Move identity-manager.cpp to identity subfolder. Added initial private-key-storage.
diff --git a/ndn-cpp/security/identity/identity-manager.cpp b/ndn-cpp/security/identity/identity-manager.cpp
new file mode 100644
index 0000000..8d36d30
--- /dev/null
+++ b/ndn-cpp/security/identity/identity-manager.cpp
@@ -0,0 +1,15 @@
+/**
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#include "identity-manager.hpp"
+
+namespace ndn {
+
+void IdentityManager::signByCertificate(const Data &data, const Name &certificateName, WireFormat& wireFormat)
+{
+
+}
+
+}
diff --git a/ndn-cpp/security/identity/identity-manager.hpp b/ndn-cpp/security/identity/identity-manager.hpp
new file mode 100644
index 0000000..2557a03
--- /dev/null
+++ b/ndn-cpp/security/identity/identity-manager.hpp
@@ -0,0 +1,28 @@
+/**
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_IDENTITY_MANAGER_HPP
+#define NDN_IDENTITY_MANAGER_HPP
+
+#include "../../data.hpp"
+
+namespace ndn {
+
+class IdentityManager {
+public:
+ /**
+ *
+ * Note: the caller must make sure the timestamp in data is correct, for example with
+ * data.getMetaInfo().setTimestampMilliseconds(time(NULL) * 1000.0).
+ * @param data The Data object to sign and update its signature.
+ * @param certificateName The Name identifying the certificate which identifies the signing key.
+ * @param wireFormat The WireFormat for calling encodeData, or WireFormat::getDefaultWireFormat() if omitted.
+ */
+ void signByCertificate(const Data& data, const Name& certificateName, WireFormat& wireFormat = *WireFormat::getDefaultWireFormat());
+};
+
+}
+
+#endif
diff --git a/ndn-cpp/security/identity/private-key-storage.cpp b/ndn-cpp/security/identity/private-key-storage.cpp
new file mode 100644
index 0000000..4f2d0aa
--- /dev/null
+++ b/ndn-cpp/security/identity/private-key-storage.cpp
@@ -0,0 +1,23 @@
+/**
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#include "private-key-storage.hpp"
+
+using namespace std;
+
+namespace ndn {
+
+PrivateKeyStorage::~PrivateKeyStorage()
+{
+}
+
+// TODO: Move to subclass.
+Blob
+PrivateKeyStorage::sign(const Blob& blob, const string& keyName, DigestAlgorithm digestAlgorithm)
+{
+ return Blob();
+}
+
+}
diff --git a/ndn-cpp/security/identity/private-key-storage.hpp b/ndn-cpp/security/identity/private-key-storage.hpp
new file mode 100644
index 0000000..bb79753
--- /dev/null
+++ b/ndn-cpp/security/identity/private-key-storage.hpp
@@ -0,0 +1,95 @@
+/**
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_PRIVATE_KEY_STORAGE_HPP
+#define NDN_PRIVATE_KEY_STORAGE_HPP
+
+#include <string>
+#include "../../util/blob.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+
+class PrivateKeyStorage {
+ /**
+ * The virtual destructor
+ */
+ virtual
+ ~PrivateKeyStorage();
+
+#if 0
+ /**
+ * @brief generate a pair of asymmetric keys
+ * @param keyName the name of the key pair
+ * @param keyType the type of the key pair, e.g. RSA
+ * @param keySize the size of the key pair
+ */
+ virtual void
+ generateKeyPair(const string & keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048) = 0;
+
+ /**
+ * @brief get the public key
+ * @param keyName the name of public key
+ * @return the public key
+ */
+ virtual Ptr<Publickey>
+ getPublickey(const string & keyName) = 0;
+#endif
+
+ /**
+ * Sign data blob.
+ * @param blob The blob to be signed.
+ * @param keyName The name of the signing key.
+ * @param digestAlgorithm the digest algorithm.
+ * @return The signature, or 0 if signing fails.
+ */
+ virtual Blob
+ sign(const Blob& blob, const std::string& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
+
+#if 0
+ /**
+ * @brief decrypt data
+ * @param keyName the name of the decrypting key
+ * @param blob the blob to be decrypted
+ * @param sym if true symmetric encryption is used, otherwise asymmetric decryption is used.
+ * @return decrypted data
+ */
+ virtual Ptr<Blob>
+ decrypt(const string & keyName, const Blob & data, bool sym = false) = 0;
+
+ /**
+ * @brief encrypt data
+ * @param keyName the name of the encrypting key
+ * @param blob the blob to be encrypted
+ * @param sym if true symmetric encryption is used, otherwise asymmetric decryption is used.
+ * @return encrypted data
+ */
+ virtual Ptr<Blob>
+ encrypt(const string & keyName, const Blob & pData, bool sym = false) = 0;
+
+ /**
+ * @brief generate a symmetric key
+ * @param keyName the name of the key
+ * @param keyType the type of the key, e.g. AES
+ * @param keySize the size of the key
+ */
+ virtual void
+ generateKey(const string & keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256) = 0;
+
+ /**
+ * @brief check if a particular key exist
+ * @param keyName the name of the key
+ * @param keyClass the class of the key, e.g. public, private, or symmetric
+ * @return true if the key exists, otherwise false
+ */
+ virtual bool
+ doesKeyExist(const string & keyName, KeyClass keyClass) = 0;
+#endif
+};
+
+}
+
+#endif