diff --git a/docs/tuf-spec.txt b/docs/tuf-spec.txt
index e54069a4..a4c679da 100644
--- a/docs/tuf-spec.txt
+++ b/docs/tuf-spec.txt
@@ -476,7 +476,10 @@
    The KEYID of a key is the hexdigest of the SHA-256 hash of the
    canonical JSON form of the key, where the "private" object key is excluded.
    
-   All times are given as strings of the format "YYYY-MM-DD HH:MM:SS UTC".
+   Metadata date-time data follows the ISO 8601 standard.  The expected format
+   of the combined date and time string is "YYYY-MM-DDTHH:MM:SSZ".  Time is
+   always in UTC, and the "Z" time zone designator is attached to indicate a
+   zero UTC offset.  An example date-time string is "1985-10-21T01:21:00Z".
 
 
 4.3. File formats: root.json
diff --git a/tuf/examples/example_client.py b/examples/client/example_client.py
similarity index 85%
rename from tuf/examples/example_client.py
rename to examples/client/example_client.py
index 78b1103f..53b18142 100755
--- a/tuf/examples/example_client.py
+++ b/examples/client/example_client.py
@@ -6,7 +6,7 @@
   Vladimir Diaz <vladimir.v.diaz@gmail.com>
 
 <Started>
-  September 2012
+  September 2012.
 
 <Copyright>
   See LICENSE for licensing information.
@@ -16,13 +16,16 @@
   utilizing The Update Framework may write to securely update files.
   The 'basic_client.py' script can be used on the command-line to perform
   an update that will download and update all available targets; writing
-  custom code is not required in this case.
+  custom code is not required with 'basic_client.py'.
   
   The custom examples below demonstrate:
   (1) updating all targets
   (2) updating all the targets of a specified role
   (3) updating a specific target explicitely named.
 
+  It assumes a server is listening on 'http://localhost:8001'.  One can be
+  started by navigating to the 'examples/repository/' and starting:
+  $ python -m SimpleHTTPServer 8001
 """
 
 import logging
@@ -30,7 +33,7 @@
 import tuf.client.updater
 
 # Uncomment the line below to enable printing of debugging information.
-#tuf.log.set_log_level(logging.DEBUG)
+tuf.log.set_log_level(logging.INFO)
 
 # Set the local repository directory containing the metadata files.
 tuf.conf.repository_directory = '.'
@@ -61,7 +64,8 @@
 for target in updated_targets:
   try:
     updater.download_target(target, destination_directory)
-  except tuf.DownloadError, e:
+  
+  except tuf.DownloadError as e:
     pass
 
 # Remove any files from the destination directory that are no longer being
@@ -69,26 +73,22 @@
 updater.remove_obsolete_targets(destination_directory)
 
 
-"""
-# Example demonstrating an update that only downloads the targets of
-# a specific role (i.e., 'targets/role1')
 
+# Example demonstrating an update that only downloads the targets of
+# a specific role (i.e., 'targets/project')
 updater.refresh()
-targets_of_role1 = updater.targets_of_role('targets/role1')
+targets_of_role1 = updater.targets_of_role('targets/project')
 updated_targets = updater.updated_targets(targets_of_role1, destination_directory)
 
 for target in updated_targets:
   updater.download_target(target, destination_directory)
-"""
 
 
-"""
+
 # Example demonstrating an update that downloads a specific target.
-
 updater.refresh()
-target = updater.target('LICENSE.txt')
+target = updater.target('/file2.txt')
 updated_target = updater.updated_targets([target], destination_directory)
 
 for target in updated_target:
   updater.download_target(target, destination_directory)
-"""
diff --git a/examples/client/metadata/current/root.json b/examples/client/metadata/current/root.json
new file mode 100644
index 00000000..8128041e
Binary files /dev/null and b/examples/client/metadata/current/root.json differ
diff --git a/examples/client/metadata/previous/root.json b/examples/client/metadata/previous/root.json
new file mode 100644
index 00000000..8128041e
Binary files /dev/null and b/examples/client/metadata/previous/root.json differ
diff --git a/examples/keystore/project_key b/examples/keystore/project_key
new file mode 100644
index 00000000..ad2c31d8
--- /dev/null
+++ b/examples/keystore/project_key
@@ -0,0 +1 @@
+5bc5cdc1e18ff3ccbfd7c33a88bec596@@@@313030303030@@@@39656230336534656264303863303733353832386465383466346232633863356362616234306430333863353239393966643333373730353231386262623339@@@@31caf11a40e9eb48f499dcc6f80c88e8@@@@0400a24989069098ce702d6a8f81826ba482ffd9a17fff5a10c6f986b9179bae1be4d246db2fceda93ce12bd465e896e4e4e847c934eb120c794e12fbcc8569e4aa6964995f1fda9af50057644236c4194ebb78a588804363dbce492db7e4ef2ce39391013a7c2d68260a0e785b6cec39fc02cdff11e9c7a168ae133292fdbe5f2f968d2a0ae098ca9453ec33d175de181f771b016c760ceba51d9c20c431702656e8b09ebda6cf884096b89d80dd6c2c1752c04312e934cd79d49b91e8c7ef4448bf3b969fa6ed9727cac48f91e3921f41d5bf8ec4130ff45fda51e07cd16a7fa8daca1feb6f2dced6881c736565a1b72dc705a97606a0480c0dd681e65bea82fc261762cdad203fd49d45f
\ No newline at end of file
diff --git a/examples/keystore/project_key.pub b/examples/keystore/project_key.pub
new file mode 100644
index 00000000..0f1c3193
--- /dev/null
+++ b/examples/keystore/project_key.pub
@@ -0,0 +1 @@
+{"keytype": "ed25519", "keyval": {"public": "b6e40fb71a6041212a3d84331336ecaa1f48a0c523f80ccc762a034c727606fa"}}
\ No newline at end of file
diff --git a/examples/keystore/root_key b/examples/keystore/root_key
new file mode 100644
index 00000000..0f87c374
--- /dev/null
+++ b/examples/keystore/root_key
@@ -0,0 +1 @@
+70b05482c00cad0fccfcab4ac2b86b50@@@@313030303030@@@@62626137313336626662363862333962636161306561326437336237643436306162323966303038326636306363613965396161353566646330346666356635@@@@5f6612c00c8ed8627dd33754812bb7e1@@@@f651c3db5ac02aa8337264f0badd1f40fbe174ec3f8de8fd95188d31cf41b4863d7a28db297b8a5abd25e49d2af3c6cb2e25789088dce2b5113b7d7db16deea1eadf109d5ec004a2b5bcbdc29e13a9e4c803659def851800969918fb5930c56b816b119be490667f2d629309bc7578dad43c6b0ca6ef0c6f48ad68390fb1fc711b8a40bb5b1c197ae6f72d2b1e83bbc9050f46a3c69efe3b11c55a52d3f68f6e9fe58ad7e67dd6b136681b6d800fed22f15d31ee71ad1ed78f36b6d19b0771c22123f1dcb54a6b2e9742d2661014931cbab8fbbb001e3ac836bc5c64b19fa4cb881485acdafa6a0fd87044534608f50ae13920517c6f2ab2669f8edd4bc6cbe2fc1fc272264a819e2e34bc83
\ No newline at end of file
diff --git a/examples/keystore/root_key.pub b/examples/keystore/root_key.pub
new file mode 100644
index 00000000..7cf01390
--- /dev/null
+++ b/examples/keystore/root_key.pub
@@ -0,0 +1 @@
+{"keytype": "ed25519", "keyval": {"public": "66dd78c5c2a78abc6fc6b267ff1a8017ba0e8bfc853dd97af351949bba021275"}}
\ No newline at end of file
diff --git a/examples/keystore/snapshot_key b/examples/keystore/snapshot_key
new file mode 100644
index 00000000..9f999f94
--- /dev/null
+++ b/examples/keystore/snapshot_key
@@ -0,0 +1 @@
+cff2ed748f0281d65c8eb535e81dbfd0@@@@313030303030@@@@30353732326564313863306632626336656631636635313666636330383537376466393833313937363261303638336632373530303938623665346239646230@@@@1eda960b65beefb9a2a4afcc9be973f6@@@@ea7c468f9e5ab91e874b2a0fa692a18056293261886400e5976a6c884b13cdd3905b0188f41b0c2b2846d36dabbeecf4d9d1c87123b5b236ccbce24f4b30c9ba25d00ccce270d3da1d202d2fd27a0a007381bf2284c58bb01a812050086264617f94a47cd3931b9129c6b105eec4ff56d1176e6fbde6bf5ade513a0f1c7551cecb04c678582e7fd0656936a1f232fa3a739df3dc4af07ad69580f54b1dd366c78e96c07249732621929aac056f4892af07772011246101cfb9886558fe2cfd1d09e9c280cbecdf2fb8dbeded4a628ef2fa04d5360dae327ccf15a12a00f2f32964ca03abaeaeb60bbece207e09c897413b8a630331df568822880be86359181664aa0806770ab11e30663594
\ No newline at end of file
diff --git a/examples/keystore/snapshot_key.pub b/examples/keystore/snapshot_key.pub
new file mode 100644
index 00000000..cebf0249
--- /dev/null
+++ b/examples/keystore/snapshot_key.pub
@@ -0,0 +1 @@
+{"keytype": "ed25519", "keyval": {"public": "01c61f8dc7d77fcef973f4267927541e355e8ceda757e2c402818dad850f856e"}}
\ No newline at end of file
diff --git a/examples/keystore/targets_key b/examples/keystore/targets_key
new file mode 100644
index 00000000..f56772a5
--- /dev/null
+++ b/examples/keystore/targets_key
@@ -0,0 +1 @@
+a0fdf15a675c849cc7bd4cfb46273164@@@@313030303030@@@@62303735356165326132633766333932633137643234323961636166356135666433333234376163356665656330306362366363383332386430356133663831@@@@0d7ce5bc8687edc1a292ebbe203284b6@@@@155dee106e192009ed4dace179e514f518d403d7a83d136047683683090c8dd1e80d6d5f6bd480e1e9e76bf63a265dfdc7e5bce07418039c6457c6d454fd0114fd7311c8508ead020e59e0b5b2ee55101d49535980e598c02c70ecb7bca77a54d04040080ca9403cd23bd0ae4cc5e33131321d2a4c8a4544553f5c54b7af0986a437f37696b4e7d76efed24be9a4c6928542fb93cfd88018537703a1ff0f6ac8fcb625714a161aaa7a548b39963ded1481b47020b1346544a8a9d96f1eb03a6cad326af0f5be43c6756dc1d4e6c7dee550077d7689949a671acd370680d6b29e594675ade9d7525a4ad8af7a1b13a3e4692192d70c189115d52b814af5a53bc9d0528aec6c6417f6f7d0bcb3
\ No newline at end of file
diff --git a/examples/keystore/targets_key.pub b/examples/keystore/targets_key.pub
new file mode 100644
index 00000000..5e1d1e1a
--- /dev/null
+++ b/examples/keystore/targets_key.pub
@@ -0,0 +1 @@
+{"keytype": "ed25519", "keyval": {"public": "68ead6e54a43f8f36f9717b10669d1ef0ebb38cee6b05317669341309f1069cb"}}
\ No newline at end of file
diff --git a/examples/keystore/timestamp_key b/examples/keystore/timestamp_key
new file mode 100644
index 00000000..42dc9bda
--- /dev/null
+++ b/examples/keystore/timestamp_key
@@ -0,0 +1 @@
+dd0f6b3bff19df2c4ab89e34a5b190e6@@@@313030303030@@@@37613435636666623966633230613439376661303631616635323365326636643039383236333638633162326262616231653531353066656262643265623566@@@@e6d72cc0a99144c4dbf509fa56092454@@@@10bb33112d4083f81d700740e78b315574a0d7b8c042921b1dcb7b8593caff1dbb10b8886ea2f4b7edcb49d3aabc9ec25db59dc0b121890555dc5d69291856f739b280de6fa6216e0ac92b9b95689b9f6ba1a414cb78ee6547968ea5ebd84e34972cf6d0e56cf0443b653f51d8e2742a7454e70039e548e4a69e97e73475940964307b5d5da440767531479b0c940dc8ffebafdf562e3a68d456f9438cb3c2253117180efd868b8b9fd4ea3e717501db8c0a9afe0bcdb34068eef4858103b2126b47d4c22a3d0f16cec0e5cd452201487eb6695139d8235a17a3c1a42fa7552d7ca45625b0000650f22851679ac00c7b71368d4dfc862a1823437b5cc244c282be0c01138fa39dc13511bd59
\ No newline at end of file
diff --git a/examples/keystore/timestamp_key.pub b/examples/keystore/timestamp_key.pub
new file mode 100644
index 00000000..3224de62
--- /dev/null
+++ b/examples/keystore/timestamp_key.pub
@@ -0,0 +1 @@
+{"keytype": "ed25519", "keyval": {"public": "72378e5bc588793e58f81c8533da64a2e8f1565c1fcc7f253496394ffc52542c"}}
\ No newline at end of file
diff --git a/examples/repository/metadata.staged/root.json b/examples/repository/metadata.staged/root.json
new file mode 100644
index 00000000..8128041e
Binary files /dev/null and b/examples/repository/metadata.staged/root.json differ
diff --git a/examples/repository/metadata.staged/snapshot.json b/examples/repository/metadata.staged/snapshot.json
new file mode 100644
index 00000000..3294c89e
Binary files /dev/null and b/examples/repository/metadata.staged/snapshot.json differ
diff --git a/examples/repository/metadata.staged/targets.json b/examples/repository/metadata.staged/targets.json
new file mode 100644
index 00000000..6387d30e
Binary files /dev/null and b/examples/repository/metadata.staged/targets.json differ
diff --git a/examples/repository/metadata.staged/targets.json.gz b/examples/repository/metadata.staged/targets.json.gz
new file mode 100644
index 00000000..85fa0890
Binary files /dev/null and b/examples/repository/metadata.staged/targets.json.gz differ
diff --git a/examples/repository/metadata.staged/targets/project.json b/examples/repository/metadata.staged/targets/project.json
new file mode 100644
index 00000000..57f4195a
Binary files /dev/null and b/examples/repository/metadata.staged/targets/project.json differ
diff --git a/examples/repository/metadata.staged/timestamp.json b/examples/repository/metadata.staged/timestamp.json
new file mode 100644
index 00000000..93e124e1
Binary files /dev/null and b/examples/repository/metadata.staged/timestamp.json differ
diff --git a/examples/repository/metadata/root.json b/examples/repository/metadata/root.json
new file mode 100644
index 00000000..8128041e
Binary files /dev/null and b/examples/repository/metadata/root.json differ
diff --git a/examples/repository/metadata/snapshot.json b/examples/repository/metadata/snapshot.json
new file mode 100644
index 00000000..3294c89e
Binary files /dev/null and b/examples/repository/metadata/snapshot.json differ
diff --git a/examples/repository/metadata/targets.json b/examples/repository/metadata/targets.json
new file mode 100644
index 00000000..6387d30e
Binary files /dev/null and b/examples/repository/metadata/targets.json differ
diff --git a/examples/repository/metadata/targets.json.gz b/examples/repository/metadata/targets.json.gz
new file mode 100644
index 00000000..85fa0890
Binary files /dev/null and b/examples/repository/metadata/targets.json.gz differ
diff --git a/examples/repository/metadata/targets/project.json b/examples/repository/metadata/targets/project.json
new file mode 100644
index 00000000..57f4195a
Binary files /dev/null and b/examples/repository/metadata/targets/project.json differ
diff --git a/examples/repository/metadata/timestamp.json b/examples/repository/metadata/timestamp.json
new file mode 100644
index 00000000..93e124e1
Binary files /dev/null and b/examples/repository/metadata/timestamp.json differ
diff --git a/examples/repository/targets/file1.txt b/examples/repository/targets/file1.txt
new file mode 100644
index 00000000..7bf3499f
--- /dev/null
+++ b/examples/repository/targets/file1.txt
@@ -0,0 +1 @@
+This is an example target file.
\ No newline at end of file
diff --git a/examples/repository/targets/file2.txt b/examples/repository/targets/file2.txt
new file mode 100644
index 00000000..606f18ef
--- /dev/null
+++ b/examples/repository/targets/file2.txt
@@ -0,0 +1 @@
+This is an another example target file.
\ No newline at end of file
diff --git a/examples/repository/targets/project/file3.txt b/examples/repository/targets/project/file3.txt
new file mode 100644
index 00000000..60464604
--- /dev/null
+++ b/examples/repository/targets/project/file3.txt
@@ -0,0 +1 @@
+This is role1's target file.
\ No newline at end of file
diff --git a/setup.py b/setup.py
index 98e3b093..17867ca0 100755
--- a/setup.py
+++ b/setup.py
@@ -101,7 +101,7 @@
     'Topic :: Software Development'
   ],
   install_requires = [],
-  packages = find_packages(exclude=['tests', 'tuf.tests']),
+  packages = find_packages(exclude=['tests']),
   extras_require = extras,
   scripts = [
     'tuf/client/basic_client.py'
diff --git a/tuf/pushtools/__init__.py b/tests/__init__.py
similarity index 100%
rename from tuf/pushtools/__init__.py
rename to tests/__init__.py
diff --git a/tests/unit/aggregate_tests.py b/tests/aggregate_tests.py
similarity index 100%
rename from tests/unit/aggregate_tests.py
rename to tests/aggregate_tests.py
diff --git a/tests/integration/test_delegations.py b/tests/integration/test_delegations.py
deleted file mode 100755
index 8b216efe..00000000
--- a/tests/integration/test_delegations.py
+++ /dev/null
@@ -1,541 +0,0 @@
-#!/usr/bin/env python
-
-"""
-<Program Name>
-  test_delegations.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  February 19, 2012
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Ensure that TUF meets expectations about target delegations.
-"""
-
-import os
-import time
-import tempfile
-import unittest
-
-import tuf.formats
-import tuf.repo.keystore as keystore
-import tuf.repo.signercli as signercli
-import tuf.repo.signerlib as signerlib
-import tuf.tests.util_test_tools as util_test_tools
-
-version = 1
-# Modify the number of iterations (from the higher default count) so the unit
-# tests run faster.
-keystore._PBKDF2_ITERATIONS = 1000
-
-
-class TestDelegationFunctions(unittest.TestCase):
-
-
-  def do_update(self):
-    # Client side repository.
-    tuf_client = os.path.join(self.root_repo, 'tuf_client')
-    downloads_dir = os.path.join(self.root_repo, 'downloads')
-
-    # Adjust client's configuration file.
-    tuf.conf.repository_directory = tuf_client
-
-    updater = tuf.client.updater.Updater('my_repo', self.mirrors)
-
-    # Refresh the repository's top-level roles, store the target information for
-    # all the targets tracked, and determine which of these targets have been
-    # updated.
-    updater.refresh()
-
-    # Obtain a list of available targets.
-    targets = []
-    relative_target_filepaths = self.relpath_from_targets(self.target_filepaths)
-    for target_filepath in relative_target_filepaths:
-      target_info = updater.target(target_filepath)
-      targets.append(target_info)
-
-    # Download each of these updated targets and save them locally.
-    updated_targets = updater.updated_targets(targets, downloads_dir)
-    for target in updated_targets:
-      updater.download_target(target, downloads_dir)
-
-    # Return metadata about downloaded targets.
-    make_fileinfo = signerlib.get_metadata_file_info
-    targets_metadata = {}
-    for target_filepath in relative_target_filepaths:
-      download_filepath = os.path.join(downloads_dir, target_filepath)
-      target_fileinfo = signerlib.get_metadata_file_info(download_filepath)
-      targets_metadata[target_filepath] = target_fileinfo
-    return targets_metadata
-
-
-  def make_targets_metadata(self):
-    """Subclasses will override this method to generate metadata for all
-    targets roles, with the understanding that there is a fixed structure of
-    the targets roles."""
-
-    raise NotImplementedError()
-
-
-  def relpath_from_targets(self, target_filepaths):
-    """Ex: 'targets/more_targets/somefile.txt' -> 'more_targets/somefile.txt'
-    i.e. 'targets/' is removed from 'target'."""
-
-    new_target_filepaths = []
-    for target in target_filepaths:
-      relative_targetpath = os.path.sep.join(target.split(os.path.sep)[1:])
-      new_target_filepaths.append(relative_targetpath)
-    return new_target_filepaths
-
-
-  def setUp(self):
-    """
-    The target delegations tree is fixed as such:
-      targets -> [T1, T2]
-      T1 -> [T3]
-    """
-    global version
-    version = version+1
-    expiration = tuf.formats.format_time(time.time()+86400)
-
-    root_repo, url, server_proc, keyids = util_test_tools.init_repo(using_tuf=True)
-
-    # Server side repository.
-    tuf_repo = os.path.join(root_repo, 'tuf_repo')
-    keystore_dir = os.path.join(tuf_repo, 'keystore')
-    metadata_dir = os.path.join(tuf_repo, 'metadata')
-    targets_dir = os.path.join(tuf_repo, 'targets')
-
-    # We need to provide clients with a way to reach the tuf repository.
-    tuf_repo_relpath = os.path.basename(tuf_repo)
-    tuf_url = url+tuf_repo_relpath
-
-    # Add files to the server side repository.
-    # target1 = 'targets_dir/[random].txt'
-    # target2 = 'targets_dir/[random].txt'
-    add_target = util_test_tools.add_file_to_repository
-    target1_path = add_target(targets_dir, data='target1')
-    target2_path = add_target(targets_dir, data='target2')
-
-    # Target paths relative to the 'targets_dir'.
-    # Ex: targetX = 'targets/delegator/delegatee.txt'
-    target1 = os.path.relpath(target1_path, tuf_repo)
-    target2 = os.path.relpath(target2_path, tuf_repo)
-
-    # Relative to repository's targets directory.
-    target_filepaths = [target1, target2]
-
-    # Store in self only the variables relevant for tests.
-    self.root_repo = root_repo
-    self.tuf_repo = tuf_repo
-    self.server_proc = server_proc
-    self.target_filepaths = target_filepaths
-    # Targets delegated from A to B.
-    self.delegated_targets = {}
-    # Targets actually signed by B.
-    self.signed_targets = {}
-    self.mirrors = {
-      "mirror1": {
-        "url_prefix": tuf_url,
-        "metadata_path": "metadata",
-        "targets_path": "targets",
-        "confined_target_dirs": [""]
-      }
-    }
-    # Aliases for targets roles.
-    self.T0 = 'targets'
-    self.T1 = 'targets/T1'
-    self.T2 = 'targets/T2'
-    self.T3 = 'targets/T1/T3'
-
-    # Get tracked and assigned targets, and generate targets metadata.
-    self.make_targets_metadata()
-    assert hasattr(self, 'T0_metadata')
-    assert hasattr(self, 'T1_metadata')
-    assert hasattr(self, 'T2_metadata')
-    assert hasattr(self, 'T3_metadata')
-
-    # Make delegation directories at the server's repository.
-    metadata_targets_dir = os.path.join(metadata_dir, 'targets')
-    metadata_T1_dir = os.path.join(metadata_targets_dir, 'T1')
-    os.makedirs(metadata_T1_dir)
-
-    # Delegations metadata paths for the 3 delegated targets roles.
-    T0_path = os.path.join(metadata_dir, 'targets.txt')
-    T1_path = os.path.join(metadata_targets_dir, 'T1.txt')
-    T2_path = os.path.join(metadata_targets_dir, 'T2.txt')
-    T3_path = os.path.join(metadata_T1_dir, 'T3.txt')
-
-    # Generate RSA keys for the 3 delegatees.
-    key1 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T1')
-    key2 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T2')
-    key3 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T3')
-
-    # ID for each of the 3 keys.
-    key1_id = key1['keyid']
-    key2_id = key2['keyid']
-    key3_id = key3['keyid']
-
-    # ID, in a list, for each of the 3 keys.
-    key1_ids = [key1_id]
-    key2_ids = [key2_id]
-    key3_ids = [key3_id]
-
-    # Public-key JSON for each of the 3 keys.
-    key1_val = tuf.rsa_key.create_in_metadata_format(key1['keyval'])
-    key2_val = tuf.rsa_key.create_in_metadata_format(key2['keyval'])
-    key3_val = tuf.rsa_key.create_in_metadata_format(key3['keyval'])
-
-    # Create delegation role metadata for each of the 3 delegated targets roles.
-    make_role_metadata = tuf.formats.make_role_metadata
-
-    T1_targets = self.relpath_from_targets(self.delegated_targets[self.T1])
-    T1_role = make_role_metadata(key1_ids, 1, name=self.T1, paths=T1_targets)
-
-    T2_targets = self.relpath_from_targets(self.delegated_targets[self.T2])
-    T2_role = make_role_metadata(key2_ids, 1, name=self.T2, paths=T2_targets)
-
-    T3_targets = self.relpath_from_targets(self.delegated_targets[self.T3])
-    T3_role = make_role_metadata(key3_ids, 1, name=self.T3, paths=T3_targets)
-
-    # Assign 'delegations' object for 'targets':
-    self.T0_metadata['signed']['delegations'] = {
-      'keys': {key1_id: key1_val, key2_id: key2_val},
-      'roles': [T1_role, T2_role]
-    }
-
-    # Assign 'delegations' object for 'targets/T1':
-    self.T1_metadata['signed']['delegations'] = {
-      'keys': {key3_id: key3_val},
-      'roles': [T3_role]
-    }
-
-    sign = signerlib.sign_metadata
-    write = signerlib.write_metadata_file
-
-    # Sign new metadata objects.
-    T0_signable = sign(self.T0_metadata, keyids, T0_path)
-    T1_signable = sign(self.T1_metadata, key1_ids, T1_path)
-    T2_signable = sign(self.T2_metadata, key2_ids, T2_path)
-    T3_signable = sign(self.T3_metadata, key3_ids, T3_path)
-    # Save new metadata objects.
-    write(T0_signable, T0_path)
-    write(T1_signable, T1_path)
-    write(T2_signable, T2_path)
-    write(T3_signable, T3_path)
-
-    # Timestamp a new release to reflect latest targets.
-    signerlib.build_release_file(keyids, metadata_dir, version, expiration)
-    signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
-
-    # Unload all keys.
-    keystore.clear_keystore()
-
-
-  def tearDown(self):
-    util_test_tools.cleanup(self.root_repo, server_process=self.server_proc)
-
-
-
-
-
-class TestInitialUpdateWithTargetDelegations(TestDelegationFunctions):
-  """We show that making target delegations results in a successful initial
-  update of targets."""
-
-
-  def make_targets_metadata(self):
-    global version
-    version = version+1
-    expiration = tuf.formats.format_time(time.time()+86400)
-    make_metadata = signerlib.generate_targets_metadata
-    target1, target2 = self.target_filepaths
-
-    # Targets signed for by each of the targets roles.
-    self.signed_targets[self.T0] = [target1]
-    self.signed_targets[self.T1] = [target1]
-    self.signed_targets[self.T2] = [target2]
-    self.signed_targets[self.T3] = [target1, target2]
-
-    # Targets delegated to each of the delegated targets roles.
-    self.delegated_targets[self.T1] = [target1]
-    self.delegated_targets[self.T2] = [target2]
-    self.delegated_targets[self.T3] = [target1, target2]
-
-    self.T0_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T0],
-                    version, expiration)
-    self.T1_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T1],
-                    version, expiration)
-    self.T2_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T2],
-                    version, expiration)
-    self.T3_metadata = \
-      make_metadata(self.tuf_repo, self.signed_targets[self.T3],
-                    version, expiration)
-
-
-  def test_that_initial_update_works_with_target_delegations(self):
-    # Get relative target paths, because that is what TUF recognizes.
-    relative_target_filepaths = self.relpath_from_targets(self.target_filepaths)
-    # Get metadata about downloaded targets.
-    targets_metadata = self.do_update()
-    # Do we have metadata about all the expected targets?
-    for target_filepath in relative_target_filepaths:
-      self.assertIn(target_filepath, targets_metadata)
-
-
-
-
-
-class TestBreachOfTargetDelegation(TestDelegationFunctions):
-  """We show that a delegated targets role B cannot talk about targets that A
-  did not delegate to B."""
-
-
-  def make_targets_metadata(self):
-    global version
-    version = version+1
-    expiration = tuf.formats.format_time(time.time()+86400)
-
-    make_metadata = signerlib.generate_targets_metadata
-    target1, target2 = self.target_filepaths
-
-    # Targets signed for by each of the targets roles.
-    self.signed_targets[self.T0] = []
-    self.signed_targets[self.T1] = [target2]
-    self.signed_targets[self.T2] = [target1]
-    self.signed_targets[self.T3] = []
-
-    # Targets delegated to each of the delegated targets roles.
-    self.delegated_targets[self.T1] = [target1]
-    self.delegated_targets[self.T2] = [target2]
-    self.delegated_targets[self.T3] = []
-
-    self.T0_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T0],
-                    version, expiration)
-    self.T1_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T1],
-                    version, expiration)
-    self.T2_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T2],
-                    version, expiration)
-    self.T3_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T3],
-                    version, expiration)
-
-
-  def test_that_initial_update_fails_with_undelegated_signing_of_targets(self):
-    """We expect to see ForbiddenTargetError on initial update because
-    delegated targets roles sign for targets that they were not delegated
-    to."""
-
-    # http://docs.python.org/2/library/unittest.html#unittest.TestCase.assertRaises
-    with self.assertRaises(tuf.NoWorkingMirrorError) as context_manager:
-      self.do_update()
-
-    mirror_errors = context_manager.exception.mirror_errors
-    forbidden_target_error = False
-
-    for mirror_url, mirror_error in mirror_errors.iteritems():
-      if isinstance(mirror_error, tuf.ForbiddenTargetError):
-        forbidden_target_error = True
-        break 
-
-    self.assertEqual(forbidden_target_error, True)
-
-
-
-
-
-class TestOrderOfTargetDelegationWithSuccess(TestDelegationFunctions):
-  """We show that when multiple delegated targets roles talk about a target,
-  the first one in order of appearance of delegation wins.
-
-  In this case, the first role has the correct metadata about the target."""
-
-
-  def make_targets_metadata(self):
-    global version
-    version = version+1
-    expiration = tuf.formats.format_time(time.time()+86400)
-    
-    make_metadata = signerlib.generate_targets_metadata
-    target1, target2 = self.target_filepaths
-
-    # Targets signed for by each of the targets roles.
-    self.signed_targets[self.T0] = [target2]
-    self.signed_targets[self.T1] = []
-    self.signed_targets[self.T2] = [target1]
-    self.signed_targets[self.T3] = [target1]
-
-    # Targets delegated to each of the delegated targets roles.
-    self.delegated_targets[self.T1] = [target1]
-    self.delegated_targets[self.T2] = [target1]
-    self.delegated_targets[self.T3] = [target1]
-
-    self.T0_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T0],
-                    version, expiration)
-    self.T1_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T1],
-                    version, expiration)
-    self.T2_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T2],
-                    version, expiration)
-    self.T3_metadata = \
-      make_metadata(self.tuf_repo, self.signed_targets[self.T3],
-                    version, expiration)
-
-    # Modify the hash for target1 in T2.
-    for target_filepath in self.relpath_from_targets([target1]):
-      target_metadata = self.T2_metadata['signed']['targets'][target_filepath]
-      sha256_hash = target_metadata['hashes']['sha256']
-      last_character = sha256_hash[-1]
-      last_character = chr(ord(last_character)-1)
-      # "Subtract" the last character of the hash.
-      target_metadata['hashes']['sha256'] = sha256_hash[:-1] + last_character
-
-
-  def test_that_initial_update_works_with_many_roles_sharing_a_target(self):
-    # Get relative target paths, because that is what TUF recognizes.
-    relative_target_filepaths = self.relpath_from_targets(self.target_filepaths)
-    # Get metadata about downloaded targets.
-    targets_metadata = self.do_update()
-    # Do we have metadata about all the expected targets?
-    for target_filepath in relative_target_filepaths:
-      self.assertIn(target_filepath, targets_metadata)
-
-
-
-
-
-class TestOrderOfTargetDelegationWithFailure(TestDelegationFunctions):
-  """We show that when multiple delegated targets roles talk about a target,
-  the first one in order of appearance of delegation wins.
-
-  In this case, the first role has the wrong metadata about the target."""
-
-
-  def make_targets_metadata(self):
-    global version
-    version = version+1
-    expiration = tuf.formats.format_time(time.time()+86400)
-    make_metadata = signerlib.generate_targets_metadata
-    target1, target2 = self.target_filepaths
-
-    # Targets signed for by each of the targets roles.
-    self.signed_targets[self.T0] = [target2]
-    self.signed_targets[self.T1] = []
-    self.signed_targets[self.T2] = [target1]
-    self.signed_targets[self.T3] = [target1]
-
-    # Targets delegated to each of the delegated targets roles.
-    self.delegated_targets[self.T1] = [target1]
-    self.delegated_targets[self.T2] = [target1]
-    self.delegated_targets[self.T3] = [target1]
-
-    self.T0_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T0],
-                    version, expiration)
-    self.T1_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T1],
-                    version, expiration)
-    self.T2_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T2],
-                    version, expiration)
-    self.T3_metadata = \
-      make_metadata(self.tuf_repo, self.signed_targets[self.T3],
-                    version, expiration)
-
-    # Modify the hash for target1 in T3.
-    for target_filepath in self.relpath_from_targets([target1]):
-      target_metadata = self.T3_metadata['signed']['targets'][target_filepath]
-      sha256_hash = target_metadata['hashes']['sha256']
-      last_character = sha256_hash[-1]
-      last_character = chr(ord(last_character)-1)
-      # "Subtract" the last character of the hash.
-      target_metadata['hashes']['sha256'] = sha256_hash[:-1] + last_character
-
-
-  def test_that_initial_update_fails_with_many_roles_sharing_a_target(self):
-    """We expect to see BadHashError on initial update because the hash
-    metadata mismatches the target."""
-
-    # http://docs.python.org/2/library/unittest.html#unittest.TestCase.assertRaises
-    with self.assertRaises(tuf.NoWorkingMirrorError) as context_manager:
-      self.do_update()
-
-    mirror_errors = context_manager.exception.mirror_errors
-    bad_hash_error = False
-
-    for mirror_url, mirror_error in mirror_errors.iteritems():
-      if isinstance(mirror_error, tuf.BadHashError):
-        bad_hash_error = True
-        break 
-
-    self.assertEqual(bad_hash_error, True)
-
-
-
-
-
-class TestConservationOfTargetDelegation(TestDelegationFunctions):
-  """We show that delegated targets roles have to neither sign for targets
-  delegated to them nor further delegate them."""
-
-
-  def make_targets_metadata(self):
-    global version
-    expiration = tuf.formats.format_time(time.time()+86400)
-
-    make_metadata = signerlib.generate_targets_metadata
-    target1, target2 = self.target_filepaths
-
-    # Targets signed for by each of the targets roles.
-    self.signed_targets[self.T0] = []
-    self.signed_targets[self.T1] = [target1]
-    self.signed_targets[self.T2] = [target2]
-    self.signed_targets[self.T3] = []
-
-    # Targets delegated to each of the delegated targets roles.
-    self.delegated_targets[self.T1] = [target1, target2]
-    self.delegated_targets[self.T2] = [target1, target2]
-    self.delegated_targets[self.T3] = []
-
-    self.T0_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T0],
-                    version, expiration)
-    self.T1_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T1],
-                    version, expiration)
-    self.T2_metadata =\
-      make_metadata(self.tuf_repo, self.signed_targets[self.T2],
-                    version, expiration)
-    self.T3_metadata = \
-      make_metadata(self.tuf_repo, self.signed_targets[self.T3],
-                    version, expiration)
-
-
-  def test_that_initial_update_works_with_unconserved_targets(self):
-    # Get relative target paths, because that is what TUF recognizes.
-    relative_target_filepaths = self.relpath_from_targets(self.target_filepaths)
-    # Get metadata about downloaded targets.
-    targets_metadata = self.do_update()
-    # Do we have metadata about all the expected targets?
-    for target_filepath in relative_target_filepaths:
-      self.assertIn(target_filepath, targets_metadata)
-
-
-
-
-
-if __name__ == '__main__':
-  unittest.main()
diff --git a/tests/repository_data/client/metadata/current/root.json b/tests/repository_data/client/metadata/current/root.json
index bfe2d990..37993bf1 100644
Binary files a/tests/repository_data/client/metadata/current/root.json and b/tests/repository_data/client/metadata/current/root.json differ
diff --git a/tests/repository_data/client/metadata/current/snapshot.json b/tests/repository_data/client/metadata/current/snapshot.json
index 3e46e1fd..9a960dcd 100644
Binary files a/tests/repository_data/client/metadata/current/snapshot.json and b/tests/repository_data/client/metadata/current/snapshot.json differ
diff --git a/tests/repository_data/client/metadata/current/targets.json b/tests/repository_data/client/metadata/current/targets.json
index 06710067..0a7b4a8b 100644
Binary files a/tests/repository_data/client/metadata/current/targets.json and b/tests/repository_data/client/metadata/current/targets.json differ
diff --git a/tests/repository_data/client/metadata/current/targets.json.gz b/tests/repository_data/client/metadata/current/targets.json.gz
index 848797c0..757cff50 100644
Binary files a/tests/repository_data/client/metadata/current/targets.json.gz and b/tests/repository_data/client/metadata/current/targets.json.gz differ
diff --git a/tests/repository_data/client/metadata/current/targets/role1.json b/tests/repository_data/client/metadata/current/targets/role1.json
index c72f2ba9..d4d3c560 100644
Binary files a/tests/repository_data/client/metadata/current/targets/role1.json and b/tests/repository_data/client/metadata/current/targets/role1.json differ
diff --git a/tests/repository_data/client/metadata/current/timestamp.json b/tests/repository_data/client/metadata/current/timestamp.json
index 3956e20c..55099610 100644
Binary files a/tests/repository_data/client/metadata/current/timestamp.json and b/tests/repository_data/client/metadata/current/timestamp.json differ
diff --git a/tests/repository_data/client/metadata/previous/root.json b/tests/repository_data/client/metadata/previous/root.json
index bfe2d990..37993bf1 100644
Binary files a/tests/repository_data/client/metadata/previous/root.json and b/tests/repository_data/client/metadata/previous/root.json differ
diff --git a/tests/repository_data/client/metadata/previous/snapshot.json b/tests/repository_data/client/metadata/previous/snapshot.json
index 3e46e1fd..9a960dcd 100644
Binary files a/tests/repository_data/client/metadata/previous/snapshot.json and b/tests/repository_data/client/metadata/previous/snapshot.json differ
diff --git a/tests/repository_data/client/metadata/previous/targets.json b/tests/repository_data/client/metadata/previous/targets.json
index 06710067..0a7b4a8b 100644
Binary files a/tests/repository_data/client/metadata/previous/targets.json and b/tests/repository_data/client/metadata/previous/targets.json differ
diff --git a/tests/repository_data/client/metadata/previous/targets.json.gz b/tests/repository_data/client/metadata/previous/targets.json.gz
index 848797c0..757cff50 100644
Binary files a/tests/repository_data/client/metadata/previous/targets.json.gz and b/tests/repository_data/client/metadata/previous/targets.json.gz differ
diff --git a/tests/repository_data/client/metadata/previous/targets/role1.json b/tests/repository_data/client/metadata/previous/targets/role1.json
index c72f2ba9..d4d3c560 100644
Binary files a/tests/repository_data/client/metadata/previous/targets/role1.json and b/tests/repository_data/client/metadata/previous/targets/role1.json differ
diff --git a/tests/repository_data/client/metadata/previous/timestamp.json b/tests/repository_data/client/metadata/previous/timestamp.json
index 3956e20c..55099610 100644
Binary files a/tests/repository_data/client/metadata/previous/timestamp.json and b/tests/repository_data/client/metadata/previous/timestamp.json differ
diff --git a/tests/repository_data/generate.py b/tests/repository_data/generate.py
index ca1f2e1e..2bc1c67c 100755
--- a/tests/repository_data/generate.py
+++ b/tests/repository_data/generate.py
@@ -22,6 +22,7 @@
 """
 
 import shutil
+import datetime
 
 from tuf.repository_tool import *
 import tuf.util
@@ -105,11 +106,11 @@
 # Set the top-level expiration times far into the future so that
 # they do not expire anytime soon, or else the tests fail.  Unit tests may
 # modify the expiration  datetimes (of the copied files), if they wish.
-repository.root.expiration = "2088-01-01 00:00:00"
-repository.targets.expiration = "2088-01-01 00:00:00"
-repository.snapshot.expiration = "2088-01-01 00:00:00"
-repository.timestamp.expiration = "2088-01-01 00:00:00"
-repository.targets('role1').expiration = "2088-01-01 00:00:00"
+repository.root.expiration = datetime.datetime(2030, 01, 01, 00, 00)
+repository.targets.expiration = datetime.datetime(2030, 01, 01, 00, 00)
+repository.snapshot.expiration = datetime.datetime(2030, 01, 01, 00, 00)
+repository.timestamp.expiration = datetime.datetime(2030, 01, 01, 00, 00)
+repository.targets('role1').expiration = datetime.datetime(2030, 01, 01, 00, 00)
 
 # Compress the 'targets.json' role so that the unit tests have a pre-generated
 # example of compressed metadata.
diff --git a/tests/repository_data/keystore/delegation_key b/tests/repository_data/keystore/delegation_key
index 89210ee6..fbdd0d1e 100644
--- a/tests/repository_data/keystore/delegation_key
+++ b/tests/repository_data/keystore/delegation_key
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,54482FB3B9B400FE
+DEK-Info: DES-EDE3-CBC,31815D9E16C988F5
 
-k/gsyBI4soaEKwKtk3V/rIJtQ7vyDmWxcesBVAPFQFfp09Gu0WdaIh9L1QNjJbLt
-fWS+r4NyyVxKvlnknNJm/Mid4cOWPBeAWR8iDkAm0qg7/Ixq8bn/atVNkIABLrJP
-FYS7dRaCDycUT+dSdy7VI2dVBTjazbD7u4ZkJvw7U6fIGtQ0TdGDASPHuAPrdQDB
-/bDYDg/L6eDg4QR4vz3/IqVfpbDmh///IjC1zvWbWAIJ8zZOvHI7EgpBcua4GZKR
-fdddBd5jI1RCy4Tg+KgB4I/KdEvKhkGP8Iua6j6GPgqgnaCQP97b8cSmLNzgI63O
-ShdCZW4EpJoZKf0o2L+FMlyw0/e95KqJs6LGJ1GWfz+9bEICaiIwzDGQ4cxneWPG
-fEfEo3buDt2B7+fCb6uzBP5ff381rF8OrGsroCtSP4mLJTHvP13pIpP1KvnxhEGu
-6WGW3bND7dW6z0mKR1Bu0ggWQNKgAJeBi+4miE09DNUPLdngNkdwVyz0F2Fc2Tfk
-KUDx05T35dnTBeQGuO0H53Zbicu0VbM55nf6ln1p6aGt1p9xsJDipkF9vJpUeD7D
-OgfIO2FkA4QI0X7T/73qmvaScX7O5yq8+8kUJ4jvZ1pwIB+Kg9hWFXIQmHO0Vctd
-Xm3LwHGs/8Dfzl94feVyCLsINemn79H0wZOS0/Ap5MYoXsMwkT5t4QLgKwfOlI3M
-CnSPCCYab0gxXOQK8otRno4dWs9Qz1D+zMvYNmTrZloRoRNPjAJhrTZdeS28Ynl5
-xWhKXwHT/834gNx+0Jt374fj8uW3fO2q+XNFrXA8p95yQk/ZL9c2v3jVWSXeeqsI
-PqqHdBwAXJzmBRUFJRtliwTKg0qZ5Rt/fV4GaBBmbhdDSMRbn2+W+bBbWy60w5Lj
-fQtO/6LuhUxwZlU2aE+G6oDpF8apTv+pqLL92Z70NdHyHM8pGRp5u0qxaK3wU/4L
-LRRl9M+0znNUylCRIFbxTWrKO6kj6YAg/8+Y0VlJQubzFN0ShO4wk2oVnq9U0J/5
-lIXCAw4W97CeY2smL/bRv4I8VKnGwynuNcbmRrhHMa4xQkR8Lv7LBdJwHgKS3iyV
-vSD9D9lw+GJcmHbIcTjDRM1YBXNHnMUb/+VCHrFd7IFUFi9HpXhyz52SBOus7h4p
-UT9vRqAHs+nY8OIFEUFh1ZCmDMJHUqSrKy0TbvqMBs42l3bFjbk4BQyAL5gJLqWk
-yfQuYyAgkxg4IVgM+GFbv6F7r2qYNrPLmOFEpNaQ+pMEgn+lc2EKlNKzU9RMqh0Y
-srSJiHLOP5T8yIfXnIPErIGZeAMNSschcyECQ26gTwMtxUl2I4baF/9RoKMpwsg8
-O9815LoJ46KXUoH9HynNgZqs8naVFMhjxUforl7XRoJT0rUJ/D7UojSDwRL9UlsJ
-TIMKCUmT6cLpP8OB19qT4fLMH7NrURfuY2jn+7u2BBJLoy6Q6rqq+DfIdLtfiD7J
-C8g2NN0Sui2UBelZGNiXCcN2qFm5vMZlE0y6H+0SUGFC6cdw9Misgy15Q9tQl5S3
-YwR8mgd+f74SChNaLGucdUHF1OuSYTzy/146NjeB/Co/JQxYJS6kbw==
+oDyggW94u5q5vkUJBzKJJWrkxxdN2EgneApAQL6AZQBnZQuOn9vbxYiX3DZVK3nO
+jNQ/eU4JrUe6dueLl+xlipx6cHq0MbBNrLA15sMBj9l4KSsVtiWhz/9mSPBdOqWV
+hLL34Rh0/84P6id/Xg9aFJFEb6EZkUOO99V/8Dc8kPlWaiW5LUKN0j2Gkbf3Qtci
+UGOKlKfHAKiSziKtkhh9ai9qPRpxEFXTgDpkhJgcy1QxOi7M4VF5ljEr/xYyFMlo
+K9N6f1ZuF39K1qc9kTrMmtIOtZPaU/kGsFlCBIUT1h4JVS+WPqOxb1QQ6d2vw0sm
+VTuc6xxGbDf2r91dtoAvqdqSCJuQh5VS6sKSo4FIWz82AwNKX5OKwylJ64BCawxE
+Gw/El1q3/Mxwljl8pDYow2pTfUa7c2HW+eoYZwGOPPHOnA7J4BcJPtFb7hLUXCGE
+GszSZQd1SYqj6GxAqVcYsK2AWzv/IXKcZJjlQD1tQJXz8aMLbbX70S+TuUtCEHaz
+4DP9gCFZLZGCwGD9kE2qVOfObQADj/B20VpoOVSWV6uvsMrjY9EnauVsWyZoB7fY
+AxMY7Z4BQBzNqvhHTMgUgS18XGFKOPQfAnQWNq4DVssR8+OPeXeeLFriYhSZ6bES
+hvuW0gWwlU5R6OT3SC7lr8Jo3WjAcOCpJ1iFS1VH5NljDoLzup064Jg3HUCcEMTl
+zF1kMKRNGuIdEy2JVFYh538SC7DJ+04hLOvpulqnDa+OLs8s5LlAeDtTDyZiEbzH
+IjDJK/ZcmG95N+hg78u4pTr5lr9Y5NAour+DXPrU02LTHRKlgqah1Va5huNRjCmh
+4MEc90G2ODxs71Fg/bOGDXAg5TSt/MaDhweEzGf54CdAuSKeREmdj0cbjsBzdvyo
+7+VsFozx1Sa6wHmHmQEEVM2a0lEU9PuzsOQfSBDy4n+RRuU2JOCmcFlox1q59693
+P61qvJDT+UT9pGvyJ4oJztHyh9O6nHqPALWxP1HPWwL67y2g1+NvZo3hJ9mN68oB
+u6+xxEciPRsTi/Mg2YhfjoZNqkN3NWgJQ87zpeYfTwosJepbe1CzNmQPh4rWSAV2
+D5OJRpOgniOGJxtE7+wMLpoeZAu3nqLE7u9ebKVp/gBz63kk8AYxB3EbclNNFLDY
+i9ECD/ZncYdkTHXx8KuDIcEautxRGeBqmQGuwstduoF/scPC+8JzNPBjDYbbSoi6
+1HiFvMYNarJO3tIPS+8fP4dk3TjI1j/XuVQp2XGTE29+po8UFAhLCtGetyzCbHpd
+2qvymx0xNVW+ISDFnMFlhI8o8NQI2ml6LSlAk/A8P7ZqVsNCW4K9VglhbOpXO12G
+U97vkNVqOykGRhos2iztmyOMmjQ8GRJrcNd8OsVjYIIcr730L835jJr65fp6t2Sa
+RPbhMMpMsepQFAlnFlrG8i1jzeiiGT5K+kPV52EWd2GiaxHdzMOvp7wFgJJJmD+J
+3uT5wgwEbZcFtrui01RYSetPEWi4JvEEadkazlGurbAeodO0/gtyeZNuOtyQvs8A
+2lKAN5qagyBKy9RqKzJQKpiIyflq5S1B3wxC6WvGM/ts8jFNrfgxhxiZ8Fahoodj
 -----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/keystore/delegation_key.pub b/tests/repository_data/keystore/delegation_key.pub
index 1ff0f7d3..780c740d 100644
--- a/tests/repository_data/keystore/delegation_key.pub
+++ b/tests/repository_data/keystore/delegation_key.pub
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoezivMqfuB87dx9HyAwa
-o/V269HKfCz292vwiuk+BPxjIlhYNpBBYfKbukqaudRpzDCjEeouvtWgzgZXIKKv
-9PtFwmVkNwYUdJ2mi0Vx5n9mso0/9W24Gma01QkXXUYY0RJRsG5/xWLtRs/CHAEH
-XHO0CcCzeQhyFd7QkkJscUqFhB3JEr71Tu9sG+BJwbayZCE4K1E7ydDQgeQqenv1
-vEHh/APs8+iTlRb/NeN4/t22GsjqFXi57fvllIhdKP/c94PZvK1tqcbWcpB8m+Cq
-DPajNeUfB3tnhvbdiFpU66cNokkVOkiAM6F1Rc4TUWKOk1+nnKYK5xm2PUIeBOrI
-qwIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD++h8KXKhrJpzYxvZTE
+7GqTDKM3uAWL8qGcQnvh7CNbqR4WmZrCQj1zF9hO5OAV+lGVD+JxUXW+yOPw+RjN
+i7mPVa12Mq+vCS7WuosoCoooLpnYhRRVYMgpnhbvnjS6xA+7myJ1Bob+7WUEZZlC
+oWdsmjfYG82sA7TOTubPk0s9pqQllINMEsB4JTTt3P3DD9+uifCFhoAEKeAItcgA
+p4PJw2ImNwJiuet5wTP1ssTclPPWB6ofkm8zXoJUywTIW+hcQhN88jQv4Egx1llj
+pWZbEdkIpNxjm6BAEqfPfiuAt6MA8cmdRpDl+Jn030A1kI7NJossuvTcfHwvReZO
+WwIDAQAB
 -----END PUBLIC KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/keystore/root_key b/tests/repository_data/keystore/root_key
index 4b892c3e..7445b409 100644
--- a/tests/repository_data/keystore/root_key
+++ b/tests/repository_data/keystore/root_key
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,3FF3C80523E9427F
+DEK-Info: DES-EDE3-CBC,820FC61841CA82E2
 
-+5YZryf4xbife7N75y5pB8udqxCFexQW4z/O9Loh7pIyCOx0lhZOWnHrPAcAyI97
-hHS35IID+CYv9RXpspXjXrsxSjp3Bj+RH7oXaorirmjjWzS7hm8uc4gahr5HmVn8
-EIarmyI7/MDQWUcWzHw6qgjZZLRDOtyOPq9c6u/qoS71j2WSntJlJudzsxYoBYP7
-/sg1gpUZLk6590clXVSog1YmPmIzy/mYsTGo/GJ/h/14NcNJk3T4bqYmClSb04dp
-WcpvhNl5n2zmNVJ3xBGUX8XihRNV13tsh4tjCQSYgj1M2mIxTGFCToYKQqsrkp6/
-ce7KHboQiJZn6xIhO0pkKcOJaCH7sjhl7TbB1sh2sU86igJmIf3NRvW8B3MjAUeV
-KsQqJF5mAqB+UtRQbsfrkZfrlCCtRqqacMZ/qa3HFIF8Ji8wAaVaLDQ7si95HKMn
-VAgRnL6doSJBuqBSYwueM6Js5mbWbN4bHUMZgmsiEEy4Ufd9fwoO305UqfEMhN9O
-HvyZsBajZmpOvbncU/kavSlZxzluBj2Iy14t0uLukuwughFQyhSviLWeDlO/6RYO
-SHQPb3/xR4UbUWct6mXuUJRazIj2p1n7iOzIYmvUDzOZ8Upzw4nPycYDCqTDZQMY
-Bjrtxesgun2GLq2VcDaCBXY9KTrmM8gwCdFR9OGpVD7Ptxm6zvDIriEKC4Tjq6VX
-xMVB2Pop+F+OU8vEomWEkXO4CMaaWe/bLgLLYw7IttWlXKVylk5A0UqlT1L6W+3c
-ZrG6u0YtIaUb1AgynoRbgVQTIFWk55jNRdEkTX2nqXpElUWzA/6RyTd5Y3gsfifF
-ZdCEd2B5pUCyif+k+oP+ifikcWhZj7OmGDyVVKauwWeayw8ZpTPkPnynWkgADdMF
-GUu1xW2bXbjk/SjOfa2KIUG5yRqOrkKg6+gpZAZmeNedQMeob3afP8XhyV7zZEh0
-Dfl8GnAUtsRua0REYFL/ibmFFAeCivlxaXAWjiTa/uYRYmaBZQ++lbhGd9RvWTg0
-+scf2p/TbFyVnrsQNHmXaNR9a1vH+Zd3KRxBDxKGS5sdYdWVYiPNdKDKat2+PCDP
-mRCr5SOd2E5xeHG5Pp0PwNUvpbytPyukyZdaY8Ri1vBNenJ2NGqCSNzH4dubMY/n
-OWm1typ9wy6f36VWp4UKnHgTr8xqqXbipf1hu2usjdQu1OMBZICJ00vk4DTN8lmk
-iU9WGO/nZX43JkwhzIJU0st4/kpoDoe63A+oAlK9xsD7jDhWX9oUVKO2aFeBktvD
-lrJt9Bm/+XKAC0mV3GpDEHBtJ8ruFSKGNIhcTFdVEZ80OiiLfhsBmNRnCZm91RJg
-2rPa3cJ0mMA+o0AkQOnxlwywxYe8z1gsmNPO13oiowh7g6OE43SXaVzsEobQ9FqP
-ibZGxBj3xhFu3HcylqjHSu8l/Pe47QC5ZHD2mLMLkx78M+HOVFjDqCUVlSm/+LeK
-xiVHcCHCxEyTmgvjgXoVBbR2ioQsKGvrFdhMCf1pE0OQ4h3sX5Z3oEy9ks6oe6TH
-dE2up0TVrJjcNh1wnR9qtoGZaI80He1rZqoxaQWCzIsO6N7JQ4hK+A==
+ij/VFR5b9yvvlcLWW3sbbAIl4GvSDke44Gi1bu/uhX68QwpEMV88me0UELP+m/D/
++l2k6u2Er+hV2pYU+cwXGGo88b1cy//6MYMVqmK4mlDnvl6qhlUTFN8XvNd1T5WS
+WMRLKcAZBjkTIy8c/SblvwqlgqvJhoKvqrCBAcM71//3J/GyTGLiUJ4TlOd3RMf/
+LxoNIhcUJMUkOswhc1mX4GiaPnsprimSiH7vEILEBmti/IE1Tg8NWCtMypLSYalW
+jyh6u/5V9ELmoNOgKH2dPFB39sH5nCc/kzMhMeZMvhFZnOeA9Q7pdsCLpOBEeopa
+DrZply09N/FO/1yaiKX7t4KJOd75BvfAztyIbsU1dvlh2w6f2+t33hhlw0jP88Bk
+y1rlm+B/TmqQE86hLpU9FDCxbNQQfgZ/OVS3vL27nhk/0BPmqhyBSRC0yTKz/bbI
+HLFiMZ+BJCWar3tX/C7XjkCILxICOdxlEPuZlv4k0IpazrIjrw43Xw4ot80z+bnp
+C5zxQ8iRlxVtluaQCEzGHEEsBeA96TDMtaNMPtHMvVP3c+X+PfuNPvyCkqkauVB2
+zFioXIOUw5zVuCqWs/+5PgxgPYsDgiFxbQDoIxQQ6dUfMoCZxD46WpIFjbSVu0M3
+hkG0XFvlKxEJpk/CLNE+s1yqtsWHEBD0LluaVYFhCXqkgmrfII+1h9+MVLl8vE5t
+mCTqswAS1k7t8kOFKimnWU24ykFxRGookrieOl53Hlt3XpAXIVJ6kHKIUjjKVJp4
+5AdmP4M0IFqKqtHaCzR/UrSsNuIdZlDLxS1aQRx2XS5NIZkqZ3IHkrC4wCxXOoi3
+QdIO4HsxaGViC9+Kr16NatzHPp4+kbfjWNHZizCOZNJfJax4Jvfzer3kCyfdBwxd
+K+Gpo+VRuBZqXnnSndKHdYbxVHpBXji2Tm5eGXTqOx2WmtUS4yzswB7VNkxb2jS7
+PF0cI1SF3cq+lmMhNhf0I5rjMqOtyOtx0HhGyv2SiNf+7XWLSh1L+tTtCpiS6YKC
+Qvh8DRMVyuINcjPRzbNRWdWxGeq+NAVV045nZy6lQf+/XKmUbk7BGD7xxF+SPeqf
+pdHT+GUEJs5Xh4DRu8g8Q2UvkgC6/5ykT4FS/GWSzNxit8oPJGQEIu4joCPlnSSJ
+toqVRKaTC1sNTFZKOHOLKFy/CQejKz3EXSEThuWF3/ClzHn0htD55+F8sUt8Hb9/
+zOHud5je2BBocHKpeeED45fs+Q/Se+BlZAkFE1P0STjJU0PJJLYd7RUePJI/DaNq
+qPA/XuX2ttqqBoXpyMy9VDL5rcWuazZuTIUnT6rAeMIodMOipdL0Xg3sehxM3TQA
+NxVG7eeGHV9Djb6ooNrwnADQT0r1TXw2fwkL0oOA1pU66QpjpdDgT50zLkwNkvQB
+gby+sgGO4mi77cxB/L4LiSCk2wojkIs+gmTNFNmT69pNr5jJMRd9ev9fkqMdnE0A
+BT5+ztxmwavYFP/LosRg0LMVr0AtQIOlnRgs0rK3Umn6Pv8Y1vgmudGO4gy2sbX7
+u0KjL4FltVSHe0BCaEY7m33Sa25rNPXwYMxkuVSJZs+zfIM8UWNl3pcDTjHvGaHy
 -----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/keystore/root_key.pub b/tests/repository_data/keystore/root_key.pub
index 89949d85..9fdf180e 100644
--- a/tests/repository_data/keystore/root_key.pub
+++ b/tests/repository_data/keystore/root_key.pub
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEYs4bpRKf6eVbpOvNvg
-aD7rVnFStWzYIdnWdCvzASga5pM3eI14nCalfS/Z4iGCpaCtArp1QURCf+8u09A2
-t9Rvx6eLEnR6jp4bE1wCzOdghaKqpdR8mc5Aw5IqRzcnJi44X3WhDBe3MCVEYya3
-UtTD7Y/FZtp0ZoH3nI8vYnaiYO/jPWmrz254GRGmbR+eu9YOmmtezJg3xQSX5/j1
-hBGl7cnEDIa4kZi1aqdL9UsM2uikhC0f7A/OyNdlgvXVRAZd6fnFFQb44HDix0VG
-VdAmRosI+U4J9JDVW7G4Bt+Z47CfQ5CCW1wCKPRwx9F681WpdkLFG2YQ0zYjfAvo
-UQIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA72PwhMhTpDZ/wuB5Bdst
+gYsfEI931GcIZ46Iq2dqMNWEg2Qt9w6W0xEQj8M5R99XFwbhXL6U7hKGDt958FzT
+OL6CnjrnnBgzjbFm1vT380Qi5DaUbJkPcNmjzV45gGZkJ6LnohnBtnWUM/IdbbwR
+PdWaqBxWRJHECPHjgbKt6Y9kDwaO6tJQdUIDGwt2V9hz9orPqwiX+c6uO6qJ0naU
+F31ZvI4AtHUDaesbyp2j2X2dfCKNiM2t2sgxz79/G6VQvKG30PXxVPXvOhCDowsk
+5NdM67bWIkFyf1yNArrhw0D/c0aSGZhYZs+FqvBzKjCy+9+uEfLZsRra6zvx8Jw9
+TwIDAQAB
 -----END PUBLIC KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/keystore/snapshot_key b/tests/repository_data/keystore/snapshot_key
index 5979b9f0..5fe431e4 100644
--- a/tests/repository_data/keystore/snapshot_key
+++ b/tests/repository_data/keystore/snapshot_key
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,7349E671E697C1CC
+DEK-Info: DES-EDE3-CBC,0E7D0C9F6987D107
 
