk-gen")      { return ndnsec_dsk_gen(argc - 1, argv + 1); }
-  else if (command == "sign-req")     { return ndnsec_sign_req(argc - 1, argv + 1); }
-  else if (command == "cert-gen")     { return ndnsec_cert_gen(argc - 1, argv + 1); }
-  else if (command == "cert-dump")    { return ndnsec_cert_dump(argc - 1, argv + 1); }
-  else if (command == "cert-install") { return ndnsec_cert_install(argc - 1, argv + 1); }
-  else if (command == "delete")       { return ndnsec_delete(argc - 1, argv + 1); }
-  else if (command == "export")       { return ndnsec_export(argc - 1, argv + 1); }
-  else if (command == "import")       { return ndnsec_import(argc - 1, argv + 1); }
-  else if (command == "sig-verify")   { return ndnsec_sig_verify(argc - 1, argv + 1); }
-  else if (command == "set-acl")      { return ndnsec_set_acl(argc - 1, argv + 1); }
-  else if (command == "unlock-tpm")   { return ndnsec_unlock_tpm(argc - 1, argv + 1); }
-  else if (command == "op-tool")      { return ndnsec_op_tool(argc - 1, argv + 1); }
-  else {
-    std::cerr << ndnsec_helper << std::endl;
-    return 1;
-  }
+
+  try
+    {
+      if (command == "help")              { std::cerr << ndnsec_helper << std::endl; }
+      else if (command == "list")         { return ndnsec_list(argc - 1, argv + 1); }
+      else if (command == "get-default")  { return ndnsec_get_default(argc - 1, argv + 1); }
+      else if (command == "set-default")  { return ndnsec_set_default(argc - 1, argv + 1); }
+      else if (command == "key-gen")      { return ndnsec_key_gen(argc - 1, argv + 1); }
+      else if (command == "sign-req")     { return ndnsec_sign_req(argc - 1, argv + 1); }
+      else if (command == "cert-gen")     { return ndnsec_cert_gen(argc - 1, argv + 1); }
+      else if (command == "cert-dump")    { return ndnsec_cert_dump(argc - 1, argv + 1); }
+      else if (command == "cert-install") { return ndnsec_cert_install(argc - 1, argv + 1); }
+      else if (command == "delete")       { return ndnsec_delete(argc - 1, argv + 1); }
+      else if (command == "export")       { return ndnsec_export(argc - 1, argv + 1); }
+      else if (command == "import")       { return ndnsec_import(argc - 1, argv + 1); }
+      else if (command == "sig-verify")   { return ndnsec_sig_verify(argc - 1, argv + 1); }
+      else if (command == "set-acl")      { return ndnsec_set_acl(argc - 1, argv + 1); }
+      else if (command == "unlock-tpm")   { return ndnsec_unlock_tpm(argc - 1, argv + 1); }
+      else if (command == "op-tool")      { return ndnsec_op_tool(argc - 1, argv + 1); }
+      else {
+        std::cerr << ndnsec_helper << std::endl;
+        return 1;
+      }
+    }
+  catch (const std::runtime_error& e)
+    {
+      std::cerr << "ERROR: " << e.what() << std::endl;
+      return 1;
+    }
 
   return 0;
 }