Move identity-manager.cpp to identity subfolder.  Added initial private-key-storage.
diff --git a/ndn-cpp/security/identity/identity-manager.cpp b/ndn-cpp/security/identity/identity-manager.cpp
new file mode 100644
index 0000000..8d36d30
--- /dev/null
+++ b/ndn-cpp/security/identity/identity-manager.cpp
@@ -0,0 +1,15 @@
+/**
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#include "identity-manager.hpp"
+
+namespace ndn {
+
+void IdentityManager::signByCertificate(const Data &data, const Name &certificateName, WireFormat& wireFormat)
+{
+  
+}
+
+}
diff --git a/ndn-cpp/security/identity/identity-manager.hpp b/ndn-cpp/security/identity/identity-manager.hpp
new file mode 100644
index 0000000..2557a03
--- /dev/null
+++ b/ndn-cpp/security/identity/identity-manager.hpp
@@ -0,0 +1,28 @@
+/**
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_IDENTITY_MANAGER_HPP
+#define	NDN_IDENTITY_MANAGER_HPP
+
+#include "../../data.hpp"
+
+namespace ndn {
+
+class IdentityManager {
+public:
+  /**
+   * 
+   * Note: the caller must make sure the timestamp in data is correct, for example with 
+   * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
+   * @param data The Data object to sign and update its signature.
+   * @param certificateName The Name identifying the certificate which identifies the signing key.
+   * @param wireFormat The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted.
+   */
+  void signByCertificate(const Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+};
+
+}
+
+#endif
diff --git a/ndn-cpp/security/identity/private-key-storage.cpp b/ndn-cpp/security/identity/private-key-storage.cpp
new file mode 100644
index 0000000..4f2d0aa
--- /dev/null
+++ b/ndn-cpp/security/identity/private-key-storage.cpp
@@ -0,0 +1,23 @@
+/**
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#include "private-key-storage.hpp"
+
+using namespace std;
+
+namespace ndn {
+
+PrivateKeyStorage::~PrivateKeyStorage()
+{
+}
+
+// TODO: Move to subclass.
+Blob 
+PrivateKeyStorage::sign(const Blob& blob, const string& keyName, DigestAlgorithm digestAlgorithm)
+{
+  return Blob();
+}
+
+}
diff --git a/ndn-cpp/security/identity/private-key-storage.hpp b/ndn-cpp/security/identity/private-key-storage.hpp
new file mode 100644
index 0000000..bb79753
--- /dev/null
+++ b/ndn-cpp/security/identity/private-key-storage.hpp
@@ -0,0 +1,95 @@
+/**
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_PRIVATE_KEY_STORAGE_HPP
+#define	NDN_PRIVATE_KEY_STORAGE_HPP
+
+#include <string>
+#include "../../util/blob.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+
+class PrivateKeyStorage {
+  /**
+   * The virtual destructor
+   */    
+  virtual 
+  ~PrivateKeyStorage();
+
+#if 0
+  /**
+   * @brief generate a pair of asymmetric keys
+   * @param keyName the name of the key pair
+   * @param keyType the type of the key pair, e.g. RSA
+   * @param keySize the size of the key pair
+   */
+  virtual void 
+  generateKeyPair(const string & keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048) = 0;
+
+  /**
+   * @brief get the public key
+   * @param keyName the name of public key
+   * @return the public key
+   */
+  virtual Ptr<Publickey> 
+  getPublickey(const string & keyName) = 0;
+#endif
+  
+  /**
+   * Sign data blob.
+   * @param blob The blob to be signed.
+   * @param keyName The name of the signing key.
+   * @param digestAlgorithm the digest algorithm.
+   * @return The signature, or 0 if signing fails.
+   */  
+  virtual Blob 
+  sign(const Blob& blob, const std::string& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
+    
+#if 0
+  /**
+   * @brief decrypt data
+   * @param keyName the name of the decrypting key
+   * @param blob the blob to be decrypted
+   * @param sym if true symmetric encryption is used, otherwise asymmetric decryption is used.
+   * @return decrypted data
+   */
+  virtual Ptr<Blob> 
+  decrypt(const string & keyName, const Blob & data, bool sym = false) = 0;
+
+  /**
+   * @brief encrypt data
+   * @param keyName the name of the encrypting key
+   * @param blob the blob to be encrypted
+   * @param sym if true symmetric encryption is used, otherwise asymmetric decryption is used.
+   * @return encrypted data
+   */
+  virtual Ptr<Blob> 
+  encrypt(const string & keyName, const Blob & pData, bool sym = false) = 0;
+
+  /**
+   * @brief generate a symmetric key
+   * @param keyName the name of the key 
+   * @param keyType the type of the key, e.g. AES
+   * @param keySize the size of the key
+   */
+  virtual void 
+  generateKey(const string & keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256) = 0;
+
+  /**
+   * @brief check if a particular key exist
+   * @param keyName the name of the key
+   * @param keyClass the class of the key, e.g. public, private, or symmetric
+   * @return true if the key exists, otherwise false
+   */
+  virtual bool
+  doesKeyExist(const string & keyName, KeyClass keyClass) = 0;  
+#endif
+};
+
+}
+
+#endif