-arUjBpVwBb0yQnGJKrqGkqfYve73Jct2XUdUZ/we2eJIacJwdc1J8O/8wwKIe0PA
-lIgjs++fMPvIFeAycaFE3a2nryY+8efn2eZTtNPusRf8SUyVkUKw5DnCSwPU2jrj
-AflRGMYClJn+2miqYCQtu+C10/sR/R14rJzHRloFVxnI2OwcWfAbNJh638esdu8x
-+qcmbf2FmZp1bEQ6EedWMpwW6O66obVjl0dt7lnQIf+YVK6zQWPCelY/V+mEp6oF
-9uHyDKuK1Ehp04GuZfhry7hlYc9dVGBF4s4HHGaSKZ2Gi2PkzOv67lyyUQKugIzl
-McQxk9WuWuldIYA1ZmxL5vknoBu0w19BuhkMSIRKIleYK3GhEsquOnksQUmukc3c
-chg3hG/bRvFXA3AkOYCPVTDXR1fU+9XrWEqKZthp/FuoL2JcQHI6v+qbCQOq2WE2
-OV/LPupSloS1kSVQJ5r95bRM+aRvhra/tNPM8dbxj6l3VSgeoCso+srXctJyoOnX
-cHloKpiEeNSpNRUAviyQbhBZjvk5Q2kzrQ/LdFXf23TZmBvw9tUxE0FRthx/TMTR
-Kmo9QMO/dLTzP7So7HO6q/i9VlOhkUozakH4vO5Ejiy561sa2nG7Xp0toSq+fe1o
-DPP9EoBkRLs4xDNl05ySk1TBmEpz32ED8YI9T55a+oVCtDMIVU4pnpxKWUJlJlN6
-YPKy8i8nMfQPVivMLV7Q1HGt/CP81tnq7V/Jp9p9TD7jDYtSZISr9G8oA/d91GA1
-uk5sWHoFl8lI8ELSCN1x5YsoCOP32/DHNTH/+AMq0yqUtbvOKuY1cOk2kypYnZPJ
-htF8Hr7bGBYcpHShfJoYYjqg1lujmNOjh6zRrMakPTF+7aq6H/aISncFxMneX+Ep
-UIB/hYWw9Vzevis+NqXzIiq6y/DRb8x2Z3D7hOBpltQyOiyvYmJz2gg7f445QBrh
-hydA8MWgOaVLVFfh8Fseu+DkfJ/BluEjXwNlK82fXVLowxXi/OeIWDxLr2CgUaU0
-jeC6JEJPfDvZrNlNK+v2AR3brd7PVcrjZ5XsWaswtyscLvBqW26dDSdvHfopgxAm
-/4kwdepCfHurrT3xUs4Uxaop6NAZeynKIHuVGCpn4SN1R7UMIHgfrjPS+foU/2Vk
-qhMUX3pUCONUEtZh1JENWLIz2JnTrV7pzV8haQPR5XVp0Pa3dhkLpYWR3GVhgkZt
-nacOb/0rDPjxph3PR7vbnqOX2GU3GJj9axHql1PCe96qQW0D4FTt6esc5CwXNp4p
-fnXlj1/+hjeZ3o27ba0f1a28eWwLHhASvBMIIf7TAgI8xGMo3Le0Y331rDX0xxPu
-hIBwvEwtNEFfqgBu5EtoJgZs2PCfmALCrlpAJtL2F8EcNRblD9MkIW7q8/QPln4y
-jLvJnACAjubyhCi9ysL1owCGLrHEUty+XP+ey7gvkBT/n9QXixTqmJ1zUNZ0xQn+
-9ktonQOQFb3WgMMkYgQxQ8pXsfItihJ/cz+12l6CdMLRQiyZNTQfQb9Wtlgc5f0J
-7ggKRYUb3BxG95O0nEHyzsUzbTEil3rC0eZnSeoP7yFv6mTYbAL0bA==
+XrHRVUpQ1wkE2qxhS6BlvK7KkI+d61vg3zfNbKzjE/TpBz/PW0N8wak7Y/CrpsMQ
+JHHmaiFx3nGzy4NSq0tBR+ek8e0E+mUrvpICC7M4kyquxB2QA70Tn9cyCN1VfzEt
+4p+VgZiNRPEj4gXmgE8eP8OVG7Kn9I0dfVwVAb+bsGeWitK+DdYuyW13fyhVnjlF
+we7gpnAcqUYUrR6HpSvjLgo8WHnXTRlOHKzulduwF4udbLQmhUuRUYVupvI47AJi
+syHgSkGWwoT76CXtO0cCJf17ykh6M++vB5xDB0Qlf3xepmvxQxbohFsrwFzJKiql
+YZ4OzquasMKfdVKSWrskkCK62fLygmABx5zRXPOR5bgZiLBj/CxHhS7aUoYRAmYJ
+1PUGN5n21YLl6NqAPKvSq20fc753e5anWopTysbJXpKQiihdmTxX5/uSSuBL9E+O
+O8HC6l4LXXnCwuw4LVdWIN6gKRG7Urf3AT6966b9AeDwe2lHyvKgfyOjmwLkkm1q
+5Oh+5lob5uL+1wzaQiQnRDnBpb5XGoi7MjJ2azcas2neOm0jWK3j7UhrM2JqIVd5
+G2dk3kLsX3+Oj8G9YlS/O0xYEZUqajT+ktY6jku9uQfDYM7V1ZesbKrj2Zfyc/zD
++xjojZ4NJjL9T+4q5exTH5oC+n7zUPByNMggVbYt2xEOJYBrCIjw2If11Tmcucht
+Cw2S3iv6mJsd50H6sOpSPH52usbi9NrAXgU4U3GmRSUiNS9/6wH8So3GPkIGRl36
+fN/GxGGLQvUXyvP3nTJIpCdcbRPM38cGEoa3GorSquUMKHcKjwYHgn2MJVHfibai
+RcLKqILbwZd2hJt84HskF/znwN69NHg+e+muNs/diPlhR5h0uvIjCw9tEA9CxMt9
+++P26Hx1YNlyGtv6Sg/7m1EIVg8XcdkDe/qVDzHSAoKDRg3UoM/v4y7gXcoM1o4i
+uO1bRAlEG837Oh77es3/qR0cIcirUMhPd4PGI+rHIUfIxdZe2YnpLQpHHCHMjzVi
+hUungj3nYBxnwc93xA2zWEvyYIrKS8GtfKiuRVrQ8mjymL34sIWpK847pJQHYnFH
+iLRPsLOUYR3k2eCxsw53yVXhgCJPslxwg/TGTIBz3ye+lXp+w6FZp1gBpz+8pqCl
+tTTOPhu8H3aL1UTSQCJ8Ew6zcXSyQVFPGjmhKvvJIQH5OoUCVGcwOOICqNobc5Gz
+6IGZ10TUWBlrsxgk17n8a5+4PKngrOwaU7Z+YUUqG62boLrmfpDL5laoDNcRPuVx
+nh9vXgBurkvt1MmvHXDFsSyNmEs6G1NSjQnb6Ij6GbRRvsbvbWM/DuJ4iLK5BSUN
+fnkfpiHyyBYoA6GNgHMhDmPuVQqyfgmikeX+haGDIgyg6P1H6mV9/5pxDg3arSNS
+ivFbBhY9lCjmrr4yMHHH+ddFaWvSOA8IH5daM0Zanei2V8A4fzKEMFm2frUBDNTe
+HhMcNzUf29lTO190L5ojdtDJEn72YZFW7xhA0UvQof85nyFNCE2TkhLGGyjtcuLK
+kNucHkjRrfX1o6Ut8MypgCIFso+MPEJ+Pt0lrK7VHuMJjcHmeJ2abUPmrJNfvrb6
 -----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/keystore/snapshot_key.pub b/tests/repository_data/keystore/snapshot_key.pub
index 4225472b..f892e210 100644
--- a/tests/repository_data/keystore/snapshot_key.pub
+++ b/tests/repository_data/keystore/snapshot_key.pub
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7FuATglySRO9/s6ZEN7
-VYtwjcs7NBO7uMIPnk2+EnNlLrN5mcW4eFafrKNXXJYQXZP+/b2t0K1sin3J08eV
-lTQo33ROtWOVKNLITGYfFewesGN8Rz0nREAkQmD9w8kFTCphNruCiDE0P8m7jRrC
-AHYl7zqKuuhNqghfYqDiAa+f8GOhIhNxJPf6NreYCGHW2kaMURnOKoD1v+mV2QDs
-QpTEP+/gPvck7rLdfCNUB7iBZnnQw2fVSga44klDQ0tmhHnik0YakX0F7F0dra2e
-Kz0N385MnW1vqEH1/QnSZBsJuqSNwf8JdPQBjisX3Qvm1ddH10jpWFizPtwnkm1b
-vwIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0uAxc1XwUIayVPNt9U/
+gLM5hjG/6AJ86XiHVIq6BuzUtiuKONZXq3SJwY5eAxdjylNt/A3FrJwylQbVMZkh
+wLj0eU1IMh23xV1wOGu63Q9ARkmBAaksM+6apo2CHjtQaNXorhJ3/WDti2hST/cc
+HjP81+JwJ+T6lXGKvGDbh3h6Car99MWlMAeYODdNqvRaVkkiQ20HgNB+RSiyGZPi
+bzqlMe+qCQU/vktmmy9Zw3bjY7b8GFBix+7PHzFCpX15xKwB4dITPmsiL2OOo/w/
+1Vqu3wP7Ct170oK+bH9eIk6wSAQX3IljKhgzkiYFRyCC33XHRpWmSjMgAGErCcl6
+cwIDAQAB
 -----END PUBLIC KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/keystore/targets_key b/tests/repository_data/keystore/targets_key
index c18a6806..107f8ffa 100644
--- a/tests/repository_data/keystore/targets_key
+++ b/tests/repository_data/keystore/targets_key
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,25ACB134E522BFFF
+DEK-Info: DES-EDE3-CBC,D32B3B70C5CB2933
 
-O4lYGO/glVK3Wr9KigkvXkByIyMRgcV2pdZeGjdT+XahH64OI5Ow1cF4SPnas/xM
-2/BWkXdwa+z6RzkbBNzuZHeX8SrnqNnIcR6MVk/FSHhlyRZihQ7xgkNoAybgPsk1
-6AYzZaPciX+hnyEMQ4l6GUZ9a3LOKgbRNDLWFLwcjqSKXJgxc6vAVZK4AR0NP2F8
-wa8mJdlYQThHSORXJ7NmND5OIxpbJmb2knRpwIDDMY3f+d97JmNGmUcP2kKbLT4w
-nDzLO9ytkm1CJl0AsvgPN+n7MaXZOzPrAwKVyV3nmCn5nv/LK1SP/FP1JI6lCwdP
-6xoxi5tIKE1CTL+48V3HxHAWeKiSkfl8iLNSB+39zrgza34/yzaMkZUvj09gibAy
-XrCZSHEyA7xvLos+Q7xpWZ4QecPEStf1X8nLxFVBEkGeP4hZhuvtCXrYP+2bdBTw
-PFkx33L0bMoN+i9aUsmPzdEI0H0Lq1Pw+/db+tukZiyypVnjnY8Mcrtys45RgqxO
-ei0WCuIk24Ee537mhKX6aKFUaCg0GNetcHuhdeS0Ir/LjO0SIZzI8MxKoqBCDsqI
-OTay1PzQOIvfLQfTPvfYdKIQe7iReGk3Y+J5caLJ7RD7QqQOc3IpWTXViqWAnW61
-l1xOUD8aCEUw63gun28bVGNNLpYk9p5pRO9GIwtmG3OXXAOhdJwDH7qBwtyuiMqv
-45aw/4OsekpV7XvfRqcRxrUyC/HUkakP2ixb0KgsrrBvCHFYKB8D6+TWKqZcvXAd
-6DQGQwlsj2VbtbVsd62qNFGC1frZrPWhId9zeaKWfqwfh1RcQxndkxTEVYGjHdp4
-FQ5v1qLKj1TCTKmxU3uC9ZQoYz4M/r7vxObu+INiyJwU3UShzUYPcz3IM6yi7A5K
-e27g+KsPo3hNOxDr3LdbO5+7RoiFauw6u0lopfu4BjM7FK6zED4GculmxaPkUm3+
-NYeICzpTO0qsrFP70Bjjwq0nnZn07z47ne5g7qApB0hZkAcpQlRmdReXjR1+5wh/
-V9+gBR5CTaBVmOAPrOyDpm01paCyK0NPXrWPAoiNiBdi7t1L4/0zdIRYsnuZ1SDN
-NwCVtrKhE3Y1Xxkji7bEZUeytxT5qfgfsCZNolNNEf9U2qkB3qQpt9AaxThLPNW7
-wzOeEWFzTdNxa/66POyxxf3ienigNHSd09+oAPc4vQHFH94i3ZAWOJPWdMixZP+9
-wb5+jwi5/iNGK5xyv92J7Hh2vYLuB7XXiPMsUNmKKKvB9MUMd3sefmqjRyPjJRZU
-RnhBLZs2fMZ2edZbmAd/VaSC4xuPOQFcdOIlrw9LvbsmUUXBA2IXvihZu6mLfo7F
-Rwzt/LFViXsFJllB9LEDXUvg622CpNY/DLgCuUuRd1lQ3hI7mA44PRj9m79W3a2T
-Vz/PcFVGlG6vkmpUfqNPc8R40i1Wm38ADOWaRcswYMLDrRSsbsHTWjRRJREzfbKy
-vEsdIyapOX1fLMc8mpI2lMF/OAVP5+aDOk3g3AxdNMF6Aww1887PvlCSO9dZex/a
-o7xUCQ7BL6E4CtUa2AvCgrP1f/I96O/HmdlSBwY+u40HHhlL5mDNSriKZ/0ylMHB
+qW+li52UfAVfYj3ibhUW/PDHMOrBQyqUa9zVYChG4dH1AXBjIXx1PvCyse6o+3XC
+Rr2XkCVOftlZDD8Zi4KievIyfPbDEbTDnprOE6jcL0rpo2dlkqfkIvaweWrtPy+O
+pEn2kNyxSscovqgKCo8t1DKT8DHqJdNG7HseBmTfO5zh+RupXQwAv+4KdZfNmGNA
+qsyo3OzdqyZlczaUt5e4yBD1lmQ2aL0CIgFEOAg/2Wy7TXp9wTpnZm0wwj6F03Xi
+dAHUI4+PMQXvty2OpTfp9aHbx14IBefziW6ziSHEpd+MBoJjTebykTazBKdVUbI0
+d71SoCcqLfXOcXmNiGZtT97iXhf0+kvby2hNinmnnDWdXWuC4RZAAXJ5J634BO2l
+8L2GIWogNXPP+Zl9VbmDbfiUjvyS3kivPdKeSdIjtl98IuQmZFsOaqidxad13pZ9
+XS4IihKbDLdNeWy2xWVt5Di3nzTuEMtbNzsohbjWNdj4NjGOPHl4aXsp/POkUBs9
+MeYA7L2CdLBE/Vc486tafY6zuVVZiX/z1w6b51hFWvygia/G1F0mirKyUBIgZCNm
+ZcGS4d0RLWqbQs+vLhUIsr30Q3xRRHaxAUNJF0VGwtG/CqyjyutVd6ZE9koU84S2
+frZ0lK5Pk4KhAsYalIiLSxdE+JJh7yDoVREbupMrgdtRnWzkINfer3Uv2w8Ot8yq
+fg7VRnYufm4LzdweimgQ1WfhTkZ/kTGZOhmWU9q/cPpRxlmd4U1xecaWRPc/OHFj
+w6yI0wAg9bwIFf5Xi3WUhPOUL6+uc1SRChPINDo7dbcBsuCXYzCERlNL5HBZLTvy
+zvpQBCaalaRmHk+l39iwtAstasM2Svwp5JIL3Yrl5xkrybeTisUyu+TbRA8RfdGg
+3apE1iiWee4j9U1W0SMVIjNuVRpIoYN/a/UdPnpwSkmcb+yaiQB5AcXdr4k8eSLd
+vwaKTbqeJyMtbGgJeGjQH4xTRRZ3fTKq9kn/XeSIkzwvOksip2/kwwUaUu8VhWnZ
+CQl9P6UssbAvKaNWokDwKhMZXJynAC1G2NcaTds2s+PecbB+dHXGb3pzaNRVfxLJ
+PzKg4m2qhIqVCIpO177MmO1MjwptEf+g7zZH0gMI6rwpKhs5BCX0zXbUOiG/rv6B
+dztvrnykKeZMaEqajsP0LCij7MEgcYEnh3GYvvW3EwHMhp7ZdRDl7hFnzXMzymQs
+okiVuA8hqTTZPF6o9Y/KwWTgYobLAHRcX/qjJEBuXitwMxu8mWcDOEScj8abZPG6
+A3rvRAZRxAWy4jMFW3Ri+BxE65KYUkgusX43hsHgZxygO28QqNTQW9xU6WaQTEaM
+Wbq9NDAXIk+3R7dAAy7sXWP5RX85gduHaftLGhQn+AhLwyPOhgQFXekqmmN6a1y5
+uzlRgglcrVswLalBUPZG2IqiNrpvEizIyPX6CifvN7ymsevg6mOyv8WjtZqiPm8L
+GtbJMbAQVWfS/+jw+lKWpsqx8IJcnPR5x1XBw7FJow93QAC81Pm5XwLbtnJl9BtH
+hCg/2xK1jCYntTyxPZRSstOk8NpwcjaInN2LimKug8pDnOJntIQ5jQ==
 -----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/keystore/targets_key.pub b/tests/repository_data/keystore/targets_key.pub
index 7a99a115..a7bd1580 100644
--- a/tests/repository_data/keystore/targets_key.pub
+++ b/tests/repository_data/keystore/targets_key.pub
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArto5S3epNKVy+k8BbqAx
-0/YDt968iu/crducSS1Ys4HxvWFZ+XuEqegZb8zVp8aem4WbNFw4XpUDConwOW4w
-wIaqmxJ4EgW0OzEmX+AeBlc6OQYW0wD6GEOWAMj5WjebJd54fE2zXn9p2dLdzm4q
-JA7iVGWPE5vNPkqOYfX7mmoj73/vpM8q0Ghbi9+2/7v0QYlRgeaR82C+InfeO1vi
-y7Wcu2M66iWxSmbF0whd7BAXaNHkyoH8AEl3dPVxHgtY8J7zdYoPrCN0/lx3mgUL
-r9fEcTqy+Q7K/0zKPOG97FT1CqRoY1svPNYP48HmbnTQT/vESwo6dTmTU1PwL+2K
-vQIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTXKgkuaAyfvjkInfVic
+lJnwLvG9mCXOcxR3HPwHK/8k/E/DBx8YGIGk7NWCXQFYnAeMZZdx8v3dBmH7oGAn
+1pW+LnaAI7Csark8sbgmwYqwTd2oLHHmp/fOZ1vNDWjqvMLwi1YUllR6wPWKAvP2
+8i7q7GCT/MBHDyZ899FCR4f7HvlCW5EYNt+wjxdm79T++Ix7iqvs4iUhvllsfdty
+cVPWc+wh60qqCCbnr1Fow8d2j42a8mHoIHWgDvEF9ch+ChDOzQ+53jVmXS3CC+a2
+H6EWNvKMc/wXvIAwA/y6cIjCG+Kep9AvVgz1blHf4ReTlNJWu2OkanszuboAR6nt
++wIDAQAB
 -----END PUBLIC KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/keystore/timestamp_key b/tests/repository_data/keystore/timestamp_key
index dcedad06..eb8c5bc5 100644
--- a/tests/repository_data/keystore/timestamp_key
+++ b/tests/repository_data/keystore/timestamp_key
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,FE4027E2AF1DF4E3
+DEK-Info: DES-EDE3-CBC,D5B52C0993E278D0
 
-Z9f8F36a/6A5YQA0VrGoE3Ah/WKtSnWNb0Jj8XRYtrw0/eEyMpYZlau7+nvmoiA6
-zdU4ao7Z2Mww+Mr3UKDbh1DncJ2BXmcm/GdYkUZuNywqlSKoNLX3eIlzH/FPtLqh
-mlziLTDcIK3rqAwbBpdE1PaAMsgJQAwkEDPsvXpeE65Zz9ngX3GlqOfFDKgPNokV
-mCI95a4xm/tRA4CHQC8cVhmu9gNVPtT2yf6Fpbnzxx8lFLTsKVCxVy45kiSna7pE
-AJr35OmbRwjBYxEZATsoWeKG1GmfkOmGS7zK1JZ+cPBYUXNv7D5AKKJk2RpIzbEo
-wYGewbSTFt0sxl6S01tpeFEFxLH8FH6j3ZAKs/bLJw/KgiIbZj4/NHfv9KBgig/H
-Da92m+RhRHRuQSzvpif0hMBgDVdmpbtO2TrKeamb9O7tYCxvaIR4SVCrzdffDZ7/
-DZpvQ4jeOiiX6193FYsf7n9zjoZJUvWFE/XOgyX7wVXFOLABlZgyW0jJa10cCslc
-6S96X3Yuz4Za4bkB2RUsUzUfHlGJ98XijtbA/SvcO+hc9yLGb6qN5GAErXTgz0Fe
-i3Ek2sg9Fkcy1ruHmBsYtm7e0Fs8QCE3QQ9c3JWUD1OaM1vdiUKFDgCljkf7wJqc
-/SARbzzo/wGvrpcwch6IKnbzlzBX4mNn1uuYlo5qK42xCYKAbj9kTmGrjRfUfNZf
-vQTwP38IhsqtD+33gKDKOTf+46hDwrwaQdILWOwsWlXfGOmfQmszB3Ua3oinDV5l
-qcnaU+nmL/xMQnXd6uHafFUv2KTTVDC+araCKIH+KzFYymFRe+am5Q7jZtH0qMgi
-/DOuSLa5Ffap2Y693XBwZTHMqeI6XCeQPhPy9I/B4bQCeh/ELNQRzqsVub8bCD0+
-TxP77CduoSIhg3bhwoQ5y0QDwVYBVbNQStJK+fSw/e6aotOuyJ//Bn1mcYwAXXL6
-WRPSsTo2TdA1AfKhKT/pjdKn8raIbPmfY6BK6t4suqW0bPJWNEkAZQoN5uc+/A55
-Rjq8w6Ls+DpeOcgpUewt2zvFhWFXOPTCuYsoq2KQjQKyjQ3ZxEIt9iV4ft1lfd10
-noR77BgFjYzGt6zq8IqRKd0cpFzMfGaSnP4OToaHbd/FHGMNcR0shPsIRxM/VJy2
-VWUJ+i0Trz8YCGq3shyKsB2RR+BAUUN42VDgi04APtJfDn1RYW4ESSl0CyMDhp1E
-HJuYpoKBf5vAeXwLtNDY60b1QTn4yvKB9YEqCWXpHAiWLs8jhbCnbXSEndY4v3i6
-0FEiWklGr7ZpqxgnSWAX89zEu+L14uysmiwoNm4MjEQbXV8AJNRGMsVtPjmxVjZl
-61e7RCOVdCR36trYVpOYICVGG23WEY7o9Km06pNi4HKvoFRWJl0cTb0+Yi5EAU6V
-WnQfvYOowI4Ij/8idc4PDdTKDQxlxH7ftyTwd9xskGewRc3mfITF9yNiQ/BRto+b
-JLtUcBOUIS6Ki6O6o8UXDHdFcF+OugUzUDnz8mgzfVCdwonZOKOgk5y65F/JzhJz
-wYo04t5BALUHCyVnzm1JkVTeva/Tlq8HXpsdGlcLlm6B+rORjlCgI9XSCQlkDbXw
+BF+QhAzOH4XkGczsMFpWjDyMGhJVyxOdYa4y5Ik2jldvo/0pXjHFRbuYpsHjRQWf
+F/mAdaCNZ6LcoggCMkN6AOeEq8fc7l1gDvn8H+wFgZb5pfdjcViBh0xvqHQRDMqj
+t69QVJnywWhlbtK1967nqKWxKIeVh4EWnWkVO2ep2ZYDbnfX0o2yL8lGFgduWFKy
+wpWPmeFYpHFo24lEAFQVN9tv0/1TvQGdJ5GEOYhd/Xnjmg+rDAm3qkZ54wUB1sPq
+cR55/nC5iSySAtEsXud4lyx16vRtjsY5kKkF5lIDscLxcGaTUEsLRUcQq9NQmk7J
+7VCvH1/wtB+h36hFltjr7N8AeEgfboRmquid6a2aNzcY7qTeQrLCzMeEqSC1FXNK
+2KUGvRsvroLMAwNXme8WeBzC6EAsF7ffwQENS+IqwA35h+mecFDBDxmeuFZLvlOD
+K0o6UF0t0wV6B83qu/ooWkJgeNlPOaYh6XcTrBdC0jpYfBJfdGS6TDxKSYgxCSNH
+Y344hhmXoTUvMPLOydyrnQjaISSZY4W9F3cVPTAUg84uK8ZHyhnknKkKDj3sPfNC
+/VLXIbDqa5COGpuY/oFo3IZGi5mb7vaKFQtaScu8HDIOE1PEkipMUrIMNebUxBhm
+9VyG4kFcQB/jLzZQpOwyIwkuYERVhVrBBWqlWf3TOn7dyq+anD6WUfveSIqjWdyy
+NolLMnvdZxk6R3Dm2eKBMRBv91VfJihh2gqu7SlnlK4wmDmu6hB42laPXlkA6DNP
+EOuS0zsz+1bkwwrRZzAbxlhexykL+a3NnLGJuoJBPW0larO0xSqOd0/UmJ06A5L3
+h8gVLjwWssqfHftRlxiAPB2KcCA0XHcXLbqdy/XVR4ttW2f9vp8Xb9W3qMxIJWjI
+n+bTSOjameg5AYeYQlowXNY+W+P50xFmt/1Bbc5kWyzftQLT3b/SCiGAuLeJiJOP
+13osdj3fL6ANj8QjSU6HSfV+oF6EYh9jmAt3fUmYq6eLTTFCFq1cszd093wy1weC
+RO8/tB/x2y2jUoKZL2XNDcmfHSvrd93LHhc9BwDQ2XVd61/+iwOAmMuYcLjX717S
+IAtKpICyfyiflc/WwPaCXFhaTlafzQKQHbER+b1Y61gvKhDkMxcrAKm+dwh7k7PA
+DHcT8+3uhyJbXnK9YXqgvp3aj8ddDL7D5ooLGVhHkhsQNdowx7xfEXXGOTib0sec
+FL722JXKaLY2PreL5rFj/sZLKpZZ3St2lIc9uAMOO6XVLbTpxB989B51wIZXXXe2
+jlFzIC2oDx6XPSiOqZS5o/KnBuddEL4JXBRBPDvhPQiHWSh3iM0mDnOiCyYWoo+N
+HjGioJZ1IvlMC7M+qyyWZjqPA35Y6kZMNmkg+VgvAfPO4lbgOSQBaenBvAk2AmJ4
+S+3AAijBWJxKN9nIYnkb7DZ/Bpt/rdxdXfZUTbZg0C3LgE/JSvPAhj700+BVZekm
+Bip9tuZ3fARxT6K5stVBepTVFM0ueR/97j/krFNQFEJopCmsiqJjM1pQPv+TRmfH
+yLkmGDTO63P8xaunrOtoX8NkmcYAl2xwKXhVjSkCxscZj3kSkljYieiC0Sg3YMGu
 -----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/keystore/timestamp_key.pub b/tests/repository_data/keystore/timestamp_key.pub
index 6f129cb0..ee92796c 100644
--- a/tests/repository_data/keystore/timestamp_key.pub
+++ b/tests/repository_data/keystore/timestamp_key.pub
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmyfY/TyvGDt/N/L+x8+
-hVpku3JNOvPrFG0QUEQYWjlNjS+DSqigQvo4hluKz++qGeSYFl+LJBw4YLa0RFAg
-b5jz9NAVBZJgTseT762jYC7HnZgmBE8vHcmAbfnUzcU7tLVn44xk3akzWGBTIEr6
-VBL6x8nMgKNqLylIMDIVBHUI/FkAMMnfccYhLQSm9y/VAF/uW+/vu7WTjQynlEAY
-vvQZqLxLC9mmY1i/kYeLbsJxZowzFw5KfVXQLjeVj420r8L0d9Yrl7T9ZH6AxCoi
-jC6qAV/T9EP/FSEmyTf0MbCZDVDXlRwia+0Eb+5UkWRLGkjJgvghC/zCcODLexXv
-+QIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueyWz2lDPzyywmWegFTP
+l0DDXVNr9XIYLNffLRC24Y9ZKJCqb6eIz3XlF/3On5dCCqKFOfneHm55SxyCzoQb
+RAtr5+SmoXfsds7ZAnxv48iGLtk7aZEvHchhEJ+1HsKy5hMeqpXtOAMPJXqBfqgT
+ZzXagdCHNnbLEvhyJmRAaK88I/93s57KRNvPp6NIUbQ8EHaX1jaWt+LhGfsA3C34
+qcxlk16LXF45Wm2AgMFCtZ2BecUvSQds24b/ShxfeVRtXSSUMDd+dM+MbwclPsoP
+eTeegQATmA4pu4dDaBeYUnS/hstUZS5QPUuvVw6K0Q2JHUWv6CS2kziUjPXGI44H
+LwIDAQAB
 -----END PUBLIC KEY-----
\ No newline at end of file
diff --git a/tests/repository_data/repository/metadata.staged/root.json b/tests/repository_data/repository/metadata.staged/root.json
index bfe2d990..37993bf1 100644
Binary files a/tests/repository_data/repository/metadata.staged/root.json and b/tests/repository_data/repository/metadata.staged/root.json differ
diff --git a/tests/repository_data/repository/metadata.staged/snapshot.json b/tests/repository_data/repository/metadata.staged/snapshot.json
index 3e46e1fd..9a960dcd 100644
Binary files a/tests/repository_data/repository/metadata.staged/snapshot.json and b/tests/repository_data/repository/metadata.staged/snapshot.json differ
diff --git a/tests/repository_data/repository/metadata.staged/targets.json b/tests/repository_data/repository/metadata.staged/targets.json
index 06710067..0a7b4a8b 100644
Binary files a/tests/repository_data/repository/metadata.staged/targets.json and b/tests/repository_data/repository/metadata.staged/targets.json differ
diff --git a/tests/repository_data/repository/metadata.staged/targets.json.gz b/tests/repository_data/repository/metadata.staged/targets.json.gz
index 848797c0..757cff50 100644
Binary files a/tests/repository_data/repository/metadata.staged/targets.json.gz and b/tests/repository_data/repository/metadata.staged/targets.json.gz differ
diff --git a/tests/repository_data/repository/metadata.staged/targets/role1.json b/tests/repository_data/repository/metadata.staged/targets/role1.json
index c72f2ba9..d4d3c560 100644
Binary files a/tests/repository_data/repository/metadata.staged/targets/role1.json and b/tests/repository_data/repository/metadata.staged/targets/role1.json differ
diff --git a/tests/repository_data/repository/metadata.staged/timestamp.json b/tests/repository_data/repository/metadata.staged/timestamp.json
index 3956e20c..55099610 100644
Binary files a/tests/repository_data/repository/metadata.staged/timestamp.json and b/tests/repository_data/repository/metadata.staged/timestamp.json differ
diff --git a/tests/repository_data/repository/metadata/root.json b/tests/repository_data/repository/metadata/root.json
index bfe2d990..37993bf1 100644
Binary files a/tests/repository_data/repository/metadata/root.json and b/tests/repository_data/repository/metadata/root.json differ
diff --git a/tests/repository_data/repository/metadata/snapshot.json b/tests/repository_data/repository/metadata/snapshot.json
index 3e46e1fd..9a960dcd 100644
Binary files a/tests/repository_data/repository/metadata/snapshot.json and b/tests/repository_data/repository/metadata/snapshot.json differ
diff --git a/tests/repository_data/repository/metadata/targets.json b/tests/repository_data/repository/metadata/targets.json
index 06710067..0a7b4a8b 100644
Binary files a/tests/repository_data/repository/metadata/targets.json and b/tests/repository_data/repository/metadata/targets.json differ
diff --git a/tests/repository_data/repository/metadata/targets.json.gz b/tests/repository_data/repository/metadata/targets.json.gz
index 848797c0..757cff50 100644
Binary files a/tests/repository_data/repository/metadata/targets.json.gz and b/tests/repository_data/repository/metadata/targets.json.gz differ
diff --git a/tests/repository_data/repository/metadata/targets/role1.json b/tests/repository_data/repository/metadata/targets/role1.json
index c72f2ba9..d4d3c560 100644
Binary files a/tests/repository_data/repository/metadata/targets/role1.json and b/tests/repository_data/repository/metadata/targets/role1.json differ
diff --git a/tests/repository_data/repository/metadata/timestamp.json b/tests/repository_data/repository/metadata/timestamp.json
index 3956e20c..55099610 100644
Binary files a/tests/repository_data/repository/metadata/timestamp.json and b/tests/repository_data/repository/metadata/timestamp.json differ
diff --git a/tests/integration/simple_server.py b/tests/simple_server.py
similarity index 100%
rename from tests/integration/simple_server.py
rename to tests/simple_server.py
diff --git a/tests/integration/slow_retrieval_server.py b/tests/slow_retrieval_server.py
similarity index 99%
rename from tests/integration/slow_retrieval_server.py
rename to tests/slow_retrieval_server.py
index 29ac2ccf..69e03dd2 100755
--- a/tests/integration/slow_retrieval_server.py
+++ b/tests/slow_retrieval_server.py
@@ -53,7 +53,7 @@ def do_GET(self):
       
       if self.server.test_mode == 'mode_1':
         # Before sending any data, the server does nothing for a long time.
-        DELAY = 60
+        DELAY = 40 
         time.sleep(DELAY)
         self.wfile.write(data)
 
diff --git a/tests/integration/test_arbitrary_package_attack.py b/tests/test_arbitrary_package_attack.py
similarity index 98%
rename from tests/integration/test_arbitrary_package_attack.py
rename to tests/test_arbitrary_package_attack.py
index 54fc67e0..3a45b028 100755
--- a/tests/integration/test_arbitrary_package_attack.py
+++ b/tests/test_arbitrary_package_attack.py
@@ -48,7 +48,7 @@
 import tuf.util
 import tuf.log
 import tuf.client.updater as updater
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 logger = logging.getLogger('tuf.test_arbitrary_package_attack')
 
@@ -110,8 +110,7 @@ def setUp(self):
     # Copy the original repository files provided in the test folder so that
     # any modifications made to repository files are restricted to the copies.
     # The 'repository_data' directory is expected to exist in 'tuf/tests/'.
-    original_repository_files = os.path.join(os.getcwd(), os.pardir,
-                                             'repository_data') 
+    original_repository_files = os.path.join(os.getcwd(), 'repository_data') 
     temporary_repository_root = \
       self.make_temp_directory(directory=self.temporary_directory)
   
diff --git a/tests/unit/test_download.py b/tests/test_download.py
similarity index 95%
rename from tests/unit/test_download.py
rename to tests/test_download.py
index 75690717..e67f1f56 100755
--- a/tests/unit/test_download.py
+++ b/tests/test_download.py
@@ -5,7 +5,7 @@
   test_download.py
   
 <Author>
-  Konstantin Andrianov
+  Konstantin Andrianov.
   
 <Started>
   March 26, 2012.
@@ -14,12 +14,10 @@
   See LICENSE for licensing information.
 
 <Purpose>
-  Test download.py module.
-
-
-NOTE: Make sure test_download.py is ran in 'tuf/tests/' directory.
-Otherwise, module that launches simple server would not be found.  
+  Unit test for 'download.py'.
 
+  NOTE: Make sure test_download.py is ran in 'tuf/tests/' directory.
+  Otherwise, module that launches simple server would not be found.  
 """
 
 
@@ -37,7 +35,7 @@
 import tuf.conf as conf
 import tuf.download as download
 import tuf.log
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 logger = logging.getLogger('tuf.test_download')
 
diff --git a/tests/unit/test_ed25519_keys.py b/tests/test_ed25519_keys.py
similarity index 100%
rename from tests/unit/test_ed25519_keys.py
rename to tests/test_ed25519_keys.py
diff --git a/tests/integration/test_endless_data_attack.py b/tests/test_endless_data_attack.py
similarity index 98%
rename from tests/integration/test_endless_data_attack.py
rename to tests/test_endless_data_attack.py
index f4a47209..7a820327 100755
--- a/tests/integration/test_endless_data_attack.py
+++ b/tests/test_endless_data_attack.py
@@ -51,7 +51,7 @@
 import tuf.util
 import tuf.log
 import tuf.client.updater as updater
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 logger = logging.getLogger('tuf.test_endless_data_attack')
 
@@ -113,8 +113,7 @@ def setUp(self):
     # Copy the original repository files provided in the test folder so that
     # any modifications made to repository files are restricted to the copies.
     # The 'repository_data' directory is expected to exist in 'tuf/tests/'.
-    original_repository_files = os.path.join(os.getcwd(), os.pardir,
-                                             'repository_data') 
+    original_repository_files = os.path.join(os.getcwd(), 'repository_data') 
     temporary_repository_root = \
       self.make_temp_directory(directory=self.temporary_directory)
   
diff --git a/tests/integration/test_extraneous_dependencies_attack.py b/tests/test_extraneous_dependencies_attack.py
similarity index 98%
rename from tests/integration/test_extraneous_dependencies_attack.py
rename to tests/test_extraneous_dependencies_attack.py
index 9545b5b1..0fa1c1d1 100755
--- a/tests/integration/test_extraneous_dependencies_attack.py
+++ b/tests/test_extraneous_dependencies_attack.py
@@ -52,7 +52,7 @@
 import tuf.util
 import tuf.log
 import tuf.client.updater as updater
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 
 logger = logging.getLogger('tuf.test_extraneous_dependencies_attack')
@@ -116,8 +116,7 @@ def setUp(self):
     # Copy the original repository files provided in the test folder so that
     # any modifications made to repository files are restricted to the copies.
     # The 'repository_data' directory is expected to exist in 'tuf/tests/'.
-    original_repository_files = os.path.join(os.getcwd(), os.pardir,
-                                             'repository_data') 
+    original_repository_files = os.path.join(os.getcwd(), 'repository_data') 
     temporary_repository_root = \
       self.make_temp_directory(directory=self.temporary_directory)
   
diff --git a/tests/unit/test_formats.py b/tests/test_formats.py
similarity index 93%
rename from tests/unit/test_formats.py
rename to tests/test_formats.py
index 387c1a25..10133b08 100755
--- a/tests/unit/test_formats.py
+++ b/tests/test_formats.py
@@ -18,6 +18,7 @@
 """
 
 import unittest
+import datetime
 
 import tuf
 import tuf.formats
@@ -39,7 +40,10 @@ def tearDown(self):
   def test_schemas(self):
     # Test conditions for valid schemas.
     valid_schemas = {
-      'TIME_SCHEMA': (tuf.formats.TIME_SCHEMA, '2012-10-14 06:42:12 UTC'),
+      'ISO8601_DATETIME_SCHEMA': (tuf.formats.ISO8601_DATETIME_SCHEMA,
+                                  '1985-10-21T13:20:00Z'),
+
+      'UNIX_TIMESTAMP_SCHEMA': (tuf.formats.UNIX_TIMESTAMP_SCHEMA, 499137720),
       
       'HASH_SCHEMA': (tuf.formats.HASH_SCHEMA, 'A4582BCF323BCEF'),
       
@@ -53,7 +57,7 @@ def test_schemas(self):
       'KEYIDS_SCHEMA': (tuf.formats.KEYIDS_SCHEMA,
                         ['123456789abcdef', '123456789abcdef']),
       
-      'SIG_METHOD_SCHEMA': (tuf.formats.SIG_METHOD_SCHEMA, 'evp'),
+      'SIG_METHOD_SCHEMA': (tuf.formats.SIG_METHOD_SCHEMA, 'ed25519'),
       
       'RELPATH_SCHEMA': (tuf.formats.RELPATH_SCHEMA, 'metadata/root/'),
       
@@ -184,7 +188,7 @@ def test_schemas(self):
                       {'_type': 'Root',
                        'version': 8,
                        'consistent_snapshot': False,
-                       'expires': '2012-10-16 06:42:12 UTC',
+                       'expires': '1985-10-21T13:20:00Z',
                        'keys': {'123abc': {'keytype': 'rsa',
                                            'keyval': {'public': 'pubkey',
                                                       'private': 'privkey'}}},
@@ -195,7 +199,7 @@ def test_schemas(self):
       'TARGETS_SCHEMA': (tuf.formats.TARGETS_SCHEMA,
         {'_type': 'Targets',
          'version': 8,
-         'expires': '2012-10-16 06:42:12 UTC',
+         'expires': '1985-10-21T13:20:00Z',
          'targets': {'metadata/targets.json': {'length': 1024,
                                               'hashes': {'sha256': 'ABCD123'},
                                               'custom': {'type': 'metadata'}}},
@@ -209,7 +213,7 @@ def test_schemas(self):
       'SNAPSHOT_SCHEMA': (tuf.formats.SNAPSHOT_SCHEMA,
         {'_type': 'Snapshot',
          'version': 8,
-         'expires': '2012-10-16 06:42:12 UTC',
+         'expires': '1985-10-21T13:20:00Z',
          'meta': {'metadata/snapshot.json': {'length': 1024,
                                            'hashes': {'sha256': 'ABCD123'},
                                            'custom': {'type': 'metadata'}}}}),
@@ -217,7 +221,7 @@ def test_schemas(self):
       'TIMESTAMP_SCHEMA': (tuf.formats.TIMESTAMP_SCHEMA,
         {'_type': 'Timestamp',
          'version': 8,
-         'expires': '2012-10-16 06:42:12 UTC',
+         'expires': '1985-10-21T13:20:00Z',
          'meta': {'metadata/timestamp.json': {'length': 1024,
                                   'hashes': {'sha256': 'ABCD123'},
                                   'custom': {'type': 'metadata'}}}}),
@@ -239,7 +243,7 @@ def test_schemas(self):
       'MIRRORLIST_SCHEMA': (tuf.formats.MIRRORLIST_SCHEMA,
         {'_type': 'Mirrors',
          'version': 8,
-         'expires': '2012-10-16 06:42:12 UTC',
+         'expires': '1985-10-21T13:20:00Z',
          'mirrors': [{'url_prefix': 'http://localhost:8001',
          'metadata_path': 'metadata/',
          'targets_path': 'targets/',
@@ -289,7 +293,7 @@ def __init__(self, version, expires):
   def test_TimestampFile(self):
     # Test conditions for valid instances of 'tuf.formats.TimestampFile'.
     version = 8
-    expires = '2012-10-16 06:42:12 UTC'
+    expires = '1985-10-21T13:20:00Z'
     filedict = {'metadata/timestamp.json': {'length': 1024,
                                            'hashes': {'sha256': 'ABCD123'},
                                            'custom': {'type': 'metadata'}}}
@@ -323,7 +327,8 @@ def test_RootFile(self):
     # Test conditions for valid instances of 'tuf.formats.RootFile'.
     version = 8
     consistent_snapshot = False
-    expires = '2018-10-16 06:42:12 UTC'
+    expires = '1985-10-21T13:20:00Z'
+
     keydict = {'123abc': {'keytype': 'rsa',
                           'keyval': {'public': 'pubkey',
                                      'private': 'privkey'}}}
@@ -373,7 +378,8 @@ def test_RootFile(self):
   def test_SnapshotFile(self):
     # Test conditions for valid instances of 'tuf.formats.SnapshotFile'.
     version = 8
-    expires = '2012-10-16 06:42:12 UTC'
+    expires = '1985-10-21T13:20:00Z'
+
     filedict = {'metadata/snapshot.json': {'length': 1024,
                                          'hashes': {'sha256': 'ABCD123'},
                                          'custom': {'type': 'metadata'}}}
@@ -405,7 +411,8 @@ def test_SnapshotFile(self):
   def test_TargetsFile(self):
     # Test conditions for valid instances of 'tuf.formats.TargetsFile'.
     version = 8
-    expires = '2012-10-16 06:42:12 UTC'
+    expires = '1985-10-21T13:20:00Z'
+
     filedict = {'metadata/targets.json': {'length': 1024,
                                          'hashes': {'sha256': 'ABCD123'},
                                          'custom': {'type': 'metadata'}}}
@@ -444,27 +451,30 @@ def test_TargetsFile(self):
 
 
 
-  def test_format_time(self):
+  def test_unix_timestamp_to_datetime(self):
     # Test conditions for valid arguments.
-    TIME_SCHEMA = tuf.formats.TIME_SCHEMA 
-    self.assertTrue(TIME_SCHEMA.matches(tuf.formats.format_time(499137720)))
-    self.assertEqual('1985-10-26 01:22:00 UTC', tuf.formats.format_time(499137720))
+    UNIX_TIMESTAMP_SCHEMA = tuf.formats.UNIX_TIMESTAMP_SCHEMA 
+    self.assertTrue(datetime.datetime, tuf.formats.unix_timestamp_to_datetime(499137720))
+    datetime_object = datetime.datetime(1985, 10, 26, 01, 22)
+    self.assertEqual(datetime_object, tuf.formats.unix_timestamp_to_datetime(499137720))
 
     # Test conditions for invalid arguments.
-    self.assertRaises(tuf.FormatError, tuf.formats.format_time, 'bad')
-    self.assertRaises(tuf.FormatError, tuf.formats.format_time, 1000000000000000000000)
-    self.assertRaises(tuf.FormatError, tuf.formats.format_time, ['5'])
+    self.assertRaises(tuf.FormatError, tuf.formats.unix_timestamp_to_datetime, 'bad')
+    self.assertRaises(tuf.FormatError, tuf.formats.unix_timestamp_to_datetime, 1000000000000000000000)
+    self.assertRaises(tuf.FormatError, tuf.formats.unix_timestamp_to_datetime, -1)
+    self.assertRaises(tuf.FormatError, tuf.formats.unix_timestamp_to_datetime, ['5'])
 
 
 
-  def test_parse_time(self):
+  def test_datetime_to_unix_timestamp(self):
     # Test conditions for valid arguments.
-    self.assertEqual(499137600, tuf.formats.parse_time('1985-10-26 01:20:00 UTC'))
+    datetime_object = datetime.datetime(2015, 10, 21, 19, 28)
+    self.assertEqual(1445455680, tuf.formats.datetime_to_unix_timestamp(datetime_object))
 
     # Test conditions for invalid arguments.
-    self.assertRaises(tuf.FormatError, tuf.formats.parse_time, 'bad')
-    self.assertRaises(tuf.FormatError, tuf.formats.parse_time, 1000000000000000000000)
-    self.assertRaises(tuf.FormatError, tuf.formats.parse_time, ['1'])
+    self.assertRaises(tuf.FormatError, tuf.formats.datetime_to_unix_timestamp, 'bad')
+    self.assertRaises(tuf.FormatError, tuf.formats.datetime_to_unix_timestamp, 1000000000000000000000)
+    self.assertRaises(tuf.FormatError, tuf.formats.datetime_to_unix_timestamp, ['1'])
 
 
 
@@ -498,7 +508,7 @@ def test_make_signable(self):
     root = {'_type': 'Root',
             'version': 8,
             'consistent_snapshot': False,
-            'expires': '2012-10-16 06:42:12 UTC',
+            'expires': '1985-10-21T13:20:00Z',
             'keys': {'123abc': {'keytype': 'rsa',
                                 'keyval': {'public': 'pubkey',
                                            'private': 'privkey'}}},
@@ -625,7 +635,7 @@ def test_check_signable_object_format(self):
     root = {'_type': 'Root',
             'version': 8,
             'consistent_snapshot': False,
-            'expires': '2012-10-16 06:42:12 UTC',
+            'expires': '1985-10-21T13:20:00Z',
             'keys': {'123abc': {'keytype': 'rsa',
                                 'keyval': {'public': 'pubkey',
                                            'private': 'privkey'}}},
diff --git a/tests/unit/test_hash.py b/tests/test_hash.py
similarity index 100%
rename from tests/unit/test_hash.py
rename to tests/test_hash.py
diff --git a/tests/integration/test_indefinite_freeze_attack.py b/tests/test_indefinite_freeze_attack.py
similarity index 94%
rename from tests/integration/test_indefinite_freeze_attack.py
rename to tests/test_indefinite_freeze_attack.py
index a5fa933f..2c90a409 100755
--- a/tests/integration/test_indefinite_freeze_attack.py
+++ b/tests/test_indefinite_freeze_attack.py
@@ -45,7 +45,7 @@
 import tuf.log
 import tuf.client.updater as updater
 import tuf.repository_tool as repo_tool
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 # The repository tool is imported and logs console messages by default.  Disable
 # console log messages generated by this unit test.
@@ -111,8 +111,7 @@ def setUp(self):
     # Copy the original repository files provided in the test folder so that
     # any modifications made to repository files are restricted to the copies.
     # The 'repository_data' directory is expected to exist in 'tuf/tests/'.
-    original_repository_files = os.path.join(os.getcwd(), os.pardir,
-                                             'repository_data') 
+    original_repository_files = os.path.join(os.getcwd(), 'repository_data') 
     temporary_repository_root = \
       self.make_temp_directory(directory=self.temporary_directory)
   
@@ -177,9 +176,9 @@ def test_without_tuf(self):
                                   'timestamp.json')
 
     timestamp_metadata = tuf.util.load_json_file(timestamp_path)
-    timestamp_metadata['signed']['expires'] = \
-      tuf.formats.format_time(time.time() - 10) 
-    
+    expires = tuf.formats.unix_timestamp_to_datetime(int(time.time() - 10))
+    expires = expires.isoformat() + 'Z'
+    timestamp_metadata['signed']['expires'] = expires 
     tuf.formats.check_signable_object_format(timestamp_metadata) 
     
     with open(timestamp_path, 'wb') as file_object:
@@ -226,9 +225,8 @@ def test_with_tuf(self):
     repository.timestamp.load_signing_key(timestamp_private)
     
     # expire in 1 second.
-    utc_timestamp = tuf.formats.format_time(time.time() + 1)
-    repository.timestamp.expiration = \
-      utc_timestamp[0:utc_timestamp.rfind(' UTC')]
+    datetime_object = tuf.formats.unix_timestamp_to_datetime(int(time.time() + 1))
+    repository.timestamp.expiration = datetime_object
     repository.write()
     
     # Move the staged metadata to the "live" metadata.
@@ -237,8 +235,9 @@ def test_with_tuf(self):
                     os.path.join(self.repository_directory, 'metadata'))
     
     # Verify that the TUF client detects outdated metadata and refuses to
-    # continue the update process.
-    time.sleep(1)
+    # continue the update process.  Sleep for at least 2 seconds to ensure
+    # 'repository.timestamp.expiration' is reached.
+    time.sleep(2)
     self.assertRaises(tuf.ExpiredMetadataError,
                       self.repository_updater.refresh) 
 
diff --git a/tests/unit/test_keydb.py b/tests/test_keydb.py
similarity index 99%
rename from tests/unit/test_keydb.py
rename to tests/test_keydb.py
index 7fd0d293..df405b63 100755
--- a/tests/unit/test_keydb.py
+++ b/tests/test_keydb.py
@@ -171,7 +171,7 @@ def test_create_keydb_from_root_metadata(self):
                 'Targets': {'keyids': [keyid2], 'threshold': 1}}
     version = 8
     consistent_snapshot = False
-    expires = '2012-10-16 06:42:12 UTC'
+    expires = '1985-10-21T01:21:00Z' 
 
     root_metadata = tuf.formats.RootFile.make_metadata(version,
                                                        expires,
@@ -208,7 +208,7 @@ def test_create_keydb_from_root_metadata(self):
     rsakey3['keytype'] = 'bad_keytype'
     keydict[keyid3] = rsakey3
     version = 8
-    expires = '2012-10-16 06:42:12 UTC'
+    expires = '1985-10-21T01:21:00Z' 
     
     root_metadata = tuf.formats.RootFile.make_metadata(version,
                                                        expires,
diff --git a/tests/unit/test_keys.py b/tests/test_keys.py
similarity index 100%
rename from tests/unit/test_keys.py
rename to tests/test_keys.py
diff --git a/tests/unit/test_mirrors.py b/tests/test_mirrors.py
similarity index 97%
rename from tests/unit/test_mirrors.py
rename to tests/test_mirrors.py
index 8aac13a4..603d5bf1 100755
--- a/tests/unit/test_mirrors.py
+++ b/tests/test_mirrors.py
@@ -12,8 +12,7 @@
   See LICENSE for licensing information.
 
 <Purpose>
-  Test mirrors.py module.
-
+  Unit test for 'mirrors.py'.
 """
 
 import unittest
@@ -21,7 +20,7 @@
 import tuf
 import tuf.formats as formats
 import tuf.mirrors as mirrors
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 
 
diff --git a/tests/integration/test_mix_and_match_attack.py b/tests/test_mix_and_match_attack.py
similarity index 98%
rename from tests/integration/test_mix_and_match_attack.py
rename to tests/test_mix_and_match_attack.py
index 7d4512a0..5d7aa0bb 100755
--- a/tests/integration/test_mix_and_match_attack.py
+++ b/tests/test_mix_and_match_attack.py
@@ -50,7 +50,7 @@
 import tuf.log
 import tuf.client.updater as updater
 import tuf.repository_tool as repo_tool
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 # The repository tool is imported and logs console messages by default.  Disable
 # console log messages generated by this unit test.
@@ -117,8 +117,7 @@ def setUp(self):
     # Copy the original repository files provided in the test folder so that
     # any modifications made to repository files are restricted to the copies.
     # The 'repository_data' directory is expected to exist in 'tuf/tests/'.
-    original_repository_files = os.path.join(os.getcwd(), os.pardir,
-                                             'repository_data') 
+    original_repository_files = os.path.join(os.getcwd(), 'repository_data') 
     temporary_repository_root = \
       self.make_temp_directory(directory=self.temporary_directory)
   
diff --git a/tests/unit/test_pycrypto_keys.py b/tests/test_pycrypto_keys.py
similarity index 100%
rename from tests/unit/test_pycrypto_keys.py
rename to tests/test_pycrypto_keys.py
diff --git a/tests/integration/test_replay_attack.py b/tests/test_replay_attack.py
similarity index 97%
rename from tests/integration/test_replay_attack.py
rename to tests/test_replay_attack.py
index 1f0064e4..8906e665 100755
--- a/tests/integration/test_replay_attack.py
+++ b/tests/test_replay_attack.py
@@ -39,6 +39,7 @@
 import tempfile
 import random
 import time
+import datetime
 import shutil
 import json
 import subprocess
@@ -50,7 +51,7 @@
 import tuf.log
 import tuf.client.updater as updater
 import tuf.repository_tool as repo_tool
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 # The repository tool is imported and logs console messages by default.  Disable
 # console log messages generated by this unit test.
@@ -117,8 +118,7 @@ def setUp(self):
     # Copy the original repository files provided in the test folder so that
     # any modifications made to repository files are restricted to the copies.
     # The 'repository_data' directory is expected to exist in 'tuf/tests/'.
-    original_repository_files = os.path.join(os.getcwd(), os.pardir,
-                                             'repository_data') 
+    original_repository_files = os.path.join(os.getcwd(), 'repository_data') 
     temporary_repository_root = \
       self.make_temp_directory(directory=self.temporary_directory)
   
@@ -209,7 +209,7 @@ def test_without_tuf(self):
     
     # Set an arbitrary expiration so that the repository tool generates a new
     # version.
-    repository.timestamp.expiration = '2088-01-01 12:12:00'
+    repository.timestamp.expiration = datetime.datetime(2030, 01, 01, 12, 12)
     repository.write()
     
     # Move the staged metadata to the "live" metadata.
@@ -280,7 +280,7 @@ def test_with_tuf(self):
     
     # Set an arbitrary expiration so that the repository tool generates a new
     # version.
-    repository.timestamp.expiration = '2088-01-01 12:12:00'
+    repository.timestamp.expiration = datetime.datetime(2030, 01, 01, 12, 12)
     repository.write()
     
     # Move the staged metadata to the "live" metadata.
diff --git a/tests/unit/test_repository_tool.py b/tests/test_repository_tool.py
similarity index 95%
rename from tests/unit/test_repository_tool.py
rename to tests/test_repository_tool.py
index 62dc92f4..67fc3f23 100755
--- a/tests/unit/test_repository_tool.py
+++ b/tests/test_repository_tool.py
@@ -17,6 +17,7 @@
 
 import os
 import time
+import datetime
 import unittest
 import logging
 import tempfile
@@ -106,7 +107,7 @@ def test_write_and_write_partial(self):
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
     targets_directory = os.path.join(temporary_directory, 'repository',
                                      repo_tool.TARGETS_DIRECTORY_NAME)
-    original_targets_directory = os.path.join(os.pardir, 'repository_data',
+    original_targets_directory = os.path.join('repository_data',
                                               'repository', 'targets')
     shutil.copytree(original_targets_directory, targets_directory)
 
@@ -120,7 +121,7 @@ def test_write_and_write_partial(self):
     
     # (1) Load the public and private keys of the top-level roles, and one
     # delegated role.
-    keystore_directory = os.path.join(os.pardir, 'repository_data', 'keystore')
+    keystore_directory = os.path.join('repository_data', 'keystore')
    
     # Load the public keys.
     root_pubkey_path = os.path.join(keystore_directory, 'root_key.pub')
@@ -225,7 +226,7 @@ def test_write_and_write_partial(self):
     # is made to a role.
     repo_tool.load_repository(repository_directory)
     
-    repository.timestamp.expiration = '2084-01-01 12:00:00'
+    repository.timestamp.expiration = datetime.datetime(2030, 01, 01, 12, 00)
     self.assertRaises(tuf.UnsignedMetadataError, repository.write)
 
     # Verify that a write_partial() is allowed. 
@@ -261,8 +262,8 @@ def test_write_and_write_partial(self):
   def test_get_filepaths_in_directory(self):
     # Test normal case.
     # Use the pre-generated metadata directory for testing.
-    metadata_directory = os.path.join(os.pardir, 'repository_data',
-                                        'repository', 'metadata')
+    metadata_directory = os.path.join('repository_data',
+                                      'repository', 'metadata')
     
     
     # Test improperly formatted arguments.
@@ -300,8 +301,9 @@ def __init__(self):
         self._rolename = 'metadata_role'
         
         # Expire in 86400 seconds (1 day).
-        expiration = tuf.formats.format_time(time.time() + 86400)
-        
+        expiration = \
+          tuf.formats.unix_timestamp_to_datetime(int(time.time() + 86400))
+        expiration = expiration.isoformat() + 'Z' 
         roleinfo = {'keyids': [], 'signing_keyids': [], 'threshold': 1, 
                     'signatures': [], 'version': 0,
                     'consistent_snapshot': False,
@@ -354,31 +356,35 @@ def test_threshold(self):
   def test_expiration(self):
     # Test expiration getter.
     expiration = self.metadata.expiration
-    self.assertTrue(tuf.formats.TIME_SCHEMA.matches(expiration))
+    self.assertTrue(isinstance(expiration, datetime.datetime))
 
     # Test expiration setter. 
-    self.metadata.expiration = '2088-01-01 12:00:00'
+    self.metadata.expiration = datetime.datetime(2030, 01, 01, 12, 00)
     expiration = self.metadata.expiration
-    self.assertTrue(tuf.formats.TIME_SCHEMA.matches(expiration))
+    self.assertTrue(isinstance(expiration, datetime.datetime))
 
 
     # Test improperly formatted datetime.
     try: 
       self.metadata.expiration = '3' 
+    
     except tuf.FormatError:
       pass
+    
     else:
       self.fail('Setter failed to detect improperly formatted datetime.')
 
 
     # Test invalid argument (i.e., expiration has already expired.)
-    expired_datetime = tuf.formats.format_time(time.time() - 1)
+    expired_datetime = tuf.formats.unix_timestamp_to_datetime(int(time.time() - 1))
     try: 
       self.metadata.expiration = expired_datetime 
-    except tuf.FormatError:
+    
+    except tuf.Error:
       pass
+    
     else:
-      self.fail('Setter failted to detect an expired datetime.')
+      self.fail('Setter failed to detect an expired datetime.')
 
 
 
@@ -388,7 +394,7 @@ def test_keys(self):
 
 
     # Test keys() getter after a verification key has been loaded.
-    key_path = os.path.join(os.pardir, 'repository_data',
+    key_path = os.path.join('repository_data',
                             'keystore', 'root_key.pub')
     key_object = repo_tool.import_rsa_publickey_from_file(key_path)
     self.metadata.add_verification_key(key_object)
@@ -404,7 +410,7 @@ def test_signing_keys(self):
 
 
     # Test signing_keys() getter after a signing key has been loaded.
-    key_path = os.path.join(os.pardir, 'repository_data',
+    key_path = os.path.join('repository_data',
                             'keystore', 'root_key')
     key_object = repo_tool.import_rsa_privatekey_from_file(key_path, 'password')
     self.metadata.load_signing_key(key_object)
@@ -436,7 +442,7 @@ def test_compressions(self):
 
   def test_add_verification_key(self):
     # Add verification key and verify with keys() that it was added. 
-    key_path = os.path.join(os.pardir, 'repository_data',
+    key_path = os.path.join('repository_data',
                             'keystore', 'root_key.pub')
     key_object = repo_tool.import_rsa_publickey_from_file(key_path)
     self.metadata.add_verification_key(key_object)
@@ -452,7 +458,7 @@ def test_add_verification_key(self):
 
   def test_remove_verification_key(self):
     # Add verification key so that remove_verifiation_key() can be tested.
-    key_path = os.path.join(os.pardir, 'repository_data',
+    key_path = os.path.join('repository_data',
                             'keystore', 'root_key.pub')
     key_object = repo_tool.import_rsa_publickey_from_file(key_path)
     self.metadata.add_verification_key(key_object)
@@ -471,7 +477,7 @@ def test_remove_verification_key(self):
 
 
     # Test non-existent public key argument.
-    key_path = os.path.join(os.pardir, 'repository_data',
+    key_path = os.path.join('repository_data',
                             'keystore', 'targets_key.pub')
     unused_key_object = repo_tool.import_rsa_publickey_from_file(key_path)
     
@@ -482,7 +488,7 @@ def test_remove_verification_key(self):
 
   def test_load_signing_key(self):
     # Test normal case. 
-    key_path = os.path.join(os.pardir, 'repository_data',
+    key_path = os.path.join('repository_data',
                             'keystore', 'root_key')
     key_object = repo_tool.import_rsa_privatekey_from_file(key_path, 'password')
     self.metadata.load_signing_key(key_object)
@@ -496,7 +502,7 @@ def test_load_signing_key(self):
 
     
     # Test non-private key.
-    key_path = os.path.join(os.pardir, 'repository_data',
+    key_path = os.path.join('repository_data',
                             'keystore', 'root_key.pub')
     key_object = repo_tool.import_rsa_publickey_from_file(key_path)
     self.assertRaises(tuf.Error, self.metadata.load_signing_key, key_object)
@@ -505,7 +511,7 @@ def test_load_signing_key(self):
 
   def test_unload_signing_key(self):
     # Load a signing key so that unload_signing_key() can have a key to unload.
-    key_path = os.path.join(os.pardir, 'repository_data',
+    key_path = os.path.join('repository_data',
                             'keystore', 'root_key')
     key_object = repo_tool.import_rsa_privatekey_from_file(key_path, 'password')
     self.metadata.load_signing_key(key_object)
@@ -523,7 +529,7 @@ def test_unload_signing_key(self):
 
 
     # Test non-existent key argument.
-    key_path = os.path.join(os.pardir, 'repository_data',
+    key_path = os.path.join('repository_data',
                             'keystore', 'targets_key')
     unused_key_object = repo_tool.import_rsa_privatekey_from_file(key_path,
                                                                   'password')
@@ -537,7 +543,7 @@ def test_add_signature(self):
     # Test normal case.
     # Load signature list from any of pre-generated metadata; needed for
     # testing.
-    metadata_directory = os.path.join(os.pardir, 'repository_data',
+    metadata_directory = os.path.join('repository_data',
                                       'repository', 'metadata')
     root_filepath = os.path.join(metadata_directory, 'root.json')
     root_signable = tuf.util.load_json_file(root_filepath)
@@ -556,7 +562,7 @@ def test_add_signature(self):
   def test_remove_signature(self):
     # Test normal case.
     # Add a signature so remove_signature() has some signature to remove.
-    metadata_directory = os.path.join(os.pardir, 'repository_data',
+    metadata_directory = os.path.join('repository_data',
                                       'repository', 'metadata')
     root_filepath = os.path.join(metadata_directory, 'root.json')
     root_signable = tuf.util.load_json_file(root_filepath)
@@ -587,7 +593,7 @@ def test_signatures(self):
 
 
     # Test getter after adding an example signature.
-    metadata_directory = os.path.join(os.pardir, 'repository_data',
+    metadata_directory = os.path.join('repository_data',
                                       'repository', 'metadata')
     root_filepath = os.path.join(metadata_directory, 'root.json')
     root_signable = tuf.util.load_json_file(root_filepath)
@@ -700,7 +706,7 @@ def setUp(self):
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
     self.targets_directory = os.path.join(temporary_directory, 'repository',
                                           'targets')
-    original_targets_directory = os.path.join(os.pardir, 'repository_data',
+    original_targets_directory = os.path.join('repository_data',
                                               'repository', 'targets')
     shutil.copytree(original_targets_directory, self.targets_directory)
     self.targets_object = repo_tool.Targets(self.targets_directory)
@@ -752,7 +758,7 @@ def test_get_delegated_rolenames(self):
     # Test normal case.
     # Perform two delegations so that get_delegated_rolenames() has roles to 
     # return.
-    keystore_directory = os.path.join(os.pardir, 'repository_data', 'keystore')
+    keystore_directory = os.path.join('repository_data', 'keystore')
     public_keypath = os.path.join(keystore_directory, 'root_key.pub')
     public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
     target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
@@ -793,7 +799,7 @@ def test_delegations(self):
     # Test normal case.
     # Perform a delegation so that delegations() has a Targets() object to
     # return.
-    keystore_directory = os.path.join(os.pardir, 'repository_data', 'keystore')
+    keystore_directory = os.path.join('repository_data', 'keystore')
     public_keypath = os.path.join(keystore_directory, 'root_key.pub')
     public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
     target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
@@ -915,7 +921,7 @@ def test_delegate(self):
     # Test normal case.
     # Need at least one public key and valid target paths required by
     # delegate().
-    keystore_directory = os.path.join(os.pardir, 'repository_data', 'keystore')
+    keystore_directory = os.path.join('repository_data', 'keystore')
     public_keypath = os.path.join(keystore_directory, 'root_key.pub')
     public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
     target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
@@ -976,7 +982,7 @@ def test_delegate(self):
 
   def test_delegate_hashed_bins(self):
     # Test normal case.
-    keystore_directory = os.path.join(os.pardir, 'repository_data', 'keystore')
+    keystore_directory = os.path.join('repository_data', 'keystore')
     public_keypath = os.path.join(keystore_directory, 'root_key.pub')
     public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
     target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
@@ -1033,7 +1039,7 @@ def test_add_restricted_paths(self):
     # Test normal case.
     # Perform a delegation so that add_restricted_paths() has a child role
     # to restrict.
-    keystore_directory = os.path.join(os.pardir, 'repository_data', 'keystore')
+    keystore_directory = os.path.join('repository_data', 'keystore')
     public_keypath = os.path.join(keystore_directory, 'root_key.pub')
     public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
 
@@ -1082,7 +1088,7 @@ def test_add_restricted_paths(self):
   def test_revoke(self):
     # Test normal case.
     # Perform a delegation so that revoke() has a delegation to revoke.
-    keystore_directory = os.path.join(os.pardir, 'repository_data', 'keystore')
+    keystore_directory = os.path.join('repository_data', 'keystore')
     public_keypath = os.path.join(keystore_directory, 'root_key.pub')
     public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
     target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
@@ -1188,7 +1194,7 @@ def test_create_new_repository(self):
   def test_load_repository(self):
     # Test normal case.
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory) 
-    original_repository_directory = os.path.join(os.pardir, 'repository_data',
+    original_repository_directory = os.path.join('repository_data',
                                                  'repository')
     repository_directory = os.path.join(temporary_directory, 'repository')
     shutil.copytree(original_repository_directory, repository_directory)
@@ -1279,7 +1285,7 @@ def test_import_rsa_privatekey_from_file(self):
     
     # Load one of the pre-generated key files from 'tuf/tests/repository_data'.
     # 'password' unlocks the pre-generated key files.
-    key_filepath = os.path.join(os.pardir, 'repository_data', 'keystore',
+    key_filepath = os.path.join('repository_data', 'keystore',
                                 'root_key')
     self.assertTrue(os.path.exists(key_filepath))
     
@@ -1314,7 +1320,7 @@ def test_import_rsa_publickey_from_file(self):
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
     
     # Load one of the pre-generated key files from 'tuf/tests/repository_data'.
-    key_filepath = os.path.join(os.pardir, 'repository_data', 'keystore',
+    key_filepath = os.path.join('repository_data', 'keystore',
                                 'root_key.pub')
     self.assertTrue(os.path.exists(key_filepath))
     
@@ -1516,7 +1522,7 @@ def test_get_target_hash(self):
   def test_generate_root_metadata(self):
     # Test normal case.
     # Load the root metadata provided in 'tuf/tests/repository_data/'.
-    root_filepath = os.path.join(os.pardir, 'repository_data', 'repository',
+    root_filepath = os.path.join('repository_data', 'repository',
                                  'metadata', 'root.json')
     root_signable = tuf.util.load_json_file(root_filepath)
 
@@ -1524,25 +1530,26 @@ def test_generate_root_metadata(self):
     # available in 'tuf.keydb' and 'tuf.roledb'.
     tuf.roledb.create_roledb_from_root_metadata(root_signable['signed'])
     tuf.keydb.create_keydb_from_root_metadata(root_signable['signed'])
+    expires = '1985-10-21T01:22:00Z'
 
-    root_metadata = repo_tool.generate_root_metadata(1, '2088-01-01 12:00:00 UTC',
+    root_metadata = repo_tool.generate_root_metadata(1, expires,
                                                      consistent_snapshot=False)
     self.assertTrue(tuf.formats.ROOT_SCHEMA.matches(root_metadata))
 
     
     # Test improperly formatted arguments.
     self.assertRaises(tuf.FormatError, repo_tool.generate_root_metadata,  
-                      '3', '2088-01-01 12:00:00 UTC', False) 
+                      '3', expires, False) 
     self.assertRaises(tuf.FormatError, repo_tool.generate_root_metadata,  
-                      1, 3, False) 
+                      1, '3', False) 
     self.assertRaises(tuf.FormatError, repo_tool.generate_root_metadata,  
-                      1, '2088-01-01 12:00:00 UTC', 3) 
+                      1, expires, 3) 
 
     # Test for missing required roles and keys.
     tuf.roledb.clear_roledb()
     tuf.keydb.clear_keydb()
     self.assertRaises(tuf.Error, repo_tool.generate_root_metadata,
-                      1, '2088-01-01 12:00:00 UTC', False)
+                      1, expires, False)
 
 
 
@@ -1558,7 +1565,8 @@ def test_generate_targets_metadata(self):
    
     # Set valid generate_targets_metadata() arguments.
     version = 1
-    expiration_date = '2088-01-01 12:00:00 UTC'
+    datetime_object = datetime.datetime(2030, 01, 01, 12, 00)
+    expiration_date = datetime_object.isoformat() + 'Z'
     target_files = ['file.txt']
     
     delegations = {"keys": {
@@ -1611,7 +1619,7 @@ def test_generate_targets_metadata(self):
     self.assertRaises(tuf.FormatError, repo_tool.generate_targets_metadata,
                       targets_directory, target_files, '3', expiration_date)  
     self.assertRaises(tuf.FormatError, repo_tool.generate_targets_metadata,
-                      targets_directory, target_files, version, 3)  
+                      targets_directory, target_files, version, '3')  
     
     # Improperly formatted 'delegations' and 'write_consistent_targets' 
     self.assertRaises(tuf.FormatError, repo_tool.generate_targets_metadata,
@@ -1633,7 +1641,7 @@ def test_generate_targets_metadata(self):
   def test_generate_snapshot_metadata(self):
     # Test normal case.
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
-    original_repository_path = os.path.join(os.pardir, 'repository_data',
+    original_repository_path = os.path.join('repository_data',
                                             'repository')
     repository_directory = os.path.join(temporary_directory, 'repository') 
     shutil.copytree(original_repository_path, repository_directory)
@@ -1643,7 +1651,7 @@ def test_generate_snapshot_metadata(self):
     targets_filename = os.path.join(metadata_directory,
                                     repo_tool.TARGETS_FILENAME)
     version = 1
-    expiration_date = '2088-01-01 12:00:00 UTC'
+    expiration_date = '1985-10-21T13:20:00Z'
     
     snapshot_metadata = \
       repo_tool.generate_snapshot_metadata(metadata_directory, version,
@@ -1661,7 +1669,7 @@ def test_generate_snapshot_metadata(self):
                       metadata_directory, '3', expiration_date,
                       root_filename, targets_filename, consistent_snapshot=False)
     self.assertRaises(tuf.FormatError, repo_tool.generate_snapshot_metadata,
-                      metadata_directory, version, 3,
+                      metadata_directory, version, '3',
                       root_filename, targets_filename, consistent_snapshot=False)
     self.assertRaises(tuf.FormatError, repo_tool.generate_snapshot_metadata,
                       metadata_directory, version, expiration_date,
@@ -1678,7 +1686,7 @@ def test_generate_snapshot_metadata(self):
   def test_generate_timestamp_metadata(self):
     # Test normal case.
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
-    original_repository_path = os.path.join(os.pardir, 'repository_data',
+    original_repository_path = os.path.join('repository_data',
                                             'repository')
     repository_directory = os.path.join(temporary_directory, 'repository') 
     shutil.copytree(original_repository_path, repository_directory)
@@ -1689,7 +1697,8 @@ def test_generate_timestamp_metadata(self):
    
     # Set valid generate_timestamp_metadata() arguments.
     version = 1
-    expiration_date = '2088-01-01 12:00:00 UTC'
+    expiration_date = '1985-10-21T13:20:00Z'
+
     compressions = ['gz']
 
     snapshot_metadata = \
@@ -1704,7 +1713,7 @@ def test_generate_timestamp_metadata(self):
     self.assertRaises(tuf.FormatError, repo_tool.generate_timestamp_metadata,
                       snapshot_filename, '3', expiration_date, compressions)
     self.assertRaises(tuf.FormatError, repo_tool.generate_timestamp_metadata,
-                      snapshot_filename, version, 3, compressions)
+                      snapshot_filename, version, '3', compressions)
     self.assertRaises(tuf.FormatError, repo_tool.generate_timestamp_metadata,
                       snapshot_filename, version, expiration_date, 3)
     self.assertRaises(tuf.FormatError, repo_tool.generate_timestamp_metadata,
@@ -1716,9 +1725,9 @@ def test_generate_timestamp_metadata(self):
   def test_sign_metadata(self):
     # Test normal case.
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
-    metadata_path = os.path.join(os.pardir, 'repository_data',
+    metadata_path = os.path.join('repository_data',
                                  'repository', 'metadata')
-    keystore_path = os.path.join(os.pardir, 'repository_data',
+    keystore_path = os.path.join('repository_data',
                                  'keystore')
     root_filename = os.path.join(metadata_path, 'root.json')
     root_metadata = tuf.util.load_json_file(root_filename)['signed']
@@ -1757,7 +1766,7 @@ def test_sign_metadata(self):
   def test_write_metadata_file(self):
     # Test normal case.
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
-    metadata_directory = os.path.join(os.pardir, 'repository_data',
+    metadata_directory = os.path.join('repository_data',
                                       'repository', 'metadata')
     root_filename = os.path.join(metadata_directory, 'root.json')
     root_signable = tuf.util.load_json_file(root_filename)
@@ -1787,7 +1796,7 @@ def test_write_metadata_file(self):
   def test_create_tuf_client_directory(self):
     # Test normal case.
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
-    repository_directory = os.path.join(os.pardir, 'repository_data',
+    repository_directory = os.path.join('repository_data',
                                         'repository')
     client_directory = os.path.join(temporary_directory, 'client')
 
diff --git a/tests/unit/test_roledb.py b/tests/test_roledb.py
similarity index 99%
rename from tests/unit/test_roledb.py
rename to tests/test_roledb.py
index 630ccaef..117d4eba 100755
--- a/tests/unit/test_roledb.py
+++ b/tests/test_roledb.py
@@ -320,7 +320,7 @@ def test_create_roledb_from_root_metadata(self):
                 'targets': {'keyids': [keyid2], 'threshold': 1}}
     version = 8
     consistent_snapshot = False
-    expires = '2012-10-16 06:42:12 UTC'
+    expires = '1985-10-21T01:21:00Z' 
 
     root_metadata = tuf.formats.RootFile.make_metadata(version,
                                                        expires,
diff --git a/tests/unit/test_schema.py b/tests/test_schema.py
similarity index 100%
rename from tests/unit/test_schema.py
rename to tests/test_schema.py
diff --git a/tests/unit/test_sig.py b/tests/test_sig.py
similarity index 100%
rename from tests/unit/test_sig.py
rename to tests/test_sig.py
diff --git a/tests/integration/test_slow_retrieval_attack.py b/tests/test_slow_retrieval_attack.py
similarity index 98%
rename from tests/integration/test_slow_retrieval_attack.py
rename to tests/test_slow_retrieval_attack.py
index 7e696ee4..3e4cf023 100755
--- a/tests/integration/test_slow_retrieval_attack.py
+++ b/tests/test_slow_retrieval_attack.py
@@ -53,7 +53,7 @@
 import tuf.util
 import tuf.log
 import tuf.client.updater as updater
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 logger = logging.getLogger('tuf.test_slow_retrieval_attack')
 
@@ -124,8 +124,7 @@ def setUp(self):
     # Copy the original repository files provided in the test folder so that
     # any modifications made to repository files are restricted to the copies.
     # The 'repository_data' directory is expected to exist in 'tuf/tests/'.
-    original_repository_files = os.path.join(os.getcwd(), os.pardir,
-                                             'repository_data') 
+    original_repository_files = os.path.join(os.getcwd(), 'repository_data') 
     temporary_repository_root = \
       self.make_temp_directory(directory=self.temporary_directory)
   
diff --git a/tests/unit/test_updater.py b/tests/test_updater.py
similarity index 99%
rename from tests/unit/test_updater.py
rename to tests/test_updater.py
index d8e1a5b4..97348b84 100755
--- a/tests/unit/test_updater.py
+++ b/tests/test_updater.py
@@ -56,7 +56,7 @@
 import tuf.keydb
 import tuf.roledb
 import tuf.repository_tool as repo_tool
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 import tuf.client.updater as updater
 
 logger = logging.getLogger('tuf.test_updater')
@@ -120,8 +120,7 @@ def setUp(self):
     # Copy the original repository files provided in the test folder so that
     # any modifications made to repository files are restricted to the copies.
     # The 'repository_data' directory is expected to exist in 'tuf.tests/'.
-    original_repository_files = os.path.join(os.getcwd(), os.pardir,
-                                             'repository_data') 
+    original_repository_files = os.path.join(os.getcwd(), 'repository_data') 
     temporary_repository_root = \
       self.make_temp_directory(directory=self.temporary_directory)
   
@@ -465,7 +464,8 @@ def test_2__ensure_not_expired(self):
     
     # 'tuf.ExpiredMetadataError' should be raised in this next test condition,
     # because the expiration_date has expired by 10 seconds.
-    expires = tuf.formats.format_time(time.time() - 10)
+    expires = tuf.formats.unix_timestamp_to_datetime(int(time.time() - 10))
+    expires = expires.isoformat() + 'Z'
     self.repository_updater.metadata['current']['root']['expires'] = expires
     
     # Ensure the 'expires' value of the root file is valid by checking the
diff --git a/tests/unit/test_util.py b/tests/test_util.py
similarity index 99%
rename from tests/unit/test_util.py
rename to tests/test_util.py
index 465ed0c8..4f4ae895 100755
--- a/tests/unit/test_util.py
+++ b/tests/test_util.py
@@ -14,7 +14,7 @@
   See LICENSE for licensing information.
 
 <Purpose>
-  util.py unit tests.
+  Unit test for 'util.py'
 """
 
 import os
@@ -29,7 +29,7 @@
 import tuf.log
 import tuf.hash
 import tuf.util as util
-import tuf.tests.unittest_toolbox as unittest_toolbox
+import tests.unittest_toolbox as unittest_toolbox
 
 logger = logging.getLogger('tuf.test_util')
 
diff --git a/tests/unit/deprecated/test_keystore.py b/tests/unit/deprecated/test_keystore.py
deleted file mode 100755
index e1a8c7f2..00000000
--- a/tests/unit/deprecated/test_keystore.py
+++ /dev/null
@@ -1,355 +0,0 @@
-"""
-<Program Name>
-  test_keystore.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  April 27, 2012.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Unit test for keystore.py.
-"""
-
-import unittest
-import shutil
-import os
-import logging
-import Crypto.Random
-import Crypto.Protocol.KDF
-
-import tuf
-import tuf.repo.keystore
-import tuf.keys
-import tuf.formats
-import tuf.util
-import tuf.log
-
-logger = logging.getLogger('tuf.test_keystore')
-
-# We'll need json module for testing '_encrypt()' and '_decrypt()'
-# internal function.
-json = tuf.util.import_json()
-
-tuf.repo.keystore._PBKDF2_ITERATIONS = 1000
-
-# Creating a directory string in current directory. 
-_CURRENT_DIR = os.getcwd()
-_DIR = os.path.join(_CURRENT_DIR, 'test_keystore')
-
-# Check if directory '_DIR' exists.
-if os.path.exists(_DIR):
-  msg = ('\''+_DIR+'\' directory already exists,'+ 
-        ' please change '+'\'_DIR\''+' to something else.')
-  raise tuf.Error(msg)
-
-KEYSTORE = tuf.repo.keystore
-RSAKEYS = []
-PASSWDS = []
-temp_keys_info = []
-temp_keys_vals = []
-
-for i in range(3):
-  # Populating the original 'RSAKEYS' and 'PASSWDS' lists.
-  RSAKEYS.append(tuf.keys.generate_rsa_key())
-  PASSWDS.append('passwd_'+str(i))
-
-  # Saving original copies of 'RSAKEYS' and 'PASSWDS' to temp variables
-  # in order to repopulate them at the start of every test.
-  temp_keys_info.append(RSAKEYS[i].values())
-  temp_keys_vals.append(RSAKEYS[i]['keyval'].values())
-
-temp_passwds=list(PASSWDS)
-
-
-
-class TestKeystore(unittest.TestCase):
-  def setUp(self):
-    # Returning 'RSAKEY' and 'PASSWDS' to original state.
-    for i in range(len(temp_keys_info)):
-      RSAKEYS[i]['keytype'] = temp_keys_info[i][0]
-      RSAKEYS[i]['keyid'] = temp_keys_info[i][1]
-      RSAKEYS[i]['keyval'] = temp_keys_info[i][2]
-      RSAKEYS[i]['keyval']['public'] = temp_keys_vals[i][0]
-      RSAKEYS[i]['keyval']['private'] = temp_keys_vals[i][1]
-      PASSWDS[i] = temp_passwds[i]
-
-
-
-  def tearDown(self):
-    # Empty keystore's databases.
-    KEYSTORE.clear_keystore()
-
-    # Check if directory '_DIR' exists, remove it if it does.
-    if os.path.exists(_DIR):
-      shutil.rmtree(_DIR)
-
-
-
-  def test_clear_keystore(self):
-    # Populate KEYSTORE's internal databases '_keystore' and '_derived_keys'.
-    for i in range(3):
-      KEYSTORE.add_rsakey(RSAKEYS[i], PASSWDS[i], RSAKEYS[i]['keyid'])
-   
-    # Verify KEYSTORE's internal databases ARE NOT EMPTY.
-    self.assertTrue(len(KEYSTORE._keystore) > 0)
-    self.assertTrue(len(KEYSTORE._derived_keys) > 0)
-   
-    # Clear KEYSTORE's internal databases.
-    KEYSTORE.clear_keystore()
-
-    # Verify KEYSTORE's internal databases ARE EMPTY.
-    self.assertFalse(len(KEYSTORE._keystore) > 0)
-    self.assertFalse(len(KEYSTORE._derived_keys) > 0)
-
-  
-
-  def test_add_rsakey(self):
-    # Passing 2 arguments to the function and verifying that the internal 
-    # databases have been modified.
-    KEYSTORE.add_rsakey(RSAKEYS[0], PASSWDS[0])
-
-    self.assertEqual(RSAKEYS[0], KEYSTORE._keystore[RSAKEYS[0]['keyid']], 
-                     'Adding an rsa key dict was unsuccessful.')
-
-    self.assertTrue(len(KEYSTORE._derived_keys) == 1,
-              'Adding a password pertaining to \'_keyid\' was unsuccessful.')
-    
-    # Passing three arguments to the function, i.e. including the 'keyid'.
-    KEYSTORE.add_rsakey(RSAKEYS[1], PASSWDS[1], RSAKEYS[1]['keyid'])
-
-    self.assertEqual(RSAKEYS[1], 
-                     KEYSTORE._keystore[RSAKEYS[1]['keyid']], 
-                     'Adding an rsa key dict was unsuccessful.')
-
-    self.assertTrue(len(KEYSTORE._derived_keys) == 2,
-              'Adding a password pertaining to \'_keyid\' was unsuccessful.')
-
-    # Passing a keyid that does not match the keyid in 'rsakey_dict'.
-    _keyid = 'somedifferentkey123456789' 
-    self.assertRaises(tuf.Error, KEYSTORE.add_rsakey, RSAKEYS[2], 
-                      PASSWDS[2], _keyid)
-
-    # Passing an existing 'rsakey_dict' object.
-    self.assertRaises(tuf.KeyAlreadyExistsError, KEYSTORE.add_rsakey, 
-                      RSAKEYS[1], PASSWDS[1], RSAKEYS[1]['keyid'])
-
-    # Passing an 'rsakey_dict' that does not conform to the 'RSAKEY_SCHEMA'.
-    del RSAKEYS[2]['keytype']
- 
-    self.assertRaises(tuf.FormatError, KEYSTORE.add_rsakey,
-                      RSAKEYS[2], PASSWDS[2], RSAKEYS[2]['keyid'])
-
-
-
-  def test_save_keystore_to_keyfiles(self):
-    # Extract and store keyids in '_keyids' list.
-    keyids = []
-
-    # Populate KEYSTORE's internal databases '_keystore' and '_derived_keys'.
-    for i in range(3):
-      KEYSTORE.add_rsakey(RSAKEYS[i], PASSWDS[i], RSAKEYS[i]['keyid'])
-      keyids.append(RSAKEYS[i]['keyid'])      
-
-    # Check if directory '_DIR' exists, remove it if it does.
-    if os.path.exists(_DIR):
-      shutil.rmtree(_DIR)
-
-    KEYSTORE.save_keystore_to_keyfiles(_DIR)
-   
-    # Check if directory '_DIR' has been created.
-    self.assertTrue(os.path.exists(_DIR), 'Creating directory failed.')
-
-    # Check if all of the key files where created and that they are not empty.
-    for keyid in keyids:
-      key_file = os.path.join(_DIR, str(keyid)+'.key')
-      # Checks if key file has been created.
-      self.assertTrue(os.path.exists(key_file), 'Key file does not exist.')
-
-      file_stats = os.stat(key_file)
-      # Checks if key file is not empty.
-      self.assertTrue(file_stats.st_size > 0)
-
-    # Passing an invalid 'directory_name' argument - an integer value.
-    self.assertRaises(tuf.FormatError, KEYSTORE.save_keystore_to_keyfiles, 222)
-
-
-
-  def test_load_keystore_from_keyfiles(self):
-    keyids = []
-    # Check if '_DIR' directory exists, if not - create it.
-    if not os.path.exists(_DIR):
-      # Populate KEYSTORE's internal databases.
-      for i in range(3):
-        KEYSTORE.add_rsakey(RSAKEYS[i], PASSWDS[i], RSAKEYS[i]['keyid'])
-        keyids.append(RSAKEYS[i]['keyid'])
-
-      # Create the key files.
-      KEYSTORE.save_keystore_to_keyfiles(_DIR)
-    
-    # Clearing internal databases.
-    KEYSTORE.clear_keystore()
-
-    # Test normal conditions where two valid arguments are passed. 
-    loaded_keys = KEYSTORE.load_keystore_from_keyfiles(_DIR, keyids, PASSWDS)
-    
-    # Loaded keys should all be contained in 'keyids'.
-    loaded_keys_set = set(loaded_keys)
-    keyids_set = set(keyids)
-    intersect = keyids_set.intersection(loaded_keys_set)
-    self.assertEquals(len(intersect), len(keyids))
-
-    for i in range(3):
-      self.assertEqual(RSAKEYS[i], KEYSTORE._keystore[RSAKEYS[i]['keyid']])
-
-    # Clearing internal databases.
-    KEYSTORE.clear_keystore()
-
-    _invalid_dir = os.path.join(_CURRENT_DIR, 'invalid_directory')
-
-    # Passing an invalid 'directory_name' argument - a directory that
-    # does not exist. AS EXPECTED, THIS CALL SHOULDN'T RAISE ANY ERRORS.
-    KEYSTORE.load_keystore_from_keyfiles(_invalid_dir, keyids, PASSWDS)
-
-    # The keystore should not have loaded any keys.
-    self.assertEqual(0, len(KEYSTORE._keystore))
-    self.assertEqual(0, len(KEYSTORE._derived_keys))
-
-    # Passing nonexistent 'keyids'.
-    # AS EXPECTED, THIS CALL SHOULDN'T RAISE ANY ERRORS.
-    invalid_keyids = ['333', '333', '333']
-    KEYSTORE.load_keystore_from_keyfiles(_DIR, invalid_keyids, PASSWDS)
-   
-    # The keystore should not have loaded any keys.
-    self.assertEqual(0, len(KEYSTORE._keystore))
-    self.assertEqual(0, len(KEYSTORE._derived_keys))
-
-    # Passing an invalid 'directory_name' argument - an integer value.
-    self.assertRaises(tuf.FormatError, KEYSTORE.load_keystore_from_keyfiles,
-                      333, keyids, PASSWDS)
-
-    # Passing an invalid 'passwords' argument - a string value.
-    self.assertRaises(tuf.FormatError, KEYSTORE.load_keystore_from_keyfiles,
-                      _DIR, keyids, '333')
-
-    # Passing an invalid 'passwords' argument - an integer value.
-    self.assertRaises(tuf.FormatError, KEYSTORE.load_keystore_from_keyfiles,
-                      _DIR, keyids, 333)
-
-    # Passing an invalid 'keyids' argument - a string value.
-    self.assertRaises(tuf.FormatError, KEYSTORE.load_keystore_from_keyfiles,
-                      _DIR, '333', PASSWDS)
-    
-    # Passing an invalid 'keyids' argument - an integer value.
-    self.assertRaises(tuf.FormatError, KEYSTORE.load_keystore_from_keyfiles,
-                     _DIR, 333, PASSWDS)
-
-
-
-  def test_change_password(self):
-    # Populate KEYSTORE's internal databases.
-    for i in range(2):
-      KEYSTORE.add_rsakey(RSAKEYS[i], PASSWDS[i], RSAKEYS[i]['keyid'])
-
-    derived_key_0 = KEYSTORE._derived_keys[RSAKEYS[0]['keyid']]
-    # Create a new password.
-    new_passwd = 'changed_password'
-
-    # Change a password - normal case.
-    KEYSTORE.change_password(RSAKEYS[0]['keyid'], PASSWDS[0], new_passwd)
-    
-    # Check if password was changed.
-    new_derived_key = KEYSTORE._derived_keys[RSAKEYS[0]['keyid']]['derived_key']
-    self.assertNotEqual(new_derived_key, 
-                        derived_key_0['derived_key'])
-
-    # Passing an invalid keyid (i.e., RSAKEY[2] that was not loaded into
-    # the '_keystore').
-    self.assertRaises(tuf.UnknownKeyError, KEYSTORE.change_password, 
-                      RSAKEYS[2]['keyid'], PASSWDS[1], new_passwd)
-
-    # Passing an incorrect old password.
-    self.assertRaises(tuf.BadPasswordError, KEYSTORE.change_password,
-                      RSAKEYS[1]['keyid'], PASSWDS[2], new_passwd)
-
-
-   
-  def test_get_key(self):
-    # Populate KEYSTORE's internal databases.
-    for i in range(2):
-      KEYSTORE.add_rsakey(RSAKEYS[i], PASSWDS[i], RSAKEYS[i]['keyid'])
-
-    # Get a key - normal case.
-    self.assertEqual(KEYSTORE.get_key(RSAKEYS[0]['keyid']), RSAKEYS[0])    
-
-    # Passing an invalid keyid.
-    self.assertRaises(tuf.UnknownKeyError, 
-                      KEYSTORE.get_key, RSAKEYS[2]['keyid'])
-   
-    # Passing an invalid keyid format.
-    self.assertRaises(tuf.FormatError, KEYSTORE.get_key, 123)    
-
-
-
-  def test_internal_encrypt(self):
-    # Test for valid arguments to '_encrypt()' and a valid return type.
-    salt = Crypto.Random.new().read(16)
-    iterations = tuf.repo.keystore._PBKDF2_ITERATIONS
-    derived_key = Crypto.Protocol.KDF.PBKDF2(PASSWDS[0], salt)
-    derived_key_information = {'salt': salt, 'derived_key': derived_key,
-                               'iterations': iterations}
-    encrypted_key = KEYSTORE._encrypt(json.dumps(RSAKEYS[0]),
-                                      derived_key_information)
-    self.assertEqual(type(encrypted_key), str)
-   
-  
-  
-  def test_internal_decrypt(self):
-    del RSAKEYS[0]['keyid']
-    tuf.formats.KEY_SCHEMA.check_match(RSAKEYS[0])
-    
-    salt = Crypto.Random.new().read(16)
-    salt, iterations, derived_key = \
-      tuf.repo.keystore._generate_derived_key(PASSWDS[0], salt)
-    derived_key_information = {'salt': salt,
-                               'iterations': iterations,
-                               'derived_key': derived_key}
-    
-    # Getting a valid encrypted key using '_encrypt()'.
-    encrypted_key = KEYSTORE._encrypt(json.dumps(RSAKEYS[0]),
-                                      derived_key_information)
-
-    # Decrypting and decoding (using json's loads()) an encrypted file.
-    #tuf.util.load_json_string(KEYSTORE._decrypt(encrypted_key, PASSWDS[0]))
-    json.dumps(KEYSTORE._decrypt(encrypted_key, PASSWDS[0]))
-
-    self.assertEqual(RSAKEYS[0], tuf.util.load_json_string(
-                     KEYSTORE._decrypt(encrypted_key, PASSWDS[0])))
-    
-    # Passing an invalid password to try to decrypt the file.
-    self.assertRaises(tuf.CryptoError, KEYSTORE._decrypt,
-                      encrypted_key, PASSWDS[1])
-
-
-
-def setUpModule():
-  # setUpModule() is called before any test cases run.
-  # Ensure the keystore has not been modified by a previous test, which may
-  # affect assumptions (i.e., empty keystore) made by the tests cases in this
-  # unit test.
-  tuf.repo.keystore.clear_keystore()
-
-def tearDownModule():
-  # tearDownModule() is called after all the tests have run.
-  # Ensure we clean up the keystore.  They say courtesy is contagious.
-  tuf.repo.keystore.clear_keystore()
-
-
-
-# Run the unit tests.
-if __name__ == '__main__':
-  unittest.main()
diff --git a/tests/unit/deprecated/test_push.py b/tests/unit/deprecated/test_push.py
deleted file mode 100755
index 4acc8d75..00000000
--- a/tests/unit/deprecated/test_push.py
+++ /dev/null
@@ -1,166 +0,0 @@
-"""
-<Program Name>
-  test_push.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  April 2013.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Test push.py.
-
-"""
-
-import os
-import getpass
-import logging
-import tempfile
-import unittest
-import ConfigParser
-
-import tuf
-import tuf.log
-import tuf.pushtools.push as push
-import tuf.pushtools.transfer.scp as scp
-import tuf.pushtools.pushtoolslib as pushtoolslib
-import tuf.tests.util_test_tools as util_test_tools
-
-logger = logging.getLogger('tuf.test_push')
-
-
-class TestPush(unittest.TestCase):
-  src_push_dict = {}
-  
-  ORIGINAL_PUSH_CONFIG = pushtoolslib.PUSH_CONFIG
-
-
-
-  @staticmethod
-  def _mock_scp_transfer(config_dict):
-    pass
-
-
-
-  @staticmethod
-  def write_config_file(config_filename, config_dictionary):
-    """Create a configuration file by writing supplied configuration
-    dictionary ('config_dictionary') into the file ('config_filename')."""
-
-    config = ConfigParser.RawConfigParser()
-
-    for section, values_dict in config_dictionary.iteritems():
-      config.add_section(section)
-      for key in values_dict:
-        config.set(section, key, values_dict[key])
-
-    # Writing our configuration file to 'config_filename'.
-    with open(config_filename, 'wb') as configfile:
-      config.write(configfile)
-
-
-
-  def setUp(self):
-    # Create push configuration file, general temporary dir 'root_repo'.
-    cwd = os.getcwd()
-    self.push_config = tempfile.mkstemp(prefix='tmp_push_conf_', dir=cwd)[1]
-    self.root_repo = tempfile.mkdtemp(prefix='tmp_tuf_repo_', dir=cwd)
-
-    # Drop target files into the working project directory 'reg_repo'.
-    # When targets metadata updates, the target files in the 'reg_repo'
-    # will be copied into the tuf's targets directory.
-    self.reg_repo = os.path.join(self.root_repo, 'reg_repo')
-    os.mkdir(self.reg_repo)
-
-    # Add a file to the 'reg_repo'.
-    util_test_tools.add_file_to_repository(self.reg_repo, data='Test String')
-
-    # Create TUF repository.
-    util_test_tools.init_tuf(self.root_repo)
-
-    # Update the tuf targets metadata.
-    util_test_tools.make_targets_meta(self.root_repo)
-
-    # Populate 'src_push_dict'.
-    targets_dir = os.path.join(self.root_repo, 'tuf_repo', 'targets')
-    metadate_path = os.path.join(self.root_repo, 'tuf_repo', 'metadata',
-                                 'targets.txt')
-    remote_dir = tempfile.mkdtemp(prefix='tmp_tuf_repo_', dir=self.root_repo)
-
-    self.src_push_dict = {'general':{'transfer_module':'scp', 
-                                     'metadata_path':metadate_path,
-                                     'targets_directory':targets_dir},
-                          'scp':{'host':'localhost',
-                                 'identity_file':None,
-                                 'user':getpass.getuser(),
-                                 'remote_directory':remote_dir}}
-
-    # Write the config dictionary into the push configuration file.
-    self.write_config_file(self.push_config, self.src_push_dict)
-
-    # Patch 'pushtoolslib.PUSH_CONFIG'.
-    pushtoolslib.PUSH_CONFIG = os.path.basename(self.push_config)
-
-
-
-  def tearDown(self):
-    # Remove tempfile.
-    os.remove(self.push_config)
-
-    # Remove TUF repository.
-    util_test_tools.cleanup(self.root_repo)
-
-    # Clear 'src_push_dict'.
-    self.src_push_dict.clear()
-
-    # # Reassign 'pushtoolslib.PUSH_CONFIG'.
-    pushtoolslib.PUSH_CONFIG = self.ORIGINAL_PUSH_CONFIG
-
-
-
-  def test_expected_behaviour_of_push_without_scp(self):
-    # Patch 'scp.transfer' function.
-    ORIGINAL_SCP_TRANSFER_MODULE = scp.transfer
-    scp.transfer = self._mock_scp_transfer
-
-    push.push(self.push_config)
-
-    # Restore 'scp.transfer' function.
-    scp.transfer = ORIGINAL_SCP_TRANSFER_MODULE
-
-
-
-  def test_exceptions_handeling_of_push_without_scp(self):
-    # Patch 'scp.transfer' function.
-    ORIGINAL_SCP_TRANSFER_MODULE = scp.transfer
-    scp.transfer = self._mock_scp_transfer
-    
-    self.assertRaises(tuf.Error, push.push, self.root_repo)
-    self.assertRaises(tuf.FormatError, push.push, None)
-    self.assertRaises(tuf.FormatError, push.push, 12345)
-    self.assertRaises(tuf.FormatError, push.push, ['test'])
-    self.assertRaises(tuf.FormatError, push.push, {'test':'test'})
-
-    # Restore 'scp.transfer' function.
-    scp.transfer = ORIGINAL_SCP_TRANSFER_MODULE
-
-
-  
-  # Unit test bellow executes secure copy 'scp' command.  Hence user's
-  # password is requered. Comment-out or remove the line bellow to 
-  # un-skip the unit test.
-  @unittest.skip("Requires user's password!") 
-  def test_expected_behaviour_of_push_with_scp(self):
-    push.push(self.push_config)
-
-
-
-
-
-# Run the unittests
-if __name__ == '__main__':
-  unittest.main()
diff --git a/tests/unit/deprecated/test_pushtoolslib.py b/tests/unit/deprecated/test_pushtoolslib.py
deleted file mode 100755
index e0cf6694..00000000
--- a/tests/unit/deprecated/test_pushtoolslib.py
+++ /dev/null
@@ -1,173 +0,0 @@
-"""
-<Program Name>
-  test_pushtoolslib.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  April 2013.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Test pushtoolslib.py.
-
-"""
-
-import os
-import tempfile
-import unittest
-import ConfigParser
-import logging
-
-import tuf
-import tuf.log
-import tuf.formats
-import tuf.pushtools.pushtoolslib as pushtoolslib
-
-logger = logging.getLogger('tuf.test_pushtoolslib')
-
-
-class TestPushtoolslib(unittest.TestCase):
-  src_push_dict = {}
-  src_receive_dict = {}
-  ORIGINAL_PUSH_CONFIG = pushtoolslib.PUSH_CONFIG
-  ORIGINAL_RECEIVE_CONFIG = pushtoolslib.RECEIVE_CONFIG
-
-
-
-  def setUp(self):
-    # Create config tempfiles.
-    cwd = os.getcwd()
-    self.push_config_file = tempfile.mkstemp(prefix='tmp_push_conf_', dir=cwd)[1]
-    self.receive_config_file = tempfile.mkstemp(prefix='tmp_receive_conf_', dir=cwd)[1]
-
-    # Populate 'src_push_dict' and 'src_receive_dict'.
-    self.src_push_dict = {'general':{'transfer_module':'scp', 
-                                     'metadata_path':'some/path',
-                                     'targets_directory':'some/path'},
-                          'scp':{'host':'localhost',
-                                 'user':'user',
-                                 'identity_file':None,
-                                 'remote_directory':'~/pushes'}}
-
-    self.src_receive_dict = {'general':{'pushroots':['some/path'],
-                                        'repository_directory':'some/path',
-                                        'metadata_directory':'some/path',
-                                        'targets_directory':'some/path',
-                                        'backup_directory':'some/path'}}
-
-    # Patch the 'pushtoolslib.PUSH_CONFIG' and 'pushtoolslib.RECEIVE_CONFIG'
-    pushtoolslib.PUSH_CONFIG = os.path.basename(self.push_config_file)
-    pushtoolslib.RECEIVE_CONFIG = os.path.basename(self.receive_config_file)
-
-
-
-  def tearDown(self):
-    # Remove tempfile.
-    os.remove(self.push_config_file)
-    os.remove(self.receive_config_file)
-
-    # Clear dictionaries.
-    self.src_push_dict.clear()
-    self.src_receive_dict.clear()
-
-    # Reassign 'pushtoolslib.PUSH_CONFIG' and 'pushtoolslib.RECEIVE_CONFIG'
-    # to original values.
-    pushtoolslib.PUSH_CONFIG = self.ORIGINAL_PUSH_CONFIG
-    pushtoolslib.RECEIVE_CONFIG = self.ORIGINAL_RECEIVE_CONFIG
-
-
-
-  @staticmethod
-  def write_config_file(config_filename, config_dictionary):
-    """Create a configuration file by writing supplied configuration
-    dictionary ('config_dictionary') into the file ('config_filename')."""
-
-    config = ConfigParser.RawConfigParser()
-
-    for section, values_dict in config_dictionary.iteritems():
-      config.add_section(section)
-      for key in values_dict:
-        config.set(section, key, values_dict[key])
-
-    # Writing our configuration file to 'config_filename'.
-    with open(config_filename, 'wb') as configfile:
-      config.write(configfile)
-
-
-
-  def test_expected_behavior_of_read_config_file(self):
-    # Test 'push' configuration type.
-    self.write_config_file(self.push_config_file, self.src_push_dict)
-    config_dict = pushtoolslib.read_config_file(self.push_config_file, 'push')
-    tuf.formats.SCPCONFIG_SCHEMA.check_match(config_dict)
-
-    # Test 'receive' configuration type.
-    self.write_config_file(self.receive_config_file, self.src_receive_dict)
-    config_dict = pushtoolslib.read_config_file(self.receive_config_file, 'receive')
-    tuf.formats.RECEIVECONFIG_SCHEMA.check_match(config_dict)
-
-
-
-  def test_exceptions_handeling_of_read_config_file(self):
-    # Test an incorrect configuration file.
-    with open(self.push_config_file, 'wb') as configfile:
-      configfile.write('test')
-    self.assertRaises(tuf.Error, pushtoolslib.read_config_file,
-      self.push_config_file, 'push')
-
-    self.write_config_file(self.push_config_file, {})
-    self.assertRaises(tuf.Error, pushtoolslib.read_config_file,
-      self.push_config_file, 'push')
-
-    self.write_config_file(self.receive_config_file, self.src_receive_dict)
-    self.assertRaises(tuf.Error, pushtoolslib.read_config_file,
-      self.receive_config_file, 'push')
-
-    self.write_config_file(self.push_config_file, self.src_push_dict)
-    self.assertRaises(tuf.Error, pushtoolslib.read_config_file,
-      self.push_config_file, 'receive')
-
-    # Test incorrect configuration type.
-    self.write_config_file(self.push_config_file, self.src_push_dict)
-    self.assertRaises(tuf.Error, pushtoolslib.read_config_file,
-      self.push_config_file, 'junk')
-
-    # Test 'push' type configuration with 'transfer_module' absent from 
-    # config_dict['general'].
-    saved_transfer_module = self.src_push_dict['general']['transfer_module']
-    del self.src_push_dict['general']['transfer_module']
-    self.write_config_file(self.push_config_file, self.src_push_dict)
-    self.assertRaises(tuf.Error, pushtoolslib.read_config_file,
-      self.push_config_file, 'push')
-
-    # Test 'push' type configuration with 
-    # config_dict['general']['transfer_module'] != 'scp'.
-    self.src_push_dict['general']['transfer_module'] = 'test'
-    self.write_config_file(self.push_config_file, self.src_push_dict)
-    self.assertRaises(tuf.Error, pushtoolslib.read_config_file,
-      self.push_config_file, 'push')
-
-    # Test 'push' type configuration with one of the keys missing.
-    self.src_push_dict['general']['transfer_module'] = 'scp'
-    del self.src_push_dict['general']['metadata_path']
-    self.write_config_file(self.push_config_file, self.src_push_dict)
-    self.assertRaises(tuf.FormatError, pushtoolslib.read_config_file,
-      self.push_config_file, 'push')
-
-    # Test 'receive' type configuration with one of the keys missing. 
-    del self.src_receive_dict['general']['repository_directory']
-    self.write_config_file(self.receive_config_file, self.src_receive_dict)
-    self.assertRaises(tuf.FormatError, pushtoolslib.read_config_file,
-      self.receive_config_file, 'receive')
-
-
-
-
-
-# Run the unittests
-if __name__ == '__main__':
-  unittest.main()
diff --git a/tests/unit/deprecated/test_quickstart.py b/tests/unit/deprecated/test_quickstart.py
deleted file mode 100755
index e1bca8c4..00000000
--- a/tests/unit/deprecated/test_quickstart.py
+++ /dev/null
@@ -1,195 +0,0 @@
-"""
-<Program Name>
-  test_quickstart.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  September 6, 2012
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  To test quickstart.py for expected/unexpected input by the user, verifying
-  that all unexpected input is caught and an exception is raised.
-
-  Given that all message prompts don't change - this will work pretty well
-  for running quickstart without having to manually enter input to prompts
-  every time you want to run quickstart.
-"""
-
-import os
-import shutil
-import unittest
-import logging
-
-import tuf
-import tuf.log
-import tuf.repo.quickstart as quickstart
-import tuf.util
-import tuf.tests.unittest_toolbox as unittest_toolbox
-
-logger = logging.getLogger('tuf.test_quickstart')
-unit_tbox = unittest_toolbox.Modified_TestCase
-
-
-logger.info('from test_quickstart')
-
-class TestQuickstart(unit_tbox):
-  def test_1_get_password(self):
-    
-    # SETUP
-    original_getpass = quickstart.getpass.getpass
-    
-    # A quick test of _get_password.
-    password = self.random_string()
-    def _mock_getpass(junk1, junk2, pw = password):
-      return pw
-    # Monkey patch getpass.getpass().
-    quickstart.getpass.getpass = _mock_getpass
-    # Run _get_password().
-    self.assertEqual(quickstart._get_password(), password)
-
-    # RESTORE
-    quickstart.getpass.getpass = original_getpass
-
-
-
-  def test_2_build_repository(self):
-
-    # SETUP
-    original_prompt = quickstart._prompt
-    original_get_password = quickstart._get_password
-    
-    #  Create the project directories.
-    repo_dir = os.path.join(os.getcwd(), 'repository')
-    keystore_dir = os.path.join(os.getcwd(), 'keystore')
-    client_dir = os.path.join(os.getcwd(), 'client')
-    
-    proj_files = self.make_temp_directory_with_data_files()
-    proj_dir = os.path.join(proj_files[0], 'targets')
-
-    input_dict = {'expiration':'12/12/2020',
-                  'root':{'threshold':1, 'password':'pass'},
-                  'targets':{'threshold':1, 'password':'pass'},
-                  'release':{'threshold':1, 'password':'pass'},
-                  'timestamp':{'threshold':1, 'password':'pass'}}
-
-
-    def _mock_prompt(message, confirm=False, input_parameters=input_dict):
-      if message.startswith('\nWhen would you like your '+
-          '"root.txt" metadata to expire?'):
-        return input_parameters['expiration']
-      for role in self.role_list:  # role_list=['root', 'targets', ...]
-        if message.startswith('\nEnter the desired threshold '+
-            'for the role '+repr(role)):
-          return input_parameters[role]['threshold']
-        elif message.startswith('Enter a password for '+repr(role)):
-          for threshold in range(input_parameters[role]['threshold']):
-            if message.endswith(repr(role)+' ('+str(threshold+1)+'): '):
-              return input_parameters[role]['password']
-      print 'Cannot recognize message: '+message
-
-    # Monkey patching quickstart's _prompt() and _get_password.
-    quickstart._prompt = _mock_prompt
-    quickstart._get_password = _mock_prompt
-
-
-    def _remove_repository_directories(repo_dir, keystore_dir, client_dir):
-      """
-        quickstart.py creates the 'client', 'keystore', and 'repository'
-        directories in the current working directory.  Remove these
-        directories after every quickstart.build_repository() call.
-      """
-      
-      try: 
-        shutil.rmtree(repo_dir)
-        shutil.rmtree(keystore_dir)
-        shutil.rmtree(client_dir)
-      except OSError, e:
-        pass
-
-
-
-    # TESTS
-
-    #  TEST: various input parameters.
-    #  Supplying bogus expiration.
-    input_dict['expiration'] = '5/8/2011'
-    self.assertRaises(tuf.RepositoryError, quickstart.build_repository,
-        proj_dir)
-    # Random string.
-    input_dict['expiration'] = self.random_string()
-    self.assertRaises(tuf.RepositoryError, quickstart.build_repository,
-        proj_dir)
-    _remove_repository_directories(repo_dir, keystore_dir, client_dir) 
-    
-    #  Restore expiration.
-    input_dict['expiration'] = '10/10/2020'
-
-    #  Supplying bogus 'root' threshold.  Doing this for all roles slows
-    #  the test significantly.
-    input_dict['root']['threshold'] = self.random_string()
-    self.assertRaises(tuf.RepositoryError, quickstart.build_repository,
-        proj_dir)
-    _remove_repository_directories(repo_dir, keystore_dir, client_dir) 
-
-    input_dict['root']['threshold'] = 0
-    self.assertRaises(tuf.RepositoryError, quickstart.build_repository,
-        proj_dir)
-    _remove_repository_directories(repo_dir, keystore_dir, client_dir) 
-    
-    # Restore keystore directory.
-    input_dict['root']['threshold'] = 1
-
-    
-    #  TEST: normal case.
-    try:
-      quickstart.build_repository(proj_dir)
-    except Exception, e:
-      raise
-    
-    # Verify the existence of metadata, target, and keystore files.
-    meta_dir = os.path.join(repo_dir, 'metadata')
-    targets_dir = os.path.join(repo_dir, 'targets')
-    client_current_meta_dir = os.path.join(client_dir, 'metadata', 'current')
-    client_previous_meta_dir = os.path.join(client_dir, 'metadata', 'previous')
-    target_files = os.listdir(targets_dir)
-
-    #  Verify repository, keystore, metadata, and targets directories.
-    self.assertTrue(os.path.exists(repo_dir))
-    self.assertTrue(os.path.exists(keystore_dir))
-    self.assertTrue(os.path.exists(meta_dir))
-    self.assertTrue(os.path.exists(targets_dir))
-    self.assertTrue(os.path.exists(client_current_meta_dir))
-    self.assertTrue(os.path.exists(client_previous_meta_dir))
-
-    # Verify that target_files exist.
-    self.assertTrue(target_files)
-
-    for role in self.role_list:
-      meta_file = role+'.txt'
-      # Verify metadata file for a 'role'.
-      self.assertTrue(os.path.isfile(os.path.join(meta_dir, meta_file)))
-      # Get the metadata.
-      signable = tuf.util.load_json_file(os.path.join(meta_dir, meta_file))
-      for signature in range(len(signable['signatures'])):
-        # Extract a keyid.
-        keyid = signable['signatures'][signature]['keyid']
-        key_file = os.path.join(keystore_dir, keyid+'.key')
-        # Verify existence of a key for the keyid that belong to the 'role'.
-        self.assertTrue(os.path.isfile(key_file))
-
-    _remove_repository_directories(repo_dir, keystore_dir, client_dir) 
-
-    # RESTORE 
-    quickstart._prompt = original_prompt
-    quickstart._get_password = original_get_password
-
-
-
-# Run the unit tests.
-if __name__ == '__main__':
-  unittest.main()
diff --git a/tests/unit/deprecated/test_signercli.py b/tests/unit/deprecated/test_signercli.py
deleted file mode 100755
index 297eee18..00000000
--- a/tests/unit/deprecated/test_signercli.py
+++ /dev/null
@@ -1,1573 +0,0 @@
-#!/usr/bin/env python
-
-"""
-<Program Name>
-  test_signercli.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  September 20, 2012
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  test_signercli.py provides collection of methods that tries to test all the
-  units (methods) of the module under test.
-
-  unittest_toolbox module was created to provide additional testing tools for
-  tuf's modules.  For more info see unittest_toolbox.py.
-
-
-<Methodology>
-  Unittests must follow a specific structure i.e. independent methods should
-  be tested prior to dependent methods. More accurately: least dependent
-  methods are tested before most dependent methods.  There is no reason to
-  rewrite or construct other methods that replicate already-tested methods
-  solely for testing purposes.  This is possible because 'unittest.TestCase'
-  class guarantees the order of unit tests.  So that, 'test_something_A'
-  method would be tested before 'test_something_B'.  To ensure the structure
-  a number will be placed after 'test' and before methods name like so:
-  'test_1_check_directory'.  The number is a measure of dependence, where 1
-  is less dependent than 2.
-
-"""
-
-
-import os
-import time
-import logging
-import unittest
-
-import tuf
-import tuf.log
-import tuf.formats
-import tuf.util
-import tuf.repo.keystore as keystore
-import tuf.repo.signerlib as signerlib
-
-#  Module to test: signercli.py
-import tuf.repo.signercli as signercli
-
-#  Helper module unittest_toolbox.py
-import tuf.tests.unittest_toolbox as unittest_toolbox
-
-logger = logging.getLogger('tuf.test_signercli')
-
-
-
-class TestSignercli(unittest_toolbox.Modified_TestCase):
-  # SETUP 
-  original_prompt = signercli._prompt
-  signercli._prompt = original_prompt
-
-  original_get_metadata_directory = signercli._get_metadata_directory
-  signercli._get_metadata_directory = original_get_metadata_directory
-  
-  original_get_password = signercli._get_password
-  signercli._get_password = original_get_password
-  
-  #  HELPER METHODS.
-
-  #  Generic patch for signerlib._prompt().
-  def mock_prompt(self, output):
-
-    #  Method to patch signercli._prompt().
-    def _mock_prompt(junk1, junk2, ret=output):
-      return ret
-
-    #  Patch signercli._prompt()
-    signercli._prompt = _mock_prompt
-
-
-
-  #  Patch signercli._get_metadata_directory()
-  def mock_get_metadata_directory(self, directory=None):
-
-    #  Create method to patch signercli._get_metadata_directory()
-    def _mock_get_meta_dir(directory=directory):
-
-      #  If directory was specified, return that directory.
-      if directory:
-        return directory
-
-      #  Else create a temporary directory and return it.
-      else:
-        return self.make_temp_directory()
-
-    #  Patch signercli._get_metadata_directory()
-    signercli._get_metadata_directory = _mock_get_meta_dir
-
-
-
-  #  This method patches signercli._prompt() that are called from
-  #  make_role_metadata methods (e.g., tuf.signercli.make_root_metadata()).
-  def make_metadata_mock_prompts(self, targ_dir, conf_path, expiration):
-    def _mock_prompt(msg, junk):
-      if msg.startswith('\nInput may be a directory, directories, or'):
-        return targ_dir
-      elif msg.startswith('\nEnter the configuration file path'):
-        return conf_path
-      elif msg.startswith('\nCurrent time:'):
-        return expiration
-      else:
-        error_msg = ('Prompt: '+'\''+msg[1:]+'\''+
-            ' did not match any predefined mock prompts.')
-        self.fail(error_msg)
-
-    #  Patch signercli._prompt().
-    signercli._prompt = _mock_prompt
-
-
-
-  #  This mock method can be easily modified, by altering unittest_toolbox's
-  #  dictionaries.  For instance, if you want to modify password for certain
-  #  keyid just save the existing 'self.rsa_passwords[keyid]' and set it
-  #  to some other value like self.random_string(), after the test reassign
-  #  the saved value back to 'self.rsa_passwords[keyid]'.
-  def get_passwords(self):
-    #  Mock '_get_password' method.
-    def _mock_get_password(msg):
-      for role in self.role_list:
-        if msg.startswith('\nEnter the password for the '+role):
-          for keyid in self.top_level_role_info[role]['keyids']:
-            if msg.endswith(keyid+'): '):
-              return self.rsa_passwords[keyid]
-      error_msg = ('Prompt: '+'\''+msg+'\''+
-          ' did not match any predefined mock prompts.')
-      raise tuf.Error(error_msg)
-
-    #  Monkey patch '_prompt'.
-    signercli._get_password = _mock_get_password
-
-
-
-
-
-  #  UNIT TESTS.
-  #  If a unit test starts with test_# followed by two underscores,
-  #  (test_#__method) this means that it's an internal method of signercli.
-  #  For instance the unit test for signercli._get_password() would
-  #  look like this: test_1__get_password, whereas unit test for
-  #  signercli.change_password would look like this:
-  #  test_3_change_password().
-
-  def test_1__check_directory(self):
-
-    # SETUP
-    directory = self.make_temp_directory()
-    no_such_dir = self.random_path()
-
-
-    # TESTS
-    #  Test: normal case.
-    self.assertEqual(signercli._check_directory(directory), directory)
-
-    #  Test: invalid directory.
-    self.assertRaises(tuf.RepositoryError, signercli._check_directory,
-        no_such_dir)
-
-    #  Test: invalid directory type.
-    self.assertRaises(tuf.RepositoryError, signercli._check_directory,
-                      [no_such_dir])
-    self.assertRaises(tuf.RepositoryError, signercli._check_directory,
-                      1234)
-    self.assertRaises(tuf.RepositoryError, signercli._check_directory,
-                      {'directory':no_such_dir})
-
-
-
-
-
-  def test_1__get_password(self):
-    
-    # SETUP
-    original_getpass = signercli.getpass.getpass
-
-    password = self.random_string()
-    def _mock_getpass(junk1, junk2, pw=password):
-      return pw
-
-    # Patch getpass.getpass().
-    signercli.getpass.getpass = _mock_getpass
-
-
-    # Test: normal case.
-    self.assertEqual(signercli._get_password(), password)
-    
-    # RESTORE
-    signercli.getpass.getpass = original_getpass
-
-
-
-
-  def test_2__get_metadata_directory(self):
-    
-    # SETUP
-    original_prompt = signercli._prompt
-    
-    meta_directory = self.make_temp_directory()
-    self.mock_prompt(meta_directory)
-
-
-    # TESTS
-    self.assertEqual(signercli._get_metadata_directory(), meta_directory)
-    self.assertTrue(os.path.exists(signercli._get_metadata_directory()))
-    self.mock_prompt(self.random_string())
-    self.assertRaises(tuf.RepositoryError, signercli._get_metadata_directory)
-    self.mock_prompt([self.random_string()])
-    self.assertRaises(tuf.RepositoryError, signercli._get_metadata_directory)
-    
-    # RESTORE
-    signercli._prompt = original_prompt
-
-
-
-
-  def test_4__list_keyids(self):
-
-    # SETUP
-    original_get_metadata_directory = signercli._get_metadata_directory
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-   
-    #  Creating root and target metadata requires an expiration date to be set.
-    #  Expiration date set to expires 100 seconds from the current time.
-    expiration_date = tuf.formats.format_time(time.time()+100)
-    expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] 
-    
-    # The 'root.txt' and 'targets.txt' metadata files are
-    # needed for _list_keyids() to determine the roles
-    # associated with each keyid.
-    keystore_dir = self.create_temp_keystore_directory()
-    repo_dir = self.make_temp_directory()
-    
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-        self.top_level_role_info)
-    
-    #  Create the metadata directory needed by _list_keyids().
-    meta_dir = self.make_temp_directory()
-
-    #  Patch signercli._get_metadata_directory().
-    self.mock_get_metadata_directory(directory=meta_dir)
-
-    #  Patch signercli._prompt().
-    self.mock_prompt(config_filepath)
-
-    #  Patch signercli._get_password().
-    self.get_passwords()
-   
-    #  Create the root metadata file that will be loaded by _list_keyids()
-    #  to extract the keyids for the top-level roles. 
-    signercli.make_root_metadata(keystore_dir)
-    
-    #  Create a directory containing target files.
-    targets_dir, targets_paths =\
-        self.make_temp_directory_with_data_files(directory=repo_dir)
-   
-    #  Mock method for signercli._prompt().
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-    #  Create the target metadata file that will be loaded by _list_keyids()
-    #  to extract the keyids for all the targets roles.
-    signercli.make_targets_metadata(keystore_dir)
-
-
-    # TESTS
-    #  Test: normal case.
-    signercli._list_keyids(keystore_dir, meta_dir)
-
-    #  Test: Improperly formatted 'root.txt' file.
-    root_filename = os.path.join(meta_dir, 'root.txt')
-    root_signable = tuf.util.load_json_file(root_filename)
-    saved_roles = root_signable['signed']['roles'] 
-    del root_signable['signed']['roles']
-    tuf.repo.signerlib.write_metadata_file(root_signable, root_filename)
-    
-    self.assertRaises(tuf.RepositoryError,
-                      signercli._list_keyids, keystore_dir, meta_dir)
-    
-    # Restore the properly formatted 'root.txt' file.
-    root_signable['signed']['roles'] = saved_roles
-    tuf.repo.signerlib.write_metadata_file(root_signable, root_filename)
-
-    #  Test:  Improperly formatted 'targets.txt' file.
-    targets_filename = os.path.join(meta_dir, 'targets.txt')
-    targets_signable = tuf.util.load_json_file(targets_filename)
-    saved_targets = targets_signable['signed']['targets']
-    del targets_signable['signed']['targets']
-    tuf.repo.signerlib.write_metadata_file(targets_signable, targets_filename)
-
-    self.assertRaises(tuf.RepositoryError,
-                      signercli._list_keyids, keystore_dir, meta_dir)
-
-    # Restore the properly formatted 'targets.txt' file.
-    targets_signable['signed']['targets'] = saved_targets
-    tuf.repo.signerlib.write_metadata_file(targets_signable, targets_filename)
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-    signercli._get_metadata_directory = original_get_metadata_directory
-
-
-
-  def test_2__get_keyids(self):
-    
-    # SETUP
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-    
-    #  Create a temp keystore directory.
-    keystore_dir = self.create_temp_keystore_directory()
-
-    #  List of keyids including keyword 'quit'.
-    keyids = ['quit'] + self.rsa_keyids
-
-    #  Patching signercli._prompt()
-    def _mock_prompt(msg, junk):
-
-      #  Pop 'keyids' everytime signercli._prompt() is called.
-      keyid = keyids.pop()
-      if keyid != 'quit':
-        get_password(keyid)
-      return keyid
-
-    signercli._prompt = _mock_prompt
-    
-    #  Patching signercli._get_password().
-    def get_password(keyid):
-      password = self.rsa_passwords[keyid]
-      def _mock_get_password(msg):
-        return password
-
-      signercli._get_password = _mock_get_password
-
-
-    # TESTS
-    #  Test: normal case.
-    loaded_keyids = signercli._get_keyids(keystore_dir)
-    self.assertTrue(tuf.formats.KEYIDS_SCHEMA.matches(loaded_keyids))
-    
-    #  Check if all the keysids were loaded.
-    for keyid in self.rsa_keyids:
-      if keyid not in loaded_keyids:
-        msg = 'Could not load the keyid: '+repr(keyid)
-        self.fail(msg)
-   
-    #  Test: invalid password.
-    keyids = ['quit', self.rsa_keyids[0]]
-    saved_pw = self.rsa_passwords[self.rsa_keyids[0]]
-    
-    #  Invalid password
-    self.rsa_passwords[self.rsa_keyids[0]] = self.random_string()
-    self.assertEqual(signercli._get_keyids(keystore_dir), [])
-
-    #  Restore the password.
-    self.rsa_passwords[self.rsa_keyids[0]] = saved_pw
-
-    #  Test: invalid keyid.
-    keyid = self.random_string()
-    keyids = ['quit', keyid]
-
-    #  Create an invalid entry in the passwords dictionary.
-    self.rsa_passwords[keyid] = self.random_string()
-    self.assertEqual(signercli._get_keyids(keystore_dir), [])
-
-    #  Restore passwords dictionary.
-    del self.rsa_passwords[keyid]
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-
-
-
-  def test_2__get_all_config_keyids(self):
-
-    # SETUP
-    original_get_password = signercli._get_password
-    
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build the config file needed by '_get_all_config_keyids.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-
-    #  Create a temp keystore directory.
-    keystore_dir = self.create_temp_keystore_directory()
-
-    #  'sample_keyid' used to test invalid keyid.
-    sample_keyid = self.rsa_keyids[0]
-
-    #  Patch signercli._get_password()
-    self.get_passwords()
-
-
-    # TESTS
-    #  Test: an incorrect password.
-    saved_pw = self.rsa_passwords[sample_keyid]
-    self.rsa_passwords[sample_keyid] = self.random_string()
-    self.assertRaises(tuf.Error, signercli._get_all_config_keyids,
-                      config_filepath, keystore_dir)
-
-    #  Restore the password.
-    self.rsa_passwords[sample_keyid] = saved_pw
-
-    #  Test: missing top-level role in the config file.
-    #    Clear keystore's dictionaries.
-    keystore.clear_keystore()
-
-    #    Remove a role from 'top_level_role_info' which is used to construct
-    #    config file.
-    targets_holder = self.top_level_role_info['targets']
-    del self.top_level_role_info['targets']
-
-    #    Build config file without 'targets' role.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-    self.assertRaises(tuf.Error, signercli._get_all_config_keyids,
-                      config_filepath, keystore_dir)
-
-    #    Rebuild config file and 'top_level_role_info'.
-    self.top_level_role_info['targets'] = targets_holder
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-
-    #  Test: non-existing config file path.
-    keystore.clear_keystore()
-    self.assertRaises(tuf.Error, signercli._get_all_config_keyids,
-                      self.random_path(), keystore_dir)
-
-    #  Test: normal case.
-    keystore.clear_keystore()
-    signercli._get_all_config_keyids(config_filepath, keystore_dir)
-
-    # RESTORE
-    signercli._get_password = original_get_password
-
-
-
-
-  def test_2__get_role_config_keyids(self):
-
-    # SETUP
-    original_get_password = signercli._get_password
-    
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-    #  Create a temp keystore directory.
-    keystore_dir = self.create_temp_keystore_directory()
-
-    #  Patch '_get_password' method.
-    self.get_passwords()
-
-    # TESTS
-    for role in self.role_list:
-      #  Test: normal cases.
-      keystore.clear_keystore()
-      signercli._get_role_config_keyids(config_filepath, keystore_dir, role)
-      
-      #  Test: incorrect passwords.
-      keystore.clear_keystore()
-      role_keyids = self.top_level_role_info[role]['keyids']
-      for keyid in role_keyids:
-        saved_pw = self.rsa_passwords[keyid]
-        self.rsa_passwords[keyid] = self.random_string()
-        self.assertRaises(tuf.Error, signercli._get_role_config_keyids,
-            config_filepath, keystore_dir, role)
-
-        #    Restore the password.
-        self.rsa_passwords[keyid] = saved_pw
-
-    #  Test: non-existing config file path.
-    keystore.clear_keystore()
-    self.assertRaises(tuf.Error, signercli._get_role_config_keyids,
-        self.random_path(), keystore_dir, 'release')
-
-    #  Test: non-existing role.
-    keystore.clear_keystore()
-    self.assertRaises(tuf.Error, signercli._get_role_config_keyids,
-                      config_filepath, keystore_dir, 'no_such_role')
-
-    # RESTORE
-    signercli._get_password = original_get_password
-
-
-
-
-  def test_1__sign_and_write_metadata(self):
-
-    # SETUP
-    #  Role to test.
-    role = 'root'
-
-    #  Create temp directory.
-    temp_dir = self.make_temp_directory()
-
-    #  File name.
-    filename = os.path.join(temp_dir, role+'.txt')
-
-    #  Role's keyids.
-    keyids = self.top_level_role_info[role]['keyids']
-
-    #  Create a temp keystore directory.
-    keystore_dir =\
-        self.create_temp_keystore_directory(keystore_dicts=True)
-
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-
-    #  Create role's metadata.
-    signable_meta = signerlib.generate_root_metadata(config_filepath, 8)
-
-
-    # TESTS
-    #  Test: normal case.
-    signercli._sign_and_write_metadata(signable_meta, keyids, filename)
-
-    #  Verify that the root meta file was created.
-    self.assertTrue(os.path.exists(filename))
-
-    Errors = (tuf.Error, tuf.FormatError)
-
-    #  Test: invalid metadata.
-    self.assertRaises(Errors, signercli._sign_and_write_metadata,
-                      self.random_string(), keyids, filename)
-
-    #  Test: invalid keyids
-    invalid_keyids = self.random_string()
-    self.assertRaises(Errors, signercli._sign_and_write_metadata,
-                      signable_meta, invalid_keyids, filename)
-
-    #  Test: invalid filename
-    self.assertRaises(Errors, signercli._sign_and_write_metadata,
-                      signable_meta, invalid_keyids, True)
-
-
-
-
-  def test_4_change_password(self):
-
-    # SETUP
-    original_get_metadata_directory = signercli._get_metadata_directory
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-    
-    #  Creating root and target metadata requires an expiration date to be set.
-    #  Expiration date set to expires 100 seconds from the current time.
-    expiration_date = tuf.formats.format_time(time.time()+100)
-    expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] 
-    
-    #  Create keystore and repo directories.
-    keystore_dir = self.create_temp_keystore_directory()
-    repo_dir = self.make_temp_directory()
-    
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-        self.top_level_role_info)
-
-    #  Create a temp metadata directory.
-    meta_dir = self.make_temp_directory()
-
-    #  Patch signercli._get_metadata_directory().
-    self.mock_get_metadata_directory(directory=meta_dir)
-
-    #  Patch signercli._prompt().
-    self.mock_prompt(config_filepath)
-
-    #  Patch '_get_password' method.
-    self.get_passwords()
-    
-    signercli.make_root_metadata(keystore_dir)
-
-    #  Create a directory containing target files.
-    targets_dir, targets_paths =\
-        self.make_temp_directory_with_data_files(directory=repo_dir)
-   
-    #  Mock method for signercli._prompt().
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-    
-    signercli.make_targets_metadata(keystore_dir)
-    
-    test_keyid = self.rsa_keyids[0]
-    self.mock_prompt(test_keyid)
-    
-    #  Specify old password and create a new password.
-    old_password = self.rsa_passwords[test_keyid]
-    new_password = self.random_string()
-
-    #  Mock method for signercli._get_password()
-    def _mock_get_password(msg, confirm=False, old_pw=old_password,
-        new_pw=new_password):
-      if msg.startswith('\nEnter the old password for the keyid: '):
-        return old_pw
-      else:
-        return new_pw
-
-    #  Patch signercli._get_password.
-    signercli._get_password = _mock_get_password
-
-
-    # TESTS
-    #  Test: normal case.
-    # Verify that the derived key is modified.  A new salt is generated, so
-    # we cannot predict or verify a specific derived key corresponding for
-    # the new password.  Save the derived key for 'test_keyid' and check that
-    # is updated.
-    old_derived_key = keystore._derived_keys[test_keyid]
-    signercli.change_password(keystore_dir)
-
-    #  Verify password change.
-    self.assertNotEqual(keystore._derived_keys[test_keyid], old_derived_key)
-
-    #  Test: non-existing keyid.
-    keystore.clear_keystore()
-    self.mock_prompt(self.random_string(15))
-    self.assertRaises(tuf.RepositoryError, signercli.change_password,
-                      keystore_dir)
-
-    #  Restore the prompt input to existing keyid.
-    self.mock_prompt(test_keyid)
-
-    #  Test: non-existing old password.
-    keystore.clear_keystore()
-    old_password = self.random_string()
-    self.assertRaises(tuf.RepositoryError, signercli.change_password,
-                      keystore_dir)
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-    signercli._get_metadata_directory = original_get_metadata_directory
-
-
-
-
-  def test_2_generate_rsa_key(self):
-
-    # SETUP
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-    
-    #  Method to patch signercli._get_password()
-    def _mock_get_password(junk, confirm=False):
-      return self.random_string()
-
-    #  Patch signercli._get_password()
-    signercli._get_password = _mock_get_password
-
-    #  Create a temp keystore directory.
-    keystore_dir = self.make_temp_directory()
-
-
-    # TESTS
-    #  Test: invalid rsa bits.
-    self.mock_prompt(1024)
-    self.assertRaises(tuf.RepositoryError, signercli.generate_rsa_key,
-                      keystore_dir)
-    #  Input appropriate number of rsa bits.
-    self.mock_prompt(3072)
-
-    #  Test: normal case.
-    signercli.generate_rsa_key(keystore_dir)
-
-    #  Was the key file added to the directory?
-    self.assertTrue(os.listdir(keystore_dir))
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-
-
-
-
-  def test_4_dump_key(self):
-
-    # SETUP
-    original_get_metadata_directory = signercli._get_metadata_directory
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-    
-    #  Creating root and target metadata requires an expiration date to be set.
-    #  Expiration date set to expires 100 seconds from the current time.
-    expiration_date = tuf.formats.format_time(time.time()+100)
-    expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] 
-    
-    #  Create keystore and repo directories.
-    keystore_dir = self.create_temp_keystore_directory()
-    repo_dir = self.make_temp_directory()
-    
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-        self.top_level_role_info)
-
-    #  Create a temp metadata directory.
-    meta_dir = self.make_temp_directory()
-
-    #  Patch signercli._get_metadata_directory().
-    self.mock_get_metadata_directory(directory=meta_dir)
-
-    #  Patch signercli._get_password().
-    self.get_passwords()
-    
-    #  Patch signercli._prompt().
-    self.mock_prompt(config_filepath)
-
-    signercli.make_root_metadata(keystore_dir)
-    
-    #  Create a directory containing target files.
-    targets_dir, targets_paths =\
-        self.make_temp_directory_with_data_files(directory=repo_dir)
-   
-    #  Mock method for signercli._prompt().
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-    signercli.make_targets_metadata(keystore_dir)
-    
-
-    keyid = self.rsa_keyids[0]
-    password = self.rsa_passwords[keyid]
-    show_priv = 'private'
-
-
-    #  Mock method for signercli._get_password().
-    def _mock_get_password(msg):
-      return password
-
-    #  Mock method for signercli._prompt().
-    def _mock_prompt(msg, junk):
-       if msg.startswith('\nEnter the keyid'):
-         return keyid
-       else:
-         return show_priv
-
-    #  Patch signercli._get_password().
-    signercli._get_password = _mock_get_password
-
-    #  Patch signercli._prompt().
-    signercli._prompt = _mock_prompt
-
-
-    # TESTS
-    #  Test: normal case.
-    signercli.dump_key(keystore_dir)
-
-    #  Test: incorrect password.
-    saved_pw = password
-    password = self.random_string()
-    self.assertRaises(tuf.RepositoryError, signercli.dump_key,
-                      keystore_dir)
-
-    #  Restore the correct password.
-    password = saved_pw
-
-    #  Test: non-existing keyid.
-    keyid = self.random_string()
-    self.assertRaises(tuf.RepositoryError, signercli.dump_key,
-                      keystore_dir)
-    keyid = self.rsa_keyids[0]
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-    signercli._get_metadata_directory = original_get_metadata_directory
-
-
-
-
-  def test_3_make_root_metadata(self):
-
-    # SETUP
-    original_get_metadata_directory = signercli._get_metadata_directory
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-    
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-        self.top_level_role_info)
-
-    #  Create a temp metadata directory.
-    meta_dir = self.make_temp_directory()
-
-    #  Patch signercli._get_metadata_directory().
-    self.mock_get_metadata_directory(directory=meta_dir)
-
-    #  Patch signercli._prompt().
-    self.mock_prompt(config_filepath)
-
-    #  Patch signercli._get_password().
-    self.get_passwords()
-
-    #  Create keystore directory.
-    keystore_dir = self.create_temp_keystore_directory()
-
-
-    # TESTS
-    #  Test: normal case.
-    signercli.make_root_metadata(keystore_dir)
-
-    #  Verify that the root metadata path was created.
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
-
-    #  Test: invalid config path.
-    #  Clear keystore's dictionaries.
-    keystore.clear_keystore()
-
-    #  Supply a non-existing path to signercli._prompt().
-    self.mock_prompt(self.random_path())
-    self.assertRaises(tuf.RepositoryError, signercli.make_root_metadata,
-                      keystore_dir)
-
-    #  Re-patch signercli._prompt() with valid config path.
-    self.mock_prompt(config_filepath)
-
-    #  Test: incorrect 'root' passwords.
-    #  Clear keystore's dictionaries.
-    keystore.clear_keystore()
-    keyids = self.top_level_role_info['root']['keyids']
-    for keyid in keyids:
-      saved_pw = self.rsa_passwords[keyid]
-      self.rsa_passwords[keyid] = self.random_string()
-      self.assertRaises(tuf.RepositoryError, signercli.make_root_metadata,
-                        keystore_dir)
-      self.rsa_passwords[keyid] = saved_pw
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-    signercli._get_metadata_directory = original_get_metadata_directory
-
-
-
-
-  def test_3_make_targets_metadata(self):
-
-    # SETUP
-    original_get_metadata_directory = signercli._get_metadata_directory
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-    
-    #  Creating target metadata requires an expiration date to be set.
-    #  Expiration date set to expires 100 seconds from the current time.
-    expiration_date = tuf.formats.format_time(time.time()+100)
-    expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] 
-
-    #  Create a temp repository and metadata directories.
-    repo_dir = self.make_temp_directory()
-    meta_dir = self.make_temp_directory(directory=repo_dir)
-
-    #  Create a directory containing target files.
-    targets_dir, targets_paths =\
-        self.make_temp_directory_with_data_files(directory=repo_dir)
-
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-
-    #  Patch signercli._get_metadata_directory()
-    self.mock_get_metadata_directory(directory=meta_dir)
-
-    #  Patch signercli._get_password().  Used in _get_role_config_keyids()
-    self.get_passwords()
-
-    #  Create keystore directory.
-    keystore_dir = self.create_temp_keystore_directory()
-
-    #  Mock method for signercli._prompt().
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-
-    # TESTS
-    #  Test: normal case.
-    signercli.make_targets_metadata(keystore_dir)
-
-    #  Verify that targets metadata file was created.
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
-
-    #  Test: invalid targets path.
-    #  Clear keystore's dictionaries.
-    keystore.clear_keystore()
-
-    #  Supply a non-existing targets directory.
-    """
-    self.make_metadata_mock_prompts(targ_dir=self.random_path(),
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-    self.assertRaises(tuf.RepositoryError, signercli.make_targets_metadata,
-                      keystore_dir)
-    """
-
-    #  Restore the targets directory.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-    #  Test: invalid config path.
-    #  Clear keystore's dictionaries.
-    keystore.clear_keystore()
-
-    #  Supply a non-existing config path.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=self.random_path(),
-                                    expiration=expiration_date)
-    self.assertRaises(tuf.RepositoryError, signercli.make_targets_metadata,
-                      keystore_dir)
-
-    #  Restore the config file path.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-    #  Test: invalid expiration date.
-    #  Clear keystore's dictionaries
-    keystore.clear_keystore()
-
-    #  Supply invalid expiration date.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=self.random_string())
-    self.assertRaises(tuf.RepositoryError, signercli.make_targets_metadata,
-                      keystore_dir)
-
-    #  Restore the config file path.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-    #  Test: incorrect 'targets' passwords.
-    #  Clear keystore's dictionaries.
-    keystore.clear_keystore()
-    keyids = self.top_level_role_info['targets']['keyids']
-    for keyid in keyids:
-      saved_pw = self.rsa_passwords[keyid]
-      self.rsa_passwords[keyid] = self.random_string()
-      self.assertRaises(tuf.RepositoryError, signercli.make_targets_metadata,
-                        keystore_dir)
-      self.rsa_passwords[keyid] = saved_pw
-    
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-    signercli._get_metadata_directory = original_get_metadata_directory
-
-
-
-
-  def test_4_make_release_metadata(self):
-
-    # SETUP
-    original_get_metadata_directory = signercli._get_metadata_directory
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-    
-    #  Creating release metadata requires an expiration date to be set.
-    #  Expiration date set to expires 100 seconds from the current time.
-    expiration_date = tuf.formats.format_time(time.time()+100)
-    expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] 
-    
-    #  In order to build release metadata file (release.txt),
-    #  root and targets metadata files (root.txt, targets.txt)
-    #  must exist in the metadata directory.
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-
-    #  Create a temp repository and metadata directories.
-    repo_dir = self.make_temp_directory()
-    meta_dir = self.make_temp_directory(repo_dir)
-
-    #  Create a directory containing target files.
-    targets_dir, targets_paths = \
-        self.make_temp_directory_with_data_files(directory=repo_dir)
-
-    #  Patch signercli._get_metadata_directory().
-    self.mock_get_metadata_directory(directory=meta_dir)
-
-    #  Patch signercli._get_password().  Used in _get_role_config_keyids().
-    self.get_passwords()
-
-    #  Create keystore directory.
-    keystore_dir = self.create_temp_keystore_directory()
-
-    #  Mock method for signercli._prompt().
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-
-    # TESTS
-    #  Test: no root.txt in the metadata dir.
-    signercli.make_targets_metadata(keystore_dir)
-
-    #  Verify that 'tuf.RepositoryError' is raised due to a missing root.txt.
-    keystore.clear_keystore()
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
-    self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata,
-                      keystore_dir)
-    os.remove(os.path.join(meta_dir,'targets.txt'))
-    keystore.clear_keystore()
-
-    #  Test: no targets.txt in the metadatadir.
-    signercli.make_root_metadata(keystore_dir)
-    keystore.clear_keystore()
-
-    #  Verify that 'tuf.RepositoryError' is raised due to a missing targets.txt.
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
-    self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata,
-                      keystore_dir)
-    os.remove(os.path.join(meta_dir,'root.txt'))
-    keystore.clear_keystore()
-
-    #  Test: normal case.
-    signercli.make_root_metadata(keystore_dir)
-    keystore.clear_keystore()
-    signercli.make_targets_metadata(keystore_dir)
-    keystore.clear_keystore()
-    signercli.make_release_metadata(keystore_dir)
-    keystore.clear_keystore()
-
-    #  Verify if the root, targets and release meta files were created.
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'release.txt')))
-
-    #  Test: invalid config path.
-    #  Supply a non-existing config file path.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-        conf_path=self.random_path(), expiration=expiration_date)
-    self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata,
-        keystore_dir)
-
-    #  Restore the config file path.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-        conf_path=config_filepath, expiration=expiration_date)
-
-    #  Test: incorrect 'release' passwords.
-    #  Clear keystore's dictionaries.
-    keystore.clear_keystore()
-    keyids = self.top_level_role_info['release']['keyids']
-    for keyid in keyids:
-      saved_pw = self.rsa_passwords[keyid]
-      self.rsa_passwords[keyid] = self.random_string()
-      self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata,
-          keystore_dir)
-      self.rsa_passwords[keyid] = saved_pw
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-    signercli._get_metadata_directory = original_get_metadata_directory
-
-
-
-
-  def test_5_make_timestamp_metadata(self):
-
-    # SETUP
-    original_get_metadata_directory = signercli._get_metadata_directory
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-
-    #  Creating the top-level metadata requires an expiration date to be set.
-    #  Expiration date set to expires 100 seconds from the current time.
-    expiration_date = tuf.formats.format_time(time.time()+100)
-    expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] 
-    
-    #  In order to build timestamp metadata file (timestamp.txt),
-    #  root, targets and release metadata files (root.txt, targets.txt
-    #  release.txt) must exist in the metadata directory.
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-
-    #  Create a temp repository and metadata directories.
-    repo_dir = self.make_temp_directory()
-    meta_dir = self.make_temp_directory(repo_dir)
-
-    #  Create a directory containing target files.
-    targets_dir, targets_paths = \
-        self.make_temp_directory_with_data_files(directory=repo_dir)
-
-    #  Patch signercli._get_metadata_directory().
-    self.mock_get_metadata_directory(directory=meta_dir)
-
-    #  Patch signercli._get_password().  Used in _get_role_config_keyids().
-    self.get_passwords()
-
-    #  Create keystore directory.
-    keystore_dir = self.create_temp_keystore_directory()
-
-    #  Mock method for signercli._prompt().
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-
-    # TESTS
-    #  Test: no root.txt in the metadata dir.
-    signercli.make_targets_metadata(keystore_dir)
-
-    #  Verify if the targets metadata file was created.
-    keystore.clear_keystore()
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
-    self.assertRaises(tuf.RepositoryError, signercli.make_timestamp_metadata,
-                      keystore_dir)
-    os.remove(os.path.join(meta_dir,'targets.txt'))
-    keystore.clear_keystore()
-
-    #  Test: no targets.txt in the metadatadir.
-    signercli.make_root_metadata(keystore_dir)
-
-    #  Verify if the root metadata file was created.
-    keystore.clear_keystore()
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
-    self.assertRaises(tuf.RepositoryError, signercli.make_timestamp_metadata,
-                      keystore_dir)
-    os.remove(os.path.join(meta_dir,'root.txt'))
-    keystore.clear_keystore()
-
-    #  Test: no release.txt in the metadatadir.
-    signercli.make_root_metadata(keystore_dir)
-    keystore.clear_keystore()
-    signercli.make_targets_metadata(keystore_dir)
-    keystore.clear_keystore()
-
-    #  Verify that 'tuf.Repository' is raised due to a missing release.txt.
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
-    self.assertRaises(tuf.RepositoryError, signercli.make_timestamp_metadata,
-                      keystore_dir)
-    os.remove(os.path.join(meta_dir,'root.txt'))
-    os.remove(os.path.join(meta_dir,'targets.txt'))
-    keystore.clear_keystore()
-
-    #  Test: normal case.
-    signercli.make_root_metadata(keystore_dir)
-    keystore.clear_keystore()
-    signercli.make_targets_metadata(keystore_dir)
-    keystore.clear_keystore()
-    signercli.make_release_metadata(keystore_dir)
-    keystore.clear_keystore()
-    signercli.make_timestamp_metadata(keystore_dir)
-    keystore.clear_keystore()
-
-    #  Verify if the root, targets and release metadata files were created.
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'release.txt')))
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'timestamp.txt')))
-
-    #  Test: invalid config path.
-    #  Supply a non-existing config file path.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=self.random_path(),
-                                    expiration=expiration_date)
-    self.assertRaises(tuf.RepositoryError,
-                      signercli.make_release_metadata, keystore_dir)
-
-    #  Restore the config file path.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-    #  Test: incorrect 'release' passwords.
-
-    #  Clear keystore's dictionaries.
-    keystore.clear_keystore()
-
-    keyids = self.top_level_role_info['release']['keyids']
-    for keyid in keyids:
-      saved_pw = self.rsa_passwords[keyid]
-      self.rsa_passwords[keyid] = self.random_string()
-      self.assertRaises(tuf.RepositoryError,
-                        signercli.make_release_metadata, keystore_dir)
-      self.rsa_passwords[keyid] = saved_pw
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._get_metadata_directory = original_get_metadata_directory
-
-
-
-
-  def test_6_sign_metadata_file(self):
-
-    # SETUP
-    original_get_metadata_directory = signercli._get_metadata_directory
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-    
-    #  Creating the top-level metadata requires an expiration date to be set.
-    #  Expiration date set to expires 100 seconds from the current time.
-    expiration_date = tuf.formats.format_time(time.time()+100)
-    expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] 
-    
-    #  To test this method, an RSA key will be created with
-    #  a password in addition to the existing RSA keys.
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-
-    #  Create a temp repository and metadata directories.
-    repo_dir = self.make_temp_directory()
-    meta_dir = self.make_temp_directory(repo_dir)
-
-    #  Create a directory containing target files.
-    targets_dir, targets_paths = \
-        self.make_temp_directory_with_data_files(directory=repo_dir)
-
-    #  Patch signercli._get_metadata_directory().
-    self.mock_get_metadata_directory(directory=meta_dir)
-
-    #  Patch signercli._get_password().  Used in _get_role_config_keyids().
-    self.get_passwords()
-
-    #  Create keystore directory.
-    keystore_dir = self.create_temp_keystore_directory()
-
-    #  Mock method for signercli._prompt().
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-    #  Create metadata files.
-    signercli.make_root_metadata(keystore_dir)
-    keystore.clear_keystore()
-    signercli.make_targets_metadata(keystore_dir)
-    keystore.clear_keystore()
-    signercli.make_release_metadata(keystore_dir)
-    keystore.clear_keystore()
-    signercli.make_timestamp_metadata(keystore_dir)
-    keystore.clear_keystore()
-
-    #  Verify if the root, targets and release meta files were created.
-    root_meta_filepath = os.path.join(meta_dir, 'root.txt')
-    targets_meta_filepath = os.path.join(meta_dir, 'targets.txt')
-    release_meta_filepath = os.path.join(meta_dir, 'release.txt')
-    timestamp_meta_filepath = os.path.join(meta_dir, 'timestamp.txt')
-
-    self.assertTrue(os.path.exists(root_meta_filepath))
-    self.assertTrue(os.path.exists(targets_meta_filepath))
-    self.assertTrue(os.path.exists(release_meta_filepath))
-    self.assertTrue(os.path.exists(timestamp_meta_filepath))
-
-
-    #  Create a new RSA key, indicate metadata filename.
-    new_keyid = self.generate_rsakey()
-    meta_filename = targets_meta_filepath
-
-    #  Create keystore directory.  New key is untouched.
-    keystore_dir = self.create_temp_keystore_directory(keystore_dicts=True)
-
-    #  List of keyids to be returned by _get_keyids()
-    signing_keyids = []
-
-    #  Method to patch signercli._get_keyids()
-    def _mock_get_keyids(junk):
-      return signing_keyids
-
-    #  Method to patch signercli._prompt().
-    def _mock_prompt(msg, junk):
-      return meta_filename
-
-    #  Patch signercli._get_keyids()
-    signercli._get_keyids = _mock_get_keyids
-
-    #  Patch signercli._prompt().
-    signercli._prompt = _mock_prompt
-
-
-    # TESTS
-    #  Test: no loaded keyids.
-    self.assertRaises(tuf.RepositoryError,
-                      signercli.sign_metadata_file, keystore_dir)
-
-    #  Load new keyid.
-    signing_keyids = [new_keyid]
-
-    #  Test: normal case.
-    signercli.sign_metadata_file(keystore_dir)
-
-    #  Verify the change.
-    self.assertTrue(os.path.exists(targets_meta_filepath))
-
-    #  Load targets metadata from the file ('targets.txt').
-    targets_metadata = tuf.util.load_json_file(targets_meta_filepath)
-    keyid_exists = False
-    for signature in targets_metadata['signatures']:
-      if new_keyid == signature['keyid']:
-        keyid_exists = True
-        break
-
-    self.assertTrue(keyid_exists)
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-    signercli._get_metadata_directory = original_get_metadata_directory
-
-
-
-
-  def test_7_make_delegation(self):
-    
-    # SETUP
-    original_get_metadata_directory = signercli._get_metadata_directory
-    original_prompt = signercli._prompt
-    original_get_password = signercli._get_password
-
-    #  Creating the top-level metadata requires an expiration date to be set.
-    #  Expiration date set to expires 100 seconds from the current time.
-    expiration_date = tuf.formats.format_time(time.time()+100)
-    expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] 
-
-    #  Create a temp repository and metadata directories.
-    repo_dir = self.make_temp_directory()
-    meta_dir = self.make_temp_directory(directory=repo_dir)
-
-    #  Create targets directories.
-    targets_dir, targets_paths =\
-        self.make_temp_directory_with_data_files(directory=repo_dir)
-    delegated_targets_dir = os.path.join(targets_dir,'targets',
-                                         'delegated_level1')
-
-    #  Assign parent role and name of the delegated role.
-    parent_role = 'targets'
-    delegated_role = 'delegated_role_1'
-
-    #  Create couple new RSA keys for delegation levels 1 and 2.
-    new_keyid_1 = self.generate_rsakey()
-    new_keyid_2 = self.generate_rsakey()
-
-    #  Create temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  Build a config file.
-    config_filepath = signerlib.build_config_file(config_dir, 365,
-                                                  self.top_level_role_info)
-
-    #  Patch signercli._get_metadata_directory().
-    self.mock_get_metadata_directory(directory=meta_dir)
-
-    #  Patch signercli._get_password().  Get passwords for parent's keyids.
-    self.get_passwords()
-
-    #  Create keystore directory.
-    keystore_dir = self.create_temp_keystore_directory()
-
-    #  Mock method for signercli._prompt() to generate targets.txt file.
-    self.make_metadata_mock_prompts(targ_dir=targets_dir,
-                                    conf_path=config_filepath,
-                                    expiration=expiration_date)
-
-    #  List of keyids to be returned by _get_keyids()
-    signing_keyids = [new_keyid_1]
-
-    #  Load keystore.
-    load_keystore = keystore.load_keystore_from_keyfiles
-
-    #  Build the root metadata file (root.txt).
-    signercli.make_root_metadata(keystore_dir)
-    
-    #  Build targets metadata file (targets.txt).
-    signercli.make_targets_metadata(keystore_dir)
-
-    #  Clear kestore's dictionaries.
-    keystore.clear_keystore()
-
-    #  Mock method for signercli._prompt().
-    def _mock_prompt(msg, junk):
-      if msg.startswith('\nThe paths entered'):
-        return delegated_targets_dir
-      elif msg.startswith('\nChoose and enter the parent'):
-        return parent_role
-      elif msg.startswith('\nEnter the delegated role\'s name: '):
-        return delegated_role
-      elif msg.startswith('\nCurrent time:'):
-        return expiration_date
-      else:
-        error_msg = ('Prompt: '+'\''+msg+'\''+
-                     ' did not match any predefined mock prompts.')
-        self.fail(error_msg)
-
-    #  Mock method for signercli._get_password().
-    def _mock_get_password(msg):
-      for keyid in self.rsa_keyids:
-        if msg.endswith('('+keyid+'): '):
-          return self.rsa_passwords[keyid]
-
-    #  Method to patch signercli._get_keyids()
-    def _mock_get_keyids(junk):
-      if signing_keyids:
-        for keyid in signing_keyids:
-          password = self.rsa_passwords[keyid]
-          #  Load the keyfile.
-          load_keystore(keystore_dir, [keyid], [password])
-      return signing_keyids
-
-    #  Patch signercli._prompt().
-    signercli._prompt = _mock_prompt
-
-    #  Patch signercli._get_password().
-    signercli._get_password = _mock_get_password
-
-    #  Patch signercli._get_keyids().
-    signercli._get_keyids = _mock_get_keyids
-
-
-    # TESTS
-    #  Test: invalid parent role.
-    #  Assign a non-existing parent role.
-    parent_role = self.random_string()
-    self.assertRaises(tuf.RepositoryError, signercli.make_delegation,
-                      keystore_dir)
-
-    #  Restore parent role.
-    parent_role = 'targets'
-
-    #  Test: invalid password(s) for parent's keyids.
-    keystore.clear_keystore()
-    parent_keyids = self.top_level_role_info[parent_role]['keyids']
-    for keyid in parent_keyids:
-      saved_pw = self.rsa_passwords[keyid]
-      self.rsa_passwords[keyid] = self.random_string()
-      self.assertRaises(tuf.RepositoryError, signercli.make_delegation,
-                        keystore_dir)
-      self.rsa_passwords[keyid] = saved_pw
-
-    #  Test: delegated_keyids == 0.
-    keystore.clear_keystore()
-
-    #  Load 0 keyids (== 0).
-    signing_keyids = []
-    self.assertRaises(tuf.RepositoryError, signercli.make_delegation,
-                      keystore_dir)
-    keystore.clear_keystore()
-
-    #  Restore signing_keyids (== 1).
-    signing_keyids = [new_keyid_1]
-
-    #  Test: normal case 1.
-    #  Testing first level delegation.
-    signercli.make_delegation(keystore_dir)
-
-    #  Verify delegated metadata file exists.
-    delegated_meta_file = os.path.join(meta_dir, parent_role,
-                                       delegated_role+'.txt')
-    self.assertTrue(os.path.exists(delegated_meta_file))
-
-    #  Test: normal case 2.
-    #  Testing second level delegation.
-    keystore.clear_keystore()
-
-    #  Make necessary adjustments for the test.
-    signing_keyids = [new_keyid_2]
-    delegated_targets_dir = os.path.join(delegated_targets_dir,
-                                         'delegated_level2')
-    parent_role = os.path.join(parent_role, delegated_role)
-    delegated_role = 'delegated_role_2'
-
-    signercli.make_delegation(keystore_dir)
-
-    #  Verify delegated metadata file exists.
-    delegated_meta_file = os.path.join(meta_dir, parent_role,
-                                       delegated_role+'.txt')
-    self.assertTrue(os.path.exists(delegated_meta_file))
-
-    # Test: normal case 3.
-    #  Testing delegated_keyids > 1.
-    #  Ensure make_delegation() sets 'threshold' = 2 for the delegated role.
-    keystore.clear_keystore()
-
-    #  Populate 'signing_keyids' with multiple keys, so the
-    #  the delegated metadata is set to a threshold > 1.
-    signing_keyids = [new_keyid_1, new_keyid_2]
-    parent_role = 'targets'
-    delegated_role = 'delegated_role_1'
-    
-    signercli.make_delegation(keystore_dir)
-
-    #  Verify delegated metadata file exists.
-    delegated_meta_file = os.path.join(meta_dir, parent_role,
-                                       delegated_role+'.txt')
-    self.assertTrue(os.path.exists(delegated_meta_file))
-
-    #  Verify the threshold value of the delegated metadata file
-    #  by inspecting the parent role's 'delegations' field.
-    parent_role_file = os.path.join(meta_dir, parent_role+'.txt')
-    signable = signerlib.read_metadata_file(parent_role_file)
-    delegated_rolename = parent_role+'/'+delegated_role
-
-    roles = signable['signed']['delegations']['roles']
-    role_index = signerlib.find_delegated_role(roles, delegated_rolename)
-    self.assertIsNotNone(role_index)
-    role = roles[role_index]
-
-    threshold = role['threshold']
-    self.assertTrue(threshold == 2)
-
-    # RESTORE
-    signercli._get_password = original_get_password
-    signercli._prompt = original_prompt
-    signercli._get_metadata_directory = original_get_metadata_directory
-
-
-def setUpModule():
-  # setUpModule() is called before any test cases run. 
-  # Populating 'rsa_keystore' and 'rsa_passwords' dictionaries.
-  # We will need them when creating keystore directories.
-  unittest_toolbox.Modified_TestCase.bind_keys_to_roles()
-
-
-def tearDownModule():
-  # tearDownModule() is called after all the test cases have run.
-  unittest_toolbox.Modified_TestCase.clear_toolbox()
-
-
-if __name__ == '__main__':
-  unittest.main()
diff --git a/tests/unit/deprecated/test_signerlib.py b/tests/unit/deprecated/test_signerlib.py
deleted file mode 100755
index a09f78fa..00000000
--- a/tests/unit/deprecated/test_signerlib.py
+++ /dev/null
@@ -1,986 +0,0 @@
-"""
-<Program Name>
-  test_signerlib.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  September 6, 2012
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Test_signerlib.py provides collection of methods that tries to test all the
-  units (methods) of the module under test.
-
-  This unittest module requires setting of rsa keys, keyids and such.
-  There is a method in unittest_toolbox.Modified_TestCase class
-  'bind_keys_to_roles()'.  This method  will set dictionaries
-  'top_level_role_info' and 'rsa_keystore'.
-
-  'top_level_role_info' corresponds to ROLEDICT_SCHEMA and it looks like this:
-    {'rolename': {'keyids': ['34345df32093bd12...'], 'threshold': 1}, ...}
-
-  'rsa_keystore' looks like this: {keyid : { -- RSAKEY_SCHEMA --}, ... }  or
-    {keyid : {'keytype': 'rsa', 'keyid': keyid,
-              'keyval': {'public': 'PUBLIC KEY',
-                         'private  ': 'PRIVATE KEY'}}, ... }
-
-  unittest_toolbox module was created to provide additional testing tools for
-  tuf's modules.  For more info see unittest_toolbox.py.
-
-
-<Methodology>
-  Unittests must follow a specific structure i.e. independent methods should
-  be tested prior to dependent methods. More accurately: least dependent methods
-  are tested before most dependent methods.  There is no reason to rewrite or
-  construct other methods that replicate already-tested methods solely for
-  testing purposes.  This is possible because 'unittest.TestCase' class guarantees
-  the order of unit tests.  So that, 'test_something_A' method would be tested
-  before 'test_something_B'.  To ensure the structure a number will be placed
-  after 'test' and before methods name like so 'test_1_check_directory'.  The
-  number is sort of a measure of dependence, where 1 is less dependent than 2.
-
-"""
-
-import os
-import tempfile
-import filecmp
-import shutil
-import ConfigParser
-import gzip
-import logging
-import unittest
-
-import tuf
-import tuf.log
-import tuf.util
-import tuf.formats as formats
-import tuf.repo.signerlib as signerlib
-import tuf.repo.keystore
-import tuf.tests.unittest_toolbox as unittest_toolbox
-
-
-logger = logging.getLogger('tuf.test_signerlib')
-
-# 'unittest_toolbox.Modified_TestCase' is too long, I'll set it to 'unit_tbox'.
-unit_tbox = unittest_toolbox.Modified_TestCase
-
-
-
-class TestSignerlib(unit_tbox):
-  
-  def setUp(self):
-    unit_tbox.setUp(self)
-
-
-
-
-  def tearDown(self):
-    unit_tbox.tearDown(self)
-
-
-
-
-  # Test methods.
-  def test_1_get_metadata_filenames(self):
-
-    # SETUP
-    metadata_dir = self.make_temp_directory()
-    empty_dir = ''
-
-    def _get_metadata_filenames(test_metadata_dir):
-      filenames = signerlib.get_metadata_filenames(test_metadata_dir)
-      if test_metadata_dir is None:
-        test_metadata_dir = '.'
-
-      #  Check if a dictionary instance with 4 mappings is returned.
-      self.assertTrue(isinstance(filenames, dict))
-      self.assertFalse(not filenames, 'Empty dictionary returned.')
-      self.assertEqual(len(filenames), 4)
-
-      #  Check if all the keys in 'filenames' dictionary
-      #  correspond to 'role_list' items i.e. all top level
-      #  roles are include in the 'filenames' with their
-      #  appropriate paths as values.
-      for role in unit_tbox.role_list:
-        value_at_role = os.path.join(test_metadata_dir, role+'.txt')
-        self.assertTrue(role in filenames)
-        self.assertEqual(filenames[role], value_at_role)
-
-    # Run _get_metadata_filenames(arg) trying different arguments.
-    self.assertRaises(tuf.FormatError, signerlib.get_metadata_filenames, 123)
-    _get_metadata_filenames(metadata_dir)
-    _get_metadata_filenames(empty_dir)
-
-
-
-
-
-  def test_1_get_metadata_file_info(self):
-
-    # SETUP
-    temp_file_path = self.make_temp_data_file()
-    rand_str = self.random_string()
-
-
-    # TESTS
-    #  Test: improper arguments that should raise exceptions.
-    self.assertRaises(tuf.Error, signerlib.get_metadata_file_info, '')
-    self.assertRaises(tuf.FormatError, signerlib.get_metadata_file_info,
-                      123)
-    self.assertRaises(tuf.FormatError, signerlib.get_metadata_file_info,
-                      {rand_str: rand_str})
-    self.assertRaises(tuf.FormatError, signerlib.get_metadata_file_info,
-                      [rand_str, rand_str])
-
-    #  Make sure the format return by 'get_metadata_file_info'
-    #  matches tuf.formats.FILEINFO_SCHEMA.
-    file_info = signerlib.get_metadata_file_info(temp_file_path)
-    self.assertTrue(formats.FILEINFO_SCHEMA.matches(file_info))
-
-
-
-
-
-  def test_1_generate_and_save_rsa_key(self):
-    """
-    generate_and_save_rsa_key() is independent from all the other methods in
-    signerlib.  In order to test this method all we need is to create a temp
-    directory and a sample password.
-    """
-
-    # SETUP
-    keystore_dir = self.make_temp_directory()
-    password = self.random_string()
-
-
-    # TESTS
-    #  Test: Run generate_and_save_rsa_key().
-    rsakey = signerlib.generate_and_save_rsa_key(keystore_dir, password)
-    self.assertTrue(formats.RSAKEY_SCHEMA.matches(rsakey))
-
-    #  Test: Check if rsa key file was created.
-    key_path = os.path.join(keystore_dir, rsakey['keyid']+'.key')
-    self.assertTrue(os.path.exists(key_path))
-
-
-
-
-
-  def test_1_read_config_file(self):
-    """
-    A short test of 'read_config_file' method.  Using a tuple
-    that contains config dictionary and a config file containing
-    the same dictionary, test if 'read_config_file' returns a
-    dictionary corresponding to the supplied config dictionary when
-    config file is passes.
-    """
-
-    # SETUP
-    #  'base_config' is a tuple containing a config file path and
-    #  a corresponding config dictionary.  Note, make sure appropriate
-    #  suffix is set.  In our case it will be 'signerlib.CONFIG_FILENAME'.
-    base_config = self.make_temp_config_file(suffix=signerlib.CONFIG_FILENAME)
-
-
-    # TESTS
-    #  Test: normal case.
-    self.assertTrue(signerlib.read_config_file(base_config[0]),
-                    base_config[1])
-
-    #  Test: Incorrect arguments.
-    self.assertRaises(tuf.FormatError, signerlib.read_config_file, 123)
-    self.assertRaises((tuf.Error, tuf.FormatError), signerlib.read_config_file,
-                      '')
-    self.assertRaises((tuf.Error, tuf.FormatError), signerlib.read_config_file,
-                      'junk/dir/'+self.random_string())
-    self.assertRaises(tuf.FormatError, signerlib.read_config_file,
-                      [self.random_string()])
-
-
-
-
-
-  def test_1_generate_targets_metadata(self):
-
-    # SETUP
-    generate_targets_meta = signerlib.generate_targets_metadata
-    version = 8
-    expiration_date = '1985-10-26 01:20:00 UTC'
-
-    #  Generate target files.
-    #  'repo_dir' represents repository base.
-    #  'target_files' represents a list of relative target paths.
-    repo_dir, target_files = self.make_temp_directory_with_data_files()
-
-
-    # TESTS
-    #  Test: Run the generate_targets_metadata().  Test its return value.
-    #  Its return value should correspond to tuf.formats.SIGNABLE_SCHEMA
-    target_signable_obj = generate_targets_meta(repo_dir, target_files,
-                                                version, expiration_date)
-
-    #  Test: Validate input.
-    self.assertTrue(formats.SIGNABLE_SCHEMA.matches(target_signable_obj))
-
-    #  Test: Incorrect arguments.
-    self.assertRaises(tuf.FormatError, generate_targets_meta,
-                                       self.random_string(), expiration_date,
-                                       repo_dir, target_files)
-    self.assertRaises(tuf.FormatError, generate_targets_meta,
-                                       repo_dir, self.random_string(),
-                                       repo_dir, target_files)
-    self.assertRaises(tuf.FormatError, generate_targets_meta,
-                                       version, expiration_date,
-                                       self.random_string(), target_files)
-    self.assertRaises(tuf.FormatError, generate_targets_meta,
-                                       version, expiration_date,
-                                       repo_dir, self.random_string())
-    self.assertRaises(tuf.FormatError, generate_targets_meta,
-                                       version, expiration_date,
-                                       repo_dir, [self.random_string(), 1234])
-    self.assertRaises(tuf.Error, generate_targets_meta,
-                                 version, expiration_date,
-                                 self.random_path(), target_files)
-
-
-
-
-
-  def test_1_check_directory(self):
-    """
-    Quick test to ensure that the method returns valid output.
-    """
-
-    # SETUP
-    temp_dir, _junk = self.make_temp_directory_with_data_files()
-    rand_str = self.random_string()
-
-
-    # TESTS
-    #  Test: normal case, check proper output.
-    self.assertEqual(signerlib.check_directory(temp_dir), temp_dir)
-
-    #  Test: Incorrect arguments.
-    self.assertRaises(tuf.FormatError, signerlib.check_directory, 1234)
-    self.assertRaises(tuf.FormatError, signerlib.check_directory, [rand_str])
-    self.assertRaises(tuf.FormatError, signerlib.check_directory,
-                      {rand_str: rand_str})
-    self.assertRaises(tuf.Error, signerlib.check_directory, self.random_path())
-
-
-
-
-
-  def test_1_write_metadata_file(self):
-
-    # SETUP
-    #  Create temp directory to be prevent any relative path discrepancies.
-    meta_dir = self.make_temp_directory()
-
-    #  Create a temp file to store 'metadata' info in.
-    meta_file = self.make_temp_file(directory=meta_dir)
-
-    #  Use valid input for json obj.
-    signable_dict = {'signatures':[], 'signed':{'role':'info'}}
-
-
-    # TESTS
-    #  Test: normal case.
-    signerlib.write_metadata_file(signable_dict, meta_file)
-
-    #  Extract the content of the temp file.
-    stored_signable_dict = tuf.util.load_json_file(meta_file)
-
-    #  Check if object stored in the file corresponds to SIGNABLE_SCHEMA.
-    self.assertTrue(formats.SIGNABLE_SCHEMA.matches(stored_signable_dict))
-
-    #  Does original dictionary 'signable_dict' matches dictionary retrieved
-    #  from the file - 'stored_signable_dict'?
-    self.assertEqual(signable_dict, stored_signable_dict)
-
-    #  Test: Incorrect arguments.
-    self.assertRaises(tuf.FormatError, signerlib.write_metadata_file,'','')
-    self.assertRaises(tuf.FormatError, signerlib.write_metadata_file,
-                      [self.random_string()], meta_file)
-    self.assertRaises(tuf.FormatError, signerlib.write_metadata_file,
-                      signable_dict, [self.random_string()])
-    self.assertRaises(tuf.Error, signerlib.write_metadata_file, signable_dict,
-                      self.random_path())
-    self.assertRaises(tuf.FormatError, signerlib.write_metadata_file,
-                      {self.random_string(): self.random_string()},
-                      self.random_path())
-
-
-
-  def test_2_build_config_file(self):
-    """
-    This method tests build_config_file().
-    Previously tested signerlib's read_config_file() is used here.
-    """
-
-    # SETUP
-    #  Declare timeout.
-    days = 365  # number of days
-
-    #  Make a temp directory for config file.
-    config_dir = self.make_temp_directory()
-
-    #  For 'role_info' argument we going to use 'self.top_level_role_info'
-    #  dictionary.  There is more info in the beginning of this test
-    #  module, also in the test.unittest_toolbox module.
-    roledict_info = self.top_level_role_info
-
-
-    # TESTS
-    #  Test: normal case.
-    #  Run build_config_file().  The method is expected to return file
-    #  path of the config file.  We'll compare it to 'roledict_info'.
-    build_config = signerlib.build_config_file
-    config_path = build_config(config_file_directory=config_dir,
-                               timeout=days, role_info=roledict_info)
-
-    #  Check if 'config_path' directory exists.
-    self.assertTrue(os.path.exists(config_path))
-
-    #  Using 'signerlib.read_config_file' method extract config dictionary
-    #  that was stored.
-    config_dict = signerlib.read_config_file(config_path)
-
-    #  Remove 'expiration' key from the extracted config dictionary, since
-    #  initial role dictionary does not have this field.
-    del config_dict['expiration']
-
-    #  Compare the initial dictionary 'roledict_info' with extracted
-    #  dictionary 'config_dict'.  They have to match.
-    self.assertTrue(config_dict, roledict_info)
-
-    #  Test: exceptions on bogus arguments.
-    self.assertRaises(tuf.Error, signerlib.build_config_file,
-                      self.random_path(), 365, roledict_info)
-    self.assertRaises(tuf.FormatError, signerlib.build_config_file,
-                      config_dir, -1, roledict_info)
-    self.assertRaises(tuf.FormatError, signerlib.build_config_file,
-                      config_dir, 365, self.directory_dictionary)
-
-
-
-  def test_3_generate_root_metadata(self):
-    """
-    test_3_build_root_metadata() is based on two other signerlib methods
-    i.e. build_config_file() and read_config_file().  Hence, 3rd level.
-    """
-
-    # SETUP
-    original_get_key = tuf.repo.keystore.get_key
-    build_config = signerlib.build_config_file
-    version = 8
-
-    #  Create a temp directory to hold a config file.
-    config_dir = self.make_temp_directory()
-
-    #  Create config file using previously tested build_config_file().
-    config_path = build_config(config_dir, 365, self.top_level_role_info)
-
-    #  Create a config file without a 'targets' role section.
-    notargets_conf_dir = self.make_temp_directory()
-    saved_targets_role = self.top_level_role_info['targets']
-    del self.top_level_role_info['targets']
-    notargets_conf_path = build_config(notargets_conf_dir, 365,
-                                       self.top_level_role_info)
-
-    #  Restore top_level_role_info to initial state.
-    self.top_level_role_info['targets'] = saved_targets_role
-
-
-    # TESTS
-    #  Test: What if keystore is not set up?
-    self.assertRaises(tuf.UnknownKeyError, signerlib.generate_root_metadata,
-                      config_path, version)
-
-    #  Patch keystore's get_key method.  No harm is done here since correct
-    #  arguments are passed and keystore methods are tested separately.
-    tuf.repo.keystore.get_key = self.get_keystore_key
-
-    #  Test: normal case.  Pass a correct config path.
-    root_meta = signerlib.generate_root_metadata(config_path, version)
-
-    #  Check if the returned dictionary corresponds to SIGNABLE_SCHEMA.
-    self.assertTrue(formats.SIGNABLE_SCHEMA.matches(root_meta))
-
-    #  Test: bogus arguments.
-    self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
-                      notargets_conf_path, version)
-    self.assertRaises(tuf.Error, signerlib.generate_root_metadata, '', version)
-    self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
-                      self.random_string(), version)
-    self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
-                      {self.random_string(): self.random_string()}, version)
-    self.assertRaises(tuf.FormatError, signerlib.generate_root_metadata,
-                      config_path, self.random_string())    
-                          
-
-    # RESTORE
-    tuf.repo.keystore.get_key = original_get_key
-
-
-
-
-  def test_4_sign_metadata(self):
-    """
-    test_4_sign_metadata() will require us to create metadata using one of
-    the generate_role_metadata() and use monkey patched keystore's get_key().
-    """
-
-    # SETUP.
-    original_get_key = tuf.repo.keystore.get_key
-    
-    for role in ['root', 'targets']:
-
-      role_info = self._get_role_info(role)
-      filename = role+'.txt'
-
-
-      # TESTS
-      #  Test: normal case.
-      signable = signerlib.sign_metadata(role_info[0], role_info[1],
-                                         filename)
-
-      #  Check if signable is returned.
-      self.assertTrue(formats.SIGNABLE_SCHEMA.matches(signable))
-
-      #  Test: Incorrect arguments.
-      self.assertRaises(tuf.FormatError, signerlib.sign_metadata,
-                        self.random_string(), role_info[1], filename)
-      self.assertRaises(tuf.FormatError, signerlib.sign_metadata,
-                        role_info[0], 12345, filename)
-
-      #  Test: Verifying 'keytype' value, once is sufficient.
-      if role == 'root':
-        #  Alter 'keytype' value of the rsa key.  Restore it after.
-        for keyid in role_info[1]:
-          key = self.get_keystore_key(keyid)
-          key['keytype'] = 'unknown_type'
-        self.assertRaises(tuf.Error, signerlib.sign_metadata, role_info[0],
-            role_info[1], filename)
-
-        #  Restoring the initial state of rsa_keystore.
-        for keyid in role_info[1]:
-          key = self.get_keystore_key(keyid)
-          key['keytype'] = 'rsa'
-
-    # RESTORE
-    tuf.repo.keystore.get_key = original_get_key
-
-
-
-  def test_5_build_root_file(self):
-    """
-    test_5_build_root_file() relies on previously tested signerlib's
-    generate_root_metadata(), sign_metadata() and write_metadata_file().
-    build_root_file() basically joins these methods together to create
-    root.txt.
-
-    Test Outline: Get signed metadata and other info of a root role.
-    'root_meta' is a tuple - see _get_role_meta() and _get_signed_role_info().
-    Run build_root_file() with created parameters 'config_path', 'root_keyids'
-    and 'meta_dir'.  Verify existence of the created directory.  Extract
-    content of the file and verify that it matches original 'signed_root_meta'
-    dictionary.  Test various bogus parameters.
-    """
-
-    # SETUP
-    original_get_key = tuf.repo.keystore.get_key
-    version = 8
-    
-    signed_root_meta, root_info = self._get_signed_role_info('root')
-    root_keyids = root_info[1]
-    config_path = root_info[3]
-    meta_dir = root_info[2]  # Reuse config's directory.
-
-
-    # TESTS
-    #  Test: normal case.
-    root_filepath = signerlib.build_root_file(config_path, root_keyids,
-                                              meta_dir, version)
-
-    #  Check existence of the file and validity of it's content.
-    self.assertTrue(os.path.exists(root_filepath))
-    file_content = tuf.util.load_json_file(root_filepath)
-    self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
-    root_metadata = file_content['signed']
-    self.assertTrue(tuf.formats.ROOT_SCHEMA.matches(root_metadata))
-
-    #  Test: various exceptions.
-    self.assertRaises(tuf.Error, signerlib.build_root_file,
-        self.random_path(), root_keyids, meta_dir, version)
-    self.assertRaises(tuf.FormatError, signerlib.build_root_file,
-        config_path, self.random_string(), meta_dir, version)
-    self.assertRaises(tuf.Error, signerlib.build_root_file,
-        config_path, root_keyids, self.random_path(), version)
-    self.assertRaises(tuf.Error, signerlib.build_root_file,
-        config_path, root_keyids, meta_dir, self.random_string())
-
-    # RESTORE
-    tuf.repo.keystore.get_key = original_get_key
-
-
-
-
-  def test_5_build_targets_file(self):
-    """
-    test_5_build_targets_file() relies on previously tested signerlib's
-    generate_targets_metadata(), sign_metadata() and write_metadata_file().
-    build_targets_file() basically joins these methods together to create
-    targets.txt.
-    """
-
-    # SETUP
-    original_get_key = tuf.repo.keystore.get_key
-    version = 8
-    expiration_date = '1985-10-26 01:20:00 UTC'
-
-    signed_targets_meta, targets_info = self._get_signed_role_info('targets')
-
-    #  'targets_info' is a tuple that includes targets meta, repository dir,
-    #  list of target files.
-    targets_keyids = targets_info[1]
-    repo_dir = targets_info[2]
-    meta_dir = os.path.join(repo_dir, 'metadata')
-    os.mkdir(meta_dir)
-    targets_dir = os.path.join(repo_dir, 'targets')
-
-    # TESTS
-    #  Test: normal case.
-    targets_filepath = signerlib.build_targets_file([targets_dir],
-                                                    targets_keyids, meta_dir,
-                                                    version, expiration_date)
-
-    #  Check existence of the file and validity of it's content.
-    self.assertTrue(os.path.exists(targets_filepath))
-    file_content = tuf.util.load_json_file(targets_filepath)
-    self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
-    targets_metadata = file_content['signed']
-    self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))
-
-    #  Test: various exceptions.
-    self.assertRaises(tuf.FormatError, signerlib.build_targets_file,
-        [targets_dir], self.random_string(), meta_dir, version, expiration_date)
-    self.assertRaises((tuf.FormatError, tuf.Error), signerlib.build_targets_file,
-        [targets_dir], targets_keyids, self.random_path(), version, expiration_date)
-    self.assertRaises((tuf.FormatError, tuf.Error), signerlib.build_targets_file,
-        [targets_dir], targets_keyids, meta_dir, self.random_string(), expiration_date)
-    self.assertRaises((tuf.FormatError, tuf.Error), signerlib.build_targets_file,
-        [targets_dir], targets_keyids, meta_dir, version, self.random_string())
-
-    # RESTORE
-    tuf.repo.keystore.get_key = original_get_key
-
-
-
-
-  def test_6_generate_release_metadata(self):
-    """
-    test_6_generate_release_metadata() uses previously tested
-    singnerlib's build_root_file(), build_targets_file()
-    and get_metadata_file_info.  In order to use generate_release_metadata()
-    we need to have root.txt and targets.txt in the metadata directory,
-    plus we need to have targets directory (with target files/directories).
-    """
-
-    # SETUP
-    original_get_key = tuf.repo.keystore.get_key
-    version = 8
-    expiration_date = '1985-10-26 01:20:00 UTC'
-    
-    #  Create root.txt and targets.txt as described above.
-    meta_dir = self._create_root_and_targets_meta_files()
-
-
-    # TESTS
-    #  Test: Run generate_release_metadata().
-    release_meta = signerlib.generate_release_metadata(meta_dir,
-                                                       version, expiration_date)
-
-    #  Verify that created metadata dictionary corresponds to
-    #  SIGNABLE_SCHEMA and its 'signed' value to RELEASE_SCHEMA.
-    self.assertTrue(formats.SIGNABLE_SCHEMA.matches(release_meta))
-    self.assertTrue(formats.RELEASE_SCHEMA.matches(release_meta['signed']))
-
-    #  Test: exceptions.
-    self.assertRaises(tuf.Error, signerlib.generate_release_metadata,
-                      self.random_path(), version, expiration_date)
-    self.assertRaises(tuf.FormatError, signerlib.generate_release_metadata,
-                      ['junk'], version, expiration_date)
-    self.assertRaises(tuf.Error, signerlib.generate_release_metadata,
-                      meta_dir, self.random_string(), expiration_date)
-    self.assertRaises(tuf.Error, signerlib.generate_release_metadata,
-                      meta_dir, version, self.random_string())
-
-
-    # RESTORE
-    tuf.repo.keystore.get_key = original_get_key
-
-
-
-
-  def test_7_build_release_file(self):
-    """
-    test_7_build_release_file() uses previously tested
-    generate_release_metadata().
-    """
-
-    # SETUP
-    original_get_key = tuf.repo.keystore.get_key
-    version = 8
-    expiration_date = '1985-10-26 01:20:00 UTC'
-    
-    #  Create root.txt and targets.txt as described above.  Also, get signed
-    #  release metadata to compare it with the content of the file
-    signed_release_meta, release_info = self._get_signed_role_info('release')
-    meta_dir = release_info[2]
-    release_keyids = release_info[1]
-
-
-    # TESTS
-    #  Test: normal case.
-    release_filepath = signerlib.build_release_file(release_keyids, meta_dir,
-                                                    version, expiration_date)
-
-    # Check if 'release.txt' file was created in metadata directory.
-    self.assertTrue(os.path.exists(release_filepath))
-    file_content = tuf.util.load_json_file(release_filepath)
-    self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
-    release_metadata = file_content['signed']
-    self.assertTrue(tuf.formats.RELEASE_SCHEMA.matches(release_metadata))
-    
-    #  Test: exceptions.
-    self.assertRaises(tuf.Error, signerlib.build_release_file, release_keyids,
-                      self.random_path(), version, expiration_date)
-    self.assertRaises(tuf.FormatError, signerlib.build_release_file,
-                      self.random_string(), meta_dir, version, expiration_date)
-    self.assertRaises(tuf.FormatError, signerlib.build_release_file,
-                      release_keyids, meta_dir, self.random_string(),
-                      expiration_date)
-    self.assertRaises(tuf.FormatError, signerlib.build_release_file,
-                      release_keyids, meta_dir, version, self.random_string())
-
-    # RESTORE
-    tuf.repo.keystore.get_key = original_get_key
-
-
-
-
-  def test_8_generate_timestamp_metadata(self):
-    """
-    test_8_generate_timestamp_metadata() uses previously tested
-    build_release_file()
-    """
-
-    # SETUP
-    original_get_key = tuf.repo.keystore.get_key
-    version = 8
-    expiration_date = '1985-10-26 01:20:00 UTC'
-    
-    generate_timestamp_meta = signerlib.generate_timestamp_metadata
-
-    #  Create release metadata and create 'release.txt' file.
-    junk, release_keyids, meta_dir = self._get_role_info('release')
-    signerlib.build_release_file(release_keyids, meta_dir, version,
-                                 expiration_date)
-    release_filepath = os.path.join(meta_dir, 'release.txt')
-
-    #  To test compression we need to create compressed 'release.txt'.
-    #  The 'release.txt' should exist at this point, compress it.
-    release_file = open(release_filepath, 'rb')
-    gzipped_release = open(release_filepath+'.gz', 'wb')
-    gzipped_release.writelines(release_file)
-    gzipped_release.close()
-    release_file.close()
-
-
-    # TESTS
-    #  Test: normal case.
-    timestamp_meta = generate_timestamp_meta(release_filepath, version,
-                                             expiration_date)
-
-    #  Verify metadata formats.
-    self.assertTrue(formats.SIGNABLE_SCHEMA.matches(timestamp_meta))
-    self.assertTrue(formats.TIMESTAMP_SCHEMA.matches(timestamp_meta['signed']))
-
-    #  Test: normal case (with compression).
-    timestamp_meta = generate_timestamp_meta(release_filepath+'.gz', version,
-                                             expiration_date)
-
-    #  Verify metadata formats.
-    self.assertTrue(formats.SIGNABLE_SCHEMA.matches(timestamp_meta))
-    self.assertTrue(formats.TIMESTAMP_SCHEMA.matches(timestamp_meta['signed']))
-
-    #  Test: invalid path.
-    self.assertRaises(tuf.Error, generate_timestamp_meta, self.random_path(),
-                                 version, expiration_date)
-    self.assertRaises(tuf.FormatError, generate_timestamp_meta, release_filepath,
-                                       self.random_string(), expiration_date)
-    self.assertRaises(tuf.FormatError, generate_timestamp_meta, release_filepath,
-                                       version, self.random_string())
-
-    # RESTORE
-    tuf.repo.keystore.get_key = original_get_key
-
-
-
-
-  def test_9_build_timestamp_file(self):
-    """
-    test_9_build_timestamp_file() uses previously tested
-    generate_timestamp_metadata().
-    """
-
-    # SETUP
-    original_get_key = tuf.repo.keystore.get_key
-    version = 8
-    expiration_date = '1985-10-26 01:20:00 UTC'
-    
-    #  Create all necessary files and metadata i.e. signed timestamp
-    #  metadata, timestamp keyids, 'release.txt', 'root.txt', 'targets.txt',
-    #  target files, etc.
-    signed_timestamp_meta, timestamp_info = \
-        self._get_signed_role_info('timestamp')
-
-    timestamp_keyids = timestamp_info[1]
-    meta_dir = timestamp_info[2]
-
-
-    # TESTS
-    #  Test: normal case.
-    timestamp_filepath = signerlib.build_timestamp_file(timestamp_keyids,
-                                                        meta_dir, version,
-                                                        expiration_date)
-
-    # Check if 'timestamp.txt' file was created in metadata directory.
-    self.assertTrue(os.path.exists(timestamp_filepath))
-    file_content = tuf.util.load_json_file(timestamp_filepath)
-    self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
-    timestamp_metadata = file_content['signed']
-    self.assertTrue(tuf.formats.TIMESTAMP_SCHEMA.matches(timestamp_metadata))
-
-    #  Test: try bogus parameters.
-    self.assertRaises(tuf.Error, signerlib.build_timestamp_file,
-                      timestamp_keyids, self.random_path(), version,
-                      expiration_date)
-    self.assertRaises(tuf.FormatError, signerlib.build_timestamp_file,
-                      self.random_string(), meta_dir, version, expiration_date)
-    self.assertRaises(tuf.FormatError, signerlib.build_timestamp_file,
-                      timestamp_keyids, meta_dir, self.random_string(),
-                      expiration_date)
-    self.assertRaises(tuf.FormatError, signerlib.build_timestamp_file,
-                      timestamp_keyids, meta_dir, version, self.random_string())
-
-    # RESTORE
-    tuf.repo.keystore.get_key = original_get_key
-
-
-
-
-  def test_9_get_target_keyids(self):
-
-    # SETUP
-    original_get_key = tuf.repo.keystore.get_key
-    version = 8
-    expiration_date = '1985-10-26 01:20:00 UTC'
-    
-    #  Create metadata directory and targets metadata file.
-    meta_dir = self._create_root_and_targets_meta_files()
-
-    signed_targets_meta, targets_info = self._get_signed_role_info('targets')
-
-    #  'targets_info' is a tuple that includes targets meta, repository dir,
-    #  list of target files.
-    targets_keyids = targets_info[1]
-    repo_dir = targets_info[2]
-    meta_dir = os.path.join(repo_dir, 'metadata')
-    os.mkdir(meta_dir)
-    targets_dir = os.path.join(repo_dir, 'targets')
-
-    # TESTS
-    #  Test: normal case.
-    targets_filepath = signerlib.build_targets_file([targets_dir],
-                                                    targets_keyids, meta_dir,
-                                                    version, expiration_date)
-
-    #  Check existence of the file and validity of it's content.
-    self.assertTrue(os.path.exists(targets_filepath))
-    file_content = tuf.util.load_json_file(targets_filepath)
-    self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
-    targets_metadata = file_content['signed']
-    self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))
-    #  TODO: Generate some delegation metadata files.
-    
-    #  Test: normal case.
-    _target_keyids = signerlib.get_target_keyids(meta_dir)
-    for keyid in targets_keyids:
-      self.assertTrue(keyid in _target_keyids['targets'])
-
-    # RESTORE
-    tuf.repo.keystore.get_key = original_get_key
-
-
-
-
-
-  # HELPER METHODS
-  # Call these non-test methods ONLY in methods that begin with 'test'.
-  def _create_root_and_targets_meta_files(self, repo_dir=None):
-    """
-    This method generates temp root.txt and target.txt, it uses following
-    previously tested signerlib's methods:
-      build_root_file()
-      build_targets_file()
-    """
-
-    # The version number and expiration date for the root and target
-    # metadata created.
-    version = 8
-    expiration_date = '1985-10-26 01:20:00 UTC'
-
-    if not repo_dir:
-      # Create repository directory.
-      repo_dir = self.make_temp_directory()
-
-    # Create metadata directory.
-    meta_dir = os.path.join(repo_dir, 'metadata')
-    os.mkdir(meta_dir)
-
-    # Create root.txt.
-    junk, root_keyids, repo_dir, config_path = \
-        self._get_role_info('root', directory=repo_dir)
-    signerlib.build_root_file(config_path, root_keyids, meta_dir, version)
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
-
-    # Create targets.txt.
-    junk, targets_keyids, repo_dir, target_files = \
-        self._get_role_info('targets', directory=repo_dir)
-    path_to_targets = os.path.join(repo_dir, 'targets')
-    signerlib.build_targets_file([path_to_targets], targets_keyids, meta_dir,
-                                 version, expiration_date)
-    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
-
-    return meta_dir
-
-
-
-
-
-  def _get_role_info(self, role, directory=None):
-    """
-    This method generates role's metadata dictionary, it uses previously
-    tested signerlib's methods.  Note that at everything maintains the order.
-    Nothing that has not been tested previously is used in any of the
-    following conditions.
-
-    <Arguments>
-      directory:
-        Directory of a config file.
-
-    <Returns>
-      Tuple (role's metadata(not signed), role's keyids, directory, optional)
-
-    """
-    
-    # The version number and expiration date for metadata files created.
-    version = 8
-    expiration_date = '1985-10-26 01:20:00 UTC'
-
-
-    if not directory:
-      # Create a temp directory to hold a config file.
-      directory = self.make_temp_directory()
-
-    # Get role's keyids.
-    role_keyids = self.top_level_role_info[role]['keyids']
-
-
-    if role == 'root':
-      #  Create config file using previously tested build_config_file().
-      config_path = signerlib.build_config_file(directory, 365,
-                                                self.top_level_role_info)
-
-      #  Patch keystore's get_key method.
-      tuf.repo.keystore.get_key = self.get_keystore_key
-
-      #  Create root metadata.
-      root_meta = signerlib.generate_root_metadata(config_path, version)
-      return root_meta, role_keyids, directory, config_path
-
-    elif role == 'targets':
-      # Generate target files.
-      # 'repo_dir' represents repository base.
-      # 'target_files' represents a list of relative target paths.
-      repo_dir, target_files = \
-          self.make_temp_directory_with_data_files(directory=directory)
-
-      #  Patch keystore's get_key method.
-      tuf.repo.keystore.get_key = self.get_keystore_key
-      
-      # Run the 'signerlib.generate_targets_metadata'.  Test its return value.
-      # Its return value should correspond to tuf.formats.SIGNABLE_SCHEMA
-      targets_meta = signerlib.generate_targets_metadata(repo_dir, target_files,
-                                                         version, 
-                                                         expiration_date)
-      return targets_meta, role_keyids, repo_dir, target_files
-
-    elif role == 'release':
-      # Generate 'root.txt' and 'targets.txt' with targets directory in
-      # the repository containing files and directories.
-      meta_dir = self._create_root_and_targets_meta_files()
-      release_meta = signerlib.generate_release_metadata(meta_dir, version,
-                                                         expiration_date)
-      return release_meta, role_keyids, meta_dir
-
-    elif role == 'timestamp':
-      # Generate 'release.txt' which includes creation of 'root.txt',
-      # 'targets.txt' and target files.
-      junk, release_keyids, meta_dir = self._get_role_info('release')
-      signerlib.build_release_file(release_keyids, meta_dir, version,
-                                   expiration_date)
-      release_filepath = os.path.join(meta_dir, 'release.txt')
-
-      # Generate timestamp metadata.
-      timestamp_meta = signerlib.generate_timestamp_metadata(release_filepath,
-                                                             version,
-                                                             expiration_date)
-      return timestamp_meta, role_keyids, meta_dir
-
-    else:
-      logger.warning('\nUnrecognized top-level role.')
-
-
-
-
-
-  def _get_signed_role_info(self, role, directory=None):
-    role_info = self._get_role_info(role, directory=directory)
-    filename = repr(role+'.txt')
-
-    # Try sign_metadata(), see if signable is returned.
-    signed_meta = signerlib.sign_metadata(role_info[0], role_info[1],
-                                          filename)
-    return signed_meta, role_info
-
-
-def setUpModule():
-  # setUpModule() is called before any test cases run.
-  # Generate rsa keys and roles dictionary dictionaries.
-  unit_tbox.bind_keys_to_roles()
-
-def tearDownModule():
-  # tearDownModule() is called after all the test cases have run.
-  unit_tbox.clear_toolbox()
-  tuf.repo.keystore.clear_keystore()
-
-
-if __name__ == '__main__':
-  unittest.main()
diff --git a/tests/unit/simple_server.py b/tests/unit/simple_server.py
deleted file mode 100755
index 217bdeed..00000000
--- a/tests/unit/simple_server.py
+++ /dev/null
@@ -1,48 +0,0 @@
-"""
-<Program>
-  simple_server.py
- 
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  February 15, 2012
-  
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  This is a basic server that was designed to be used in conjunction with 
-  test_download.py to test download.py module. 
-
-<Referencesi>
-  SimpleHTTPServer:
-    http://docs.python.org/library/simplehttpserver.html#module-SimpleHTTPServer
-
-"""
-
-import sys
-import random
-import SimpleHTTPServer
-import SocketServer
-
-PORT = 0
-
-def _port_gen():
-  return random.randint(30000, 45000)
-
-if len(sys.argv) > 1:
-  try:
-    PORT = int(sys.argv[1])
-    if PORT < 30000 or PORT > 45000:
-      raise ValueError
-  except ValueError:
-    PORT = _port_gen()
-else:
-  PORT = _port_gen()
-
-Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
-httpd = SocketServer.TCPServer(("", PORT), Handler)
-
-#print "PORT: ", PORT
-httpd.serve_forever()
diff --git a/tests/unit/statement_coverage.py b/tests/unit/statement_coverage.py
deleted file mode 100755
index 6c40b0d5..00000000
--- a/tests/unit/statement_coverage.py
+++ /dev/null
@@ -1,86 +0,0 @@
-"""
-<Program Name>
-  statement_coverage.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  March 20, 2013.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Measure test coverage.
-
-NOTE: This script is based on third party software.  In order to use this
-script install Ned Batchelder's coverage.py: 
-http://nedbatchelder.com/code/coverage/
-
-
-"""
-
-import os
-import sys
-
-# Try to import coverage.py.  Coverage.py is a third party software.
-try:
-  coverage = __import__('coverage')
-except ImportError, error:
-  error_msg = ("\nIt appears that coverage.py is not installed.  Install "+
-               "Ned Batchelder's coverage.py "+
-               "('http://nedbatchelder.com/code/coverage/') and try again.\n")
-  print error_msg
-  raise
-
-
-cov = coverage.coverage()
-cov.start()
-
-try:
-  current_directory = os.getcwd()
-  current_directory_content = os.listdir(current_directory)
-
-  # Find test scripts and import them.
-  test_modules = []  # Test modules.
-  tested_modules = []  # Modules that are tested by the 'test_modules'.
-
-  for _file in current_directory_content:
-    if _file.startswith('test') and _file.endswith('.py'):
-
-      _file = os.path.splitext(_file)[0]
-      test_modules.append(_file)
-
-      # Import the module.
-      try:
-        module = __import__(_file)
-      except ImportError, error:
-        print 'Unable to load the module: '+_file
-        raise
-
-      _file = '.'+_file[5:]
-      tested_modules.append(_file)
-
-finally:
-  cov.stop()
-
-
-# Include quickstart.
-tested_modules.remove('.quickstart')
-tested_modules.append('quickstart')
-
-# Extracting tuf modules.
-tuf_modules = {}  # list of all loaded tuf modules.
-for module_name in sys.modules:
-  if module_name.startswith('tuf') or module_name.startswith('quickstart'):
-    tuf_modules[module_name] = sys.modules[module_name]
-
-# Tested module paths.
-tested_module_paths = []
-for module_name in tuf_modules:
-  for tested_module in tested_modules:
-    if module_name.endswith(tested_module):
-      tested_module_paths.append(tuf_modules[module_name].__file__)
-
-cov.report(tested_module_paths)
\ No newline at end of file
diff --git a/tests/unit/test_util_test_tools.py b/tests/unit/test_util_test_tools.py
deleted file mode 100755
index bfd86d7f..00000000
--- a/tests/unit/test_util_test_tools.py
+++ /dev/null
@@ -1,171 +0,0 @@
-#!/usr/bin/env python
-
-"""
-<Program Name>
-  test_util_test_tools.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  February 26, 2012
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Test util_test_tools.
-
-"""
-import os
-import urllib
-import unittest
-
-import tuf.tests.util_test_tools as util_test_tools
-import tuf.repo.keystore
-
-
-class test_UtilTestTools(unittest.TestCase):
-  def setUp(self):
-    unittest.TestCase.setUp(self)
-
-    # Ensure the keystore is empty prior to initializing the repository
-    # generated by 'util_test_tools'.
-    tuf.repo.keystore.clear_keystore()
-
-    # Unpacking necessary parameters returned from init_repo()
-    essential_params = util_test_tools.init_repo(using_tuf=True)
-    self.root_repo = essential_params[0] 
-    self.url = essential_params[1]
-    self.server_proc = essential_params[2]
-    self.keyids = essential_params[3]
-    # TODO: In the line below, 'util_test_tools.init_repo' does
-    # not return the interposition config and this unit test
-    # does not directly use it.  WIP? 
-    #self.interpose_json = essential_params[4] 
-
-  def tearDown(self):
-    unittest.TestCase.tearDown(self)
-
-    # 'util_test_tools.cleanup()' should clear the keystore...
-    util_test_tools.cleanup(self.root_repo, self.server_proc)
-
-    # Clear the keystore here just in case.
-    tuf.repo.keystore.clear_keystore()
-
-
-#================================================#
-#  Below are a few quick tests that make sure    #
-#  everything works smoothly in util_test_tools. #
-#================================================#
-
-  # A few quick internal tests to see if everything runs smoothly.
-  def test_direct_download(self):
-    # Setup.
-    reg_repo = os.path.join(self.root_repo, 'reg_repo')
-    downloads = os.path.join(self.root_repo, 'downloads')
-    filepath = util_test_tools.add_file_to_repository(reg_repo, 'Test')
-    file_basename = os.path.basename(filepath)
-    url_to_reg_repo = self.url+'reg_repo/'+file_basename
-    downloaded_file = os.path.join(downloads, file_basename)
-
-    # Test direct download using 'urllib.urlretrieve'.
-    urllib.urlretrieve(url_to_reg_repo, downloaded_file)
-    self.assertTrue(os.path.isfile(downloaded_file))
-
-    # Verify the content of the downloaded file.
-    downloaded_content = util_test_tools.read_file_content(downloaded_file)
-    self.assertEquals('Test', downloaded_content)
-
-
-
-
-
-  def test_correct_directory_structure(self):
-    # Verify following directories exists: '{root_repo}/reg_repo/',
-    # '{root_repo}/downloads/.
-    self.assertTrue(os.path.isdir(os.path.join(self.root_repo, 'reg_repo')))
-    self.assertTrue(os.path.isdir(os.path.join(self.root_repo, 'downloads')))
-
-    # Verify that all necessary TUF-paths exist.
-    tuf_repo = os.path.join(self.root_repo, 'tuf_repo')
-    tuf_client = os.path.join(self.root_repo, 'tuf_client')
-    metadata_dir = os.path.join(tuf_repo, 'metadata')
-    current_dir = os.path.join(tuf_client, 'metadata', 'current')
-
-    # Verify '{root_repo}/tuf_repo/metadata/role.json' paths exists.
-    for role in ['root', 'targets', 'snapshot', 'timestamp']:
-      # Repository side.
-      role_file = os.path.join(metadata_dir, role+'.json')
-      self.assertTrue(os.path.isfile(role_file))
-
-      # Client side.
-      role_file = os.path.join(current_dir, role+'.json')
-      self.assertTrue(os.path.isfile(role_file))
-
-    # Verify '{root_repo}/tuf_repo/keystore/keyid.key' exists.
-    keys_list = os.listdir(os.path.join(tuf_repo, 'keystore'))
-    self.assertEquals(len(keys_list), 1)
-
-    # Verify '{root_repo}/tuf_repo/targets/' directory exists.
-    self.assertTrue(os.path.isdir(os.path.join(tuf_repo, 'targets')))
-
-
-
-
-
-  def test_methods(self):
-    """
-    Making sure following methods work as intended:
-    - add_file_to_repository(data)
-    - modify_file_at_repository(filepath, data)
-    - delete_file_at_repository(filepath)
-    - read_file_content(filepath)
-    - tuf_refresh_repo()
-    - tuf_refresh_and_download()
-
-    Note: here file at the 'filepath' and the 'target' file at tuf-targets
-    directory are identical files.
-    Ex: filepath = '{root_repo}/reg_repo/file.json'
-        target = '{root_repo}/tuf_repo/targets/file.json'
-    """
-
-    reg_repo = os.path.join(self.root_repo, 'reg_repo')
-    tuf_repo = os.path.join(self.root_repo, 'tuf_repo')
-    downloads = os.path.join(self.root_repo, 'downloads')
-
-    # Test 'add_file_to_repository(directory, data)' and
-    # read_file_content(filepath) methods.
-    filepath = util_test_tools.add_file_to_repository(reg_repo, 'Test')
-    self.assertTrue(os.path.isfile(filepath))
-    self.assertEquals(os.path.dirname(filepath), reg_repo)
-    filepath_content = util_test_tools.read_file_content(filepath)
-    self.assertEquals('Test', filepath_content)
-
-    # Test 'modify_file_at_repository(filepath, data)' method.
-    filepath = util_test_tools.modify_file_at_repository(filepath, 'Modify')
-    self.assertTrue(os.path.exists(filepath))
-    filepath_content = util_test_tools.read_file_content(filepath)
-    self.assertEquals('Modify', filepath_content)
-
-    # Test 'tuf_refresh_repo' method.
-    util_test_tools.tuf_refresh_repo(self.root_repo, self.keyids)
-    file_basename = os.path.basename(filepath)
-    target = os.path.join(tuf_repo, 'targets', file_basename)
-    self.assertTrue(os.path.isfile(target))
-
-    # Test 'delete_file_at_repository(filepath)' method.
-    util_test_tools.delete_file_at_repository(filepath)
-    self.assertFalse(os.path.exists(filepath))
-
-    # Test 'tuf_refresh_repo' method once more.
-    util_test_tools.tuf_refresh_repo(self.root_repo, self.keyids)
-    file_basename = os.path.basename(filepath)
-    target = os.path.join(tuf_repo, 'targets', file_basename)
-    self.assertFalse(os.path.isfile(target))
-
-
-
-
-if __name__ == '__main__':
-  unittest.main()
diff --git a/tuf/tests/unittest_toolbox.py b/tests/unittest_toolbox.py
old mode 100644
new mode 100755
similarity index 99%
rename from tuf/tests/unittest_toolbox.py
rename to tests/unittest_toolbox.py
index d425fe76..ee0ac170
--- a/tuf/tests/unittest_toolbox.py
+++ b/tests/unittest_toolbox.py
@@ -27,11 +27,11 @@
 import ConfigParser
 
 import tuf.keys
-import tuf.repo.keystore as keystore
+#import tuf.repo.keystore as keystore
 
 # Modify the number of iterations (from the higher default count) so the unit
 # tests run faster.
-keystore._PBKDF2_ITERATIONS = 1000
+#keystore._PBKDF2_ITERATIONS = 1000
 
 
 class Modified_TestCase(unittest.TestCase):
diff --git a/tuf/README.md b/tuf/README.md
index 52f9214c..404438e5 100644
--- a/tuf/README.md
+++ b/tuf/README.md
@@ -170,6 +170,7 @@ Not enough signatures for 'path/to/repository/metadata.staged/targets.json'
 
 ```python
 # Continuing from the previous section . . .
+import datetime
 
 # Generate keys for the remaining top-level roles.  The root keys have been set above.
 # The password argument may be omitted if a password prompt is needed. 
@@ -200,7 +201,7 @@ repository.timestamp.load_signing_key(private_timestamp_key)
 
 # Optionally set the expiration date of the timestamp role.  By default, roles are set to expire
 # as follows:  root(1 year), targets(3 months), snapshot(1 week), timestamp(1 day).
-repository.timestamp.expiration = "2014-10-28 12:08:00"
+repository.timestamp.expiration = datetime.datetime(2014, 10, 28, 12, 08)
 
 # Metadata files may also be compressed.  Only "gz" is currently supported.
 repository.targets.compressions = ["gz"]
diff --git a/tuf/__init__.py b/tuf/__init__.py
index 14a61f6c..eefde2d8 100755
--- a/tuf/__init__.py
+++ b/tuf/__init__.py
@@ -22,6 +22,7 @@
 
 import urlparse
 
+
 # Import 'tuf.formats' if a module tries to import the
 # entire tuf package (i.e., from tuf import *). 
 __all__ = ['formats']
@@ -134,12 +135,7 @@ class ForbiddenTargetError(RepositoryError):
 
 class ExpiredMetadataError(Error):
   """Indicate that a TUF Metadata file has expired."""
-
-  def __init__(self, expiry_time):
-    self.expiry_time = expiry_time # UTC
-
-  def __str__(self):
-    return 'Metadata expired on '+str(self.expiry_time)+'.'
+  pass
 
 
 
diff --git a/tuf/_vendor/__init__.py b/tuf/_vendor/__init__.py
old mode 100644
new mode 100755
diff --git a/tuf/_vendor/iso8601/LICENSE b/tuf/_vendor/iso8601/LICENSE
new file mode 100644
index 00000000..471acb7b
--- /dev/null
+++ b/tuf/_vendor/iso8601/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2007 - 2013 Michael Twomey
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/tuf/_vendor/iso8601/README.rst b/tuf/_vendor/iso8601/README.rst
new file mode 100644
index 00000000..e854dee9
--- /dev/null
+++ b/tuf/_vendor/iso8601/README.rst
@@ -0,0 +1,170 @@
+Simple module to parse ISO 8601 dates
+
+This module parses the most common forms of ISO 8601 date strings (e.g.
+2007-01-14T20:34:22+00:00) into datetime objects.
+
+>>> import iso8601
+>>> iso8601.parse_date("2007-01-25T12:00:00Z")
+datetime.datetime(2007, 1, 25, 12, 0, tzinfo=<iso8601.iso8601.Utc ...>)
+>>>
+
+See the LICENSE file for the license this package is released under.
+
+If you want more full featured parsing look at:
+
+- http://labix.org/python-dateutil - python-dateutil
+
+Parsed Formats
+==============
+
+You can parse full date + times, or just the date. In both cases a datetime instance is returned but with missing times defaulting to 0, and missing days / months defaulting to 1.
+
+Dates
+-----
+
+- YYYY-MM-DD
+- YYYYMMDD
+- YYYY-MM (defaults to 1 for the day)
+- YYYY (defaults to 1 for month and day)
+
+Times
+-----
+
+- hh:mm:ss.nn
+- hhmmss.nn
+- hh:mm (defaults to 0 for seconds)
+- hhmm (defaults to 0 for seconds)
+- hh (defaults to 0 for minutes and seconds)
+
+Time Zones
+----------
+
+- Nothing uses the default timezone given (UTC).
+- Z (UTC)
+- +/-hh:mm
+- +/-hhmm
+- +/-hh
+
+Where it Differs From ISO 8601
+==============================
+
+Known differences from the ISO 8601 spec:
+
+- You can use a " " (space) instead of T for separating date from time.
+- Days and months without a leading 0 (2 vs 02) will be parsed.
+- If time zone information is omitted the default time zone given is used (which in turn defaults to UTC). Use a default of None to yield naive datetime instances.
+
+Homepage
+========
+
+- https://bitbucket.org/micktwomey/pyiso8601/
+
+This was originally hosted at https://code.google.com/p/pyiso8601/
+
+References
+==========
+
+- http://en.wikipedia.org/wiki/ISO_8601
+
+- http://www.cl.cam.ac.uk/~mgk25/iso-time.html - simple overview
+
+- http://hydracen.com/dx/iso8601.htm - more detailed enumeration of valid formats.
+
+Testing
+=======
+
+1. pip install -r dev-requirements.txt
+2. tox
+
+Note that you need all the pythons installed to perform a tox run (see below). Homebrew helps a lot on the mac, however you wind up having to add cellars to your PATH or symlinking the pythonX.Y executables.
+
+Alternatively, to test only with your current python:
+
+1. pip install -r dev-requirements.txt
+2. py.test --verbose iso8601
+
+Supported Python Versions
+=========================
+
+Tested against:
+
+- Python 2.6
+- Python 2.7
+- Python 3.2
+- Python 3.3
+- PyPy
+
+Python 3.0 and 3.1 are untested but should work (tests didn't run under them when last tried).
+
+Jython is untested but should work (tests failed to run).
+
+Python 2.5 is not supported (too old for the tests for the most part). It could work with some small changes but I'm not supporting it.
+
+Changes
+=======
+
+0.1.10
+------
+
+* Fixes https://bitbucket.org/micktwomey/pyiso8601/issue/14/regression-yyyy-mm-no-longer-parses (thanks to Kevin Gill for reporting)
+* Adds YYYY as a valid date (uses 1 for both month and day)
+* Woo, semantic versioning, .10 at last.
+
+0.1.9
+-----
+
+* Lots of fixes tightening up parsing from jdanjou. In particular more invalid cases are treated as errors. Also includes fixes for tests (which is how these invalid cases got in in the first place).
+* Release addresses https://bitbucket.org/micktwomey/pyiso8601/issue/13/new-release-based-on-critical-bug-fix
+
+0.1.8
+-----
+
+* Remove +/- chars from README.rst and ensure tox tests run using LC_ALL=C. The setup.py egg_info command was failing in python 3.* on some setups (basically any where the system encoding wasn't UTF-8). (https://bitbucket.org/micktwomey/pyiso8601/issue/10/setuppy-broken-for-python-33) (thanks to klmitch)
+
+0.1.7
+-----
+
+* Fix parsing of microseconds (https://bitbucket.org/micktwomey/pyiso8601/issue/9/regression-parsing-microseconds) (Thanks to dims and bnemec)
+
+0.1.6
+-----
+
+* Correct negative timezone offsets (https://bitbucket.org/micktwomey/pyiso8601/issue/8/015-parses-negative-timezones-incorrectly) (thanks to Jonathan Lange)
+
+0.1.5
+-----
+
+* Wow, it's alive! First update since 2007
+* Moved over to https://bitbucket.org/micktwomey/pyiso8601
+* Add support for python 3. https://code.google.com/p/pyiso8601/issues/detail?id=23 (thanks to zefciu)
+* Switched to py.test and tox for testing
+* Make seconds optional in date format ("1997-07-16T19:20+01:00" now valid). https://bitbucket.org/micktwomey/pyiso8601/pull-request/1/make-the-inclusion-of-seconds-optional-in/diff (thanks to Chris Down)
+* Correctly raise ParseError for more invalid inputs (https://bitbucket.org/micktwomey/pyiso8601/issue/1/raise-parseerror-for-invalid-input) (thanks to manish.tomar)
+* Support more variations of ISO 8601 dates, times and time zone specs.
+* Fix microsecond rounding issues (https://bitbucket.org/micktwomey/pyiso8601/issue/2/roundoff-issues-when-parsing-decimal) (thanks to nielsenb@jetfuse.net)
+* Fix pickling and deepcopy of returned datetime objects (https://bitbucket.org/micktwomey/pyiso8601/issue/3/dates-returned-by-parse_date-do-not) (thanks to fogathmann and john@openlearning.com)
+* Fix timezone offsets without a separator (https://bitbucket.org/micktwomey/pyiso8601/issue/4/support-offsets-without-a-separator) (thanks to joe.walton.gglcd)
+* "Z" produces default timezone if one is specified (https://bitbucket.org/micktwomey/pyiso8601/issue/5/z-produces-default-timezone-if-one-is) (thanks to vfaronov). This one may cause problems if you've been relying on default_timezone to use that timezone instead of UTC. Strictly speaking that was wrong but this is potentially backwards incompatible.
+* Handle compact date format (https://bitbucket.org/micktwomey/pyiso8601/issue/6/handle-compact-date-format) (thanks to rvandolson@esri.com)
+
+0.1.4
+-----
+
+* The default_timezone argument wasn't being passed through correctly, UTC was being used in every case. Fixes issue 10.
+
+0.1.3
+-----
+
+* Fixed the microsecond handling, the generated microsecond values were way too small. Fixes issue 9.
+
+0.1.2
+-----
+
+* Adding ParseError to __all__ in iso8601 module, allows people to import it. Addresses issue 7.
+* Be a little more flexible when dealing with dates without leading zeroes. This violates the spec a little, but handles more dates as seen in the field. Addresses issue 6.
+* Allow date/time separators other than T.
+
+0.1.1
+-----
+
+* When parsing dates without a timezone the specified default is used. If no default is specified then UTC is used. Addresses issue 4.
diff --git a/tuf/_vendor/iso8601/__init__.py b/tuf/_vendor/iso8601/__init__.py
new file mode 100644
index 00000000..11b1adcb
--- /dev/null
+++ b/tuf/_vendor/iso8601/__init__.py
@@ -0,0 +1 @@
+from .iso8601 import *
diff --git a/tuf/_vendor/iso8601/iso8601.py b/tuf/_vendor/iso8601/iso8601.py
new file mode 100644
index 00000000..becdd958
--- /dev/null
+++ b/tuf/_vendor/iso8601/iso8601.py
@@ -0,0 +1,202 @@
+"""ISO 8601 date time string parsing
+
+Basic usage:
+>>> import iso8601
+>>> iso8601.parse_date("2007-01-25T12:00:00Z")
+datetime.datetime(2007, 1, 25, 12, 0, tzinfo=<iso8601.iso8601.Utc ...>)
+>>>
+
+"""
+
+from datetime import (
+    datetime,
+    timedelta,
+    tzinfo
+)
+from decimal import Decimal
+import logging
+import sys
+import re
+
+__all__ = ["parse_date", "ParseError"]
+
+LOG = logging.getLogger(__name__)
+
+if sys.version_info >= (3, 0, 0):
+    _basestring = str
+else:
+    _basestring = basestring
+
+
+# Adapted from http://delete.me.uk/2005/03/iso8601.html
+ISO8601_REGEX = re.compile(
+    r"""
+    (?P<year>[0-9]{4})
+    (
+        (
+            (-(?P<monthdash>[0-9]{1,2}))
+            |
+            (?P<month>[0-9]{2})
+            (?!$)  # Don't allow YYYYMM
+        )
+        (
+            (
+                (-(?P<daydash>[0-9]{1,2}))
+                |
+                (?P<day>[0-9]{2})
+            )
+            (
+                (
+                    (?P<separator>[ T])
+                    (?P<hour>[0-9]{2})
+                    (:{0,1}(?P<minute>[0-9]{2})){0,1}
+                    (
+                        :{0,1}(?P<second>[0-9]{1,2})
+                        (\.(?P<second_fraction>[0-9]+)){0,1}
+                    ){0,1}
+                    (?P<timezone>
+                        Z
+                        |
+                        (
+                            (?P<tz_sign>[-+])
+                            (?P<tz_hour>[0-9]{2})
+                            :{0,1}
+                            (?P<tz_minute>[0-9]{2}){0,1}
+                        )
+                    ){0,1}
+                ){0,1}
+            )
+        ){0,1}  # YYYY-MM
+    ){0,1}  # YYYY only
+    $
+    """,
+    re.VERBOSE
+)
+
+class ParseError(Exception):
+    """Raised when there is a problem parsing a date string"""
+
+# Yoinked from python docs
+ZERO = timedelta(0)
+class Utc(tzinfo):
+    """UTC
+
+    """
+    def utcoffset(self, dt):
+        return ZERO
+
+    def tzname(self, dt):
+        return "UTC"
+
+    def dst(self, dt):
+        return ZERO
+
+UTC = Utc()
+
+class FixedOffset(tzinfo):
+    """Fixed offset in hours and minutes from UTC
+
+    """
+    def __init__(self, offset_hours, offset_minutes, name):
+        self.__offset_hours = offset_hours  # Keep for later __getinitargs__
+        self.__offset_minutes = offset_minutes  # Keep for later __getinitargs__
+        self.__offset = timedelta(hours=offset_hours, minutes=offset_minutes)
+        self.__name = name
+
+    def __eq__(self, other):
+        if isinstance(other, FixedOffset):
+            return (
+                (other.__offset == self.__offset)
+                and
+                (other.__name == self.__name)
+            )
+        if isinstance(other, tzinfo):
+            return other == self
+        return False
+
+    def __getinitargs__(self):
+        return (self.__offset_hours, self.__offset_minutes, self.__name)
+
+    def utcoffset(self, dt):
+        return self.__offset
+
+    def tzname(self, dt):
+        return self.__name
+
+    def dst(self, dt):
+        return ZERO
+
+    def __repr__(self):
+        return "<FixedOffset %r %r>" % (self.__name, self.__offset)
+
+def to_int(d, key, default_to_zero=False, default=None, required=True):
+    """Pull a value from the dict and convert to int
+
+    :param default_to_zero: If the value is None or empty, treat it as zero
+    :param default: If the value is missing in the dict use this default
+
+    """
+    value = d.get(key) or default
+    LOG.debug("Got %r for %r with default %r", value, key, default)
+    if (value in ["", None]) and default_to_zero:
+        return 0
+    if value is None:
+        if required:
+            raise ParseError("Unable to read %s from %s" % (key, d))
+    else:
+        return int(value)
+
+def parse_timezone(matches, default_timezone=UTC):
+    """Parses ISO 8601 time zone specs into tzinfo offsets
+
+    """
+
+    if matches["timezone"] == "Z":
+        return UTC
+    # This isn't strictly correct, but it's common to encounter dates without
+    # timezones so I'll assume the default (which defaults to UTC).
+    # Addresses issue 4.
+    if matches["timezone"] is None:
+        return default_timezone
+    sign = matches["tz_sign"]
+    hours = to_int(matches, "tz_hour")
+    minutes = to_int(matches, "tz_minute", default_to_zero=True)
+    description = "%s%02d:%02d" % (sign, hours, minutes)
+    if sign == "-":
+        hours = -hours
+        minutes = -minutes
+    return FixedOffset(hours, minutes, description)
+
+def parse_date(datestring, default_timezone=UTC):
+    """Parses ISO 8601 dates into datetime objects
+
+    The timezone is parsed from the date string. However it is quite common to
+    have dates without a timezone (not strictly correct). In this case the
+    default timezone specified in default_timezone is used. This is UTC by
+    default.
+    """
+    if not isinstance(datestring, _basestring):
+        raise ParseError("Expecting a string %r" % datestring)
+    m = ISO8601_REGEX.match(datestring)
+    if not m:
+        raise ParseError("Unable to parse date string %r" % datestring)
+    groups = m.groupdict()
+    LOG.debug("Parsed %s into %s with default timezone %s", datestring, groups, default_timezone)
+
+    tz = parse_timezone(groups, default_timezone=default_timezone)
+
+    groups["second_fraction"] = int(Decimal("0.%s" % (groups["second_fraction"] or 0)) * Decimal("1000000.0"))
+
+    try:
+        return datetime(
+            year=to_int(groups, "year"),
+            month=to_int(groups, "month", default=to_int(groups, "monthdash", required=False, default=1)),
+            day=to_int(groups, "day", default=to_int(groups, "daydash", required=False, default=1)),
+            hour=to_int(groups, "hour", default_to_zero=True),
+            minute=to_int(groups, "minute", default_to_zero=True),
+            second=to_int(groups, "second", default_to_zero=True),
+            microsecond=groups["second_fraction"],
+            tzinfo=tz,
+        )
+    except Exception as e:
+        raise ParseError(e)
diff --git a/tuf/_vendor/iso8601/test_iso8601.py b/tuf/_vendor/iso8601/test_iso8601.py
new file mode 100644
index 00000000..ed2d45a0
--- /dev/null
+++ b/tuf/_vendor/iso8601/test_iso8601.py
@@ -0,0 +1,97 @@
+# coding=UTF-8
+from __future__ import absolute_import
+
+import copy
+import datetime
+import pickle
+
+import pytest
+
+from iso8601 import iso8601
+
+def test_iso8601_regex():
+    assert iso8601.ISO8601_REGEX.match("2006-10-11T00:14:33Z")
+
+def test_parse_no_timezone_different_default():
+    tz = iso8601.FixedOffset(2, 0, "test offset")
+    d = iso8601.parse_date("2007-01-01T08:00:00", default_timezone=tz)
+    assert d == datetime.datetime(2007, 1, 1, 8, 0, 0, 0, tz)
+    assert d.tzinfo == tz
+
+def test_parse_utc_different_default():
+    """Z should mean 'UTC', not 'default'.
+
+    """
+    tz = iso8601.FixedOffset(2, 0, "test offset")
+    d = iso8601.parse_date("2007-01-01T08:00:00Z", default_timezone=tz)
+    assert d == datetime.datetime(2007, 1, 1, 8, 0, 0, 0, iso8601.UTC)
+
+@pytest.mark.parametrize("invalid_date, error_string", [
+    ("2013-10-", "Unable to parse date string"),
+    ("2013-", "Unable to parse date string"),
+    ("", "Unable to parse date string"),
+    (None, "Expecting a string"),
+    ("wibble", "Unable to parse date string"),
+    ("23", "Unable to parse date string"),
+    ("131015T142533Z", "Unable to parse date string"),
+    ("131015", "Unable to parse date string"),
+    ("20141", "Unable to parse date string"),
+    ("201402", "Unable to parse date string"),
+    ("2007-06-23X06:40:34.00Z", "Unable to parse date string"),  # https://code.google.com/p/pyiso8601/issues/detail?id=14
+    ("2007-06-23 06:40:34.00Zrubbish", "Unable to parse date string"),  # https://code.google.com/p/pyiso8601/issues/detail?id=14
+    ("20114-01-03T01:45:49", "Unable to parse date string"),
+])
+def test_parse_invalid_date(invalid_date, error_string):
+    assert isinstance(invalid_date, str) or invalid_date is None  # Why? 'cos I've screwed up the parametrize before :)
+    with pytest.raises(iso8601.ParseError) as exc:
+        iso8601.parse_date(invalid_date)
+    assert exc.errisinstance(iso8601.ParseError)
+    assert str(exc.value).startswith(error_string)
+
+@pytest.mark.parametrize("valid_date,expected_datetime,isoformat", [
+    ("2007-06-23 06:40:34.00Z", datetime.datetime(2007, 6, 23, 6, 40, 34, 0, iso8601.UTC), "2007-06-23T06:40:34+00:00"),  # Handle a separator other than T
+    ("1997-07-16T19:20+01:00", datetime.datetime(1997, 7, 16, 19, 20, 0, 0, iso8601.FixedOffset(1, 0, "+01:00")), "1997-07-16T19:20:00+01:00"),  # Parse with no seconds
+    ("2007-01-01T08:00:00", datetime.datetime(2007, 1, 1, 8, 0, 0, 0, iso8601.UTC), "2007-01-01T08:00:00+00:00"),  # Handle timezone-less dates. Assumes UTC. http://code.google.com/p/pyiso8601/issues/detail?id=4
+    ("2006-10-20T15:34:56.123+02:30", datetime.datetime(2006, 10, 20, 15, 34, 56, 123000, iso8601.FixedOffset(2, 30, "+02:30")), None),
+    ("2006-10-20T15:34:56Z", datetime.datetime(2006, 10, 20, 15, 34, 56, 0, iso8601.UTC), "2006-10-20T15:34:56+00:00"),
+    ("2007-5-7T11:43:55.328Z", datetime.datetime(2007, 5, 7, 11, 43, 55, 328000, iso8601.UTC), "2007-05-07T11:43:55.328000+00:00"),  # http://code.google.com/p/pyiso8601/issues/detail?id=6
+    ("2006-10-20T15:34:56.123Z", datetime.datetime(2006, 10, 20, 15, 34, 56, 123000, iso8601.UTC), "2006-10-20T15:34:56.123000+00:00"),
+    ("2013-10-15T18:30Z", datetime.datetime(2013, 10, 15, 18, 30, 0, 0, iso8601.UTC), "2013-10-15T18:30:00+00:00"),
+    ("2013-10-15T22:30+04", datetime.datetime(2013, 10, 15, 22, 30, 0, 0, iso8601.FixedOffset(4, 0, "+04:00")), "2013-10-15T22:30:00+04:00"),  # <time>±hh:mm
+    ("2013-10-15T1130-0700", datetime.datetime(2013, 10, 15, 11, 30, 0, 0, iso8601.FixedOffset(-7, 0, "-07:00")), "2013-10-15T11:30:00-07:00"),  # <time>±hhmm
+    ("2013-10-15T1130+0700", datetime.datetime(2013, 10, 15, 11, 30, 0, 0, iso8601.FixedOffset(+7, 0, "+07:00")), "2013-10-15T11:30:00+07:00"),  # <time>±hhmm
+    ("2013-10-15T1130+07", datetime.datetime(2013, 10, 15, 11, 30, 0, 0, iso8601.FixedOffset(+7, 0, "+07:00")), "2013-10-15T11:30:00+07:00"),  # <time>±hh
+    ("2013-10-15T1130-07", datetime.datetime(2013, 10, 15, 11, 30, 0, 0, iso8601.FixedOffset(-7, 0, "-07:00")), "2013-10-15T11:30:00-07:00"),  # <time>±hh
+    ("2013-10-15T15:00-03:30", datetime.datetime(2013, 10, 15, 15, 0, 0, 0, iso8601.FixedOffset(-3, -30, "-03:30")), "2013-10-15T15:00:00-03:30"),
+    ("2013-10-15T183123Z", datetime.datetime(2013, 10, 15, 18, 31, 23, 0, iso8601.UTC), "2013-10-15T18:31:23+00:00"),  # hhmmss
+    ("2013-10-15T1831Z", datetime.datetime(2013, 10, 15, 18, 31, 0, 0, iso8601.UTC), "2013-10-15T18:31:00+00:00"),  # hhmm
+    ("2013-10-15T18Z", datetime.datetime(2013, 10, 15, 18, 0, 0, 0, iso8601.UTC), "2013-10-15T18:00:00+00:00"),  # hh
+    ("2013-10-15", datetime.datetime(2013, 10, 15, 0, 0, 0, 0, iso8601.UTC), "2013-10-15T00:00:00+00:00"),  # YYYY-MM-DD
+    ("20131015T18:30Z", datetime.datetime(2013, 10, 15, 18, 30, 0, 0, iso8601.UTC), "2013-10-15T18:30:00+00:00"),  # YYYYMMDD
+    ("2012-12-19T23:21:28.512400+00:00", datetime.datetime(2012, 12, 19, 23, 21, 28, 512400, iso8601.FixedOffset(0, 0, "+00:00")), "2012-12-19T23:21:28.512400+00:00"),  # https://code.google.com/p/pyiso8601/issues/detail?id=21
+    ("2006-10-20T15:34:56.123+0230", datetime.datetime(2006, 10, 20, 15, 34, 56, 123000, iso8601.FixedOffset(2, 30, "+02:30")), "2006-10-20T15:34:56.123000+02:30"),  # https://code.google.com/p/pyiso8601/issues/detail?id=18
+    ("19950204", datetime.datetime(1995, 2, 4, tzinfo=iso8601.UTC), "1995-02-04T00:00:00+00:00"),  # https://code.google.com/p/pyiso8601/issues/detail?id=1
+    ("2010-07-20 15:25:52.520701+00:00", datetime.datetime(2010, 7, 20, 15, 25, 52, 520701, iso8601.FixedOffset(0, 0, "+00:00")), "2010-07-20T15:25:52.520701+00:00"),  # https://code.google.com/p/pyiso8601/issues/detail?id=17
+    ("2010-06-12", datetime.datetime(2010, 6, 12, tzinfo=iso8601.UTC), "2010-06-12T00:00:00+00:00"),  # https://code.google.com/p/pyiso8601/issues/detail?id=16
+    ("1985-04-12T23:20:50.52-05:30", datetime.datetime(1985, 4, 12, 23, 20, 50, 520000, iso8601.FixedOffset(-5, -30, "-05:30")), "1985-04-12T23:20:50.520000-05:30"),  # https://bitbucket.org/micktwomey/pyiso8601/issue/8/015-parses-negative-timezones-incorrectly
+    ("1997-08-29T06:14:00.000123Z", datetime.datetime(1997, 8, 29, 6, 14, 0, 123, iso8601.UTC), "1997-08-29T06:14:00.000123+00:00"),  # https://bitbucket.org/micktwomey/pyiso8601/issue/9/regression-parsing-microseconds
+    ("2014-02", datetime.datetime(2014, 2, 1, 0, 0, 0, 0, iso8601.UTC), "2014-02-01T00:00:00+00:00"),  # https://bitbucket.org/micktwomey/pyiso8601/issue/14/regression-yyyy-mm-no-longer-parses
+    ("2014", datetime.datetime(2014, 1, 1, 0, 0, 0, 0, iso8601.UTC), "2014-01-01T00:00:00+00:00"),  # YYYY
+])
+def test_parse_valid_date(valid_date, expected_datetime, isoformat):
+    parsed = iso8601.parse_date(valid_date)
+    assert parsed.year == expected_datetime.year
+    assert parsed.month == expected_datetime.month
+    assert parsed.day == expected_datetime.day
+    assert parsed.hour == expected_datetime.hour
+    assert parsed.minute == expected_datetime.minute
+    assert parsed.second == expected_datetime.second
+    assert parsed.microsecond == expected_datetime.microsecond
+    assert parsed.tzinfo == expected_datetime.tzinfo
+    assert parsed == expected_datetime
+    assert parsed.isoformat() == expected_datetime.isoformat()
+    copy.deepcopy(parsed)  # ensure it's deep copy-able
+    pickle.dumps(parsed)  # ensure it pickles
+    if isoformat:
+        assert parsed.isoformat() == isoformat
+    assert iso8601.parse_date(parsed.isoformat()) == parsed  # Test round trip
diff --git a/tuf/build_updater.py b/tuf/build_updater.py
deleted file mode 100755
index f570886d..00000000
--- a/tuf/build_updater.py
+++ /dev/null
@@ -1,177 +0,0 @@
-"""
-
-build_updater.py
-
-Written by Geremy Condra
-Licensed under MIT
-Released 12 October 2010
-
-Implements the Distutils 'build_updater' command.
-"""
-
-from distutils.core import Command
-
-import os
-import shutil
-import subprocess
-import time
-import datetime
-
-
-import tuf
-import tuf.conf
-import tuf.client.updater
-
-def do_update(url):
-	tuf.conf.settings.repo_meta_dir = "."
-	repo_data = {'repo': {'urlbase': url, 'metapath': "meta", 'targetspath': "targets", 'metacontent': ['**'], 'targetscontent': ['**']}}
-
-	repo = tuf.client.updater.Repository("", repo_data)
-
-	repo.refresh()
-	targets = repo.get_all_targets()
-	
-	# JAC: add file removal support for nmap folks...
-	repo.remove_missing_files()
-
-	files_to_update = repo.get_files_to_update(targets)
-	for target in targets:
-		if target in files_to_update:
-			try:os.makedirs(os.path.dirname(target.path))
-			except: pass
-			target.download(target.path)
-
-
-def retry(f, *args, **kwargs):
-	# if an exception is raised, retry the operation
-	f(*args, **kwargs)
-	f(*args, **kwargs)
-
-def copy_metadata(client, server):
-	try: shutil.copytree(os.getcwd(), client)
-	except: pass
-        try: shutil.rmtree(client + '/' + 'cur')
-	except: pass
-	shutil.copytree(server + '/' + 'meta', client + '/' + 'cur')
-        try: shutil.rmtree(client + '/' + 'prev')
-	except: pass
-	shutil.copytree(server + '/' + 'meta', client + '/' + 'prev')
-	try: os.remove('build_updater.pyc')
-	except: pass
-
-class build_updater(Command):
-
-    # Brief (40-50 characters) description of the command
-    description = "Builds all the necessary values for a basic TUF update system for the given project"
-
-    # List of option tuples: long name, short name (None if no short
-    # name), and help string.
-    user_options = [    ('expiration', None, "Determines when signatures expire"),
-                        ('keystore', None, "The path to look for the keystore at"),
-                        ('server', None, "The directory to place the generated meta and targets folders")
-                   ]
-
-    def initialize_options(self):
-        self.keysize = None
-	self.expiration = None
-        self.keystore = None
-	self.server = None
-	self.client = None
-
-    def finalize_options(self):
-	if self.keysize is None:
-	        self.keysize = 1024
-	if self.expiration is None:
-		# today's date + 30 days
-		t = time.time()
-		t += 30 * 24 * 60 * 60
-		dt = datetime.date.fromtimestamp(t)
-		self.expiration = dt.strftime('%d/%m/%Y')
-	if self.keystore is None:
-		self.keystore = '../keystore'
-        if self.server is None:
-                self.server = os.getcwd()
-	if self.client is None:
-		self.client = os.getcwd()
-
-    def run(self):
-	args = ["quickstart.py",
-		"-k",
-		self.keystore,
-		"-t",
-		"1",
-		"-l",
-		self.server,
-		"-r",
-		os.getcwd(),
-		"-e",
-		self.expiration]
-	subprocess.call(args)
-	retry(copy_metadata, self.client, self.server)
-
-class update_updater(Command):
-
-    # Brief (40-50 characters) description of the command
-    description = "Pushes new updates to a preexisting update server"
-
-    # List of option tuples: long name, short name (None if no short
-    # name), and help string.
-    user_options = [    ('keystore', None, "The path to look for the keystore at"),
-                        ('server', None, "The directory to place the generated meta and targets folders"),
-                        ('client', None, "The directory to place the generate client package"),
-			('step', None, "The step in the process to perform")
-                   ]
-
-    def initialize_options(self):
-        self.keystore = None
-	self.server = None
-        self.password = None
-	self.client = None
-	self.step = None
-
-    def finalize_options(self):
-	if self.keystore is None:
-		self.keystore = '../keystore'
-        if self.server is None:
-                self.server = os.getcwd()
-	if self.password is None:
-		self.password = ''
-	if self.client is None:
-		self.client = '.'
-	if self.step is None:
-		self.step = 1
-
-    def run(self):
-	args = ["quickstart.py",
-		"-k",
-		self.keystore,
-		"-l",
-		self.server,
-		"-r",
-		os.getcwd(),
-                "-c",
-		self.server + '/' + 'root.cfg',
-		"--step",
-		str(self.step),
-		"-u"]
-	subprocess.call(args)
-	retry(copy_metadata, self.client, self.server)
-
-class update(Command):
-
-    # Brief (40-50 characters) description of the command
-    description = "Performs an update in the current directory"
-
-    # List of option tuples: long name, short name (None if no short
-    # name), and help string.
-    user_options = [('url', None, "The url of the remote update server")]
-
-    def initialize_options(self):
-        self.url = None
-
-    def finalize_options(self):
-	if self.url is None:
-		raise Exception("No software update URL specified")
-
-    def run(self):
-	do_update(self.url)
diff --git a/tuf/client/updater.py b/tuf/client/updater.py
index ea465383..658dab24 100755
--- a/tuf/client/updater.py
+++ b/tuf/client/updater.py
@@ -119,6 +119,7 @@
 import tuf.roledb
 import tuf.sig
 import tuf.util
+import tuf._vendor.iso8601 as iso8601
 
 logger = logging.getLogger('tuf.client.updater')
 
@@ -1757,14 +1758,23 @@ def _ensure_not_expired(self, metadata_role):
     expires = self.metadata['current'][metadata_role]['expires']
    
     # If the current time has surpassed the expiration date, raise
-    # an exception.  'expires' is in YYYY-MM-DD HH:MM:SS format, so
-    # convert it to seconds since the epoch, which is the time format
-    # returned by time.time() (i.e., current time), before comparing.
-    current_time = time.time()
-    expiry_time = tuf.formats.parse_time(expires)
-    if expiry_time < current_time:
-      logger.error('Metadata '+repr(rolepath)+' expired on '+repr(expires)+'.')
-      raise tuf.ExpiredMetadataError(expires)
+    # an exception.  'expires' is in 'tuf.formats.ISO8601_DATETIME_SCHEMA'
+    # format (e.g., '1985-10-21T01:22:00Z'.)  Convert it to a unix timestamp and
+    # compare it against the current time.time() (also in Unix/POSIX time
+    # format, although with microseconds attached.)
+    current_time = int(time.time())
+
+    # Generate a user-friendly error message if 'expires' is less than the
+    # current time (i.e., a local time.)
+    expires_datetime = iso8601.parse_date(expires)
+    expires_timestamp = tuf.formats.datetime_to_unix_timestamp(expires_datetime)
+    
+    if expires_timestamp < current_time:
+      message = 'Metadata '+repr(rolepath)+' expired on ' + \
+        expires_datetime.ctime() + ' (UTC).'
+      logger.error(message)
+
+      raise tuf.ExpiredMetadataError(message)
 
 
 
diff --git a/tuf/evp.py b/tuf/evp.py
deleted file mode 100755
index 60895bbd..00000000
--- a/tuf/evp.py
+++ /dev/null
@@ -1,425 +0,0 @@
-"""
-<Program Name>
-  evp.py
-
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-
-<Started>
-  October 2013.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  The goal of this module is to support public-key cryptography using
-  the RSA algorithm.  The RSA-related functions provided include
-  generate(), create_signature(), and verify_signature().  The 'evpy' package
-  used by 'rsa_key.py' generates the actual RSA keys and the functions listed
-  above can be viewed as an easy-to-use public interface.  Additional functions
-  contained here include create_in_metadata_format() and
-  create_from_metadata_format().  These last two functions produce or use RSA
-  keys compatible with the key structures listed in TUF Metadata files.
-  The generate() function returns a dictionary containing all the information
-  needed of RSA keys, such as public and private keys, keyIDs, and an iden-
-  fier.  create_signature() and verify_signature() are supplemental functions
-  used for generating RSA signatures and verifying them.
-
-  Key IDs are used as identifiers for keys (e.g., RSA key).  They are the
-  hexadecimal representation of the hash of key object (specifically, the key
-  object containing only the public key).  See 'rsa_key.py' and the
-  '_get_keyid()' function to see precisely how keyids are generated.  One may
-  get the keyid of a key object by simply accessing the dictionary's 'keyid'
-  key (i.e., rsakey['keyid']).
-
-"""
-
-
-# Required for hexadecimal conversions.
-import binascii
-
-# Needed to generate, sign, and verify RSA keys. 
-import evpy.signature
-import evpy.envelope
-
-# Digest objects needed to generate hashes.
-import tuf.hash
-
-# Perform object format-checking.
-import tuf.formats
-
-
-_KEY_ID_HASH_ALGORITHM = 'sha256'
-
-# Recommended RSA key sizes: http://www.rsa.com/rsalabs/node.asp?id=2004
-# According to the document above, revised May 6, 2003, RSA keys of
-# size 3072 provide security through 2031 and beyond.
-_DEFAULT_RSA_KEY_BITS = 3072
-
-
-def generate(bits=_DEFAULT_RSA_KEY_BITS):
-  """
-  <Purpose> 
-    Generate public and private RSA keys, with modulus length 'bits'.
-    In addition, a keyid used as an identifier for RSA keys is generated.
-    The object returned conforms to tuf.formats.RSAKEY_SCHEMA and as the form:
-    {'keytype': 'rsa',
-     'keyid': keyid,
-     'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-                'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-    
-    The public and private keys are in PEM format and stored as strings.
-  
-  <Arguments>
-    bits:
-      The key size, or key length, of the RSA key.
-
-  <Exceptions>
-    tuf.CryptoError, if an exception occurs after calling evpy.envelope.keygen().
-
-    tuf.FormatError, if 'bits' does not contain the correct format.
-
-  <Side Effects>
-    The RSA keys are generated by calling evpy.envelope.keygen().
-
-  <Returns>
-    A dictionary containing the RSA keys and other identifying information.
-  
-  """
-
-
-  # Does 'bits' have the correct format?
-  # This check will ensure 'bits' conforms to 'tuf.formats.RSAKEYBITS_SCHEMA'.
-  # 'bits' must be an integer object, with a minimum value of 2048.
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.RSAKEYBITS_SCHEMA.check_match(bits)
-  
-  # Begin building the RSA key dictionary. 
-  rsakey_dict = {}
-  keytype = 'rsa'
-  
-  # Generate the public and private keys.  'public_key' and 'private_key'
-  # will both be strings containing RSA keys in PEM format.
-  # The evpy.envelope module performs the actual key generation.  The 
-  # evpy.envelope.keygen() function returns a (public, private) tuple. 
-  
-  try:
-    public_key, private_key = evpy.envelope.keygen(bits, pem=True)
-  except (evpy.envelope.EnvelopeError, evpy.envelope.KeygenError, MemoryError), e:
-    raise tuf.CryptoError(e)
-
-  # Generate the keyid for the RSA key.  'key_value' corresponds to the
-  # 'keyval' entry of the RSAKEY_SCHEMA dictionary.
-  key_value = {'public': public_key,
-               'private': ''}
-
-  keyid = _get_keyid(key_value)
-
-  # Build the 'rsakey_dict' dictionary.
-  # Update 'key_value' with the RSA private key prior to adding
-  # 'key_value' to 'rsakey_dict'.
-  key_value['private'] = private_key
-
-  rsakey_dict['keytype'] = keytype
-  rsakey_dict['keyid'] = keyid
-  rsakey_dict['keyval'] = key_value
-
-  return rsakey_dict
-
-
-
-
-
-def create_in_metadata_format(key_value, private=False):
-  """
-  <Purpose>
-    Return a dictionary conformant to tuf.formats.KEY_SCHEMA.
-    If 'private' is True, include the private key.  The dictionary
-    returned has the form:
-    {'keytype': 'rsa',
-     'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-                'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-    or
-
-    {'keytype': 'rsa',
-     'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-                'private': ''}} if 'private' is False.
-    
-    The private and public keys are in PEM format.
-    
-    RSA keys are stored in Metadata files (e.g., root.txt) in the format
-    returned by this function.
-  
-  <Arguments>
-    key_value:
-      A dictionary containing a private and public RSA key.
-      'key_value' is of the form:
-
-      {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-       'private': '-----BEGIN RSA PRIVATE KEY----- ...'}},
-      conformat to tuf.formats.KEYVAL_SCHEMA.
-
-    private:
-      Indicates if the private key should be included in the
-      returned dictionary.
-
-  <Exceptions>
-    tuf.FormatError, if 'key_value' does not conform to 
-    tuf.formats.KEYVAL_SCHEMA.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    An KEY_SCHEMA dictionary.
-
-  """
-	
-
-  # Does 'key_value' have the correct format?
-  # This check will ensure 'key_value' has the appropriate number
-  # of objects and object types, and that all dict keys are properly named.
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.KEYVAL_SCHEMA.check_match(key_value)
-
-  if private and key_value['private']:
-    return {'keytype': 'rsa', 'keyval': key_value}
-  else:
-    public_key_value = {'public': key_value['public'], 'private': ''}
-    return {'keytype': 'rsa', 'keyval': public_key_value}
-
-
-
-
-
-def create_from_metadata_format(key_metadata):
-  """
-  <Purpose>
-    Construct an RSA key dictionary (i.e., tuf.formats.RSAKEY_SCHEMA)
-    from 'key_metadata'.  The dict returned by this function has the exact
-    format as the dict returned by generate().  It is of the form:
-   
-    {'keytype': 'rsa',
-     'keyid': keyid,
-     'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-                'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-
-    The public and private keys are in PEM format and stored as strings.
-
-    RSA key dictionaries in RSAKEY_SCHEMA format should be used by
-    modules storing a collection of keys, such as a keydb and keystore.
-    RSA keys as stored in metadata files use a different format, so this 
-    function should be called if an RSA key is extracted from one of these 
-    metadata files and needs converting.  Generate() creates an entirely
-    new key and returns it in the format appropriate for keydb and keystore.
-
-  <Arguments>
-    key_metadata:
-      The RSA key dictionary as stored in Metadata files, conforming to
-      tuf.formats.KEY_SCHEMA.
-
-  <Exceptions>
-    tuf.FormatError, if 'key_metadata' does not conform to
-    tuf.formats.KEY_SCHEMA.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    A dictionary containing the RSA keys and other identifying information.
-
-  """
-
-
-  # Does 'key_metadata' have the correct format?
-  # This check will ensure 'key_metadata' has the appropriate number
-  # of objects and object types, and that all dict keys are properly named.
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.KEY_SCHEMA.check_match(key_metadata)
-
-  # Construct the dictionary to be returned.
-  rsakey_dict = {}
-  keytype = 'rsa'
-  key_value = key_metadata['keyval']
-
-  keyid = _get_keyid(key_value)
-
-  # We now have all the required key values.
-  # Build 'rsakey_dict'.
-  rsakey_dict['keytype'] = keytype
-  rsakey_dict['keyid'] = keyid
-  rsakey_dict['keyval'] = key_value
-
-  return rsakey_dict
-
-
-
-
-
-def _get_keyid(key_value):
-  """Return the keyid for 'key_value'."""
-
-  # 'keyid' will be generated from an object conformant to KEY_SCHEMA,
-  # which is the format Metadata files (e.g., root.txt) store keys.
-  # 'create_in_metadata_format()' returns the object needed by _get_keyid().
-  rsakey_meta = create_in_metadata_format(key_value, private=False)
-
-  # Convert the RSA key to JSON Canonical format suitable for adding
-  # to digest objects.
-  rsakey_update_data = tuf.formats.encode_canonical(rsakey_meta)
-
-  # Create a digest object and call update(), using the JSON 
-  # canonical format of 'rskey_meta' as the update data.
-  digest_object = tuf.hash.digest(_KEY_ID_HASH_ALGORITHM)
-  digest_object.update(rsakey_update_data)
-
-  # 'keyid' becomes the hexadecimal representation of the hash.  
-  keyid = digest_object.hexdigest()
-
-  return keyid
-
-
-
-
-
-def create_signature(rsakey_dict, data):
-  """
-  <Purpose>
-    Return a signature dictionary of the form:
-    {'keyid': keyid, 'method': 'evp', 'sig': sig}.
-
-    The signing process will use the private key
-    rsakey_dict['keyval']['private'] and 'data' to generate the signature.
-
-  <Arguments>
-    rsakey_dict:
-      A dictionary containing the RSA keys and other identifying information.
-      'rsakey_dict' has the form:
-    
-      {'keytype': 'rsa',
-       'keyid': keyid,
-       'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-                  'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-
-      The public and private keys are in PEM format and stored as strings.
-
-    data:
-      Data object used by create_signature() to generate the signature.
-
-  <Exceptions>
-    TypeError, if a private key is not defined for 'rsakey_dict'.
-
-    tuf.FormatError, if an incorrect format is found for the
-    'rsakey_dict' object.
-
-  <Side Effects>
-    evpy.signature.sign() called to perform the actual signing.
-
-  <Returns>
-    A signature dictionary conformat to tuf.format.SIGNATURE_SCHEMA.
-
-  """
-
-
-  # Does 'rsakey_dict' have the correct format?
-  # This check will ensure 'rsakey_dict' has the appropriate number
-  # of objects and object types, and that all dict keys are properly named.
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict)
-
-  # Signing the 'data' object requires a private key.
-  # The 'evp' (i.e., evpy) signing method is the only method
-  # currently supported.
-  signature = {} 
-  private_key = rsakey_dict['keyval']['private']
-  keyid = rsakey_dict['keyid']
-  method = 'evp'
-  
-  if private_key:
-    sig = evpy.signature.sign(data, key=private_key)
-  else:
-    raise TypeError('The required private key is not defined for rsakey_dict.')
-
-  # Build the signature dictionary to be returned.
-  # The hexadecimal representation of 'sig' is stored in the signature.
-  signature['keyid'] = keyid
-  signature['method'] = method
-  signature['sig'] = binascii.hexlify(sig)
-
-  return signature
-
-
-
-
-
-def verify_signature(rsakey_dict, signature, data):
-  """
-  <Purpose>
-    Determine whether the private key belonging to 'rsakey_dict' produced
-    'signature'.  verify_signature() will use the public key found in
-    'rsakey_dict', the 'method' and 'sig' objects contained in 'signature',
-    and 'data' to complete the verification.  Type-checking performed on both
-    'rsakey_dict' and 'signature'.
-
-  <Arguments>
-    rsakey_dict:
-      A dictionary containing the RSA keys and other identifying information.
-      'rsakey_dict' has the form:
-     
-      {'keytype': 'rsa',
-       'keyid': keyid,
-       'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-                  'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-
-      The public and private keys are in PEM format and stored as strings.
-      
-    signature:
-      The signature dictionary produced by tuf.rsa_key.create_signature().
-      'signature' has the form:
-      {'keyid': keyid, 'method': 'method', 'sig': sig}.  Conformant to
-      tuf.formats.SIGNATURE_SCHEMA.
-      
-    data:
-      Data object used by tuf.rsa_key.create_signature() to generate
-      'signature'.  'data' is needed here to verify the signature.
-
-  <Exceptions>
-    tuf.UnknownMethodError.  Raised if the signing method used by
-    'signature' is not one supported by tuf.rsa_key.create_signature().
-    
-    tuf.FormatError. Raised if either 'rsakey_dict'
-    or 'signature' do not match their respective tuf.formats schema.
-    'rsakey_dict' must conform to tuf.formats.RSAKEY_SCHEMA.
-    'signature' must conform to tuf.formats.SIGNATURE_SCHEMA.
-
-  <Side Effects>
-    evpy.signature_verify() called to do the actual verification.
-
-  <Returns>
-    Boolean.
-
-  """
-
-
-  # Does 'rsakey_dict' have the correct format?
-  # This check will ensure 'rsakey_dict' has the appropriate number
-  # of objects and object types, and that all dict keys are properly named.
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict)
-
-  # Does 'signature' have the correct format?
-  tuf.formats.SIGNATURE_SCHEMA.check_match(signature)
-
-  # Using the public key belonging to 'rsakey_dict'
-  # (i.e., rsakey_dict['keyval']['public']), verify whether 'signature'
-  # was produced by rsakey_dict's corresponding private key
-  # rsakey_dict['keyval']['private'].  Before returning the Boolean result,
-  # ensure 'evp' was used as the signing method.
-
-  method = signature['method']
-  sig = signature['sig']
-  public_key = rsakey_dict['keyval']['public']
-
-  if method != 'evp':
-    raise tuf.UnknownMethodError(method)
-  return evpy.signature.verify(data, binascii.unhexlify(sig), key=public_key)
diff --git a/tuf/examples/repository_basic/client/metadata/current/release.txt b/tuf/examples/repository_basic/client/metadata/current/release.txt
deleted file mode 100644
index ade738e8..00000000
--- a/tuf/examples/repository_basic/client/metadata/current/release.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4", 
-   "method": "evp", 
-   "sig": "61020111d9e1e1082d79690596d176d6eb5bad3bd0e695eb42930c39a018d18a64d52d7f4114272c8ee7c1b954708d95e0d7c6cafd95078d122dc67b3709484cef2d823376bbb9010f6cfa8034992df814c55c9f70e9411879ce7b54c4d6f1e4ed91ba328db0c26be0532d404358561ba347f1d55aad0a0eb83d9ba224b6760ad3d47dbcdc90d7ba7bf1597992288ec960a1181a1ffe1ff3b0eb7b5c4423bb1a20c01af2ddf5579e3a0704b4d7a58a8a0745edb6ce41c680239819b3772ae3f20486dc344ca7828c9581ba63af4ec11855dbf6213e2a260cc03b281659fa77c9fceeb0b7a25e1ea08bf1bbe5663bfb502c2145f6b5057005d989a8b35e56ae9b3f1f80c3c74f229d4c0bd3c807a7b6acb221ad42da90bf3137716a7d10aa9004e52ab74ceb706eeb6bb1834df1c994e83a64b3f6dae99a5586668803777d788fcc63e3ed3186c5b1186ec2dcf7fd2d7afe120470d667611ddae9b8617bd4ce1f2f0e6ae37b733a739c1d08814c53b25944f50b5be3f40488f683d3b89eb07127"
-  }
- ], 
- "signed": {
-  "_type": "Release", 
-  "expires": "2013-12-17 00:31:02", 
-  "meta": {
-   "root.txt": {
-    "hashes": {
-     "sha256": "72925bfeb643bd56c2368c890eb62af735d35f81d5518f42974c5d90863d4bad"
-    }, 
-    "length": 6571
-   }, 
-   "targets.txt": {
-    "hashes": {
-     "sha256": "e502a5d0079e59e122274f115fcb9a3c84f6d660bb50910fb3a757f58df00fe6"
-    }, 
-    "length": 1346
-   }
-  }, 
-  "ts": "2012-12-17 00:31:02"
- }
-}
diff --git a/tuf/examples/repository_basic/client/metadata/current/root.txt b/tuf/examples/repository_basic/client/metadata/current/root.txt
deleted file mode 100644
index bdc140f0..00000000
--- a/tuf/examples/repository_basic/client/metadata/current/root.txt
+++ /dev/null
@@ -1,83 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b", 
-   "method": "evp", 
-   "sig": "91fb132a9ebf78fb2a688178dc5dcbbbe389baab063dd34fa9e7ccf8cb613a9356eb78ded2f7a12d454e2311b71ca0c75a2548515f1d1d35c1206da478d1535326eb172383a2687087e12f1d19b13b6adf0b4e35b9b992fecef93b0841aafb0143b19fb0e6e2dae49cd4052ddb0c1bcc4efdf3adbede95a509f04057082d80241cdbb5cb190559ce0a57906017b6352cbc0c837ca0d3428519a776454767dbcd0af1cadc5020e9e2d90cd4b8eebd4ca06859486575401aaa8aa6c3603a642d678e1f5b7849949903b28bb9bf88fab62ca30fbd160368eb998ce1c8a90a29573f02f6fcaa13bf1baa1dd72295c4de3350f72f8abbdf6d780810957c38ff2ec499c5928f241f4339c835e71b0013f6dcc41d01a7d43d8def9f8de8a46a73f9845a7f82b2a856096d6cbb9639146b94828ce1bbbf1f4927ab4d4100292d689ccc6efcf9d8fe61077224f4984bdafca6a8848020104130dc18fdea7fb53052d9bc70f94589522e8504a40518b657288ca6c9efaaf6baa562e83bd1e671f8199cafe8"
-  }, 
-  {
-   "keyid": "4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2", 
-   "method": "evp", 
-   "sig": "845528efb13d16600a492201d1d656d81ab819bab60d123b2dfc9bfc04647bcf8129872a7c1b0db21d9c1005e4cd55c91282f5410c9939ca3e8acb70d55eced6194c94152d70e00193298730b9019a3282196dd23543f15c1d6f5431efb53a1b04c3d40f0e177d7ad6ecafbda363e89d5dd4e2ce8b7ac6ab2808ff361d6dabeeb443358dfcb763aa9b9857826fc587a2c4b72a0ce7d0e2d073ea4f2fe453a5b72afbcf160e3029f969b290f2e0250225a2ce88895e10fcb6c1638c70bca5d2add74324de9d581e54e9b99c9c000904b55d37a775e8496ca97aae384b500c83e2694403f4687479fb2cc56d981afa2c45b9ce968817e168f87fc0d7419e973c4162baa2e59c339ce82ec5a565a4b3993b2f3e885a1d38240996834b530de306b600d2cfbcb2660ac903b5a7b6e270081fe72f98cf6e29047915ade88cde3c860a4d1637a4f8057a6b7815e21111388bd7a678c8b3221b8adcfc1f4629ff75ebadd3160abd88b71bbb175592cd99f0769bde1466174e0a8a63a07cefbba766fcef"
-  }
- ], 
- "signed": {
-  "_type": "Root", 
-  "expires": "2014-12-17 00:31:01", 
-  "keys": {
-   "4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuFzNjOV+tTnkMzB+UUWi\no/n0hWE5nKeBie+erzGHsRqYTwY2afsUORnogFkt2erdR9zR4TAWGMIvJbnDujQi\npkhUIueZB6vGCRBT2Mfk8vOUTQ+8Xc6FNCyhLZfJKL8fxEOAaF9HSOt3u9BugPVB\nL5QLc/fcWNgBiTErR/kcLH1LvaDeFijOuSC6VDq4GjONK70n1d/CtGmPYIMQj89L\nsIThUrREIH2oHRXFIUDJLHmAJXgw31chpC4CI9/ehnShcM1AaQTfpNwsOFkzNpfk\nCweYN3w9h6I+/3hPlD1oPluolSpz3MTQ2YXnRDBijptGBz4aPW2V6R5fE9Tx2xZr\neI2wlzsObFSvJ9V8guVc/yVM6PwCeVuQknzFo2xXYvQgzpKTSSgk1+0tiJqZkuIk\n7ENhglKwTL9vu40pTgE+gkKRC+CgDPwJ4+VMZJANsFPfCZxMw8+ddufTL70PtSp0\nKDRshTy1E4v8hMacSprTttDsXyyHswp3BARFkPZDy/c3AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsCSACdXyAzAjYWk5acxx\nzlEZgftJULKXvzpcbEzCtwC5Izst23twvlKtGYYcJqw4sPKgxgnHy7WgUxKiVbLX\nQvop4kSKqwpfV4t8ZBHvvHypIzS6ZBknwNU4SvDeYdajbzOlNkPvrANtLyfpKtxT\nxuhmEP7lGFL5pIukNvTqIs2J+3NHNG9O0AU2iwydncohpB10utor6GRgkBj2d9N7\neZQrHyQPtMKodtmlzN2ZUwf859neBPvzd9iGLl+K2zfIHKc0AOyn2kUxFvM81FDy\nHaMuWFqfnKWDftAp8UKZqHFuljvt2zk/HH0t5w9mKiy68qL/jGAoaPcKpWgGAHN4\nTj/6ugSij6/GimYdgOr2taD5BWMyxSjyvCE0FvH/Gi+4+DT6Ll9Ri6K1iLOYjan3\njFsTMBkZ7Gdavc1vIkSgn3joZMGvdVK2JYzPy/ZJ15KEnAUbymnA+CyKAA+gSRzo\nYXSDM6JGlCci3pLl235gDu5lI03Wuf/GlPEwXs4pkry/AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3yIiwviVYlg8NW0B8gxR\nltqmrKL0MfXjoq1UxtE0G/ySki6w8uOznnqiR+G4dOQvHbrTZytTq655v+BySCIC\nQWLyO4x7c2vm4APpiOhIfMjz23uxLhbR9ZVhk0dSv1wykP4O4TIGaRPfLTTTEADS\nqgIIXKOm4zjlztdIzjmlh5vLknI3w1VfRPYT2jBQSZ9Vld0SVNJz3JYW2ylI2jrP\njTPNnrb5GQ/pthrZZFGe1B/w7rfQvO7pA4BfNPT1TI8sL9NpFz8HXAE+bJ8EkP+a\ne01jHNhLtzJxDJRa+BXQtMh5QtJffrLNnwxBGPVBZdIOJm+FSf+D4v+W+Y/M/ayK\nI9TdOlKExYoWQ99tIgG4J7J8L88Mfh9+dduTtDT/jEfQCx4olxsqgJtxpzjTC3Nr\nDpm27djxeX74otXXNNOEN2Wzs/VvEBCWsHfElIyfdElYIImlzd2FyD1AQyhUoe01\nQOI9cjmmLybQKgIXgyoeQ0SRxZFNYAM3kPw4w5/JAsM7AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyFShMexVSDMDMs5wGt0G\nQBOR8XyTV8JpkCKdSRMW3IsSMueagdI754q202SbfIRa0JFah99roPxa3IAIHo0X\n3GUO9HJWp5gSrGcKUXrOiz6CMsGwSh6N9xVCNFqpc8EsPceG/hCaqIX1FIGizYdZ\nN2+LwpGvfpBQfAPUau0NREEA/HgFYB4UptOSyg+3kRFCcXr+nJmiDNc5qXp/HQZ2\nqn6yhuhLMh/I1KsqN4HQGYDOg8L7ybuRzEgGabI0/ZVSnVJpOeHogtH6WHPKGZXX\nA3aY0sr4l++DTwe2wCXTkVYzSBwG/AM/zfVwfazQZFHG2d2VnlS2VN+otbpv+qyG\nq+dF2TmqxnnaOoWTXsQ/XTiIHLlSmySE4WZR7pZREdx12ahgChTA0/0FVrM28DIb\nvh0T0NGyxfAGYEWDvr+xjFyks8RhgsA3ftUSkq7nrmsM4iJyvSN01la4MZNHBQGK\n+jSHvtn7AGMAkr4VY/uv4NWGZHiWt33oL/TK6EAHJmA9AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuN8verErqJFpNYjzWCaV\nXk8f4uow950aJTwt2+BMK97KMccgIpOTKemN80iiDHHLfsBmNozYpF2WuWtWpUGQ\nKlbnafbEuzmTrRSMjhEjTxfvGNTh4NPnfHCJFRql/C0Zln/1YVnRdF7qcc+C+ru8\nc0OhMT1Z4tu4JoqK3jz4Pf5jq+5Vm3SaJ+h0eBo/IArqDoXEHKVZDggsDRM9gVhv\nov79O43Qt3/pdP+o1hAhifHADs6nMse+0PrkP+bYMu9UQ5TqUmKDdaVnYETP7VYX\nDMG1Ipj5GGhPu4bJzahf1j+4RzFAsb8yIojjgHsKxD42rp9mAZt50tr2meSDEO2Z\nLtjH3zaPdaP5WCcQyHhHPVhibdyP8hLmw9FpSTW5pYRRDT8HHcfp/YTpE5TBKApC\n80io16g/FCveJL6pV4leLEZXeroKBB5SCCAPzXoAL7ITUHM3DSmNNcaf+ClXK8Wf\n+s/EUe3qGD2VF0/xs36rsxnsCwwspgjlh6/B+27/i2QRAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }
-  }, 
-  "roles": {
-   "release": {
-    "keyids": [
-     "9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4"
-    ], 
-    "threshold": 1
-   }, 
-   "root": {
-    "keyids": [
-     "86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b", 
-     "4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2"
-    ], 
-    "threshold": 2
-   }, 
-   "targets": {
-    "keyids": [
-     "7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559"
-    ], 
-    "threshold": 1
-   }, 
-   "timestamp": {
-    "keyids": [
-     "c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf"
-    ], 
-    "threshold": 1
-   }
-  }, 
-  "ts": "2012-12-17 00:31:01"
- }
-}
diff --git a/tuf/examples/repository_basic/client/metadata/current/targets.txt b/tuf/examples/repository_basic/client/metadata/current/targets.txt
deleted file mode 100644
index 07322a34..00000000
--- a/tuf/examples/repository_basic/client/metadata/current/targets.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559", 
-   "method": "evp", 
-   "sig": "959294bc789a7490e235d6313507bcc8b4c6296a32fd923c370ba7529914d6a41c15b4857cd7c31a75e40af3e16ad66055cc79632828ecd08609ebb1f9dcba1b841ba713a3b1535644385b36d8c882192bfd7e64b94a7a71fa9d1b6976466946e08cce0257ed1b3ba7cf28dd7dc6315a6782d366eef0dde2a2222eb7ced1d6fa3680c51ab83490b46de49eb2e1793bbb08bb6b9c16511987beafb143032b7d86700a3a8ab6f62f29afb8da0bcf6f4fbf6e3b9299f9541b5b90d6f6e71ed8bb05fe14c5c6c6a949e22b3ca2fac00c981c18147fad2c92cb7b7a63e5fc9fa9636c0d94597850f4045147b88ae06f49fa1ba4b80ec09d5e9e13b090a6e877dc30d98bfeadf24402767b2c12f1ded8b886f9b8e09c3c4bf192bc40a2b7976580bfc513127f282a26ebb52d4ac29facf5cfc0d372064a0a06a63f50fd1ae932b1909ac5ebb611184c980a169ec4550e1b23da3169351fe42cb4db69865a027690f0489210b1ea3951fd0089cf46ca8cdc9564ba59031d1aa404f8cff157c08ca6bb3b"
-  }
- ], 
- "signed": {
-  "_type": "Targets", 
-  "expires": "2013-12-17 00:31:02", 
-  "targets": {
-   "LICENSE.txt": {
-    "hashes": {
-     "sha256": "cd65721176ce5fdbb05773c0b1349f993b94ce77a51062cfa7a78b34cc82fc71"
-    }, 
-    "length": 3286
-   }, 
-   "helloworld.py": {
-    "hashes": {
-     "sha256": "c7861802c53ca2ce7a9717fc1544a902508576799074be9cc21630553a9471da"
-    }, 
-    "length": 21
-   }
-  }, 
-  "ts": "2012-12-17 00:31:02"
- }
-}
diff --git a/tuf/examples/repository_basic/client/metadata/current/timestamp.txt b/tuf/examples/repository_basic/client/metadata/current/timestamp.txt
deleted file mode 100644
index 73513dd2..00000000
--- a/tuf/examples/repository_basic/client/metadata/current/timestamp.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf", 
-   "method": "evp", 
-   "sig": "401f0b342d8ca5d8ccda13ae006eccff6b970ccb5a40102d5688314c3ddcb62aaa5e71e5f711231e5f0db75ab8764ca7e8d9688736aec25c49575c2a224c3c281b5c5c6ba561e95ab7900f0928b6fa74655b11572d878cabcdbf475f3928d5898a41464739beb2296d01b18017f09658438e32791b6297dda9918716ee9011c5eca22be29b705b7dde33f0f29363eab5348e8b2026c415ea65e6d40c8068e499a3e27c1b85c3f9d15ed251e94b991e469675ce2dadfca21c05ac9f400679bd03c9ff4989b7dbfe696f995697511c0ba80830d51347792ef2a6bc2e8f6ae5f8623c08d616ea94cf2f88c03d8cf2e56f09e189748a66fad393464add092464a1f8842610d96122c372da00638fe90f0ffffe38b2002837f4993e59eb35bb942db2d1e93faa6a3f432be1fbaeb32d60cc612eac1b72d4d5b03c21c2042c720b412266b221bc8917353a7a9140ae4fe5cc6a703e9fb8f898b6cf45e12af440ee06c86d4aab92631f0ae1017a461141e4098df6e7dbda00624e502eb293987053d787"
-  }
- ], 
- "signed": {
-  "_type": "Timestamp", 
-  "expires": "2013-12-17 00:31:02", 
-  "meta": {
-   "release.txt": {
-    "hashes": {
-     "sha256": "3a5a6ec1f3530b21a68a5bbe42a7fa5422dae9c4f211a99c678208ddedce36e0"
-    }, 
-    "length": 1340
-   }
-  }, 
-  "ts": "2012-12-17 00:31:02"
- }
-}
diff --git a/tuf/examples/repository_basic/client/metadata/previous/release.txt b/tuf/examples/repository_basic/client/metadata/previous/release.txt
deleted file mode 100644
index ade738e8..00000000
--- a/tuf/examples/repository_basic/client/metadata/previous/release.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4", 
-   "method": "evp", 
-   "sig": "61020111d9e1e1082d79690596d176d6eb5bad3bd0e695eb42930c39a018d18a64d52d7f4114272c8ee7c1b954708d95e0d7c6cafd95078d122dc67b3709484cef2d823376bbb9010f6cfa8034992df814c55c9f70e9411879ce7b54c4d6f1e4ed91ba328db0c26be0532d404358561ba347f1d55aad0a0eb83d9ba224b6760ad3d47dbcdc90d7ba7bf1597992288ec960a1181a1ffe1ff3b0eb7b5c4423bb1a20c01af2ddf5579e3a0704b4d7a58a8a0745edb6ce41c680239819b3772ae3f20486dc344ca7828c9581ba63af4ec11855dbf6213e2a260cc03b281659fa77c9fceeb0b7a25e1ea08bf1bbe5663bfb502c2145f6b5057005d989a8b35e56ae9b3f1f80c3c74f229d4c0bd3c807a7b6acb221ad42da90bf3137716a7d10aa9004e52ab74ceb706eeb6bb1834df1c994e83a64b3f6dae99a5586668803777d788fcc63e3ed3186c5b1186ec2dcf7fd2d7afe120470d667611ddae9b8617bd4ce1f2f0e6ae37b733a739c1d08814c53b25944f50b5be3f40488f683d3b89eb07127"
-  }
- ], 
- "signed": {
-  "_type": "Release", 
-  "expires": "2013-12-17 00:31:02", 
-  "meta": {
-   "root.txt": {
-    "hashes": {
-     "sha256": "72925bfeb643bd56c2368c890eb62af735d35f81d5518f42974c5d90863d4bad"
-    }, 
-    "length": 6571
-   }, 
-   "targets.txt": {
-    "hashes": {
-     "sha256": "e502a5d0079e59e122274f115fcb9a3c84f6d660bb50910fb3a757f58df00fe6"
-    }, 
-    "length": 1346
-   }
-  }, 
-  "ts": "2012-12-17 00:31:02"
- }
-}
diff --git a/tuf/examples/repository_basic/client/metadata/previous/root.txt b/tuf/examples/repository_basic/client/metadata/previous/root.txt
deleted file mode 100644
index bdc140f0..00000000
--- a/tuf/examples/repository_basic/client/metadata/previous/root.txt
+++ /dev/null
@@ -1,83 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b", 
-   "method": "evp", 
-   "sig": "91fb132a9ebf78fb2a688178dc5dcbbbe389baab063dd34fa9e7ccf8cb613a9356eb78ded2f7a12d454e2311b71ca0c75a2548515f1d1d35c1206da478d1535326eb172383a2687087e12f1d19b13b6adf0b4e35b9b992fecef93b0841aafb0143b19fb0e6e2dae49cd4052ddb0c1bcc4efdf3adbede95a509f04057082d80241cdbb5cb190559ce0a57906017b6352cbc0c837ca0d3428519a776454767dbcd0af1cadc5020e9e2d90cd4b8eebd4ca06859486575401aaa8aa6c3603a642d678e1f5b7849949903b28bb9bf88fab62ca30fbd160368eb998ce1c8a90a29573f02f6fcaa13bf1baa1dd72295c4de3350f72f8abbdf6d780810957c38ff2ec499c5928f241f4339c835e71b0013f6dcc41d01a7d43d8def9f8de8a46a73f9845a7f82b2a856096d6cbb9639146b94828ce1bbbf1f4927ab4d4100292d689ccc6efcf9d8fe61077224f4984bdafca6a8848020104130dc18fdea7fb53052d9bc70f94589522e8504a40518b657288ca6c9efaaf6baa562e83bd1e671f8199cafe8"
-  }, 
-  {
-   "keyid": "4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2", 
-   "method": "evp", 
-   "sig": "845528efb13d16600a492201d1d656d81ab819bab60d123b2dfc9bfc04647bcf8129872a7c1b0db21d9c1005e4cd55c91282f5410c9939ca3e8acb70d55eced6194c94152d70e00193298730b9019a3282196dd23543f15c1d6f5431efb53a1b04c3d40f0e177d7ad6ecafbda363e89d5dd4e2ce8b7ac6ab2808ff361d6dabeeb443358dfcb763aa9b9857826fc587a2c4b72a0ce7d0e2d073ea4f2fe453a5b72afbcf160e3029f969b290f2e0250225a2ce88895e10fcb6c1638c70bca5d2add74324de9d581e54e9b99c9c000904b55d37a775e8496ca97aae384b500c83e2694403f4687479fb2cc56d981afa2c45b9ce968817e168f87fc0d7419e973c4162baa2e59c339ce82ec5a565a4b3993b2f3e885a1d38240996834b530de306b600d2cfbcb2660ac903b5a7b6e270081fe72f98cf6e29047915ade88cde3c860a4d1637a4f8057a6b7815e21111388bd7a678c8b3221b8adcfc1f4629ff75ebadd3160abd88b71bbb175592cd99f0769bde1466174e0a8a63a07cefbba766fcef"
-  }
- ], 
- "signed": {
-  "_type": "Root", 
-  "expires": "2014-12-17 00:31:01", 
-  "keys": {
-   "4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuFzNjOV+tTnkMzB+UUWi\no/n0hWE5nKeBie+erzGHsRqYTwY2afsUORnogFkt2erdR9zR4TAWGMIvJbnDujQi\npkhUIueZB6vGCRBT2Mfk8vOUTQ+8Xc6FNCyhLZfJKL8fxEOAaF9HSOt3u9BugPVB\nL5QLc/fcWNgBiTErR/kcLH1LvaDeFijOuSC6VDq4GjONK70n1d/CtGmPYIMQj89L\nsIThUrREIH2oHRXFIUDJLHmAJXgw31chpC4CI9/ehnShcM1AaQTfpNwsOFkzNpfk\nCweYN3w9h6I+/3hPlD1oPluolSpz3MTQ2YXnRDBijptGBz4aPW2V6R5fE9Tx2xZr\neI2wlzsObFSvJ9V8guVc/yVM6PwCeVuQknzFo2xXYvQgzpKTSSgk1+0tiJqZkuIk\n7ENhglKwTL9vu40pTgE+gkKRC+CgDPwJ4+VMZJANsFPfCZxMw8+ddufTL70PtSp0\nKDRshTy1E4v8hMacSprTttDsXyyHswp3BARFkPZDy/c3AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsCSACdXyAzAjYWk5acxx\nzlEZgftJULKXvzpcbEzCtwC5Izst23twvlKtGYYcJqw4sPKgxgnHy7WgUxKiVbLX\nQvop4kSKqwpfV4t8ZBHvvHypIzS6ZBknwNU4SvDeYdajbzOlNkPvrANtLyfpKtxT\nxuhmEP7lGFL5pIukNvTqIs2J+3NHNG9O0AU2iwydncohpB10utor6GRgkBj2d9N7\neZQrHyQPtMKodtmlzN2ZUwf859neBPvzd9iGLl+K2zfIHKc0AOyn2kUxFvM81FDy\nHaMuWFqfnKWDftAp8UKZqHFuljvt2zk/HH0t5w9mKiy68qL/jGAoaPcKpWgGAHN4\nTj/6ugSij6/GimYdgOr2taD5BWMyxSjyvCE0FvH/Gi+4+DT6Ll9Ri6K1iLOYjan3\njFsTMBkZ7Gdavc1vIkSgn3joZMGvdVK2JYzPy/ZJ15KEnAUbymnA+CyKAA+gSRzo\nYXSDM6JGlCci3pLl235gDu5lI03Wuf/GlPEwXs4pkry/AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3yIiwviVYlg8NW0B8gxR\nltqmrKL0MfXjoq1UxtE0G/ySki6w8uOznnqiR+G4dOQvHbrTZytTq655v+BySCIC\nQWLyO4x7c2vm4APpiOhIfMjz23uxLhbR9ZVhk0dSv1wykP4O4TIGaRPfLTTTEADS\nqgIIXKOm4zjlztdIzjmlh5vLknI3w1VfRPYT2jBQSZ9Vld0SVNJz3JYW2ylI2jrP\njTPNnrb5GQ/pthrZZFGe1B/w7rfQvO7pA4BfNPT1TI8sL9NpFz8HXAE+bJ8EkP+a\ne01jHNhLtzJxDJRa+BXQtMh5QtJffrLNnwxBGPVBZdIOJm+FSf+D4v+W+Y/M/ayK\nI9TdOlKExYoWQ99tIgG4J7J8L88Mfh9+dduTtDT/jEfQCx4olxsqgJtxpzjTC3Nr\nDpm27djxeX74otXXNNOEN2Wzs/VvEBCWsHfElIyfdElYIImlzd2FyD1AQyhUoe01\nQOI9cjmmLybQKgIXgyoeQ0SRxZFNYAM3kPw4w5/JAsM7AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyFShMexVSDMDMs5wGt0G\nQBOR8XyTV8JpkCKdSRMW3IsSMueagdI754q202SbfIRa0JFah99roPxa3IAIHo0X\n3GUO9HJWp5gSrGcKUXrOiz6CMsGwSh6N9xVCNFqpc8EsPceG/hCaqIX1FIGizYdZ\nN2+LwpGvfpBQfAPUau0NREEA/HgFYB4UptOSyg+3kRFCcXr+nJmiDNc5qXp/HQZ2\nqn6yhuhLMh/I1KsqN4HQGYDOg8L7ybuRzEgGabI0/ZVSnVJpOeHogtH6WHPKGZXX\nA3aY0sr4l++DTwe2wCXTkVYzSBwG/AM/zfVwfazQZFHG2d2VnlS2VN+otbpv+qyG\nq+dF2TmqxnnaOoWTXsQ/XTiIHLlSmySE4WZR7pZREdx12ahgChTA0/0FVrM28DIb\nvh0T0NGyxfAGYEWDvr+xjFyks8RhgsA3ftUSkq7nrmsM4iJyvSN01la4MZNHBQGK\n+jSHvtn7AGMAkr4VY/uv4NWGZHiWt33oL/TK6EAHJmA9AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuN8verErqJFpNYjzWCaV\nXk8f4uow950aJTwt2+BMK97KMccgIpOTKemN80iiDHHLfsBmNozYpF2WuWtWpUGQ\nKlbnafbEuzmTrRSMjhEjTxfvGNTh4NPnfHCJFRql/C0Zln/1YVnRdF7qcc+C+ru8\nc0OhMT1Z4tu4JoqK3jz4Pf5jq+5Vm3SaJ+h0eBo/IArqDoXEHKVZDggsDRM9gVhv\nov79O43Qt3/pdP+o1hAhifHADs6nMse+0PrkP+bYMu9UQ5TqUmKDdaVnYETP7VYX\nDMG1Ipj5GGhPu4bJzahf1j+4RzFAsb8yIojjgHsKxD42rp9mAZt50tr2meSDEO2Z\nLtjH3zaPdaP5WCcQyHhHPVhibdyP8hLmw9FpSTW5pYRRDT8HHcfp/YTpE5TBKApC\n80io16g/FCveJL6pV4leLEZXeroKBB5SCCAPzXoAL7ITUHM3DSmNNcaf+ClXK8Wf\n+s/EUe3qGD2VF0/xs36rsxnsCwwspgjlh6/B+27/i2QRAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }
-  }, 
-  "roles": {
-   "release": {
-    "keyids": [
-     "9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4"
-    ], 
-    "threshold": 1
-   }, 
-   "root": {
-    "keyids": [
-     "86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b", 
-     "4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2"
-    ], 
-    "threshold": 2
-   }, 
-   "targets": {
-    "keyids": [
-     "7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559"
-    ], 
-    "threshold": 1
-   }, 
-   "timestamp": {
-    "keyids": [
-     "c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf"
-    ], 
-    "threshold": 1
-   }
-  }, 
-  "ts": "2012-12-17 00:31:01"
- }
-}
diff --git a/tuf/examples/repository_basic/client/metadata/previous/targets.txt b/tuf/examples/repository_basic/client/metadata/previous/targets.txt
deleted file mode 100644
index 07322a34..00000000
--- a/tuf/examples/repository_basic/client/metadata/previous/targets.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559", 
-   "method": "evp", 
-   "sig": "959294bc789a7490e235d6313507bcc8b4c6296a32fd923c370ba7529914d6a41c15b4857cd7c31a75e40af3e16ad66055cc79632828ecd08609ebb1f9dcba1b841ba713a3b1535644385b36d8c882192bfd7e64b94a7a71fa9d1b6976466946e08cce0257ed1b3ba7cf28dd7dc6315a6782d366eef0dde2a2222eb7ced1d6fa3680c51ab83490b46de49eb2e1793bbb08bb6b9c16511987beafb143032b7d86700a3a8ab6f62f29afb8da0bcf6f4fbf6e3b9299f9541b5b90d6f6e71ed8bb05fe14c5c6c6a949e22b3ca2fac00c981c18147fad2c92cb7b7a63e5fc9fa9636c0d94597850f4045147b88ae06f49fa1ba4b80ec09d5e9e13b090a6e877dc30d98bfeadf24402767b2c12f1ded8b886f9b8e09c3c4bf192bc40a2b7976580bfc513127f282a26ebb52d4ac29facf5cfc0d372064a0a06a63f50fd1ae932b1909ac5ebb611184c980a169ec4550e1b23da3169351fe42cb4db69865a027690f0489210b1ea3951fd0089cf46ca8cdc9564ba59031d1aa404f8cff157c08ca6bb3b"
-  }
- ], 
- "signed": {
-  "_type": "Targets", 
-  "expires": "2013-12-17 00:31:02", 
-  "targets": {
-   "LICENSE.txt": {
-    "hashes": {
-     "sha256": "cd65721176ce5fdbb05773c0b1349f993b94ce77a51062cfa7a78b34cc82fc71"
-    }, 
-    "length": 3286
-   }, 
-   "helloworld.py": {
-    "hashes": {
-     "sha256": "c7861802c53ca2ce7a9717fc1544a902508576799074be9cc21630553a9471da"
-    }, 
-    "length": 21
-   }
-  }, 
-  "ts": "2012-12-17 00:31:02"
- }
-}
diff --git a/tuf/examples/repository_basic/client/metadata/previous/timestamp.txt b/tuf/examples/repository_basic/client/metadata/previous/timestamp.txt
deleted file mode 100644
index 73513dd2..00000000
--- a/tuf/examples/repository_basic/client/metadata/previous/timestamp.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf", 
-   "method": "evp", 
-   "sig": "401f0b342d8ca5d8ccda13ae006eccff6b970ccb5a40102d5688314c3ddcb62aaa5e71e5f711231e5f0db75ab8764ca7e8d9688736aec25c49575c2a224c3c281b5c5c6ba561e95ab7900f0928b6fa74655b11572d878cabcdbf475f3928d5898a41464739beb2296d01b18017f09658438e32791b6297dda9918716ee9011c5eca22be29b705b7dde33f0f29363eab5348e8b2026c415ea65e6d40c8068e499a3e27c1b85c3f9d15ed251e94b991e469675ce2dadfca21c05ac9f400679bd03c9ff4989b7dbfe696f995697511c0ba80830d51347792ef2a6bc2e8f6ae5f8623c08d616ea94cf2f88c03d8cf2e56f09e189748a66fad393464add092464a1f8842610d96122c372da00638fe90f0ffffe38b2002837f4993e59eb35bb942db2d1e93faa6a3f432be1fbaeb32d60cc612eac1b72d4d5b03c21c2042c720b412266b221bc8917353a7a9140ae4fe5cc6a703e9fb8f898b6cf45e12af440ee06c86d4aab92631f0ae1017a461141e4098df6e7dbda00624e502eb293987053d787"
-  }
- ], 
- "signed": {
-  "_type": "Timestamp", 
-  "expires": "2013-12-17 00:31:02", 
-  "meta": {
-   "release.txt": {
-    "hashes": {
-     "sha256": "3a5a6ec1f3530b21a68a5bbe42a7fa5422dae9c4f211a99c678208ddedce36e0"
-    }, 
-    "length": 1340
-   }
-  }, 
-  "ts": "2012-12-17 00:31:02"
- }
-}
diff --git a/tuf/examples/repository_basic/keystore/4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2.key b/tuf/examples/repository_basic/keystore/4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2.key
deleted file mode 100644
index 5d4735c5..00000000
--- a/tuf/examples/repository_basic/keystore/4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2.key
+++ /dev/null
@@ -1 +0,0 @@
-01e42cbe47c08985@@@@1a4bdc5f34685cc82c2e2c7a217654da@@@@7141a82ee067e12c72e78a97e82a373c2bed71926eb1f5dd91ce31ce9265e50c02139d95ff00fb3537a464e974be19f207c0416baf4f2c0909579b72513f6727e978c10d6de79aa1857c14ca52725de03423802043853e07b5ac7a4541039ff9be304f84236529cca0db53aae7fa8ec4f2dd381cad25857aefc85587be706a6fed24605fe9ec9db3f584fc7c4632f14f2810cad0572dc4a0afb3bd00e1f253240e6c361e0c400ca15725718e86693acc9e3f438196792e9b8f3e622279b9b58395693a26ea4700b57c1a344485af0bc53a93415b131c5d7d5d8eb3d9584b02bbbd2b38087c22f0f15902499bd2c30b8027ea4859d2ccec2f757f38f188fe8fe032f16fc1aab3a6dd3b2c5de030ebea7b5f73ab5ee1c8eb912b57db1a49d7c1568e6d8a9971e34d4b7b87ab20a9ccd4c3a125c8f4202446117a81413ac488bc9e7903902b40ed11ad6eaf04bd01102c1ab23cf9d80a38f9e0c5403670f4a0bb48cee8cd8f536d00f2bfac14f08185d45870cce4666e11d12f6a18e83dfb4ede0639f08412b976ab95a59b41248e004b32df76ba0043c2ba710419046ef9792184583b8d247db7e6e6b871228eba6acf2a56ba51e5f1670ce2447988f56c32421b86549db1b67f814d6a0fe9253b8b1a394a1137cefd5cefdc07c0a2273bcb21d90f547168c6286d6807086e9b3b7f4d6e406826daaf7bf021536ece4eb8e9f480163e48fe1e7a32769efe309c2ba7542606610690cf050dd4abf272ffca3b68fcab1ce8ed4158230acf8e017fb0397ad417556ac617031aad79dda2f147932747fe12eb14d534fec9d041a7953c133dba8bcb64240c60ec819d8821ba0b394e670f89fa947c2c2ac9df04f1e157444897a06531f0e8df3264260c1899847bc3648306114ec0afca72d4203188f116e1402c8037e18431358308292752083d315b73eb3a228720f9431bfaccd471bd06c8497fb1b64b2229fe3be8fbca25c81b2b0df4e1763e565c0ad4147af44625d6b3437b7412836853dc86b13dcbd6fd4a41620ea02f0c9f57e5a213d0c318b50c6b8573fbd26de62617dcb046688c64f16aa252986082819ccae059017b6f0860ce48c503360a3cf547d0f446c92d9aee0f59a829cea497f21b65dd74b6373f6a27a46db3c5c8904330bcd319f74662bd481851c863b8dbad982cfaec03398b8f65631159b07a3f13478b30d65afaa6d85f90b35915ead07b842c2785e695b6aeef6e90033f09c155757581384a6f39da83015cbf489a262d24a6ed245cfd659f3bfe035ea88112772149da2894394a71f12740a5e15be071dccb7b81787859313f045c0f852dc9253a60ef3dc3196bf0c2ff3698233404d41d9b0813f4806ead02485d710a431aa9b51850cf7dab2405fc4a4539a68beb258bad418ba92026e4c07496f47f78f242a560bd3678ebb2b8f68b3adfb6078da11129035eaa7d03030e5f525177111c825d74de65617eaa2f88ec6b5818585d687af4f43ee98c833197c12106738548495d0be7bbd5cd272465f3b5d5f1a47c95dfb00d3ab39c972ccb9c71f49cf0e39ff5bbc67d4e79bc49f1a898362409e4f0fb864244cf5db630eaf5dbaa6ec83b46bec3af9e9a3e16c0c972c6decf6dc0b3bbbe495b0b9cee69ae1742748bbd812d61246fa24ae19c4ab674d60700b185284271d70c2276dda3c5fd9575cb37b177de4b2b35882db76847ce9c2126b15c22196e926409d66d15dc1f0704d77f7c8b2290947b5452ae2a5a7e6d15f14a4a1453c5906f371bb9ff2af69fb26ed2c0c9d5f30c11fa5f2b5c6f64b6daa38f0ebbd91b57a7b76cc03787381af5ba9e22dc3f4a56771dab1182d8bccdba6b860a60940a037e3fc6bae8b84c4100bead823c32a18e2933165805f4255309b2912359418e9ca8c99ec3ad42e406e321c5c853988c05db04cdba12b2f89549d897d4a2753b1cc45c95bad1ed184a2368d4af8ab86bfc9951e14a630cdc225fa60c67a8fa68e49d816d47505d967467bb48a860f008696e5a0610455cf0ab4c64b293cba7e5d86781d8649da67f03ae1f968ea55a9629e7bc452dcca722071a1d6093a444f9ebe19e5b9370c3e8f819acdcc830ecaab09e76d91b9237791aa8ddef6caeb38211333081093c1ac5e13b509f616b8382d29f1ad3a33c3aa737727f7b218082b6b8ae58bcd8c1552816112610526984cdf16969c6404078e628dbb85b1b1656746b4535cd49ef69b3856f022f2f1524303b948400ddd77adb01c2396c53a70c1885f6242df0cf15fcc040133971965bbb89d355835256a3d8bf1657e59edaf2e645a6bf77870ac665a7938dd6f126f47b0bf995f09a8d244aecec5cec251a3bcc4a079d8bf8f6c506351f6f7d30828999f67f87c73eae6bee5ca69037203c7f19ac4d794146fcec7b6029845a6114ece833bd41181d1d8b6c6128c2bcb40a9af23ad10e24b1743733f699d59c92a5dad8f12436cccfcbb96693afafb158aa9e5b2cf327cb0b5e69a2f5c0449c3ce2fd31abba1116169e1a6398d4ca16036827a1db838813204609e8368f932bf0c295880d97f764073a29a210b0d61c9b1cf088354ff5177ad2a878bfd1858f1342de479b09a424b4fd2ffc0454c8c31365c7a3459273eb6bb46a466b5f0c7989eebc40c02d9eb9896cbbbb27b83afe269aa2eb90e0032b295c67313b07b2caf5bb59b4dd3e2a66b0046bffca6253ea29b9ea788f0f391aa0792746c5524d1842142711b3077165eb6e64499e6554a78db32fa807834159231064980f456e84c81b3a4bd27c5f3223f9a5b1485abd1d91cd4ee1c39d5ef02e4e39d6eb4e306a8be0e97e384b5d7bbe65292bedc4ea52bf2523a20ca7fab945370a617b223c639da4a9ad0d23a5078c11ca53ce3c7d78844f48fe4c55ae57b1eecd281418ac578114edb69e72b7d46b794b3c49f3c2c809314f3e987567f869b7e82b7b23cd7170857603b346ebed82dc667a795379b62cac5d6d380f7468e7f874c9ab61e8896453129d9ebb916847a4d0274f2578ae091ec8e2cc18f09c854ddb0de2943aeba8377b157c2a0436317a9f844afd1d80e2f1c7bf0919954a48ae038308c7f1dc3429fc80dd620167ddd6425bae079aafbf3b81a321352881e99a4e0d5275fcb3151514175f2fa88985771f7b3a6c2e95d72bc3af3bd58169d3310458d295ae10985017d9905237a4303080e95d472555cabc5b0032e234a12055bceae1d29990f6b74e6aeb11969e8599abc5c26dc4ab59c2de3a63e4f63104c4f91086690ff98d745cf8abc9cb42ffad66b09b50fd40009eb8bd29ca7477de8c63e37e615a6ba92281da60c19eecfd0db2476314a7acc19a7e34d125de3badd82eb2e2fcaaa097fc66c0b3e2832beb1b85068d5b8d9eeac8af286e19ca9c482738a796b174ddf4c8348c523240dd09b7aabb549b448c78c7ebf468a92e6c947440c328ac46fd22b4037cb2b839caba41fe2a7153622a275a869441e67f92120ed96ddfc794960cb3650d321a2e7fece83f85da703d2f11fefbcfa42804bffabae51114c2304fc94e1e8ba55b7e0807f6475b403535682f7fb9209729ed5e6ee050ef955428816eee7d1a0d450d00ee429c4ffed3452be9db7f4f858be2003600805c72fbb8900224f91cb6da48aa51d1d79f0efe29b1a72a38f3aefae5d07dba10629cc61498274ba5454c274dbc193e88aed4022dcd367fb94090e4684dd728184418b0e53f2143063f0c3e91f64388ba4e22ef17b7dbf214f8f9ef759ae0bac69c0bd89eff2efd74d9f5ed97ca2e443ab2a4f6d60f72204c7daac06862a050a723b37309576a2ab9b3d0bc7356e1c3b3dec913a9c566a736d38dddb48b3912505426cd2066a4f7fb4b39c7bc2bcc56268f6583f170555ff3fa8ac97fb7648bc127bad7df0642c61bec5d800223e63f9923d358e49d61bf627c246b35a81b65eb95c0412f69eb7a7ebb11862630c877c6a696e4d51007bc9734ac8ad997bc436c632fd0dedbe3e017af7d5947b9a6d1e5242e6fba720db21a714886f57fe42be4025b07574b846eacc8ff538aa5ca9b23ade45b11d49db50bcc4e2caffafce4b98558eb8d45e6598d7854416dcf90cf21ddfc833b1a243d9aacaca7a8bf0d5d7a13d20725afe1461d46fc8e727f560ac69a6825b923e6705cade0196eb2c911e452faed2ef9fba180a43a48d071157d1a4345e66dbc64eb3d2d08d0dee3a13d50898f6f19c8412dd4719d8a01bb267ea112f3dfe9836b46d912cb58264905ab2208ceb6174cd90cb78ee19df0b4c93f76795eb8988ea5c268145512134fa9037ea3abcfef8bf19062d9910595927f58df26eb618d53613249a58fdc02cd7800e7f2f861707360755b5ecfcf096b2545c368d671f611f9439797e7f9d5f228ddb1c9a227a63632d01e8d50095f21d1451db53c9e28c4957ebf2a5d083b8cfcaaa525d7db56d55d528fd0c4a456f49834b2509eb89bdb1635a6dfe1d54678869b7f75fe781ec0cee3d6c150f549befa2f6e
\ No newline at end of file
diff --git a/tuf/examples/repository_basic/keystore/7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559.key b/tuf/examples/repository_basic/keystore/7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559.key
deleted file mode 100644
index 7edb9d37..00000000
--- a/tuf/examples/repository_basic/keystore/7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559.key
+++ /dev/null
@@ -1 +0,0 @@
-737593836dc1add3@@@@2fe6c5635f9a7b8e8bdc8377dcc75f70@@@@73580d365bb612d33a1041b45b5b40578d427f1b5c5b2f8622ef5125bfa8e23995f1709848fecdf4506a1dd942cabcd67afd17adcabc5bfbebb6d407e8fa99a574b352a58f73125ecd4b269422abb4df85e7e164dbc8e67fdf93e054eeb0321f43e77e1c8ed035f0a7e7668b576e0520abb9a5fd582f31de264c8d21561d0c66754aa9dc336a60ea7806d006ae1759cba9d7c8b3e261ce95c8edf238e19ee81e63d2557232382f2b3c90008f3f58055f86d806854467717edaa59c43d06d14a9563aa587e4758fed744514297b42ebbabcc0f4470ff3d05e1cb17a00dd06433ae97fde3dd45268f6a6110f745317e84e6fb3efa4b298f2d6ee757d66e0c4b4258143a53698d92d2e0a5feba3f2ee3038dfd98c838bb9d7d5120c7d1ce13a7e81fb3819493c7171d69977914416ac723baf04f17fba83f97dfcddaaf109ca893e5a4ba7750c59d93c27f327cd765d4bcaf6d2aa734905a7209c0cc396552e600c489334625ad8da39822cce0573aa68a2ec0c787fe12ac92faae1563f819f020d36975b88a2be7d99088eeefaa398d079d0ba6f9d76d2352aaaf6570e3a2c657810c3451fbeac2a847c78fc87ef7489a49fc58b35d35c12775ce5daf99844a0df7f62591a64b1326f51a2e00e7e55348bf46dab048ca3e7811a94f130e9730cd1aff3bdfc743514932fc6ab24de71b1060a639ec710cec7ac7c0877314e8c52350caab31d2962c7111960b2e7284802dcd1b06bc0d1aa38a6c3496407380ca76f976328a5438cac27a2e4ef9a3affc13b8537fb36e4050259fc5da329d6145e78cd3f47feeb6e8331cb213d96161939b9b0ce1dd09c4b3d20303b84ba6815e871bd0b0ae8e927fb71d53b914a29e2ea369a9c00f8b3161917f03d36e84009a9773cad09cae37f4eb204d07512e6ae072f66297da35e30b21ab0bbf57ab7e678802274a496b183778fc12821377759ac4fa5edfece058721d3ffb624b296354c0007a3194922e76569de0486abb531e6105c4a84b9f7073f0f11cf257a06f5e074f2ddf0c22e458f0eb5209c8e578cf13c290a3599b6d580ba4529e875d6ab325e06b577e3d11990428a780eeffb2082619ab53a975fe091c2af1a2695ebace31454f9333d017f7bfe9032ef592d1be116b653cfceac05dbffb3a6f35e4a104cc290edb0244b8cbf743d1c4eeeb4ddf377b36313f5c5dd8d698f66f8fb0ed3f2c1a0118813ddac73e258256e63dc09e4de402043631cd3fa425c2abd2471d55e145aa4e16f467c002dc8117b903959b209fb0f73e89cd62b061e1b7e3d48b1ad2862e752b7105f19e8318efa15a53921de535395128860d7e7311a80cd5d4418ec561416c38090c024273ed90a6e56b320518fb3bd2e5d811ab611897c7d01d56e9fd8e2afa3c46b438afa29fcac9127f2db14ddbbead223f00bcbe47bcae1f2df58b43db377a82e9d9cc9fc5fce972867faffad8337701725c3d60c1f307e076812a97b0241c704075ad8e25069096a3dbdf714ddd7dace2808ce218ee692b4bc0e9de65e088a17e0db5c71d2a7b1a34d5192c5bfca7a7aa10ea7638a7f187443217c4b0cf524022fa51fcf4ac5c334e3e87d6ed1d7d149cbc92f8938e0dbd5acbc23e3dd2c0803f61ffb4c6d443530ccc6400339d34a2a9c54fc77d70204b6ec9a52ab425153e1e5c0a1a49626aa5aa1cb42583c484b62a716c65dc20ca7fd23765d79a0b71b8cda5a13b3f25358f9fdf33beaa8c432d5662b74cb4872d32b48866d10c3e80b39c8a2aa668a76f8a9b5c635a80a60d2bfb8911195c9978b2db2c3bcd183d92b461d025a621debcb340a4f5067fe32e68b511da3b84b2baa96b5b8828a12298305d7e5b68c0ea984bf1e076edd5fe844b8e93fc70553092141c0128a03439296f0497a70d1d335f430a5f18e9158f919d4bd9bc0e58fe47d716e1f89c040572a061ba7fec80b8b91e1e7899dd158a42babf9d8ca5c21d0d274fd52d7c38c25fe1c1fd440b8a0b6097b6b27269b7aa3d8f58d71a40cf09b05591fd27cc838b981f3f9f1519b830c232adb9707ae16a2beffd2b43cc7875dd32ce04899a828d81ee2affaba2c643b55ffcbca39fa463ded242ce80bb0abf72a51b0fae99be46974db180bb26c860154b55c8cfa91e5065d45b32892d854a15d4794c43b40cf6b964373d9bac537643842b407eba0d8372cac8abd3ed758d8af8a19aecc74e68ae07039b8c4161409a1774414f172af83ad58738d6b0b3bd8cdc3695eccea1fed249f01fa149ddce3d0b437de2f0a39622fa4549fe1520b701a452c9e8ce2bd2218319b91970fb443fa8250c636b5b6b4d710419fab710565e84225120cb4f055a4ea8eb6bfa75053a6e0cd2163eb19e85016b602337b54b57cb8180d5c4c372b971b06d08ccd909292c13742f5f88a8369f17e3d7cc765020ed9902aaa6e33500072677355b69313f491f28f1f09bfcb5da061a5242c12ffde1cc475a8f6055fda1bd78f963a1bb781c482e6ccba0ab34e73fba6d9e9b6e4a26076a78f48765fae7f6f3aad4e230ec7b90f7034a8291c0da423707c335f8a0a4e68487c67b950c062c7043f0a6c8fc14294f33626335cf6b8eec2ff38aa2ec1f6593c0c8b08c15a3d7716cfda713461201957c41c2bce470463d3f4c58e4c3d70afe19d8c0e1c3f8569f392d9117b1358f77d7701a3da32d46bfc022b553723b5c927a6d60f535aed9a910cde597b900eff99f68a302daf55088d749b0fb6dcfa9f21323d5fe791d5358428add85bf3cbd003998c3861cc9336e38e9e1168b90bb69d9a3198b09ec7d311b88474e141a06aaab3291dc378b63654164be22a6600fa32abc0707733d7e4b43ff6e8bfdb80ea709abde7f0130945bef5d5396ce614642f449bd50d03b867ee1360202a7ced9e45c6a9ed22a45e103c4367479947106870a6f766d6a20bb2bafcdcd49049dac16ae7108c46fc2751f044477430b59aa8844a9895eb1aa40e079797e6f396da6d8f9388d931bd7ca39cce9603fb82b7cd4f385a46154e573175d21ea3910b275a4c606476809a61e9622c0ae64371ba52ed486085538f0aded30f02d8f2c87563e3ee489222c2057a6af970b2379f87fb91a7559b18ce7a6f0251dbcfc27d9a43fbf40eb3413e891ddf8410a5298b27573f02fe41e6208546777f6d0845b21f241896ad4998c81c2baf290145abeec14a14690964207826a92154e4853f8cd9a4266144a57f5a7fa71a1e6da106c0c437c074b10f37d1e420d0dc48f13f19ddf4fbe54c6485bcdfb1eef4b048959a902ef548d76cf2adb59eddb51628b138281b14c0b10135368e4a2f959765d60e5493f2c20e21b2457b102d3ae0c6bf1c6b26077d4e0b8c46cb8bfdb7f0d7e18265fa4523e2c8181eee4b85a8f158e546d08589cd8a5fbb1343e6d0e0fb215f0639e070b2f27c2b46e091a99ce23c53d02a2c71b3b956cef53c68c1b213db62a0accae52257d5ff1f2a003acee093ee3150af8e41fcbd6928247ce51ad88b31358893c47a52cd7091610bf0c4d6c19666705fc7ad1fa9355ba37a2557c75af3549455139d7a46d9512695e66f64398932f66932d9701a1365d6258afc11793d34188ecdbcae81fe031db626d892e5f5e00172a7ae306df285f8ffad64f5050e165e1318e1d6137dd20a19451d8b6bc6812ee9525facf6f6e0b36dd16197646d6b9cdcaa656a0bcd24e7592d122b79f0f784005f8d014bae39a70e05ac1a867c65cfa434764f2d81309a5cdd56f977cdfc3c76e6f396e301fa13a70e6e06b843fd424b83ecf9c059da33b377d25db17388991fc9b6eec3ef457bc9ebb1580e9c0cc5737cd2ba854e6edb9491522f2fa085298ecb660b7989e88260e5ace7778be724889d227898dbcb23cf37d070cd69ece80220649286144161b0880220e0312cba1f3a9582a33768e7ec0f859e5d2e444be7720e08769e33627ad63e71cff4464e68d9f1e5117748bcf76449adcc79df8af3c17929677c69fcb23719102a1a70af57688224eff9488ca467a914b32deed6d1e357001148849b4a8a56bc9f49676db48e57ecc43daf16edd2e3f2f181f1f0223fd2ee6dbeb3424028967173e2faa47372a26f43895b69d97388105c8e4f2d4f28cbf42c9edf71f08859cbde4d7ac4678f841d575e38b29a6c1f7b7da73f884f4ddc95c6ac5287de1314515a48f48640e49a265c13b1843fbe91eade32839c9c2f2787965c94e6c9148f8f377c68ae47eecb6c06f2a18fcf13bf2cd88bfa8e6ef53a961944d51626b93fc47a52cbd3aa07ef58f245c8415246958487b3f259c6cfa6a315b25547e0355c9f218bd6ee15d1534386fdd5bbacb4567e9d42cb2330984fea0071b983643048552276aef530be304cff1698a91a787d88deee2ec11832366f935999d8ddad8c83ed8351a86a7ce22734d1c4f92675d86886396162beb7be9f356e7e91f2bb3392c2516097c6b86ced3bcd4f79a247e93b85760f8915d7f1ea4407f7d439489894cf56c84029
\ No newline at end of file
diff --git a/tuf/examples/repository_basic/keystore/86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b.key b/tuf/examples/repository_basic/keystore/86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b.key
deleted file mode 100644
index 00ef2177..00000000
--- a/tuf/examples/repository_basic/keystore/86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b.key
+++ /dev/null
@@ -1 +0,0 @@
-b156d80060d60ad4@@@@c904e10836c9c61bbcc4955e7e5611c3@@@@c3cda40bbeb44bf8ccde39c971c656c56e1539d21f49c2af4125bcb8ecd068faa210d54a4962045406a68e26f205d27081c69cd836ca090c7d72e89d9786587eaca929f5084f6358d9244498c08968770282f25965460989c197992af2b8da8e5cc60b11858b51be30c42d21cac7c01b15f69e1d7d409bbcd6787ea2663d9a61d0be9bab51ca661b95783906067c5a94eaaf57e7c3b4c0deb771669a310e66972d35576d152644665540f1128c6b64e58d29675ee41e93ba7990f0968cb3d2a8dc93675c2fdec3540817a22181f2b9b62ad6caf62fec5235558b26f7f85019754e8c4a71832e5a680abc69a622ea79744cecc0f831b54c9df4c0ef93171594a5657434f8ab2bc5ec9a1c787e84d9f43088c9061066a771303705533d27afceee3b67de5f4eb47c4078a6814a6847d5ade3eeb77c6433a90e9e60ee1c58601f61d1238207e2f5f9ee7ef4eb23714c64b928451ec30a5356f9af4c8f967f8bcdecb946cd466e6fb3321626cb0137ad8e91681ec40ebfd8e76da78b5c49dacf4e195054fcfe1df37f5fbc25d627c9a13776df959810b78ea4c2717a12d449db0b10dca51203db42249efbc006b113abe9bf55682cc4b8603660862ba5475bd98b674de9f7a5e49b9d3f724455f0b67855b92329687f28eab6b9d183c0969f2e5d89cd015cfccf857b13a573851776e795ec5aa44f1552bd5badc92a37b7141b902d4ba4c7ad0c01bf1fb2adff4a8585ea1b1740fbb8c852dd15bf6048f80950a4593c6158ac874abc156ec4c60c49bf261d722b2e84291c9c1e5b380bfad8df41f23627d546b630dbfc3b0e5f7dcdd4b6ba2f3479113d9df2a66c9da2687f38c248f01d43a3df59980768dcffb48bdf630d5c1fbf004576c7de3e2ff6b1edac8feed3595860acadb339c1b006db3ff82d459d5af41faa1511c1283128ffb214e04c1a2bbd072498b433c483d3ddc98f6b4d6c77f4aaa61e63f82953438d6daf3c35c7dd3f2ae05caaba088e9c39bb7e58318b838466033484784fbab4aa2668fa53689b9e4026e595886cc51d50fedbf2ec425b1d64be329938387114da86200ce7524caf6be441fa06535ededad86cb591ef75ad6368be4fabbf8005218d1211cf95eb5e23922e0f726cdec79dc51fe874e07b2eba201cf7294497f643dd869224ec8f5985e441b0c32f31fa923c4fa22b23f2d10f508f18db700086ea468f9988c15c2099c0bb633069fb32fd2a8d0be44212cfe0435e9be816049646f96e434cea41f9f19b314021e790c38720bb73d0e6ef6cfe8f93ffea1fd027c61c448983daa3b25ba0096255ca66231a491fa78b03f2a4ea43015b7c4e5b067ce2ac57513d67418fca045e1c556c096526cf3c8a4b7d22ab217332d4f830441fd5680275d6680ddbd367463125c24bf471d701dd8fb79827c925b448c3bc69a04a426a5bdb257913e181a3b0b18be0e207d520a0f173b66c6844afd5be794b9de1a39bf1b6c597c52650b2471e1ae899b809b445f649d838496b9b11e33a14191ef6d137f88ab75873c2a8dd698537a8d6f48475c5198b132052f7fa691b99edcb77ab93957cf6a35ab039addceeeafe55e23066dbbc3f7149b5d6fd8b6d9936eb304fa8cdbe1c6ae3dae827fd0b6ea4b97b3aed4fe9f26174e1972ae62f03727903f8902b3de084cc4c0b356f44e822baab348829d851b52ffc323d6bfb0ba86981d17ead08869e69d0654b93be76f5120e98e5b6bdae5ac47e7e9ca4b708a513b02040d55b791390707f45c65604188f823af9766e4f3dff74d92931d1d1d4afb5b91543eb6ec61658f4c1c12ed53686ff3d2009a2a55ab158bc39b1cbbe596bb53c2ec603e99837b83a17d832512ffb65d4028b35129b6c0f116129af398baeb4033544f004ed64bc0559072689be56b948c50f43e6fdc8feaf91a568be176545fe4886e84f830546cbc5bfea873619c74cfb3fd7e6f7738035b9a50228c3a221eed34f7d292e2193a6ec02c3b099307a11083025eea24e7dc783494c208009391ba5ffed4d431bd70250141cd4d1cde0e92b9c35065f26079a37b92577726d365abd12a9a12d6cc5cb1979d75c1c344747fd3aaebd1b98fbd52fa06121a32819f969cc755ae1e52480517e2d5831262bb38fa6a2ea60ed9cc57bccac1a86b9a7deaab643eaae2506bf23b47415a06d1791374f532d785e0cdc674d0da034f0eedd81780573c807075cf750e9a24616e1bfde9d6f661f7161ef3e1ff8b8b7cb1a3fff70a9607c9e8cf717b0f2b660aa2d30bd4221de13736163129a4b69c0ff8dd30ca5222efb6430205cdfb2c039c5cae5cab341d1b0e409f9185b1306f9b6ff5cd7f65814e4099b7c4722ac183408e7ca10cf0b6353aa9b298efd01af0cef210bff4b812daccf2db3311bfca58a404c246509d661f4f5db0057342436b59f68fece5a7cf684f77c77650261b2fac27b60d17dd4381002839595209bc2f4edccb0f2c15c9458c127036fecb51fd82416554bd56467d30f1538728543f2a75e7b09ad78f209c4c211479ee02f5f2de8df516c32114bf7f8e697ab0906a6d4bf289aad3127b03578c9c9a0eec758ebb7563011fb2874fe1910b873f2b8040c3b8690716c6d318fea1a22b979d56514aaf08f1f1361e47f1003576b63a716bfbf21566f36fbbb92eed9d1654736db3ed261a49b36c29b3b9c3af70149de8542b217e500686becdc64ec92c868e50d05478ee1830d39620d0eaddc6aa9f6df4ebbcadcaeee907b900df2aa458a0d26475ebce5fc830302ae2cac7760f8d778ab5a931b2697b3bc61e5c34d27662d26980c737eab211b00d1055024a8e8f85382fa3bfd6fdff2691c064834dca2789e2d1d02e74e0a550e0a322331484d1beeb50537f7fff2fad59997be8fe968746d95cda7f8b6269e5f527aa58d39713ba04122f20fab8979ed815bdc0f867e18deaa72e87cd8a4258fc0bf496c7cbe56b6597c92403e09fe25b40924ac08464c7eeeccb1f5206966127397d464343ceb9d79c6fd3eca0578b37a54edc8e0c4416a22e6c9099f8d92ac3fd2354f17bc45fe65f47d8a097db8941bfaa7f4d03acdb79a41d99d232ba964dc2d6f72122cfcb6cd0064dd36efedf493b11975723e923fdabe125fa36aa8e7438fe6eb32f2ab5f93ec3422337247293c79f63d3866be4ff47d5e7ff30c480ee8d6d4e1a44c6f04942c7b8a131cd140f53872571af74bafd2829c70fca352e2cf3ea77d6e36e2d5ae1e44de18438e356b0b7779e68817d521f4b48855c98c67c7a7dde92d584f9a206bc47ac36b0c691c84aa2390a7898bf1fdff8f7615886745802470f5a82be0444163e31d2bdb6707c780586f636fdae3b2a7853e1ff2664c2882c33765741eea147b3e32ae0bd50d14daf84867dd2a00c3cb64519e3ac5aebf72d25f7dc5a62a06dd80177c78e8761167d59a0c6cb357930c17c7e696b65d500b17d7e34562cd584f1e06f6f35492e39de63f455a119409f13cf4c8b3bd9acf75389bf7ac1b21bab2291d1c937211bdd38622e2eef9af7855248389ff597bb0bd5a3572fb40ac0e1b3d6ad32c64ec802b0790450feb325b8a462be6e6866095c7eac069f39034eb4eaf2c35739bf374fdb8d68e8e11cee969343a819281af1edaa2f26845398599d0b3aa6fb1433e97fff91348ead73bb81fdb473cc8e4db9bc19f5167decfc3695aa2610df3de1af90c6c5dee5e77a948ba8e3731c154347b030e422de34e291580896920586fee1acd4acf05225dbe74fd1c72482e8c17e3dc13206f322573d4615e6bd5f926dba2ddef8a7f09a0085dde8aa6d20eb72f393ed2a1e3c345f3d936e138fd4cc4a62c693c67012e1c67db5a2656dce32f0ee9ca33ebe78c747dfbeb6ce12ebeb28ef539167dc54b6195c4e743db5f4e61b12dd544c453832a6f244a9f8e69b0dbe1a9518ec19ef30c112ac54e0a45f1413f5c415f4d0688d922ace8e1310cfb88d48ee1edd87c004b0d67ab18abe8e2b4def7c0ff2b9c5569be5b1d0672277cde0fef17639a4d6e37e0705f99678da2520578f9c6ae410b3566fd4ab325dcd587a2b5ce7f7c1425943a07c858f04241f8cc9c71f233e2124f76e10e71cacc13cdc4272cb46ffe3ee8fffdf17c888812de6037e46ab13d6696841f83969128a2b71bf20c890224b219f53b07504a3375a273cf29b96a27ce6697f4f7b8fb3f08b940301f976f617f9670b07d4be006ff98ac83009c2eec35532f8e7967449bc584bbe9934bf0f5c77b15c2ff10dab68b4d7bbfaccea9c0e166c7879c0f912660b2d23ff2d3f26201cc55425f136cf3bb84082778858bff01ff8ab84bb187398766dbb6289f01349563842217050f14d90dc01b69f8a9b34c9ffbdae4629bb274e946dbcf39fa31237f2a3b749bbfa589ba555eba0a023b31d1fbd56bb9ef0f20d9eeda503924995ad6d15e116fe84b1ac10772ee3b154c961dbebfdc9faa303e825b69c7838a130e27beec91fc93a9fb9dbb4491ec58aa3263c29edd3875
\ No newline at end of file
diff --git a/tuf/examples/repository_basic/keystore/9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4.key b/tuf/examples/repository_basic/keystore/9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4.key
deleted file mode 100644
index 14ff778c..00000000
--- a/tuf/examples/repository_basic/keystore/9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4.key
+++ /dev/null
@@ -1 +0,0 @@
-4f74a37a4548e651@@@@16fa190bf9fcb63f31a090bdbd4abe70@@@@a94ec40c404bb70ffff4c550a9040425e3adb862428922523a309611df51934220e88095b12ba1f3b4437713ac90cd64f8fc8f864fb6c1b91396e88e0f1f30ef8c6cd3c6e979fb95b0d2ab7dd18f6012a953fe21897897d6903ec62954198ab92262319cebc2f939d0f6be618fcfb0088c13960f6d48ef7697787496a6ac2e43b1d26a3a84d6f3871837d331c5d83829850e2c8d738532313bb0d22ea2ea87acf199d2d52c9aec9a3670d5f5b9cf662024dea7aac6e45c78f27e146bc46b5500640aeec6c9f7cdc8240c90b33d5111f41907133c1aa9c060fde7ef11cc08214c7dd13e7da8a9e284b6c486eb369ef27a1b3c195d02eb2f02a0cc572ebf8d438007a6553d31581494f76c9fa76742fc7caf09fef2273563373d310f76dae3c89edbfeeb262dde83dec8290c1fad4c4c4f41d64c4adebf50f57e4acbfe920255bad3ef9089c6093b418d3a95531637702dfbc927ea077bd38a2ed751b1c1f648385a4d8f6ab16a3cdb9d15443f1daa2186372d059601e49ce53954d68b7a5de890288b3339e33d081d6e0289afc4ffaea1f36e00290db90653a4a977f745cae98ef24dbe1aa02f7c5e7a880e605d054fd1d7dfe79eb9e17d73856dd492fee56895bb308f1c4415d9c9bab361441f29501d8d721c71823c4cf25b7a11ed0c4980fa22899646bd18d62ed1a9f68165c53fdb2828f8c5ec6c2144ed94dc73b41d377ef5dfc17be29ce5cd870672eb5060f5008adf1c0842984e3e5b153feb6f5f19200975178c57745dc474249d6dfaa1da398cecd5661aad26c9e90bf85af74b75632a74ccaf0dd273e08034ec91460138e8a39b5b0b086beba60771ed550aeee818fda3550f09f1685ff994696f94cda402cfa7d1bb6101c69652614370f5df05181b1f6b38fbe78efb1f190827085a3ba0c6cc7ddab2e646fe5b7b4b89ebaee7a067cd7c24ae2f431b5be2604e7f2eed0819ad87dae44c727d029dc554d4a1183c3f96b0238f4c65dcd1ea705e1e7e73d198c2e18024981cad41ec5ca191be98927a1fe3d2689d728c1864246717ced69aa626c247a93dbe5fcf24581a4ccc631c8831e6be6fedfe6cd133dabf19417dd0ed4a732eb0cc1a22401ff5f3b70c986e644467684c22ba0baef00cba43788f2652165080bc4412e4060a5511e4707c227e023d2efb2fb4eac7b7213b9d9de3de4be3c5f004d3511e68a5ddd7e4bdb7a95c9102dd52e37606f129478aa2ad1592178e0748a5944cd0b7d21481409eb09f969e11c26b7b0d01160337e338c8f7bd9fa1a60a451fc9e8749faa312fad8c8246569283bb809084cd8ebafb43f7a76729fa3123ad111f4ff997ee150311bb681dd0ad6699e92c98cf7bc55b5d0b1e02b21a61c847226e88b69dea8302154d9b2ede5954e3bffd0d37ddc928e63c43b6111f6585249ecfc4769690b6ace180aa2a1eeda2fbfd9c479648ac03f4b917e241a06ab6538a2f4f18e191e2701643eec915f8565373c3eb13d874d3ad99e92a014b6dcd93fc0b25b0bb14c27535ccfd97e72a9c32c7f1599fe52b1596585b98a426fc7261e374cff1e66a19000eb5e75e3fe8088d58076e95eacd39cd956b87cf162affc15dc0d44f3cd3d64cd61ec9c0eb1b758a3e72ca418bb9062c392d1892b2861bd50c78e9b00a8839d4ab829064d56fcc659113f4c64a6801bc49617401051f08d97fd658403dabcbb992c59b09a04a0f732f18356e3f636a31d5752ced7bb1b3f84be986bb9c552b4656d4cdeeea3437cc6e466a709780618caaaf7235054ffa7b64f698f39212f580a8bfe24e66caa3835f3965b078feb75eab97555669a6772571ab2f9d6b5b6fb32ae81c883a2e15a262e92cdf2a09f598834e7d60927bd405a7eb10fb5d5c5ac5e31d99fe9e7a8d9e4592c75086d1bc1e5d9bd3cbba9b42fa96a8afa474b09eb582996593e46555781e8a20b3eee823fff68b3f35fbbe3627f6f9e4042f64d937d053aa2c499ea052506c98a826a495aa00e7c07615f25f60b68f2d2cc2e6a4dae193d20030a24faa55b9c391288a9dfd1354b9678cc742c6dab8c0d09627ec541b41b90bf5a35e092a69f93c0de44f5aa29d6a9d5e84cfdbe7cc3ae083cae2c3e5b650dd42397d36e801b463faac316e913a1535b90569b68c021808dc3b8dc3c9d75a3ad9b8d78ced8706981994ad08001cd5e69650e3247cb3c1a61f10faebcdbf1308a9ecfece301b0ce341a8b11dcdf1540448b0d103ab076abc7e91ce4147ebd7c104544e181fdd279fc5bc3910e37a3b84781f4a67e2874824c86724016efc6c6c6f79d6881adc44fe2d4e4871c5fb69936e6eb2ba5a2ea5fe295444c4a7d2e690540ba5f973fd9be92df785623cfc188d4fc4de7aa8ddb558939f52e1581955579a991779e81267b479d2b91ace3f24e9e6fa69231fe97a29e55c1c8d1eebd969e69487eae4f1cc2abc47d04374a94bd62975789af468ec0e6e17a11ffe8ca81d19c153094543acd06febcba9b2a239fe6067e597629440545f5fe04467cc12bf25dcb2a8b803a475592f78a9b2ed7fe98af364e6254d1e4957183433d02579138ec878f1339c8c832f35eb7168b1b8e425dee00376060a14221d6a708c4894d941fa0ef2acef853af65c975057733c68b2dc2466995c988c83e91adcc7ba450aa4277f188298279e10b81250b1b46650de5c2cc99d73b0ff1a41d00c63548bc55d989c74a6fbf3c56e5a803e35992f29418422b4f027ab266cf093aae4bfdc3a01cd78518d4351dcfe8401452feb58de73f1941e9085a926f7dd2c2df98ea7b756c82a9fe6c07f5fd6527999215a7a4b8f41563ae81eacb413282c61b4e101dee3eb4d4c338e28161df8a5c2ae3088722beb53ab407803562b45ff863894565e11defdc16d91e8970da4aa18f33fa98a7d31ca96596ce7ff9f39a1d365b3f6115bb2c2735b0f8ad47c5fc32034746a8a9f82ddbd115981629bcdba215b703ae9cddb12a50453d740fa08eb5c292d56b69de5d08f004dd824ec93b0f5ffb617b0844a7ca5d3986bccfb127c8772d778baaece744f4ecc8d81a43449a342549f895309402c5da78737b7bf775cbbce18bfd802313a98bba1d8b80a49e90f2a829f87b55965cb7826703e1a509220132ac50606c7fabe5adce4d5b71617c6532e38acdfcb841063e8ea3f48f325e004bd2fe522d6cae478a1093693c79c120ba294d5b006a842539a115d7793eb32375a9dfa046e0eda1c942d5d5b3a7a699b3a382c066f6f106c8276e9e4e829cdfd53208b0af26edda917cd5e39a070d74c8a3835db5c32c254ca5c158b0e207f0cdb23642e7f99bf4b6b65745966047d9f4fa505a9f2514c9df27b22efda3379749a0c736580e55041478e70d4738ab8a09d7431e68ec54faa62fa323de5b38eae46cdeba651c471f36c145a14bde8bb8209095b04a89668bcd795b3e45e1b72ddcde0eb55379c06802a62429361a4357cdb017d8c140bd48e2d9ca432993ee23cab736b6b0191455504595af191e9dd51e5be1ab29fa8c2e045071e331d04713163f3f385ada1b294b8e6efcdb27feaed57f30af49b0f75679671be26bcf78d46f5cb7770cda4d2fb21d841bef3d4744df4dfcb3bdcccc6fda9afa4ba0ebdda77a8861c632cbe141789c5f4a200c1e5e6b90ee251d9c3d557469580f6ac09af41f18bfa883e418b2bfc392db41f0b890c3c121368fcf3743301b4c9cdb19aa5c4b32f04bc72d4bf06ad3ae44122a50a5f255b8871a1c71c7c4498537528b40d876cc88451758bc548784f814ef258091503baff418dc7a15fe0e4d8ca78cb5c84d09df93a7078d7591bbbff8ff4605a5c5984d7cc7ce7233a6c84d45d974a5e342726861617c3b6ca4517700b528afcd47cf676dc16145e22bca0e616a1bdceced2b467e84e8dcb869b43ec652ead0cecbcda58c37888411d43f98ab9d3bbc322e63dacc402279b6e6b11e4ec45b58fbb8aafb1761b4c5fabb829411d8089760f9424d51d1617205bd8582c8dc29b9e0d0d585658298709620420f8e7be86034a0eda76f2f787c8e18080ff68d10c5f2189998eb883c9bb81fc194f8ed96a1706a5a4d6e8ac70141f7e28ab54ab22ef87833832904289f000998a8583b08b96017f11065f769505c82b201de5c0102a7b4d71281acf0ad3106b236781a8a287e18ed38c0f6a659ab37cbed74040715810d132216e64462082579d32a8d8ba082779dce925d65f844fb619bf21304f677d88e098d32a9fc6eefd327d023517c135601a846065ecfbb3611e12a1932bc4dd729169330432d6bf80c084012c4920445dbf6794b13554eedfccab04701ae83ddc47c6d6de545e224fc245492780b877e33c201c42aa761051c54bb10312dd044c41a6561d5ba4041d8c1d67b047ec1e84b6eb17c6940fbaacb26377db5532bd340e0f343a1f502cbed258f97db1fe1d381504e79bc727ec6d581e2c155f8c3fa362e2ddb6ea3ba35a34a6c2b625100f44dd25737d9c6ef0aacf59c0e0e15b7c3b
\ No newline at end of file
diff --git a/tuf/examples/repository_basic/keystore/c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf.key b/tuf/examples/repository_basic/keystore/c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf.key
deleted file mode 100644
index e65d5ae8..00000000
--- a/tuf/examples/repository_basic/keystore/c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf.key
+++ /dev/null
@@ -1 +0,0 @@
-513ce3ed8f8da7d9@@@@a8cd9eae208b7252e9dea0aaa5f971fc@@@@6f3b067614dff4022c24db3f1eb43dc47c4f392b2984c99c89e09fdc80b7efdba76082b184ba86876f0cc2f08bd2a9d398b22e79811698a56e6d22590e82d2367e1c624b73f4b4ad2105fd43801d5be36312336ef910dddba7e70d20e27ec8d449c911492d08eeb0fe68e77a532073379bca762905a5d8b851a4ac324e9d32adc168b293e30bf7d36f00e24156659dfc2f2e888a77c8b23fdbbc2a865d1d9753cc141c1096ce40c01a2c7d2c5e1c6f0e467da3e6d8b7aefc1107b47370e0aab31ce53019bd44ff41cac9645ff5f82f484553fe1285ae8e0deee2c15731595d44b4f6ed53c52355cc944d82952066a058c51a99d60ff1a75b9fe13fed20561d77322fe95242b0f084d212f27f9a65bb230bf881b8f81a6fddd5d51503cde23aec2544183d79dfbf0e61d3518238dd573e50d4baf64131817b2baf0d453377a74dbb9e5de260c081f43c280ca42574432399d4e3a8b00f70a977bd41eca16b224ed36467d5db5ea5ea0ed1394adb4d8f4d5577bf0e147dc4dfd86d3ac4cfc030381ac8db1f8abcebb7d7df9fcf78ae62f62810229177b5d8e8e76afa44fdd95a85668919688872cbb9d958db0f10752187b09eacd0f7ffbd834ddcc1be3e8364981033916d30784c7dc328a5dfdc5b0c90601d4241a1624ec55718b2bfd0ee68319e2ce14bc30b5de7894d43c8d11868e9f00b9f1907336eeddfe9868377b9ed084452dc01fd0ace5b3955803220d45bb106a73c5ed168ca6875c5556251f2f29feecc4369a05a82493b5189591d26f58bd4556dccc1d18a8845bbbe14d26a16fdc77cd4f3775081871427001f1c69f4e1ec283c4f4434d809f81b3c00b5d830836972fb39d6679973f8fb43d129f15596286908642dc814d8bf9553b3c7c2bde2ffea73c09d579c6eeff728144c6031afb64f84e63e6a2e1e21d31e0694133b84b8ff6c07e598b1e7640db86e120e088d87389f92054b344a9d3c00312e2654ab48759ea671f711ce437fbe95c2ae7008251d1036d8c6a2fef78cd550094766c6ce9c54957b14d04c25cff02a8051448ea273abb49bceff6bd28e651fa16cdb73d501b007df16b4be1c19359d6323bfe9c24f8dd35b5831a9a3546f0bef3e705069c4a2ed8972f87c3e8da59ffb3689a4fd5c28e67ae732b21b07a30a85e86afacb77cf816476403fe8b107c85bef1a6a7c164cccb5fa4ee65acab45297a05d4752fea89587e003448ec3949937f775a42fa69e4e870a054a918ef0f9070a9117ed6615b312d2d2071e3479a19f09b7cd84f184c5fcd6f5a5917aa17e6c8a561af3c18c34c871441b0164e9e5244be9a3d1f88d6de9042e3af1f3891d78e1ea3f81e53a4bb0d6bbbd954703e78129ad7887b86cec77ce8c840e978c7762ad4370190e210fb4d1b564c6efc9a4e9410d8e8725db0b2e3a330a1c05633d039a92001d6ff8088aa6782adabcb16ea02c7d12d210404299e6ff88e505071723292ad5db90b2cdcf31272a48f1f8a86c11d166cd9ecc2b47d493afbbba197cbb250dd77d079a56a17bcf761e7ab5135a19adb57e37add8a1c5f40da9236d5d6c0d0bdeae69b667890ac850df0597074375d7bd8b35063462c2b1551663850b749c09ca4ac55e70a7a730dbd5cfde2ad3bc996e1e393061e5e34eeaeb61651ec88cf62ef4a4dc39dfb2ceb8eaa0bc5d62b912bddebac90ff6d1d8b69f8c9179af627f5602a21d899d98921b9fe47885521510be9f1283b2058a2ecb83cd6172354db4bd21d70a035ffd9d75e7830786b586cbaea138810ad98f82e553b037783e40b524318c82cedd04f6c98c474406eb631cbe3704ee245160a90b24b090c9acfcf472b1ab546fe2818a2515f88f3dc40014f4b09da948cbc26b813dd6c8c630897c2cbc1e949708f8f735269677c5498a6d6b0f13262ced195849cee7bc2ed48226ca7a35fe92f839b432b0339296733f1dde0ca1972d94cb5d39994b193dfcae4674272092d4d51115f406cf6832083c98c7817d17eb29d0034e2860b55ee6c28ad37c6b0c6f19149a6bdf6b068cfdc2a9df112c408fa34094a81195aa6084d732b81d21782a3b834d65e561a01c1ecb5b7ec84beed3d99dd99b11ea312b532a7401550ac1280214291c6c2031407a88248b8932ee0dabf65c00562cb5656377a5bea865f531b712fe2cb6a12404ea9d589b46b13bf8163c6199bee670611f88a981ea4fffef77cabb9cf38d27aab4c32f6e971fe36d80b69f10f17419fc1f3994bb937aa84f0bca2841778649d0cc678533739a07300f7a8270357ed426cc200e43cdc2cc26e5b209ad7992a0f7b4950e972f18cf7def7e986019c59bd1ec729a98a41a2e82ecddefb72a0288c3578d8b6d089f6d485d8e2aa44fc9f2c8082c6783e5ab1bd9cee551d6f1d8635ef834846c6e9ce80b3f6aec4971ed14731716aa70de24c0990cd2140728012394457acace889ecd012c302e0b22f3a51153c55be9fb6adb60c9b649a12cc4675f08d25c79a64de3f1e95f126e951f97fa0d9ed4077120d4fb5be688c40b385dc73a234e1943561bda8455c0c6ad3b7c8e411f63e64b53d5e8a0184b7cb09ef2b1fbc0fc438b93fe93ec8ca20a27cf63bb6c7028267895e0fcaff4f9a214fb8fecbe73f90fd1b816c8b55a432d2e047918a9e57501ad42bbe0a764c6bd3d1d35459a9021803fd5f3bf2f6f028fff5616d8cd316369c28b92e6eecbfa1c1ddf66f154f454fc44b7ed5d1cf0f424c7ad176022e47ff7589d1bc9c14386598a698db92f07c73187580e33d3b4073bec19b93b4ca3dec980afd0c9d2e58a04725c6725c24928744ebe638d15ff3f02a75f2e327a006fe7044a3f6bc6b5a4eb9e1618d22a390c8783e1949d55f408ded3b3a4628ba4d0efb86a49103276b005a96cccd7413290e0cec5cae2dce22bbb367b04afd3d75d13b734f12509aa8a4915a3a1bdfc6213b633e5b7e6e1a5d3685a543daf47f6cdb722531223463507c259edb03402e0784ee568a229218595a494322337439540ac95a1de7b8a8638b242fbae19f00ae315bcc91c4ee34a4d1ac1c6461b30d86f30ab60dfe4c0b8bf472649d681c63136e7e429bdcc608ee0acc08e588de7da6c031b975b992f4bc5e77584b30db7d6ca19636da01bc76a8e84c65fcef9aa161e505e9bd64decfe7e4c751ecbd276e3b207790b00c2985560fe4ff27ef4ee9940c06a9ed3b0af5e2b856f47bde94c1827368bc4a0b0f5e23b245fd873f1bc6f557ac0265fee0ab133e5473a82e9502a8b4e4f964b2faadc310245ac3a32a550ebc29894d6db0ddd83acdf94111c610dfad41b2844814593db7a2838a9f963133997d20eb82b9c4ef64680d638099d58b083cdaa303d75ccac49225863bb7da2d13fab767ac9784ae93ec7e1372d0e143e19c10e073897d7e832487aa81fefc363fe249dc1909b1ce31d518d12ebc2cff11d1623ec477489b559627f4442a18cdf28f307de6b0d3fb31e4451159f4e93340a97cc19129b948e4e3f43551e351f263eb0bb00f3ad04139d89b74fbe7402fe1254c5e32eec9a1172258f3ba19ad61515620d2ddeb94c1ded760d2409d1b7ad775607b033c42a6348643317cff13dae462eb4702ed19cc268ea77c6890e3796c345b90f1894911d809de1e23f74fdf36998b4bf0a0d5b9c5e50feece9716a6f3d3100bd4fe2c950dcb5c4c64c5fd6c8f25cdd1b76c6103eb3c399f6eb53d38c69b2baa409151ae13678f6d954b8af53244cccec53e26792410edf9bc1e7418545ba43b4b7377362f2c78d7782de5869273d986adf75700723cdd5096a7fd16f0c8a918b7a92f0ccbccef0e01318b62a01227cb46fa122346c087473ed75426883b71e38c501579a80e3aeaedd9d7964c6d7b92aa1e76e68d61a0a22bdd82d0797c70d1d0d11ddc02cf39e363f27fb67b4c7006e410f662b966ce9ca2cdeac1e98c198cba3753c63970591747d7c8e8844cd362eaa2bd849c8481ef161b5d5fb73063b19d276ff7a42c91e54876a558c43e7d853e7c5aa00ab4bd7ae1c33cd94aca90a43b4352d8d58e2bddf41d84c297448bc396ad9763beca41d8f0db363fb4955cfb58f9b4286767168ef5c8c7484370c17414778bdc257ecff9f3dac73ece9e45a1002ad01781b4a94a20cd63b660890f8ec9a9f384b4233d51a092f8b60cd40503cc2e11d6a5d5ff2764f224e4d5ff8eb123415f47e20668143863c8aff4a5ba8b69431cae642dce0f0a7c2e3c65f66c3c134aa2c6f6528de633e98d56f9174e12aa5931cf292a80427d66c5dddaeee82b9b74be8ad590b9bde8fe99b9d9cfecd325d39995c69312c0599b56ad9116435bb1bbc6c28cb103946c32abaca3762145e706a3384b00cf85419b38d7bc80e46334c5ea4e2c502ce8d84150fdf03452e5aa8c3b08d5fd750077dc9b25a1ef6eabdfb27c1531ecf6d628dcdfd98a98823ec284d6b49bf50c312bd8769648ca5c031c1fa25d78a74d2ed03719807214a5d939aef13eed29c271c24f30521c4
\ No newline at end of file
diff --git a/tuf/examples/repository_basic/repository/config.cfg b/tuf/examples/repository_basic/repository/config.cfg
deleted file mode 100644
index c35917b1..00000000
--- a/tuf/examples/repository_basic/repository/config.cfg
+++ /dev/null
@@ -1,23 +0,0 @@
-[expiration]
-days = 730
-years = 0
-minutes = 0
-hours = 0
-seconds = 0
-
-[release]
-keyids = 9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4
-threshold = 1
-
-[timestamp]
-keyids = c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf
-threshold = 1
-
-[root]
-keyids = 86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b,4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2
-threshold = 2
-
-[targets]
-keyids = 7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559
-threshold = 1
-
diff --git a/tuf/examples/repository_basic/repository/metadata/release.txt b/tuf/examples/repository_basic/repository/metadata/release.txt
deleted file mode 100644
index ade738e8..00000000
--- a/tuf/examples/repository_basic/repository/metadata/release.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4", 
-   "method": "evp", 
-   "sig": "61020111d9e1e1082d79690596d176d6eb5bad3bd0e695eb42930c39a018d18a64d52d7f4114272c8ee7c1b954708d95e0d7c6cafd95078d122dc67b3709484cef2d823376bbb9010f6cfa8034992df814c55c9f70e9411879ce7b54c4d6f1e4ed91ba328db0c26be0532d404358561ba347f1d55aad0a0eb83d9ba224b6760ad3d47dbcdc90d7ba7bf1597992288ec960a1181a1ffe1ff3b0eb7b5c4423bb1a20c01af2ddf5579e3a0704b4d7a58a8a0745edb6ce41c680239819b3772ae3f20486dc344ca7828c9581ba63af4ec11855dbf6213e2a260cc03b281659fa77c9fceeb0b7a25e1ea08bf1bbe5663bfb502c2145f6b5057005d989a8b35e56ae9b3f1f80c3c74f229d4c0bd3c807a7b6acb221ad42da90bf3137716a7d10aa9004e52ab74ceb706eeb6bb1834df1c994e83a64b3f6dae99a5586668803777d788fcc63e3ed3186c5b1186ec2dcf7fd2d7afe120470d667611ddae9b8617bd4ce1f2f0e6ae37b733a739c1d08814c53b25944f50b5be3f40488f683d3b89eb07127"
-  }
- ], 
- "signed": {
-  "_type": "Release", 
-  "expires": "2013-12-17 00:31:02", 
-  "meta": {
-   "root.txt": {
-    "hashes": {
-     "sha256": "72925bfeb643bd56c2368c890eb62af735d35f81d5518f42974c5d90863d4bad"
-    }, 
-    "length": 6571
-   }, 
-   "targets.txt": {
-    "hashes": {
-     "sha256": "e502a5d0079e59e122274f115fcb9a3c84f6d660bb50910fb3a757f58df00fe6"
-    }, 
-    "length": 1346
-   }
-  }, 
-  "ts": "2012-12-17 00:31:02"
- }
-}
diff --git a/tuf/examples/repository_basic/repository/metadata/root.txt b/tuf/examples/repository_basic/repository/metadata/root.txt
deleted file mode 100644
index bdc140f0..00000000
--- a/tuf/examples/repository_basic/repository/metadata/root.txt
+++ /dev/null
@@ -1,83 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b", 
-   "method": "evp", 
-   "sig": "91fb132a9ebf78fb2a688178dc5dcbbbe389baab063dd34fa9e7ccf8cb613a9356eb78ded2f7a12d454e2311b71ca0c75a2548515f1d1d35c1206da478d1535326eb172383a2687087e12f1d19b13b6adf0b4e35b9b992fecef93b0841aafb0143b19fb0e6e2dae49cd4052ddb0c1bcc4efdf3adbede95a509f04057082d80241cdbb5cb190559ce0a57906017b6352cbc0c837ca0d3428519a776454767dbcd0af1cadc5020e9e2d90cd4b8eebd4ca06859486575401aaa8aa6c3603a642d678e1f5b7849949903b28bb9bf88fab62ca30fbd160368eb998ce1c8a90a29573f02f6fcaa13bf1baa1dd72295c4de3350f72f8abbdf6d780810957c38ff2ec499c5928f241f4339c835e71b0013f6dcc41d01a7d43d8def9f8de8a46a73f9845a7f82b2a856096d6cbb9639146b94828ce1bbbf1f4927ab4d4100292d689ccc6efcf9d8fe61077224f4984bdafca6a8848020104130dc18fdea7fb53052d9bc70f94589522e8504a40518b657288ca6c9efaaf6baa562e83bd1e671f8199cafe8"
-  }, 
-  {
-   "keyid": "4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2", 
-   "method": "evp", 
-   "sig": "845528efb13d16600a492201d1d656d81ab819bab60d123b2dfc9bfc04647bcf8129872a7c1b0db21d9c1005e4cd55c91282f5410c9939ca3e8acb70d55eced6194c94152d70e00193298730b9019a3282196dd23543f15c1d6f5431efb53a1b04c3d40f0e177d7ad6ecafbda363e89d5dd4e2ce8b7ac6ab2808ff361d6dabeeb443358dfcb763aa9b9857826fc587a2c4b72a0ce7d0e2d073ea4f2fe453a5b72afbcf160e3029f969b290f2e0250225a2ce88895e10fcb6c1638c70bca5d2add74324de9d581e54e9b99c9c000904b55d37a775e8496ca97aae384b500c83e2694403f4687479fb2cc56d981afa2c45b9ce968817e168f87fc0d7419e973c4162baa2e59c339ce82ec5a565a4b3993b2f3e885a1d38240996834b530de306b600d2cfbcb2660ac903b5a7b6e270081fe72f98cf6e29047915ade88cde3c860a4d1637a4f8057a6b7815e21111388bd7a678c8b3221b8adcfc1f4629ff75ebadd3160abd88b71bbb175592cd99f0769bde1466174e0a8a63a07cefbba766fcef"
-  }
- ], 
- "signed": {
-  "_type": "Root", 
-  "expires": "2014-12-17 00:31:01", 
-  "keys": {
-   "4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuFzNjOV+tTnkMzB+UUWi\no/n0hWE5nKeBie+erzGHsRqYTwY2afsUORnogFkt2erdR9zR4TAWGMIvJbnDujQi\npkhUIueZB6vGCRBT2Mfk8vOUTQ+8Xc6FNCyhLZfJKL8fxEOAaF9HSOt3u9BugPVB\nL5QLc/fcWNgBiTErR/kcLH1LvaDeFijOuSC6VDq4GjONK70n1d/CtGmPYIMQj89L\nsIThUrREIH2oHRXFIUDJLHmAJXgw31chpC4CI9/ehnShcM1AaQTfpNwsOFkzNpfk\nCweYN3w9h6I+/3hPlD1oPluolSpz3MTQ2YXnRDBijptGBz4aPW2V6R5fE9Tx2xZr\neI2wlzsObFSvJ9V8guVc/yVM6PwCeVuQknzFo2xXYvQgzpKTSSgk1+0tiJqZkuIk\n7ENhglKwTL9vu40pTgE+gkKRC+CgDPwJ4+VMZJANsFPfCZxMw8+ddufTL70PtSp0\nKDRshTy1E4v8hMacSprTttDsXyyHswp3BARFkPZDy/c3AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsCSACdXyAzAjYWk5acxx\nzlEZgftJULKXvzpcbEzCtwC5Izst23twvlKtGYYcJqw4sPKgxgnHy7WgUxKiVbLX\nQvop4kSKqwpfV4t8ZBHvvHypIzS6ZBknwNU4SvDeYdajbzOlNkPvrANtLyfpKtxT\nxuhmEP7lGFL5pIukNvTqIs2J+3NHNG9O0AU2iwydncohpB10utor6GRgkBj2d9N7\neZQrHyQPtMKodtmlzN2ZUwf859neBPvzd9iGLl+K2zfIHKc0AOyn2kUxFvM81FDy\nHaMuWFqfnKWDftAp8UKZqHFuljvt2zk/HH0t5w9mKiy68qL/jGAoaPcKpWgGAHN4\nTj/6ugSij6/GimYdgOr2taD5BWMyxSjyvCE0FvH/Gi+4+DT6Ll9Ri6K1iLOYjan3\njFsTMBkZ7Gdavc1vIkSgn3joZMGvdVK2JYzPy/ZJ15KEnAUbymnA+CyKAA+gSRzo\nYXSDM6JGlCci3pLl235gDu5lI03Wuf/GlPEwXs4pkry/AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3yIiwviVYlg8NW0B8gxR\nltqmrKL0MfXjoq1UxtE0G/ySki6w8uOznnqiR+G4dOQvHbrTZytTq655v+BySCIC\nQWLyO4x7c2vm4APpiOhIfMjz23uxLhbR9ZVhk0dSv1wykP4O4TIGaRPfLTTTEADS\nqgIIXKOm4zjlztdIzjmlh5vLknI3w1VfRPYT2jBQSZ9Vld0SVNJz3JYW2ylI2jrP\njTPNnrb5GQ/pthrZZFGe1B/w7rfQvO7pA4BfNPT1TI8sL9NpFz8HXAE+bJ8EkP+a\ne01jHNhLtzJxDJRa+BXQtMh5QtJffrLNnwxBGPVBZdIOJm+FSf+D4v+W+Y/M/ayK\nI9TdOlKExYoWQ99tIgG4J7J8L88Mfh9+dduTtDT/jEfQCx4olxsqgJtxpzjTC3Nr\nDpm27djxeX74otXXNNOEN2Wzs/VvEBCWsHfElIyfdElYIImlzd2FyD1AQyhUoe01\nQOI9cjmmLybQKgIXgyoeQ0SRxZFNYAM3kPw4w5/JAsM7AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyFShMexVSDMDMs5wGt0G\nQBOR8XyTV8JpkCKdSRMW3IsSMueagdI754q202SbfIRa0JFah99roPxa3IAIHo0X\n3GUO9HJWp5gSrGcKUXrOiz6CMsGwSh6N9xVCNFqpc8EsPceG/hCaqIX1FIGizYdZ\nN2+LwpGvfpBQfAPUau0NREEA/HgFYB4UptOSyg+3kRFCcXr+nJmiDNc5qXp/HQZ2\nqn6yhuhLMh/I1KsqN4HQGYDOg8L7ybuRzEgGabI0/ZVSnVJpOeHogtH6WHPKGZXX\nA3aY0sr4l++DTwe2wCXTkVYzSBwG/AM/zfVwfazQZFHG2d2VnlS2VN+otbpv+qyG\nq+dF2TmqxnnaOoWTXsQ/XTiIHLlSmySE4WZR7pZREdx12ahgChTA0/0FVrM28DIb\nvh0T0NGyxfAGYEWDvr+xjFyks8RhgsA3ftUSkq7nrmsM4iJyvSN01la4MZNHBQGK\n+jSHvtn7AGMAkr4VY/uv4NWGZHiWt33oL/TK6EAHJmA9AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuN8verErqJFpNYjzWCaV\nXk8f4uow950aJTwt2+BMK97KMccgIpOTKemN80iiDHHLfsBmNozYpF2WuWtWpUGQ\nKlbnafbEuzmTrRSMjhEjTxfvGNTh4NPnfHCJFRql/C0Zln/1YVnRdF7qcc+C+ru8\nc0OhMT1Z4tu4JoqK3jz4Pf5jq+5Vm3SaJ+h0eBo/IArqDoXEHKVZDggsDRM9gVhv\nov79O43Qt3/pdP+o1hAhifHADs6nMse+0PrkP+bYMu9UQ5TqUmKDdaVnYETP7VYX\nDMG1Ipj5GGhPu4bJzahf1j+4RzFAsb8yIojjgHsKxD42rp9mAZt50tr2meSDEO2Z\nLtjH3zaPdaP5WCcQyHhHPVhibdyP8hLmw9FpSTW5pYRRDT8HHcfp/YTpE5TBKApC\n80io16g/FCveJL6pV4leLEZXeroKBB5SCCAPzXoAL7ITUHM3DSmNNcaf+ClXK8Wf\n+s/EUe3qGD2VF0/xs36rsxnsCwwspgjlh6/B+27/i2QRAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }
-  }, 
-  "roles": {
-   "release": {
-    "keyids": [
-     "9411398cb36dbce77727208a3ed8f634a194134a117c5980d3ff22bc54a25de4"
-    ], 
-    "threshold": 1
-   }, 
-   "root": {
-    "keyids": [
-     "86e0a0c096d2244436911f15d89ee3a647b6978ca156f93b7eba730038e5327b", 
-     "4ac0adf8fac99d3603b02ee88715b0b18ab9203c639a220f3db7aff78d784ab2"
-    ], 
-    "threshold": 2
-   }, 
-   "targets": {
-    "keyids": [
-     "7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559"
-    ], 
-    "threshold": 1
-   }, 
-   "timestamp": {
-    "keyids": [
-     "c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf"
-    ], 
-    "threshold": 1
-   }
-  }, 
-  "ts": "2012-12-17 00:31:01"
- }
-}
diff --git a/tuf/examples/repository_basic/repository/metadata/targets.txt b/tuf/examples/repository_basic/repository/metadata/targets.txt
deleted file mode 100644
index 07322a34..00000000
--- a/tuf/examples/repository_basic/repository/metadata/targets.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "7e6d7b7d2d60f175d4e48b11347f8f648e2c58093cd47986531e80747bd2c559", 
-   "method": "evp", 
-   "sig": "959294bc789a7490e235d6313507bcc8b4c6296a32fd923c370ba7529914d6a41c15b4857cd7c31a75e40af3e16ad66055cc79632828ecd08609ebb1f9dcba1b841ba713a3b1535644385b36d8c882192bfd7e64b94a7a71fa9d1b6976466946e08cce0257ed1b3ba7cf28dd7dc6315a6782d366eef0dde2a2222eb7ced1d6fa3680c51ab83490b46de49eb2e1793bbb08bb6b9c16511987beafb143032b7d86700a3a8ab6f62f29afb8da0bcf6f4fbf6e3b9299f9541b5b90d6f6e71ed8bb05fe14c5c6c6a949e22b3ca2fac00c981c18147fad2c92cb7b7a63e5fc9fa9636c0d94597850f4045147b88ae06f49fa1ba4b80ec09d5e9e13b090a6e877dc30d98bfeadf24402767b2c12f1ded8b886f9b8e09c3c4bf192bc40a2b7976580bfc513127f282a26ebb52d4ac29facf5cfc0d372064a0a06a63f50fd1ae932b1909ac5ebb611184c980a169ec4550e1b23da3169351fe42cb4db69865a027690f0489210b1ea3951fd0089cf46ca8cdc9564ba59031d1aa404f8cff157c08ca6bb3b"
-  }
- ], 
- "signed": {
-  "_type": "Targets", 
-  "expires": "2013-12-17 00:31:02", 
-  "targets": {
-   "LICENSE.txt": {
-    "hashes": {
-     "sha256": "cd65721176ce5fdbb05773c0b1349f993b94ce77a51062cfa7a78b34cc82fc71"
-    }, 
-    "length": 3286
-   }, 
-   "helloworld.py": {
-    "hashes": {
-     "sha256": "c7861802c53ca2ce7a9717fc1544a902508576799074be9cc21630553a9471da"
-    }, 
-    "length": 21
-   }
-  }, 
-  "ts": "2012-12-17 00:31:02"
- }
-}
diff --git a/tuf/examples/repository_basic/repository/metadata/timestamp.txt b/tuf/examples/repository_basic/repository/metadata/timestamp.txt
deleted file mode 100644
index 73513dd2..00000000
--- a/tuf/examples/repository_basic/repository/metadata/timestamp.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "c57c4439c8cd88e0571d651696b17c069702b637d59f2e9c4f88894d2cb5cabf", 
-   "method": "evp", 
-   "sig": "401f0b342d8ca5d8ccda13ae006eccff6b970ccb5a40102d5688314c3ddcb62aaa5e71e5f711231e5f0db75ab8764ca7e8d9688736aec25c49575c2a224c3c281b5c5c6ba561e95ab7900f0928b6fa74655b11572d878cabcdbf475f3928d5898a41464739beb2296d01b18017f09658438e32791b6297dda9918716ee9011c5eca22be29b705b7dde33f0f29363eab5348e8b2026c415ea65e6d40c8068e499a3e27c1b85c3f9d15ed251e94b991e469675ce2dadfca21c05ac9f400679bd03c9ff4989b7dbfe696f995697511c0ba80830d51347792ef2a6bc2e8f6ae5f8623c08d616ea94cf2f88c03d8cf2e56f09e189748a66fad393464add092464a1f8842610d96122c372da00638fe90f0ffffe38b2002837f4993e59eb35bb942db2d1e93faa6a3f432be1fbaeb32d60cc612eac1b72d4d5b03c21c2042c720b412266b221bc8917353a7a9140ae4fe5cc6a703e9fb8f898b6cf45e12af440ee06c86d4aab92631f0ae1017a461141e4098df6e7dbda00624e502eb293987053d787"
-  }
- ], 
- "signed": {
-  "_type": "Timestamp", 
-  "expires": "2013-12-17 00:31:02", 
-  "meta": {
-   "release.txt": {
-    "hashes": {
-     "sha256": "3a5a6ec1f3530b21a68a5bbe42a7fa5422dae9c4f211a99c678208ddedce36e0"
-    }, 
-    "length": 1340
-   }
-  }, 
-  "ts": "2012-12-17 00:31:02"
- }
-}
diff --git a/tuf/examples/repository_basic/repository/targets/LICENSE.txt b/tuf/examples/repository_basic/repository/targets/LICENSE.txt
deleted file mode 100644
index 544f53dc..00000000
--- a/tuf/examples/repository_basic/repository/targets/LICENSE.txt
+++ /dev/null
@@ -1,66 +0,0 @@
-        This file contains the license for TUF: The Update Framework.
-
-         It also lists license information for components and source
-                   code used by TUF: The Update Framework.
-
-             If you got this file as a part of a larger bundle,
-        there may be other license terms that you should be aware of.
-
-===============================================================================
-TUF: The Update Framework is distributed under this license:
-
-Copyright (c) 2010, Justin Samuel and Justin Cappos.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and/or hardware specification (the “Work”) to deal in the Work
-without restriction, including without limitation the rights to use, copy,
-modify, merge, publish, distribute, sublicense, and/or sell copies of the Work,
-and to permit persons to whom the Work is furnished to do so, subject to the
-following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Work.
-
-THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER
-DEALINGS IN THE WORK.
-===============================================================================
-Many files are modified from Thandy and are licensed under the
-following license:
-
-Thandy is distributed under this license:
-
-Copyright (c) 2008, The Tor Project, Inc.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-
-    * Neither the names of the copyright owners nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-===============================================================================
diff --git a/tuf/examples/repository_basic/repository/targets/helloworld.py b/tuf/examples/repository_basic/repository/targets/helloworld.py
deleted file mode 100755
index 255e9764..00000000
--- a/tuf/examples/repository_basic/repository/targets/helloworld.py
+++ /dev/null
@@ -1 +0,0 @@
-print 'hello world!'
diff --git a/tuf/examples/repository_delegations/client/metadata/current/release.txt b/tuf/examples/repository_delegations/client/metadata/current/release.txt
deleted file mode 100644
index dfd82681..00000000
--- a/tuf/examples/repository_delegations/client/metadata/current/release.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92", 
-   "method": "evp", 
-   "sig": "4d8826441628b5d024478808ccb972a6869e357e31ce6770f1b1e5abf93640326f16441ded5c43a99beed7326757e1aec65f72707e9a38a52d8138d5880e628e6a4275fd245c12ca5c846ae031b1990a78699ed425efa0deb5187567661d4eb213b3977751d5b41550d795c063b07fdf601a69f0ec47a11f8ece99e1784bd8b2ab23766dc562dae739b32460331e2ae6dfce9b3e71ccca31ed566fa7be4ad00563e3ad71c95cb7794a689006a242e910036e503a465b2500a1b9ff3ae2c3cec86070c64fb4600a0d1f2d2dc424d770e4836904bc7b254c15511b5915c96303d5d50d175aa721bce98c50f7aad761abd057560dd2d8caef6b2c046bb6db76025ac8effc751d448d4ce4afe813de6e1ccc3a247b98c92497ddcbb8e87cf759a5e53d4c0f5e64440a530f39535771eee63761bb1f3bf65523b15284057c429204eab2eaccbd70307c91c2f313a3ee7a210fe9f6bceba0d390e160b2e25c141bd0c01963d5f12ec2ac10804be445bf15ccd4cef137cb896664b51b2db0a3950f9f34"
-  }
- ], 
- "signed": {
-  "_type": "Release", 
-  "expires": "2013-12-17 01:38:35", 
-  "meta": {
-   "root.txt": {
-    "hashes": {
-     "sha256": "5adad012a2d1b3a8d695ac4f17056d205f127d59686d1a4b0c446c8d0beb2acf"
-    }, 
-    "length": 4804
-   }, 
-   "targets.txt": {
-    "hashes": {
-     "sha256": "ca3f216421c9ebdc910c9416a294723d15bd0bd0747d56071b37560b738834a8"
-    }, 
-    "length": 1194
-   }
-  }, 
-  "ts": "2012-12-17 01:38:35"
- }
-}
diff --git a/tuf/examples/repository_delegations/client/metadata/current/root.txt b/tuf/examples/repository_delegations/client/metadata/current/root.txt
deleted file mode 100644
index 8281165f..00000000
--- a/tuf/examples/repository_delegations/client/metadata/current/root.txt
+++ /dev/null
@@ -1,70 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8", 
-   "method": "evp", 
-   "sig": "47a01d62fc6ffcaaca0c1e3de74306d603a67e554acf00c125aa8b2aaefe73269cfe5875f230e2359eacf75c2cf84f71ae43d4dad9415edc80973bfcc620579f7521fdbd00a8386c54ea9459f714fdc305ba8544b5f157632844cddb18b33c95419490db52cafb564456af403a2db33a4f5ba0588db8736e6bc1c8718979a3818b7c9309d9d6a9b0ad686d48fd3148128bb2b0749f27d8b9e2640e278f0082decd56468e3c1002316b0ea9dc1d244499774c9e4e20896307b6cfcb747f89ed953ab6523dade8de33bd5a5ae5351d6be3d3b4140f131e62d9236313a9df644cc4f365de2107427ce8785a454da122eae1dfca6ccbc9b48eca88ac5c7ded1efffc8b2b0ee9f8cecef170592438aed1153b111d0ca0259c6cc131708a17d901349d6e4a6694b7cd770a40613da3420408da1d83fc34c218e378e1862c893e6a91cd8e8313ce1aed4ef293139762b6b5ed5be15fcc06504ecdc3c18bed1c73b18eac0d55a9788faa99a1dbacf16000da941380a3368a726c3d94990090ce5a0eb0ed"
-  }
- ], 
- "signed": {
-  "_type": "Root", 
-  "expires": "2014-12-17 01:38:35", 
-  "keys": {
-   "0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAw3GRZaihBaYj7TkcoQdJ\n20Oj9GKJaT1P80G4HcjwuRTrP9bF6K2yEmVvsisM7ZXY0tCo7F4LLnVxUf00Y9Cb\nwf7wg238cAF72HfMCU4j8mbxwkEK3yh1+N6A8qXfhJGmmftGzfqqo1e3e4dejZXh\nERiUPc34c2T5Z+ReG0GHMOoQNqES1in90AIUvvCMXkHs7BvWTIMJ34b2+JqF6L1t\ngF4Yax/7nJ+BOGmb21lpfPYdijCnLdI7GWeovqVY+fy7DCtQrrpybCBIn2gp/Cn1\n0EXGhMvKDXNQN1sJsi3M/i81tyCfouTOy//p5/zygEd3WkK986JSzB9SX0oK1X7B\nmytRvG2hVfNb4UarZd4Jfi44y5UPOr5VWd/YiLBnI2QkOLChhpSCus8GGi+yXJr8\nmQ7X0sctgsYxAJoREGB4sm1XmYXnGNuSbH+KSD1jYFhJKYPnJQCth3YCs7p/lfER\nWxMw/YVy+JFT2azLC5dgBXz5dxtTeCPL7mM5OB0ea+/tAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxKsZG4IWgn1vMIzIQtxr\nbXrP2sfeGsqMFpGKJS0/KJXtwTpOAb25fqHW25m9Xku/tSWqZw6EiqKKugeQtPHU\nYV0msWLUiSVYG6UQ4MZkO9wMnEaqF85upf0VALm7uVTcqcoZs0Gc1gIzO0Kl75sq\nB+vo92cqo7/MNAi9Dk2D3rGeYmca0y1QphkRHt2wmtuZyVkurSyXHXERM7d0+gVT\n5eajbP+E9xk70Hm4j4o3VcLBJtldNEclPp70j/8nLoV8S06DcxuPG4szrDuzPLas\nGAtKpJLDsp5nxTFn+6BhC/F6fLdO+I5lsxNg4ZBHVUwkbiwDPMSBb+TRjszFHOZ+\nzYuM7f+r6Ed537LUIJEXu2RKdoY1wsKkyzXiKEo+4Asyzz3dPnuuvuXFAN5jRBhA\nitkKPnyrSL2l1wDUazOfXlcP8uMA3jQrKZam9SqLo8sFnEMwgXAHeK8sNITOrnj6\nVMC39D24sfOLBhRo+N6f2FtgP4p/3MoQ6aw/fvjirWqDAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4vn+PtG6ZJB7JnG7D5wJ\nz8QszLm8EmIznxt50e6nivVj9ttTbJFIk1Mgi/ob91ZvMlys23aYi8AjI74yZZlp\nkunvLSpwAgz4tPnbHy4G5WP/TzDjCsts+CSqcFAZZw7Tuk31Ewvh2cn0XpDWnFhF\ni8M1S6EEX+IifHndPa6pHQWCQHus+VieJuJXfr0COsL1tYFAEk1mOlm9EemBd4iI\nQUDKm89vwpj3/kcYT2EvfKDszF9SV7FO5DxcVNbqoUdkeUYuUVw5tUmFvHb0P00N\n4ak4LoHtR3x/ov4xOJ1IQt+qGa0DFYAre/KpRq+CYOH0OnAhOqmZ5t7zuMDJFhy9\nqiOi8tI2LU6LwUmTjgcmSta2dZudejFH/TxYsixQgY3l0sT27TZcPP9ul0rQHcav\nad1OUOyFtlk3SIM9UM1NA69L78EwEXrikIZCon68Vql56nKBb6XXSTPsQEUeH1gf\nw459RJOIA5iTBAEYJOYEd84QAR6Ut2DjApXSyJFzZAt3AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAm2ASrXfbkNOmQ/TQ4uUM\n2o95S6ebcIKhg/h6HWY/HctMblpPaLfJq/5GEFdsNKs3gyo7uJfDUk6Ab5+BjBKm\nMqIDubUUJ7TNrE7EJYM+ml+Wf1MQooglFk+L1sRAh8uFSFOR4Q39cFQ1TS5+BjUF\n0fISXYcPZGL2cp0Fbwo3dD1UM3bXeFGij8KeXZ18Aijjbmkbsfgx4x8/HRO3wsAQ\nKNyqyQvKfkHO0HrzC8r/CLas98rfK79Ib76fheBhizPez4Efom9BljsaAPEaTvYs\nRoYk1UTefXWf+J5cOZcst+C+f6a3Yd108O6FUTVzMZVGp4PUQjtR1GgWhNUPCsyM\nsKenk3X1qTeD2+n4wY69BtBPV4i+8YZ/Qdx1BV6kdFg+WWV8YrPER+0zyUCBZgKx\naKmC5xc1yrcWW1gRrdAZ8HPvzoo6eHUWWSewU40D3xCRHcRXuP3vsAzX62Kpa+Rv\nszCveUWJK8oiwVt0XhtpCHP2ifWGlnUG9MWvI5wdEdXxAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }
-  }, 
-  "roles": {
-   "release": {
-    "keyids": [
-     "b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92"
-    ], 
-    "threshold": 1
-   }, 
-   "root": {
-    "keyids": [
-     "caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8"
-    ], 
-    "threshold": 1
-   }, 
-   "targets": {
-    "keyids": [
-     "0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f"
-    ], 
-    "threshold": 1
-   }, 
-   "timestamp": {
-    "keyids": [
-     "c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885"
-    ], 
-    "threshold": 1
-   }
-  }, 
-  "ts": "2012-12-17 01:38:35"
- }
-}
diff --git a/tuf/examples/repository_delegations/client/metadata/current/targets.txt b/tuf/examples/repository_delegations/client/metadata/current/targets.txt
deleted file mode 100644
index 79dcded2..00000000
--- a/tuf/examples/repository_delegations/client/metadata/current/targets.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f", 
-   "method": "evp", 
-   "sig": "90f771fa0df7cdf4e55708ba7479e732de405e4b2fefe7eafebbd76f0d52734395c6610de17b6a0477918e1a35139a669bae6235999d50427d01defa7c8ad80b4c040164a1c0bb935f038fde000d02f0ce5ee30df27102fa16c8bec14ce4727a7f11c398b4f5539df2bfb8fb16565d2e07be4b73c09adb6017f336919240bf94a31ce527ddf5b031d77da90e2794ed1edda21673aef907ccfb99913617542b331bd7b6624409dea592e9dcff2420ab7a9f20e5debb83a5697ac18c3d9f53e7455ef56be414de6fe82b275e975e27a5f848427b056e2a1de773a6ee64a63310c3e8c1c10cd03da9c1b08b9284bba9d950855191ce4cb3e543a95a9c963cd1afc1f023a943bc38a145477599179f6d3ec851c3a7590f290ef8e37d3fa9233f36fbca1213c4000e86d329e581464761f592c8e4f10941a6e8fe67d81c9e54b82438f95fbabd02783b8ef036d5e9b02ef0b2944372de16db0781fde020bab54f74bf269f3b9df9f331288e80ba86ae398ca9aedb05ec42c2e8a33430fcf5d2365e85"
-  }
- ], 
- "signed": {
-  "_type": "Targets", 
-  "expires": "2013-12-17 01:38:35", 
-  "targets": {
-   "LICENSE.txt": {
-    "hashes": {
-     "sha256": "cd65721176ce5fdbb05773c0b1349f993b94ce77a51062cfa7a78b34cc82fc71"
-    }, 
-    "length": 3286
-   }
-  }, 
-  "ts": "2012-12-17 01:38:35"
- }
-}
diff --git a/tuf/examples/repository_delegations/client/metadata/current/timestamp.txt b/tuf/examples/repository_delegations/client/metadata/current/timestamp.txt
deleted file mode 100644
index 9423ede3..00000000
--- a/tuf/examples/repository_delegations/client/metadata/current/timestamp.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885", 
-   "method": "evp", 
-   "sig": "43e9e5c2474bc0a5b50f0b3bfb796fa8d0a255f2be3fa7100689614cd7516a06b305e72a193c39f49cd561d698d7ba8ac734e1516e4daf0cde111fe09fa94c83b4a062a387c34f892a6ee196ce29f4d0f1c97524cae404d8f4dad476db970a701e9bd1d940b93c0ff1276ff25b42f28fa8bc9b639c26a214e6f0d2058eb4c1a7b5ce3d415a8cc1a4067722deca5ba32f61440147623cf55297bde85e3e51c77a665c3884f08b7983fd20cd6e62e5a9246fb3c355f74e4e1a353319599cc04b115b04a0560a1fb81a3f45fdd7260e42aa07cb27f4249d1787fef04d9041e3a7395e444981f2b4af4be1506c793f2f8a86b131a2b8a4136eca73f4792fde3136adf5bb5acc22ebd84bf60d76b83e0f0ad2b6af51e16deaa8406f2a6b2dec2d3485c03d8017a7b933304d1f8b847e7df116cecfbcfe2cc191aa8961e75b527d99ae7b8c5c52f2490f7fb3ded81a4a9b841403638c2ff76b6eb54482d54c39f74f4eeac3f334ced98d9ecda7f28439b07a7947cb980f41a67fb9f2b24673532d4eb6"
-  }
- ], 
- "signed": {
-  "_type": "Timestamp", 
-  "expires": "2013-12-17 01:38:36", 
-  "meta": {
-   "release.txt": {
-    "hashes": {
-     "sha256": "c059dc4a07385cc3818491e25021169be1d35d405c6ea4aa53d2b7cc8c0801e6"
-    }, 
-    "length": 1340
-   }
-  }, 
-  "ts": "2012-12-17 01:38:36"
- }
-}
diff --git a/tuf/examples/repository_delegations/client/metadata/previous/release.txt b/tuf/examples/repository_delegations/client/metadata/previous/release.txt
deleted file mode 100644
index dfd82681..00000000
--- a/tuf/examples/repository_delegations/client/metadata/previous/release.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92", 
-   "method": "evp", 
-   "sig": "4d8826441628b5d024478808ccb972a6869e357e31ce6770f1b1e5abf93640326f16441ded5c43a99beed7326757e1aec65f72707e9a38a52d8138d5880e628e6a4275fd245c12ca5c846ae031b1990a78699ed425efa0deb5187567661d4eb213b3977751d5b41550d795c063b07fdf601a69f0ec47a11f8ece99e1784bd8b2ab23766dc562dae739b32460331e2ae6dfce9b3e71ccca31ed566fa7be4ad00563e3ad71c95cb7794a689006a242e910036e503a465b2500a1b9ff3ae2c3cec86070c64fb4600a0d1f2d2dc424d770e4836904bc7b254c15511b5915c96303d5d50d175aa721bce98c50f7aad761abd057560dd2d8caef6b2c046bb6db76025ac8effc751d448d4ce4afe813de6e1ccc3a247b98c92497ddcbb8e87cf759a5e53d4c0f5e64440a530f39535771eee63761bb1f3bf65523b15284057c429204eab2eaccbd70307c91c2f313a3ee7a210fe9f6bceba0d390e160b2e25c141bd0c01963d5f12ec2ac10804be445bf15ccd4cef137cb896664b51b2db0a3950f9f34"
-  }
- ], 
- "signed": {
-  "_type": "Release", 
-  "expires": "2013-12-17 01:38:35", 
-  "meta": {
-   "root.txt": {
-    "hashes": {
-     "sha256": "5adad012a2d1b3a8d695ac4f17056d205f127d59686d1a4b0c446c8d0beb2acf"
-    }, 
-    "length": 4804
-   }, 
-   "targets.txt": {
-    "hashes": {
-     "sha256": "ca3f216421c9ebdc910c9416a294723d15bd0bd0747d56071b37560b738834a8"
-    }, 
-    "length": 1194
-   }
-  }, 
-  "ts": "2012-12-17 01:38:35"
- }
-}
diff --git a/tuf/examples/repository_delegations/client/metadata/previous/root.txt b/tuf/examples/repository_delegations/client/metadata/previous/root.txt
deleted file mode 100644
index 8281165f..00000000
--- a/tuf/examples/repository_delegations/client/metadata/previous/root.txt
+++ /dev/null
@@ -1,70 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8", 
-   "method": "evp", 
-   "sig": "47a01d62fc6ffcaaca0c1e3de74306d603a67e554acf00c125aa8b2aaefe73269cfe5875f230e2359eacf75c2cf84f71ae43d4dad9415edc80973bfcc620579f7521fdbd00a8386c54ea9459f714fdc305ba8544b5f157632844cddb18b33c95419490db52cafb564456af403a2db33a4f5ba0588db8736e6bc1c8718979a3818b7c9309d9d6a9b0ad686d48fd3148128bb2b0749f27d8b9e2640e278f0082decd56468e3c1002316b0ea9dc1d244499774c9e4e20896307b6cfcb747f89ed953ab6523dade8de33bd5a5ae5351d6be3d3b4140f131e62d9236313a9df644cc4f365de2107427ce8785a454da122eae1dfca6ccbc9b48eca88ac5c7ded1efffc8b2b0ee9f8cecef170592438aed1153b111d0ca0259c6cc131708a17d901349d6e4a6694b7cd770a40613da3420408da1d83fc34c218e378e1862c893e6a91cd8e8313ce1aed4ef293139762b6b5ed5be15fcc06504ecdc3c18bed1c73b18eac0d55a9788faa99a1dbacf16000da941380a3368a726c3d94990090ce5a0eb0ed"
-  }
- ], 
- "signed": {
-  "_type": "Root", 
-  "expires": "2014-12-17 01:38:35", 
-  "keys": {
-   "0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAw3GRZaihBaYj7TkcoQdJ\n20Oj9GKJaT1P80G4HcjwuRTrP9bF6K2yEmVvsisM7ZXY0tCo7F4LLnVxUf00Y9Cb\nwf7wg238cAF72HfMCU4j8mbxwkEK3yh1+N6A8qXfhJGmmftGzfqqo1e3e4dejZXh\nERiUPc34c2T5Z+ReG0GHMOoQNqES1in90AIUvvCMXkHs7BvWTIMJ34b2+JqF6L1t\ngF4Yax/7nJ+BOGmb21lpfPYdijCnLdI7GWeovqVY+fy7DCtQrrpybCBIn2gp/Cn1\n0EXGhMvKDXNQN1sJsi3M/i81tyCfouTOy//p5/zygEd3WkK986JSzB9SX0oK1X7B\nmytRvG2hVfNb4UarZd4Jfi44y5UPOr5VWd/YiLBnI2QkOLChhpSCus8GGi+yXJr8\nmQ7X0sctgsYxAJoREGB4sm1XmYXnGNuSbH+KSD1jYFhJKYPnJQCth3YCs7p/lfER\nWxMw/YVy+JFT2azLC5dgBXz5dxtTeCPL7mM5OB0ea+/tAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxKsZG4IWgn1vMIzIQtxr\nbXrP2sfeGsqMFpGKJS0/KJXtwTpOAb25fqHW25m9Xku/tSWqZw6EiqKKugeQtPHU\nYV0msWLUiSVYG6UQ4MZkO9wMnEaqF85upf0VALm7uVTcqcoZs0Gc1gIzO0Kl75sq\nB+vo92cqo7/MNAi9Dk2D3rGeYmca0y1QphkRHt2wmtuZyVkurSyXHXERM7d0+gVT\n5eajbP+E9xk70Hm4j4o3VcLBJtldNEclPp70j/8nLoV8S06DcxuPG4szrDuzPLas\nGAtKpJLDsp5nxTFn+6BhC/F6fLdO+I5lsxNg4ZBHVUwkbiwDPMSBb+TRjszFHOZ+\nzYuM7f+r6Ed537LUIJEXu2RKdoY1wsKkyzXiKEo+4Asyzz3dPnuuvuXFAN5jRBhA\nitkKPnyrSL2l1wDUazOfXlcP8uMA3jQrKZam9SqLo8sFnEMwgXAHeK8sNITOrnj6\nVMC39D24sfOLBhRo+N6f2FtgP4p/3MoQ6aw/fvjirWqDAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4vn+PtG6ZJB7JnG7D5wJ\nz8QszLm8EmIznxt50e6nivVj9ttTbJFIk1Mgi/ob91ZvMlys23aYi8AjI74yZZlp\nkunvLSpwAgz4tPnbHy4G5WP/TzDjCsts+CSqcFAZZw7Tuk31Ewvh2cn0XpDWnFhF\ni8M1S6EEX+IifHndPa6pHQWCQHus+VieJuJXfr0COsL1tYFAEk1mOlm9EemBd4iI\nQUDKm89vwpj3/kcYT2EvfKDszF9SV7FO5DxcVNbqoUdkeUYuUVw5tUmFvHb0P00N\n4ak4LoHtR3x/ov4xOJ1IQt+qGa0DFYAre/KpRq+CYOH0OnAhOqmZ5t7zuMDJFhy9\nqiOi8tI2LU6LwUmTjgcmSta2dZudejFH/TxYsixQgY3l0sT27TZcPP9ul0rQHcav\nad1OUOyFtlk3SIM9UM1NA69L78EwEXrikIZCon68Vql56nKBb6XXSTPsQEUeH1gf\nw459RJOIA5iTBAEYJOYEd84QAR6Ut2DjApXSyJFzZAt3AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAm2ASrXfbkNOmQ/TQ4uUM\n2o95S6ebcIKhg/h6HWY/HctMblpPaLfJq/5GEFdsNKs3gyo7uJfDUk6Ab5+BjBKm\nMqIDubUUJ7TNrE7EJYM+ml+Wf1MQooglFk+L1sRAh8uFSFOR4Q39cFQ1TS5+BjUF\n0fISXYcPZGL2cp0Fbwo3dD1UM3bXeFGij8KeXZ18Aijjbmkbsfgx4x8/HRO3wsAQ\nKNyqyQvKfkHO0HrzC8r/CLas98rfK79Ib76fheBhizPez4Efom9BljsaAPEaTvYs\nRoYk1UTefXWf+J5cOZcst+C+f6a3Yd108O6FUTVzMZVGp4PUQjtR1GgWhNUPCsyM\nsKenk3X1qTeD2+n4wY69BtBPV4i+8YZ/Qdx1BV6kdFg+WWV8YrPER+0zyUCBZgKx\naKmC5xc1yrcWW1gRrdAZ8HPvzoo6eHUWWSewU40D3xCRHcRXuP3vsAzX62Kpa+Rv\nszCveUWJK8oiwVt0XhtpCHP2ifWGlnUG9MWvI5wdEdXxAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }
-  }, 
-  "roles": {
-   "release": {
-    "keyids": [
-     "b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92"
-    ], 
-    "threshold": 1
-   }, 
-   "root": {
-    "keyids": [
-     "caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8"
-    ], 
-    "threshold": 1
-   }, 
-   "targets": {
-    "keyids": [
-     "0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f"
-    ], 
-    "threshold": 1
-   }, 
-   "timestamp": {
-    "keyids": [
-     "c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885"
-    ], 
-    "threshold": 1
-   }
-  }, 
-  "ts": "2012-12-17 01:38:35"
- }
-}
diff --git a/tuf/examples/repository_delegations/client/metadata/previous/targets.txt b/tuf/examples/repository_delegations/client/metadata/previous/targets.txt
deleted file mode 100644
index 79dcded2..00000000
--- a/tuf/examples/repository_delegations/client/metadata/previous/targets.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f", 
-   "method": "evp", 
-   "sig": "90f771fa0df7cdf4e55708ba7479e732de405e4b2fefe7eafebbd76f0d52734395c6610de17b6a0477918e1a35139a669bae6235999d50427d01defa7c8ad80b4c040164a1c0bb935f038fde000d02f0ce5ee30df27102fa16c8bec14ce4727a7f11c398b4f5539df2bfb8fb16565d2e07be4b73c09adb6017f336919240bf94a31ce527ddf5b031d77da90e2794ed1edda21673aef907ccfb99913617542b331bd7b6624409dea592e9dcff2420ab7a9f20e5debb83a5697ac18c3d9f53e7455ef56be414de6fe82b275e975e27a5f848427b056e2a1de773a6ee64a63310c3e8c1c10cd03da9c1b08b9284bba9d950855191ce4cb3e543a95a9c963cd1afc1f023a943bc38a145477599179f6d3ec851c3a7590f290ef8e37d3fa9233f36fbca1213c4000e86d329e581464761f592c8e4f10941a6e8fe67d81c9e54b82438f95fbabd02783b8ef036d5e9b02ef0b2944372de16db0781fde020bab54f74bf269f3b9df9f331288e80ba86ae398ca9aedb05ec42c2e8a33430fcf5d2365e85"
-  }
- ], 
- "signed": {
-  "_type": "Targets", 
-  "expires": "2013-12-17 01:38:35", 
-  "targets": {
-   "LICENSE.txt": {
-    "hashes": {
-     "sha256": "cd65721176ce5fdbb05773c0b1349f993b94ce77a51062cfa7a78b34cc82fc71"
-    }, 
-    "length": 3286
-   }
-  }, 
-  "ts": "2012-12-17 01:38:35"
- }
-}
diff --git a/tuf/examples/repository_delegations/client/metadata/previous/timestamp.txt b/tuf/examples/repository_delegations/client/metadata/previous/timestamp.txt
deleted file mode 100644
index 9423ede3..00000000
--- a/tuf/examples/repository_delegations/client/metadata/previous/timestamp.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885", 
-   "method": "evp", 
-   "sig": "43e9e5c2474bc0a5b50f0b3bfb796fa8d0a255f2be3fa7100689614cd7516a06b305e72a193c39f49cd561d698d7ba8ac734e1516e4daf0cde111fe09fa94c83b4a062a387c34f892a6ee196ce29f4d0f1c97524cae404d8f4dad476db970a701e9bd1d940b93c0ff1276ff25b42f28fa8bc9b639c26a214e6f0d2058eb4c1a7b5ce3d415a8cc1a4067722deca5ba32f61440147623cf55297bde85e3e51c77a665c3884f08b7983fd20cd6e62e5a9246fb3c355f74e4e1a353319599cc04b115b04a0560a1fb81a3f45fdd7260e42aa07cb27f4249d1787fef04d9041e3a7395e444981f2b4af4be1506c793f2f8a86b131a2b8a4136eca73f4792fde3136adf5bb5acc22ebd84bf60d76b83e0f0ad2b6af51e16deaa8406f2a6b2dec2d3485c03d8017a7b933304d1f8b847e7df116cecfbcfe2cc191aa8961e75b527d99ae7b8c5c52f2490f7fb3ded81a4a9b841403638c2ff76b6eb54482d54c39f74f4eeac3f334ced98d9ecda7f28439b07a7947cb980f41a67fb9f2b24673532d4eb6"
-  }
- ], 
- "signed": {
-  "_type": "Timestamp", 
-  "expires": "2013-12-17 01:38:36", 
-  "meta": {
-   "release.txt": {
-    "hashes": {
-     "sha256": "c059dc4a07385cc3818491e25021169be1d35d405c6ea4aa53d2b7cc8c0801e6"
-    }, 
-    "length": 1340
-   }
-  }, 
-  "ts": "2012-12-17 01:38:36"
- }
-}
diff --git a/tuf/examples/repository_delegations/keystore/026d535ad9bd3a7b9dd399612f264fb4be4aa88f9668ac6fb86bfc1f891458d8.key b/tuf/examples/repository_delegations/keystore/026d535ad9bd3a7b9dd399612f264fb4be4aa88f9668ac6fb86bfc1f891458d8.key
deleted file mode 100644
index f0f8b872..00000000
--- a/tuf/examples/repository_delegations/keystore/026d535ad9bd3a7b9dd399612f264fb4be4aa88f9668ac6fb86bfc1f891458d8.key
+++ /dev/null
@@ -1 +0,0 @@
-1a5175e145f19cc3@@@@f8a4b0b32b85ab689236b98ea04fed7d@@@@a430a994940b1a14aa499c184c221503a15229481ee8312e36a9e758898b1bd6abeb5f1c8786d6911bb8ab910374e380dec2df183a21d753a46be773f994fef02ac7ae12ba5b56833faa3c8925d1d0e9a07e71506ba6f846a6cd97fdd23656e9fd91b481c2fb2ad1fc5aa572445ea0c459b2bf267e2a3467d5d29f1abb3b8693d15eeb8a372266ed6c5a890dc4b86386d77d9579a08d24df2e8bcd35f51f7a418e0bd964516597a71a5d577167ca78975038a06a3105f33bb80ac320d7ee0bd87ee97ed1823dc501211b7bd0347d5ac00248a90275ae60d1f70bae09f167b376677909cb3dfb828009c7e46e7002c84d1d41b65d72872c8ef6ee8f3070bc328ce83bef12dda6c9a7b708728ce6aa09ab3eff4f538ed65fd17b17e2668061c5bf55e1254e52196b32042dd40be1d34552a54229ff59754198c15d3468cb6b4c673038353cf89491a599144d15e3eeabea320e369da3662de7849ec35ec1bb88bd6e655f329ebe724bd345cd04fdfe19c5ae2b6592ab744e6063117d65b1408fed5599937339b977c0f8fd6ed0d657460abd3bbc8c97e058574b1829538747f1ea1bcd0577db3165780cb1583e382e6acc5ea0194e9e1e8f017ec8c562460bf810b16f392e850331a4ca3bd078f6000f6f72361912a191c14aab5779246c12ed6c3e12e6f3845871be7b0c0634d806367bd2786e25d8689494bd92bc697d0a371cc0e35301bce0ac6e1e1d30a1e9f1c79fd15fae98381ace3452f214d5b62f77463dc47d571c547ab9aed902160c564523f6a9fc5bba13f0069d7bc08a6bb2f351b29749dd00bb1777e493317e7bed3d08b614fde58c33cba53ce35aff37337f0a83dd3f63c8dea76a90e3b7ac1e253b8231d7492dabb32f43ff7967d213b875d4a26681188bf96f72fe325533fd7300b83541f4a0149a0e57a50b8198d66179e6061c70c1d81146ce0e772fa4df5cf6339e66468e40137b57de558521a160166f491be1910e4161b359b9f5f70646138730a6ad4749dd2bd0f8e77b325f0830b74434de20f94641ebd6776d8a79014a35772da589bafeb9d99daf909677d7d6824ad570d421ba1a8d2663df705702c99eed420a08a6cede44c30eb8bca1ce65217a76066432b4f16e91c5ca49b8c02936a5257b319cfe08bfcf875b5f53dcd8dd5b4549b2450da2b263f1b4f644320556258f8a23d4df5235e79da0d89331c1c089577c47add48c10707bfc430bb0c76eaede0d02ff6c17a1ce5b769d9bcfb242ac40ab15c49664f6ce83aba30bbc2895affef84840a27b8c0350198c68f1ce15f5422a8bfcc43fde0c7c0b45d630173bccf778075c113b166654b3012b4fe95320573ded638ea34243c397013c00686fe67cb84bfaa8defc2a0bd2523ec1ebbb3af6b08af82d3a6c2ea04b2a18a67ce6f1bcab434a1408ccddf0b44e402742d2e2adf5ac10e6e5999d58a17674192759d2606c879762b9154c81feea5f5640d29ff5569db07ccda9d17d7df986affd2aa936deef329f4781ae12d84740186f70deb1a6a93913f4373522381550d6bf3d7d4ca35a5554460e17a7508c23dce3de73c45a4fdb7c706aa078177c59bc4ef81dbfcc99164341655e73083c0969a2cfacabde3fbc4c5c2154be8da4626010169fa7175637de93ef9dfe2c3f49cb7d657ed5124ae6b4187c19ce00cfa2bfe6431b837bb738531bfb0bf2bea745bcbda5f8d8c983a6af103ad358b6c7c07991d64ff02981011d694895b965e5c768ebb737ecc7c6e9ba3f77d43f4506b1d97b4c12125d1e47c629ea752ae955251c4d4ed9ed70b5aaa18e1ec3cabcdab20e0fea6ad4d636fd7d4fb1c494eba6079d6c6116c5396178ffe181752581eba84dee94247a41d88254bd00b09be6f5325d99a2dcc84f28e1606d9b017d612f5a370087b9e4f00188c8182ab6d216a2261a0e75e2dc884bf3c9ead9d513da66d2fc9fd4f5ff5f885b110af27bfaf633b7e1297ad55cca49b36388debfdb80631a6df266cfe5d4a63805dca1648919c81fe7847b5dc50d17f6a19b5d060ef3a71e1c43466594bc72ab6920ab91bc31ac3d5222776455ce5e8b4e09c683f19c5557677d73e46d7b0bad30bc8ba7876bd28a40eb78f96ff60b94498051c19e0f17c5d788f16c48221ba5cd3fb940ebe5e5f5f37938eb93214ceb242471616a5be478798154756b645a20ef1d3764033e67824cacafbbe09e7e09433d22d135c55603fc9368c8b0b06e0416655635f78bbf5873ee163ed5b38cea129c46f5202f0c97397da337344f77f2010ae088b002bc139086b57a5727a008c5854cc6c0f1358258150b26cbb221a95b968c943abea7774cc0b15ac898afab1c5edcd7b4b34bd9570430a21440306b5abc925b9575b479e2dfb81fd43a34b79f8bec6409c98bd159151ff8552f26cf8a500713dbb5f16d1ef4046eee96ce44f021bb694600565601cc12dda4c41e3fd9311ea206ef607ba9e442a4f34ac0c504341500e2024d600cd352c644c9052a9a875fc7ea0855bb3d025c8505fe3184d6bd83faf013ce8a6dd288283cbbf72c5f8aae0272cb7eced3522ca0f608bafca4b971b9620105e3786fa1f3848e31ef5f61022e1884900a0fec3df622df4064b080a7c469bdbd869e2d52f14071c9c73da93a3d2006a0929d0e7d116cabddf75c78999e2428f8492b28ff2a2157fd4d21a5a7db236421c0a42f077aa817f8e42038e09be40e50c02d6dd43d8666b587c519cdc114b85b750db3f769cde72a661f291fc842729926297a9f27b7c95b2252c7c5ef0b65c7e4351e6430987667d594ab24d9c1013c9fb273e469a5cfbe2aba5dba82af33ad56de4b3d36bfda6078d48b5f3388d94afb1c1c59796779c403fabf5adb67cdc1c26c18971423ce50295e338dddf18c06c7c1126f612378695c6ec65310b09f4960af5a89135355601e5e6a140b51d5f7a0abb26ed90767280ff64703b78282319f7dd695345b0a362fdf21b89781c45f31e7d663b1daa4d1291ae43c03198a0bf5883dae3950305a291b73eddb396637ed47be9a469313cffc3b91abdae946d8c603b04296e64a701fdabb4e0a68c2520268b7b0d97443e04c333b5bde364b1d8af24191b152edef24ee33f78f5328eb3ecf445272f33b12a819b255c64a6e86a7c8cd1fd143ff0c2620b1085424fde8f6902cc48d242ad9a326c8a5e6b291aeb22b0ddd37109b01f69d0f46bbdc5af02d8523451ab86947712cdad384f872e51881da198492bd3e679b4fef0769e940c54f58c58453f7d64b79348246b0dd587488c759007c62f034a1263d9c1da67507015958ca42524f500c987466c539b5d9bd04606abb308d3bf90d7200a38b5dc28628dbe663ef2de0a46f69d12d0e30da832dd4915df2e818ed167744c6b357b8504b3114088a611f385588b5ff16f9ee5a3aa14708e54727e3591181c77f10279d2d64062e3b492bd6141824b8d1f5cbf17b44d6109b4432f10de64a3295a0193495e10857f9cfedac08cf306f02f66d0e1714eeb93918e43a5e781e7f9a4467d13d84cc32e744c2127d1cce07cbc8c9c427e0275607308c92abbb262637e655b40b14c2f6669032ad18d98c8f5ce54b5cf790ba80a2c4715bf56660ff641278c6a3d8468cf05bf96e85b07ed5bc89a2912e9cde6da5abf36ab4ea2a5eeec67abdd15d58c25904e50d00552fb1ffe584fc74f2fb79eea62ff183a77bd47822451b807984e3cff1e6c3c0920044da02b54913dd945a56d1ab25ea440fc8d74a72b79a16d088322a7ce1dabea2e2934d9978ab4a0dde7457de9a99ab7c88d4f08e7c8849f390cd4e4db9d82926652af83c664f52cf30f2d8bf54b407b781e341b37091982c4f9f8e810d48d58bf33bb7c5ab8bbc013775eec88564f6e4f8a8835bbac1d978d614ffcffce3f17aa62b928482315244bd3a3e22f642bcf6fe88d9f76e9ead7135d6a2daf6548c2e5fdb251d6fc95376b7e910a17545213c703c7e375ad518f4b9da31d2ba9543896d4b4233766b6770402316ea7a8c4dcb4199980fc0a296f5f84c2b7e5ba18727d80cd99cabc186ff68a1b69fbc282d7af8cccbdd3220a62f4636683a4f61ca3cc4a83e2a592682bb2a4c47f8ff4f14da5d3958c3c7d31aeb21872a63f60cfc359488e95897e86f2024848128ad88f3ee15f110e42feeaf0e3dbd889e435f5d762865734992e20fc3f0baa0a5a98d5a015f9b6cd53159e3934799d63764f138a6bc0c0ca4e3ee4dbd68f460e9fca16294f9c2f4bbbde529d3e01fcd42c48287da5a11d3e907aeedc2bfa7e69b181f10f404fdc0946c9a1892610b3bdd2bc65c937663a9438231acce120ea7ded8606f7e00b7b1050a6b18674c358ab7e192e4625ff2a76b3039052eb0b2b040b219738b1a9febc362f09d88b5dec752221b67c58f6e5e218ed3c5dcd8132a64d9b18dc6531cfd1db2fe6c22ac175ebf5530c1e5cab05ef539d482c4ab3aee09bd8469eade456c88b3a04d19d6b78981cd91a7eb5d2bdb5b20ba67
\ No newline at end of file
diff --git a/tuf/examples/repository_delegations/keystore/0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f.key b/tuf/examples/repository_delegations/keystore/0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f.key
deleted file mode 100644
index 58fd420e..00000000
--- a/tuf/examples/repository_delegations/keystore/0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f.key
+++ /dev/null
@@ -1 +0,0 @@
-1255d329313ddc82@@@@e3e1fbcebbc08eb17b074a0f0305f80a@@@@a028eea791c8dcbfbf473c6b8229c824367d788bd3395c62ad4c8b8ad07b7a6ba738b6f3aaec74fe46c2a847064697d2bb3c362421f36a96f0179c55661f9b9e4daeb0d47f901aa1ff8a973096b251c94bd200cb87087098e2670ffbc4356e895ea058be587b3eb55bc9146cfc584c30af8369b15d2558e577221508d5e73bddd3668697dc39ce5f9fb733eaf6b687dc3ef11ee84bc1bd11603a0f8eb31893b75df11f08ff593766db9113d6e7b90b9538817c25314c9969a9490b4ac3e91239781f6dcf54e19f2a0d07626078a0760e36ea86b55e8706ea1ba2911703c3e03522365861ecb809202554a733be66b2a86aa733f77b44c41ca76a342c882fde2285fb7e16c14cb61eadff5b54a1adbf8aba46544fe6b37870e2ac3db4fdb38bb4d1faa6196a0523b0d70eea48bf5edc4d4db6382e9a061f76e0469a2ba0705d6e083474a540c274fe7e39f6a2c1c9db1f63695efd2ee8de12f4e49380df4a438e894c12002a6be29ec97f262bae418e0f1a8640c0c85e07a4b6e423b661f5393ae26de58228975e02419e687bbaf48e2e27db563db9aac7a289e8418b56ae02ee64c6c4bd805d5146f38e8cec5366bdfe5e014046517e4cf2162e8a12b8dad9c3d6437c72692ad2de316b3005b32997d54bf85de4ec43335efe2bd2f2227b3eb2a4eab080c939b9ed18953254fe8cc8141b4d7714703fcc101cef484577baa49a445d4eb06628e274388a1fa689355da87623094fcdd8c7ccff55807d62e0be1e4ee0b6bcab5256ca29405787fa3e25a6ebeea8e7898d92c9179ccb740ed138a8cc333314552e93337942cddf3cc4c9e2be64f5e0ea985e80adb058ad009326810eb0270938af24e74339c29afbbc383d6fa4197d730163a45728acf9ba2ca5c2932a38c1a83ba985633c3ac3b06732c69424aeb4718d1ca1fc72fcf92d526e9c1a61124e651083078b41e9c52dd940bdb8df5990214445087331e882fd4f7e9a62a9d39dd92e3b96d0e000605ffb368cd7c2ca39457ffa0235cd55c0a018578a4b88166a75cb976a54777401ec9ccf34fbdb714f37cd3a3147da69a11c3b0fc953c2bacd0a6bf8d2829852447d5fbb59ceef7a2bd5c2597cb2c7db50a9eae3e48ba06156d2ca6604fe0cbfdbc5889a03472b4cbbc4d67dc9dcfd5a6294e4fdbfcd2eacdfaa4f885115ccfd3805c93d73cbceab50169d30ea0a5deb40152cfa4bb97e447678d8b0153acaf03e6406f61a5f498537f605dfd516561f95991773f186bef765688a4bf9bb77ca9832a8e7007f0727e8be3927e1a785aa401a6f75ac4b94adfea0104f654738891543ff19b8e4be94967aa57ace8e96f1ccc8120f8ef53e96f3ff5a8f775f80d2b935e57a15bec0ed7e1ee9ab7076a96b964eff91306bb6547877587aa4eee466b1116b2eaeb48d2eb94e2d074b57a2d6d59545d95db5afdf5c27a4235bebb13e216d8baa5c940c37eabda9c5d530cfa73f336959a743e1933fad8a89f994d385ae72f04f4b1f0eae99ef057b66b230192c8ba365fb28d773f6e221348842be95de39debc3772b3fe1b2390431defccd0312cc281a9e543f031375798af9daf1fc2992a30a0317fc358d0d58375bac6e903fee16a50ee23d3536eb99b5a47f7b885660112a566ab95c0b6ae2f6ee36eca1e681fc8f4854189a4e8f4fd1cbc88dd61ac9aba6eea271edce35afc8b484df80af03047127e359acaaa31145d2bc6e338dc32eb234e2dfcf1ca099eb9a62c6da6e6832490d2f85f516574540ab3a4ed28bba9b729fad9ad4680fc993fe538aece0778e7722f7134b1d64638a5b9f5f0ada8db58c7a22199b80f80012b89034f4e53429bf88c7e7a7daf91fc444ee7a3b180acba37ffcb323230655a75041718386a3e0f603f532e22b4dc3262a2b0f6705f4d55f0582467c3709086e1b842d74c54d60f00066f203d2cfea01cd78b289548a1d13eefd1c0ca5c2277cf7bb4651e80b47479577a6f24843a6b555be1d97cb18aeed186c922525b495c1ec00bdebfa92973af0bf1993bb544dd4e437058b2661e908989696421afa6f30827f40c98b1501ed891b3b3e23a263c1bf1e0444841cddcd16aef4188313db32a0596b45741b9612b4d4a6f3a7541fb5f2109a0bf3cf6f9172afee70f8a242a20fef5043d3aac675e5b68ab7a5803d3912384ee4ead6ac8016d60245905facbafcad2a0fa36c5ad2e332898e24eade1debff1ce419e710037bf3c37cebaac95efed6646b8f41e1064bfdcdc69f32bbee80a5ddb0efc3e4d3006352672105b2290e1a30336a81c3413630af074ac5a36f58be842b01c469e2858a06ccc139f44ef1f06332eaa1e2ae66926621fb9d03a3960696eb447987ed985d33451fd1084a64e8984c69b4fab23a5d899d997358b8bd094d5dc8c6b0e5d92baf5174957603cefffe891bb4ed272299b8652d2126366f04b6aa8a6ce92c07564eed3eeb7acd9024ef3489e8ee6f536efe3eda422f874065ef0cc8794e4ab300abc562b794f4bdfe5e745c6d1e4e42f87c5d766a2d3ce72c666b5386eeea09d6d3ab97b6ce9f5951a1f63664ae15c2b4398bf072056c73e2dff9cc0afef2dd2261e440f4e735aa7bde8b4ff33791832c74e2ebb76a2c6349cbc971e6fe6c4eef3b9763367fb35f2f496181272174d12755a70617f53fc67842b91c844affd7adfab7ccff8117ef3e61bd7728b1b43366bc65fe679641810af7e1015950219b9b33231731eb28d1e991c9be205cd1ce9739125910ca756b7d9fef4533f63f5a0b88a441fb6567eaa01d45f736e1aa1b1a32dc865825b826fbb10fec196489f04b8ee578fa320bb4df58ce7ba1b7deb11c946ab10155cc2aa19622d62eb559cb51bd3cd74f776595fb20b66b9182b2cb407d27f064d2142f31ca068a0e27518c5cc2d2722128cf0c340fdc89dd3fa987e80775dc8120a9f87f62073ee8c1fdd9901e7c37fc17166de05dcf829591393d71e880c6034ddcf1ec283a5401ac6d869afed475610d7c85f0db4127a4c01ba721956d62f05bed2706e3b0c9bc223171a058b01d0602e48b9449e9b924cd0943f23e6aedcfb004075d8c7bb4648bb4a3a71291ef13d6569c57720b26d3907cdd65169997e5ca8565205fda4506f3ed78a861c6989d73034221d787520b9619be66ca89665d735b577443545d30ee43a3359e6b8171c2a4eafa1c140c8013711b20056ce851ec7767415a548c3e4bc4b58aa9fbda07502ecad347b5385b6749e8dd038c9a1ec653ae97420b711625cfec86c6572f30e178d84fa7e6e730675ea6b66e3377ac5844bbfdf5aabd4ee61ae92f16aee1878b819aa72beb82ccebec16ccec4d0b8ee4b1190f11041d01ff1a49013e711b4b7d38ec30c483ba286c5e174e0e2f2f0d7b46e17fadc50b444b001788e4ce1416add979474f723f513c0281e00a0df1219cad32cd1afbe9d7ebf48fe8f7d335bc7d64768f47a711b5922e317053d71f1fa42d3517cb0ef84eacc0f0d18a260ab015db42250c869ad0487adcb66382275b8d458b13a5dfac2d0aed259ede28465a24ba42e2699ef49e995956432d8f4858af59293299b258a4527881b0c5093c5a7e13e8c46a0d979a1c948f795ce978b0e688d2a0660b0633004d09bd5c3dc8be6cc329abc2adb853b26a0e4dd63baaffd44f2d562f0b9a33e0582cf764f9bdbf03fe601ca02804f1445946b5db53897dbe6ac39381b509f444b8417f2ac237e87982a52cad606dfb882700c65f0d0f6eda57fffee61ce516c764afea4a10a5e6a4a0ed8f0b7e74187653234969da396c758117e5e7c3fcdf9fc241a8798baa5741f83b29dd79f96937ef03876b090ed17b1505bc8c29d50248ea26c0587ea89a41824802d97a7b13185ebba95b93c2dd3ca7279fcd0a169ca1599b46d852ffdf74b7f2eb7f08c5af910bb4c3300de3497c432629cdeaadb3d762f4f68be036774c44efba6807b35a765090fc564dde4bdc8abd622304e8d879d11cc3d355056ce43d42c98c89db484d5494bd757684992bceb7fa72cd2f9abec605f6d25fa83f0df8e8cb72707dd97704be474b34697fd5d16530e2ca0651d27f15395d6bfce769e1b51844b261ec523c052da7804a6415e4413ff2645fc86b28f0e41186ebe98c6a384c6edae8560e4e0434e3aa590082110368530daf82ad48eae8aba308a7018c7bbb46752c349d683d302c2085a352c4ef05d5c31609566417a967e0f7d03b3943b5f0335ff8057765067a29d1cb62080efd700bb7a6e94122db607b94e35ffb23b77d040509709c79ebfb95354e7ad8378649ff6fb20bc52555de71bf9ff395d7cc7ee3d74138e33fcb7522dd60d4e759e619e844552377ed2a5bd5aac24d6dc138e18bd1b80bdbb01fa29e55a5bf10a3e2b8f2a8e71804c030ab94dcd7749c145ffdc0a19fb6bae0c782d97d5d1b4d14c73aae94af9dfad847b899a9cd446ae3a14ffe9fd0093ae95f12e588e012ac5f637b618b8b80f8a59e92a20f5197794a56640b88ce9dfa7
\ No newline at end of file
diff --git a/tuf/examples/repository_delegations/keystore/649077bc2acbc020e340a4c8f13a106787ca75d026ec60db5c2c0af3b9b60085.key b/tuf/examples/repository_delegations/keystore/649077bc2acbc020e340a4c8f13a106787ca75d026ec60db5c2c0af3b9b60085.key
deleted file mode 100644
index 9813642a..00000000
--- a/tuf/examples/repository_delegations/keystore/649077bc2acbc020e340a4c8f13a106787ca75d026ec60db5c2c0af3b9b60085.key
+++ /dev/null
@@ -1 +0,0 @@
-b6ab49cf97fb21e1@@@@a5943f3f3797797187bef750b877c634@@@@2e87e7b5823941d5b3a4414ed902c98b2195ef30173dfcc3b1441e33dd339c17e170bb3d01edfb3812416d8eecfd0679a77423b6f992736c8f48252e004c7e81aac8a8613219fcba1b4df4df21a203b0ae0b60fbc42130a19c4267413a3e4855baccffe01ba568fbc4f6a4edafab920b6f4e559b46976b5cf7a2f510b81bd23aa9a46859d461398b1582b5601ddac8b861ba8c944b3ba08262bd02aa4dffec0df54702c6701596be8e7e5669856a414a222709fcdf6b8a37498622f5aae467d289fd6d4458dbf8491d1a760603fda00ee4766d16517255d69989de592dd894e20d6bdb859ecfe81a41ebf80589ce75779c94c9fd9c9b2bc3e9d6f4e74c88ed439853449d9be9b6708d9b5163382416b93e23d94d267cf57c8f2d2d2b2206c0b38ddc3b72ca04370a9e1a567e53f6e9c1642bceca92c77b1337ccf9e7ba50a5d672b76a7cdc2233d51179b2367947c855f7c7bbfff67e02b39329f942bb66ae05126e1202eaf19b9c52a0e1a4e8c34f33c6dd24d2ce36995f2ddcd44ac339d94524d30346e6087dc479124887d3ad670771795c462e8898a69086632e9a026e822e3568664031c5268fac89162a079cd2083f1753fb156499d5f59ee19058d9ceb10a863605967032a5669869991f1215f511a87117489f4fac15912956b0888d4c108df05e667bba74afe9dc537103f1c40c76291c8a5fbec34bee3b488d5ad5e32e78d406fb8637eee7d086d4041bf58cdb5efe76c1b30b58419f07147a37ea1839afdd8c595f0ae6fa6f333908d7d954456e20b019459f1839c1865d60bf311db0fc3223eccccd6d2fde936b408f682bfcf50cd57dec95bacccfca46ecd0dac9f0528eab3c76892280b431e9ba39037e577d679a3db9f3d87e98b676dfd678e997b76e67cc450498caa0fb73a4777e8d267818f1b9a9c3771f843304fac0edf80f754c94082536428449a9e979ae019b2a0b786e84e21f40adc4ace8868ca5301720d8528ffced3ba5fcfe1ef8041e6e9bcf7f08e66eed5689ceec05a001b3187a9e4704fac5d5070e7da0e006a8ff3233f39ec6ac9f59d3be4b7f28bd06b2d767c67c200563c691afe95b0acca082c3268fd7ba5f99e319378b07d5038af5ec354995155bf528f5fb66907c9589b9e9a29719e3045d4295920ac86f00c71b2bc96a5b8c9b657b8cc5e5f33bba10bea02e56385f488b175b0b27b7ed28cdc77cafc6163a3ef57114496b6d5d1f70d661540bfb274ce98815b0b0b3ded0402d3e9d22208e0d53a0dcb59ad3eb43fd6cc9399bfdf9fd30f8765601fa7efe585ce621c49b743e10b45c1c110024f66b857c5e24e75c245b957531ebad3b79c7fa1f43b419963cfb5457a99cdcdfe0efc715db58f48bf660f2ca8ac115a5cac950945fbb21c9c3b513909271fd23d469c6cd7f65c80a76abac3b2f9e300c705018e53e64350990c152178f4c406afef17ea982df4020083fe0f5de4b30a93acaf1e863eb2ee99c7604958abb177f6014e9a798a3145f852b95c2876cb455c2f5eeb39cb7438b3ac7b85bc94ae92ae983016265c77237303877271736d6d23d1bb3862d659950c09ac592d97a580947e7f750ee4b456186277cab80d5db9f6f69836049319f8f9d72f416b8c05930ef43fc62b7f9e67713f783d9b9c8b3807f2590b0759b6b8f2c9ef0e48e5e5257b2e82e2091c0c1aeeca001d5ffd6a892c92e81d615e4ab219eb0d2b9b46d956fdcc0788f13992da16d5317900fac43a75a8b32c3f8cab8be62174c2749e3853a00513ed3ec8701423bf5dcd69a0eecc17bcce1e0a40827fe0c1fc1a5ee0484149922321705f6761203cd7d2f8463fa57a225a418ee8de404b6741a2e4cd86e7fd55001cae1ecc8128a7521fe69bb2f52a693479e4d96c6de85232d5a125e9ab92e473cb89f0e74b4238e67716186cda1c91079849392e640ab751eb01ed99cd2103026c3cfe7245407d81c6db80084baed4701d1dff5ad98d104202cced71d157a8d97850791109dc59bdb45a2600bdc5748868089a1b5d10492f2cb9e3c9cda024f51cd6f34d793fd486ecaaa91b5782cca274d9cecfec7d136549474981a85d17580ecc716d67fe454ac2d52faad5a2257317b48a0227286c99822d89e9183688a3beb141614732a8a57137dda64f030ea1cf8c0298da58237d84870757b11539d6b7ba40bfb5cdf6dd1fe2fc1ecc3a5f038f80d44cc99ba76bf992900752c1c084310c858ef8a6fb691a7fbe7bf6acd08deb2ab2ba9cff39a04a804b464316e6a962ff83019cc6056aa53dada7c47859dcb0f6973fccfdb5d0bee2f6df3e655bf4116f0340c3f4cf66e825cff239ca715f4008d16a86715e770722f59c657ec9b99a14fe64c9c0e45cc90aa5ead90793c69b8761d15a03ff20eb47e54fe026b342e929cb5749507843e4cc7c67b6aa242a4fd248dc981f48465db3aedddb42a7b15f7942646c0085ff93e40b5d9a13c890b309f0f81b3732171fe13ab2935e6a228080f7b88460b528ac624316867188db00f594354fee701b40d6be8dbed4455e3f071eac55d73827b6006622c009b5e139ab4f3c2d54dd9d48f407b570c587b8d72d839343eab04c657e05b2cb678d4705de2675b4a3741bac4642b33cf17a094d3ea6f211c614b33b5fc59988d4877226f4f197e0d541bcf8b4756c4f7758cc4741f0f14816bc80139ae7724bdf5837f50abe6c61aee60157e1ecbd138275abffb37de3bb18ebeba856c4c30033fa60dbf9079d7e2bae816290cf079d0983b2b5c1326b7b870ddbb716cd00c07e7cd8e3c7264a621014fbedabb85fbf67373b0e0b12e54d91a5315107c3dd8a793f19bd6dd10c2bd48a7ba9bd7e778582397a3cbdcefe04b945200ca82546d92eb177f50f97a15b432b65870a8ff1119ba5fa867be13b2e3458c1566b529cc98949044bf845a43eb579bed36cabaa766ad3813d62f3eb24c32575a3c95c8f1445b0a6b3eb9e967b81d4dd306cdb51ac4a5cf5bc041283b014a015fffa40ed054878c1313e9617a723c1faccc3600b7b6014245a56d9b004580cb715055ab9ab5e4c85c2f2f777207cc641ceaafe0ba163877138a991b7a3b5c21db84ba8dec77deb038e25ca1edbfdf6e39a83683f0f1936d0ce0effcfb96bab98985c01db6f2c5f3f56fb6e1d0d1785d2a13c7ad72a5f9b1cb0ad4e16f3c8bda7cf2776ced674cf47e3346fd9db7264e29f785c975d49d501c526cdb3cddfa544513b6af6fce8a3486eac5483d1a91ee175e2efd58c003a6e1006e76a996eeee3b47e7002add863f80cb2ceda6cdcb2b023b02fbcf1e3daad59048e2a3237e9fee8a5c4de424d7605669277594a0194d8b8c01b8499e426be314ce67415048d49dfc719f61a3ffa7f5d7bc39a4444118ea08bed765dc1c72f1c42012cb9eb5dd55bd1129a8aebb80ea77a3e9d44a3a66780988bda96d6d6762dc2a08f64a715d5d3463f3848a375dd7293111bcadfc346143dbe09ed222e50bf5d35a08e91b8b90bf2146a4bde28de2b89a6a3c85c6167dd77c7c0dd4cb4b52eac2ce1845e8c009bdbc90916bb98e05638ba5ba08fe4e566b8fc6aedb944918e64831c4a932b5f0e7e53a7b15ae8285e0e159792d281ac63a19be68d9f249f44beef4764e09546da8f01d62cf87f7fbba876fb409fba4f62b7584c7c341e19d94babcb601382dc39881551387b8a0bce9f34e6281879e3fb2c7dae776ae4fed869d3443b38f8f1b9e5abad40b44f39f1ae17cfba895fb536bd6dbece45e21cc1c98bf3272a268e85c45d23578f6a6be7370b2b8c81f250ddd9b47950b81c2abf04fa42b24db429783112ce9ee60c854f9909a181ff5d6bf93cebe8738063e9c419d27e44045a7eafbc66bde7d5996e9fce67a6a16e9893e42e0e0ead67ee50100704114005553f50520772cb783d62565f6a79d10afbdbde911377e4acf99b856e0bba2459d0824db4a4ed00d4d32527f61f26751a119a1f9cc72eb1cacb6b062facace3a7839556c2e3ebace07719677c48d2593562a96ea411fcc67cf65761bfcda3cf823f3c5f5dd046c24a19fdf20209787d1e529c32cc51b568a2a30b7c56b2087902c14f55b39944f0d1f8507bd433f982af894a797cb0ce0783b40c9eb597360e11b3e81b1927c78b3d44b721c326afa2a650955ca060aeb0f7857f4141779c244671a93f189fa1b604120e9163cfad6269bb7bb1326eaeab081206e20366f810ed2ea74e92851b5b516a3fe3fbb2fb940595a5d7d9344a5ab24663397c6931299062fa79b964e25912daffe9897ec3c149671f7da3111d41da0e24a8298eb9abf127e9f42c37d65d2b2ac6981d97cb4dbc078984c2bd06998b97c6d9b8f82b074e5d3fbf91c872592a288a7bfb6895c87a98657ece7dfcebd768f466e806c7f70123a38dc8d7cf65acde6526d113e2f262f2eb1a665a09b4552c00494f7a5abae760f8c4d633c29ad7344a7b94cf2a2fca277a3af9be8582a0c8968f6ac0b891c297a0cc3da536b80995c80
\ No newline at end of file
diff --git a/tuf/examples/repository_delegations/keystore/b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92.key b/tuf/examples/repository_delegations/keystore/b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92.key
deleted file mode 100644
index 39cbed87..00000000
--- a/tuf/examples/repository_delegations/keystore/b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92.key
+++ /dev/null
@@ -1 +0,0 @@
-fb0dcf018bce420a@@@@dd4d4a01930174c0d5d0005c504e803a@@@@f3f0470ba6bcdfd2f548af8b3976c3b102daff034ef430347cfcfd15ea516e39ba39dbcebdacec06cc3789c250a3f34af7710dfb8655ce31e68e393cb019a72a5e392f04fe70a821172eaed996acc25927cedd3342fcf12a31014aa724f2e5c65f5d11f09d7b5d56e825ec969e725d1992ffd7f00ac02b947a26e30a9c65f969f30491cf0ea23d2fed8369b0c3d6991c8b4285b099358ecb82670b9e6f7fde8476ec2899421a93df0ac928deb47b22a832056c5466a0323e162196ba364055b1e0c6f56b6b2d9b3746e7840881006acc66a1cf8c87a1d9e55522dea121536645ab4579fab26a29c4676bec1e4dda252af1ba3db2034da278535e9e7c2e410204e5d5e295fd86f47453826a8c175b223d23bf7f7ecffa3dcb88f31935acf3f8212c540e73f2012b04a38aca5e69501dfffde8e66bf61288da05cd20f767a5aa83779e8af444b86e67e3321d26b1be75281e6694a5d726a894c19541b5289d695d99767e9557a8a6deb0e4a0676f6ddf8b9ec218a16f2872211bce5a9c722b62f3cd6ad45cd1224b75b7eaaac721ec6d42997f01a55205b81010ab1db5df2ddba59e807ee917b0f8dda0e4e0d14c673a73d721104e19a51835ab7ed4b6ac5a1f57ebc969b50b45a8acaa14a229c24f3db8e42b46d04a4061c9c630dc90760fde343fe770b0b4b2d1a5921ba081e63b4a245d7ff4c84e6e6be5afb90db1fdaf8abf138d4d6f5e66f48653bde6089c9f8bfb9eaba1445ee9a20917d382e9fb3952d510182ced61471e9c9af553e08e8ddf2e34b71085a13ded6d86dadfdec19b1f250f4daeee6a0f2ab651a01c30cd50d29aa838cea667aa1d21155d85b275440ceac90c266c25add1049dfa247ceb17fa4da2718ffe0e2e1426db0328cbcf2060e24592d446aae1dc76bf5a757926dc9f1a2a410a1383d096328c2ffa0986717634cb77cee2320880789042edd10204883433591ccad4da2d84e5c9e601eff152786726c87542ca68da718a5eb42f12aa8d9b78e170d79dd4c1b3b86f470164db3a37449118afa2b758ad44185de7576f6833122b5f3fd198cb8af9c94e93d0aa3a3aa6824fc7a5083907864f062ead4f8fbe27a0717a51d4ff59db3b9ab9405eede82a7848d8da753fbdb1b8b5c36348671137394c89e36dd50762929ade84f2ad2a2dcb04e41665ee6122ca3f4e7843ff1bb810f84fa9428ba913332e9169ebb6b0a1ca76b2670d1b4c695742e2649e770d24c6e553f6efe30605d8d0060db09094033c3bf5806867b6a8a329e0780f977628c1d2b18a5d8915c3ccd5be92b47592b459db07f33b68cfef50e2d03b9acb8eccb54d145da838f4ac7516ceb37876a798d41e6f185e9843751d1c01fdc427ba8b650a8e4606f6d1dd31a8552e0d1111e726d635feaebcdb8350967153bf699031c91b4c75f0397b74bbd634f3fa6a4dfac39dcab743a2a2ad52b0b154c75061254a5af70415aa9919b5831c0b51a3f3b26c1111850d89612c1617ef79a32cc6864859de1f91f674d89001ce66d5f3c9a8ea9d2e34d1b175e81e84e7271c9b4e5876a5aa29363057f2121ebb017795d757b4fe0eb98ab78462a33edc5d3b5da4d2cd4c29119c6bb1e9970e529bd11a17cc48e3e7d6f1f523193f076685efcdca2b7b4a3c538dbf5ea710b7adfeafa7e3f377b7a26d1d88ef3f726df7e45159b68cff8fc054b05969f2d392adbd6f9c254609f1c97806b6864eb8ec666411d967c2b682b193539ea61585261852ea7d8cbb000a453ddd14c34ea8753bf78e18e262141c242bdcddf0f0d7f7ba9299243fb1629c826979614abe7885f1f2e95e33f092decaf50affe0171c6428d35300f170588dbdcb87efc7607a9734417177e6eae5b4a384eaf93f5b0dcff7b4d988b557c36a7329fb3d5c0d3fb66313c2a949deb6776f293f1eb5c6b847a062745c69686345752e67bc77dd0ab0c32ed74dd3a633da95105407257e91b63520ec1f95c04648474693d1fc396107d4ed8be5a0b4656ac155231b617cd17b58ae8f7c09d9f318beb7d5065f14e6ba1ad2f120d0f6240ccebecfdba9b3b4bbf8c5112bf17f52940357928efd06eeb58a2c66cb71d3a6e5a323032f7fc155ae657cb8c62699396f0c0f007b747599a6a45be593d0c5d7dd39d564c40fe82013932bf49582dc9d1438159e431cbb0019a14c34433c3f567228d8b45a7935938f317274e337d98ea8f6e33c10ce872644ff12ac6acd9bfb2ff2a4e8443c3e2742a15b5fe5164466d77a01368b8aa2c7a36713815dcc3cbdb12935f53827da6141cd0850ebb6bafa7ebd15234d56b2ed6da45a715d83108a418c1142da4598b9582f8c939c00e8613396218c25fb414cc5d749f3f27fdb769b1e65066107f306bb32412687f860897b9a81a1d8f643251d018288a4b804ba5b04e74ae3e0bb8db7f087969e70dd88eefba925b9db5c8ff35eaa643be4fb5b39ee55939e09b52e5520fa87bb95dc72e94eaab02a1fba163fd8545cb8bf0bf9d82dcc8805e246d17ca89107ae3a12d523b2abc91d35cc83239fba794981ad52b2613f5785523ddff7fd60d109b41dc141815f0f4cd689e5cd59ed4012037610cc6a01417ec58b7381f4d5085d71081578dc65b0c80b2bb5d8362f70fc8c8660347b3d248bd938ad2189fab3fa0f0b1d3c59a2c05a33ab5ab3156063eba2c698ad4d401ee1264c61b8ed538e5d0cd480cd2c7b825e423b0c567d96e6615b0f74672882b43c52d29d215574fc171de59a3f8fa053c0fbb20f72598f82df7f115ec2209136c004856c340bfc74ce1e92f3bb51bf1067d0a8a4bab11e2f1c737a4d4c22135f4163df0dc0f68818ad1644171baf5eb79c6361935f427d6604bd7b18c4a72cef9b6db4c45b63219ddc58213c668d952d3c3381e33691d8506c3e875a756cfae22c91a1a04079a1d702aac2c804d75b2f87922ffeb7d3bc1f4918b1b2340a3e38fe301e3841ae4b6931eb8ab7dbab8b2abd07c82b6d5a6b2b5f6c0957bf2b82a8687968b10db8b3ce8de8fc1c87bc252e1eb84516a8e923df353f5da9a7a88c5191d01303416ccb792dbca2e72a4794762783cabc070f28cb28673ba994d9ff9b8c2b0c3f6e54ec0a5b9dcc13b23e8209a7164624b3bc5cecae603d8a7d35d0a50962bc7acd75196b2e0a93310beac90d97aa3937b082fb1fea9c2d2b563849da4613be20071f2c7e944a7608b62b06c8d3646526efd0794294a24099bd984d819afeaaa5f5c37111b4a210a15b03cde35c95542950b0564963e217cf4e16554712ffc2bcb57c3cc994f58ced433637998b7c8ef9995df0059c9bfa4f550719148aaf77c8937b922d2303ca467ac17809fc7fc98a5d3606ad66d6733efbc943fbbcd25564e01f0e42897afedeb643d9419202ad1e4f062e41a40594a13ee95352c5986f7de3df8327b275f04972d2fe113bfc430490e164694170344dea9ec0b3f4b299e72147fad548cd54601a869a4c85f6824ba7eb4dc6b6d9809b4eb2562b898c7a87dfaa99852dbbdfd2123c6ec6c6cc458a186e5dbb0e7eb8356f4270faaaeac4c978ae5d59d2f401730f17904ddf807b0282701b40546e7b63f611ee69986dd7611d8afbd9e70468bee1cb60159d881366ee99055685778c34f960e42b8c59b2f9cc2301ee01e112fd47eb508788d0f902f2630342b1e6fbcfbcba39fd3e595f6b11f67a9e32c588d2cc1d5e4510215063fd9274ad7e4c0a6de2c3bddd5b4e30eaea2f7abdf0f5e869fcca95f287eb660281e4b88ab2cc04ca7035090bf3c6bcd5ccf4edcf766de03ec2778aafe09f5f2edee8ecdbd6cd261065a4474e4b96fb18e4d1ed4c9e6e1726ccba01a45c4114e92721757cd4ebeceecefb5e4f01e5a8ac37b19d29a861bd9645dc5aceb424e27c536bb479732046436f53cfcf1b9d374280d29cc4d0bf3adeaa7e7541dd297cc54697b87bb6c15bf690a34825fb39f65dc30e69ed780cebf7d39d6221dc66a64270aeffb01c3f683049a8da456e3e6dc8745cb082a69009712ae16794f8d8e5b1ee98ccb8bfffcac81b7e63f682f5572ca118c5c03d962a4ca092e5f13a8563c891114c7fd21e9b6bab25e02ff4eaecaee05f448c21621529a4d024cd3ac90d32828205a354c71bc996afbead0ae2d1e2320af83451de1766d75e166593d7c9505b69f470e55b6a14221a1cc63c4a4c0c96a3806a2b27afaad63df0d59c93626e92d3cd676e629e5c56dd13739c21f2adf2796e9d51fec57b4544d15060b0d2a8261ab24b67c3c9817aa4722288e3f033c184c66f0cf55d7b90e9b65d033fa14ab2b04dd33e4dbc037648e5462f53d5db6103936d93dc8e8ad51d3ca1c60145d08a5fd9540cba2464816257569a098457cbe8ec0047ba46c4640bf2eeb6854e00f08cb87d623978d7a58ab310027430ad547d16533e24d6c9a57efa88fa1e3f49e0b1b6b6efb7a16483e5604fd2cc963c834b8f0f4e072eda55b8666758937854cc53df734ccde6663af4f8cb47ef795c00aa0794fa
\ No newline at end of file
diff --git a/tuf/examples/repository_delegations/keystore/c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885.key b/tuf/examples/repository_delegations/keystore/c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885.key
deleted file mode 100644
index b9efdfce..00000000
--- a/tuf/examples/repository_delegations/keystore/c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885.key
+++ /dev/null
@@ -1 +0,0 @@
-072a995952b63c10@@@@0c6b21b5ab8f41bce30d67e3d5764c85@@@@28b6285e7fe0e0c44a088cbd8389978328312196bd58dd63bd2ebe2a1c7cf30f003f081b5a98c3c94d2a439ff751179392910be0fcf5866654e2ce009b1d705ab35b7a269175ed627368e23def3095fcf8396755cd467dd0891798187f5fba7ba03d120912a643644d58f582a8c6f90cca50ed8608806a00d2f2be08a8efde3157315bf688b9304c510b80e845d9829a457d5c9d16944e33018905338efdce99c90a2eb090ac66a0347f5c4f2612b84e514fba870ef3478105cf1ca2a6028921ec1dcbfcf2c092dcfcfcb6e3a166c91ddecb0b0bfc949d83c94faca395edc9b731582ba89d3f15a362ce070dd565079a4702af9da72f05990801ae6e0582e9b4b1484f87216b6e832884213c0aa80081b75b78e78389faf5a5b8c779dc0b9e2dd0ada5c667cddb741224f797c710827f63cca3ffb591e68d6bacc516c87cc009bc52de026a067dc69b04b7c6aa0c52c1812bd9761ea08820fe4e523a352d677aa92fb8583bb6ea2157786d1bc77f7bc0d65e94ef56875a1a5321abf3a82bcab448c949991db986d69163ab0040a500543fa6f2e30f9cfa3acf23530db62e4c217ddbbfd827b560f0e4ed5ff327d60bea0f76d9fd71d8bee5be08926415874319929dbd7edfc05c7d653a0b0f0c56004eeb241770093ca531c764050235fdff98f3b0662130210396086613b3633f53884584cb84b8ec199fb1a2cf7aadd8797e629f90f7f8b070c9bdb74be1a8b05dabf2a07a699704b321d163cdef11bb7e1a5aa527218ba7147f83af61ec06f11c6ccbf8fa0792ee363c34c2f1f0292732452e3cfa95d5b8fe657789cf906a9a260758cfae63af117a70dd0b9592efb73c13b9985c31baf9d297a3696d5704a0a7c73f2d2e9728d5967c07856123293172f763f6b7409e91472b7258c3edb1011db4d8ffd8c71e72549c42332fe84f8ddeefb51572ea85ce793de98c53433926f35538046cfbe951557ac854b9fd9be4b91fbb5cfe3017891a0ba454f0324217f9631a24f0aa2d68d63bddfa861008207ad49fef24bc2d07405773776789ab51303f6b347e65d34c2cc1f9024173105b96f74fa1dfa5f4a72ae22716c544f5e4f8f7c078f415de7f260acaeca5bcc6f75077bd7c42dce9b7aeb08426cedb8c730a7536929b2088778d39836b8c40af01f9b8a56ab2e28df0a3a5e17afe856a7f871a3a26c8ae060bed2bb776fe8b72de37c623a4aa6b35f5041f58beb3f9fa79ce82f3966daa5fe7eaa497c90b7ff1454c7ecde8aab4c4894979f544ce3c1acc12d5cfc12de63e4767dc81442335c23b9a4a46c6cc478d76f5b9a43de507bb46246c04b810e90fe5ab18771eec526b6b0314c17e37043cf3691f8bb63741f4a1448e00d235170a3995327026084a3d2cc6214da5df901272ff433116e7bd1504a103183d2c20f126fb2b8b9580885785b3e6dd32fb2eba3c5c85df28c8e9930d84cc559b5375c98db005ab2c12c4cd7f20858fca68f88f964227520c449be65ba26398ae68ceacc51ff7fada9385f7e459e9946040c53e714676ad3bf77a351e64202b602487e295b65c24856a635532623126fae8c9fc1da96c34d95515975368f16a22d9f5af821093bdab6c2827aa0b1279dd3ad9ab92e0adde4e102cb3789861fb73e973c2c2e8e1841c628443278ba65a671873eb58bee92c76a8bd547246aeddfdc6b66e8d5dbb11bbf7f509f7e91e88ea7d6c514fb71dc6dfae9b42370769d4e9d2874e84714f995ddacdb2601cff322a7039a6c6f1e7489c738d270ed76c8980b23795ebd3a8e2a6df716715f544465889a04ba70f72d032543bbe9b7c662c630d1382f7d466313a8a8dc8b0bf99f403574d7ac1c430abcb552d950bb03418f20a8548edd93ac966ed542c4667efa3ce5423b1a9479dfa3e6897a4a8baffc7dc1c18091b962354394af51f81dec74854eb2d1e69cf7296c34643fccd73d14c1d2fe568e595358b5cfd52912d3fa03c0931dd1cb74ab68fb8c032e4b1f98e3eb0ee455dbd3376913e93d55b5f64904160241138fdf74f38f30cacb12a2c244c06312cf1eec39d480c624e1a867e8e08bcdd46881e74fc13164a7babcec35119bdcab73ea37038eccc9ec4057d66487097f3e481f437d92c5778dc73811cccb5fd11f4dffad9800acb79717d044151fbacd660fa621ff2ce0545d24b316d0fd11e1ea3bedcf9e241407db5a16806a99508f4c62dad4f22bdb04ec82bb850d82601f6e86980232ffed0558e8cda7f78df991ebb88c25ed62dfbcad4c9e772c90ae1311d4aa3040f0114f75149ab9402a60cdd9af9eccf582c143ca0d547d5a96b6ec7e3e3c8fe57dbe35056dcb9d7404f969929be20b27c286523bd5e2df3af91f330347ab5a13772146ab02c43f686bb9cbd5c662d548516114b5a752eee32971a877c60de67164c10e8652ab42d482b4bee818631b7e9e2e07c68f03e8be634dd7f4b42d92759f734d1473a1dd89f60bf42c37c4e1c0ea9760bd63fcf1ceac5274a33a7262f335adf15c6f9849650a13a7530b284a290e057cd4ab8ee771405fdad74b73556043a02b7641ff943d30230e4819d106b75a64ea03edc084faf5723dc48d6913d5de35379967e45aa11f94c8b2f24869c5f3370cc8b1a13f3ec044b726cb2ffa55d3bb3ac24c62a3e428b3caca5313c9694de21a70720083c4e33006b7d82c02d4a540e308e982e0868f4e284df4681e4a16fb97144ecae824d94e854f4808fef7733aa40825393e07b563d585aee7c2eccccc9d37ee72a3880417ddc1896199e75ee467fe8ccc301c1169df35b2962abe83c679a2458334bea1b3f0a6f9dfd370d0e8b79e622f5d0b6c08fa3d3a66188038434c98b10cedd652550cdb003433dc0f32ef4739e1661e678f3df0abaf2e42057bc8f2b154b0f9ded55dc96bd400de3ae9d151973a707423f98f7e3992c99e62e5edb7f473961b4d66e70d37c1b20956d983a1496f43324b50cfeb3af744a443a2b1954f348258f8948809b3744b6698c193b63de28845e2cd0627b3cc80a2d3e3a5efed87f0eb422b843b0b1aa24a662d979101b42161ea4eeb9f3b3c1a8c18aa9d753d9518b3fcbb258e6d07b4665ac5af06f929d13dc67305ca4ea16e8a8f634b98d9cbf9780a30c9c56052645edfed30d3a091b559ff51e02a9a305c2a7aea44a519b984abfb31165894eae9f5300c31296f7f243340aad2019bdb82f4bcdbef0a9fef7695c02b5e553864373badd5ecaa06c1ba3439a674b1f84f25344271b6da9bc705e9954e8260a43981f93b8b9989de1ff7a699ab3d55a97d9e70d13fb0424c51a8ac013cfae870292e3d144432f8bd7c6e6f301b9db4535a01806f61aa92b355e8d895eb67f6c95b7fe72133a219c9e15d1bb2d3f5b5c122a5f905e2944ae2d577e5b048e7f971f877efc10b17b270f6e677374c3ce3139b24c74c558c22ab6055e2b89326a08e1d0bc26ac8e33f46e27c180e65859d89a5813bfd70483ea4018a88edf78cc28328b6543095389471768057b77c869571dd902238cf217c5dfcdd15a784094a96443bb283542297d0863048258401cf061aa0eddb714e8385ecf40dce117030e2d11f5ff034a8ccf927e7694fd8d076a54c4e183698fc0d2551236b6a3c1f0437ad085929971e68c248d2e5dd137faab5ab1b2f3c7aa50dc2f03a21a2355c64a7d2dc01529307c5f8d816583fb887f1529f4f0474f8cb49b0585c6de083a21f3d9c1c924f2342bb38d8cd77aafa449ee6ce8233aab5c8761f01610abeb6cfb334362ef0f1330f414f140c8c7614b4feda8bd68a33e7993ac64764f077ef3de1201474ad6f0028e081c33451bbd377649e5ba91ed5c939c6da430cef5afd9681424b717c9fb9f3da9f4636613bac7b7e11773f5ed2ca5a69ce1a6dfd75eee3fabc50a361fe27bb4c959b8a3651ba407e95003127f80f0f222ecc00cc80d38c2b7c01e39fb7bab677bffe0edd04c4aaa8ef7b5e3e7cbd8b3167f62a7e0762d99c716f3b01c01611853af0cb8b7f27c54151532c3e9fb5fa4440475d3b2904bdf0edd9b07468075c235fa332cec4ce3cb6b36667447dec8c17fd240187764a1c50ef47b9bcd6cad8af9e2b8545eb0b33a02d77919b9eed02b90dd79c088aab910c78b3f703a1e66af47dfc1f21b7d75e4a4e3aeb0ab6b58100287e1abc3c296ba25ded79368e2e3dd528cd294ac1b006676c0c91ed06c2c3dea33eaa9524e3471b875c1b0277f7ad51028f62ca9506d841a728a545f40cb386007420e5524ece7e34ce4a32a9aeb3f45d0493345226b92e699fd51bf91498029e6d9daab2b633f3b5b130565d53aa687825cfeda5a9a6ca96407ceba91ac8ab1582388fcb6c2b9d71beeb7c0663660623a078508d6c4a6167778e4f5d05b5865304a8f26e4abb696bda4fc7453a4683ef79b2447c5ecf06f3b977e0b9134855d49ff2059a95f7adc623f5fa0c89bc0ff45bc311925b8ef63705185b012b944e34addbad5622a6a44292428c3a7cd04669b0e310d
\ No newline at end of file
diff --git a/tuf/examples/repository_delegations/keystore/caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8.key b/tuf/examples/repository_delegations/keystore/caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8.key
deleted file mode 100644
index 0c542003..00000000
--- a/tuf/examples/repository_delegations/keystore/caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8.key
+++ /dev/null
@@ -1 +0,0 @@
-c218bb9f33de2b19@@@@13a61576549ddbee38e9dee3a150258f@@@@e77c49700914056cb2df0d03e8e4836a9d74429d0337ae63846fe2ed8a384bec01bafac18ca5d00a16189d7d698149affdad970b3b752cd74bde75277fa221892d36dfa8b7339311bf4ddfa418cfddaa0f54ecc44aee890a6ed2a3a32d713a46a96a48ab3feaed1a5edb388248c81069b2f500b75dcddbe56ec785ee5d5f3f57783e558ef30cb28cfa9d0f219dad13dd9abbe8080ea0091b0a256e5be847c66eed83af0387d28bb476ec053e9cb57d07d5a62a28204f608c16be5d07f8d33782834e5ddfe7c6ac4306bf523051f9ca5d803bc8537f9b9ae292a1015df402e1467ee2ae5adc58f0bda0247ecac09c3ac70c4e392413ec8b84cde53abd7195d4cf9ff4e1dfccea70f1748c9bf8f0f215930d117488b1c1914380fb0bdba44550f53905245fea6b1957be41d206ee5866fd613a6aeba6f59db28ed39f2950ae0f61c5772844efd4ccd9eb5b97f3daabd3fb94d97d826985359329160787922d3875bec6a4859eb7dc077a3acbfa805be06e4c126a067d64afa83dae2bebdf77e7d1f44df68df82bfa2dfca8b8ba508557351a7219eba4b9471f17a218910f754982dfa2e3390119e6119435be45eb8638ecb4db8b3c522e2abf3d0dfdff44e7458aae6ca3175cfc5aafaacf568979f1d83bac5f57bcc310b76d858948d2f80f0fa9677bba36ba3bea970c0f480900254ca446d64ad288b481238c6e4cc73fc2856996701e3c053ce4ef34471f9704e532bc046289994076500be0395d55f3394d59ea5adafbe77d49b5a0ec72616920f95c96d156f4738f165bff1dffa8de17eaec659e90083c9ee001323caa59b8f80f96417e88b0931053fdf4ded5fc3066a5353e3c4f1254573467d3748fb4bf0b0a03c9b6f3b840c470d7618529f43c4a9c69d02d806b165282abe78262ee83fccc3bd1197beda76f57c51ba76e3f4b52d9d9477fbaa60f1ae0a865b19f101d917daf2254cb0b837735f86972fef2f52f1992d23380e02a53096e2cdfd2dc869acd86c713c6fd20c71faa16ee0bf226d4ab5c1cf6f6ecce613162b95d46d2cbbbe26a660832bd7c6edbe119b7d892201e179b120c1596ecd11f8d9dd015d7e85f427b3ccc6171a051d1eeeb67107db9f5c84553adb86c0539977e26e04c170399a470dca209f7fd7039955edd64e605fae52dbb9b475a3cf2407179fc02c3196c73f27dadca2191efd7d02d4dec42f83aed119c07d4d6e2ff6d29aea7b77b9d31a0f9716eb14743106ae72b04b1bae4ae96339b64e8f6da21d81fdf8780cba0c16876cc7ceb7466d5a74ae5afe252d5d966dacba080563a6ff2e55f04fee54286b2a3fde89f4cf8216a703830f2fec3962e992131986d9883df51c05fe6d90af5a00744fb12a611aaea64576f8c4781ccb3b2c7705793b6b69eea9c872860acd56a635b8361a7572e18feb479b4eb53c8ca26c1a8a7fb9bd0b5579a50227b9686fb9f74136967e7fb3c19e6190321815413ad0916f717b3cd8a68125073eaf1bc8ab7b8670c3af196d8631e86da1c2bc2d581cc8b7ff3af52abc396a50e22b623eb607f3456017a398a937584e8f17fe53544d67e8d9c813cb50801b36d7a64b6150de0342e9f6fda5bbbd88fa592406e49aa1ee4da8a7f3e31abb3ae9143c599c74100df0a1ff8ffe8b82cf5a9fad2bdf095b78fe88d6c8ee9840c9fcbdbb82c53ec15b04aaf2a700e95182be83140390b78c10f66a668cabc9195d6998ae06b5982b447ec56c11d370aa6f48270e05c816cdf0c99ccb67061cbd059370c8cfba50dc91b81c8913d3ef58df863018cee669f7a515d92b36538736493b14511330a5c50c063e0f7b41e0bcc7cb08ff23bc5d8ad9f2e4128b1fe48796b30cc66f90a98eb4a612ec2f3e0807d21139e472adc97eb484abe56011b595606bd2fc55f9129ea2dee4f1bd3666d4b419c09c2cb9ab1549f7eb64131cbd14e3f0aaedc646f83af1293b9aa2bf3b52eff87182b7f7dc8d054c28367700c7752f6a35595c73d5bc959c15d2c17673c86c9089de27352f7884cb3cfb0fd55431ccb9ae987100d2b368bdc8614846f3f76ad68c34295b86a9ef219c798e27bebbf2f556e25079876c9950e66cbf29e1740ea226d5e2f8e89c32f2b2e60a2b0e7135bafedcfa00017ab85fa3ebf8a6ad143215f8e1fe48b87e420f38e87a9679bb7226a0e1624fcd07a8304b59de80c0baf1e205a9bb7b73ff24cf79e5b19df7d89fc8edc2a4ecee8833ca5cb46a8d5d35620f60d2a94bff7fb0097825ebb618f15b8c81e9da46bc6af640a9b99358cc7e856e6bc5a67dd2ce7223f0d62fd0ac6809dfc7da50803db04d80835d77414217f8a23cb7dc73b053a0c4060313e0cdebe1bd3cd4c94000791cae8bb63c3899997ceb65d6afebdd1fa06afe08dcc15ed9cff5d68a047d2eeb1dd6b79a4371a590e3b75f32932a9655059b1affa93fa8d4315615553932aaa7fb3170837bc7aa0c9638002d5aaa13f0764d1cc0ddc6213049ff5af2eb26ee02a10b880e99f82df3e07aabd755a821a0d2855745ed612377936768017a4a3f41055ff638dab2bffb67d308b98c3aa422d33d6d2c78083e32c5a7288f6cb7a5b7cd3e01e0faf0074f18be727247613913beabaf1460e9cf18d3a21bc7c1c494dd752bf61067df1a053e2427770ec4a5ed3945c6163c80564522e5869e08767b2680ba7de1c2b6a6baf4d78b703b1659af99fb7eba244521ca4f94e218b3ce6ad07262a67a1cca2ed33ba8f739a35fecb508d5c31e4150253f41f726b27fa20537ba7a0814dc81add27ab323ea2bbaa43c0497f937148bf4cff193318eb3729ae8e7ea1855fe1945c73a69587700c21d6b47d858c031396fd6276b033979cbefe6a90a26a7aaefc2d4c830be5901ff6b6a3fff7ce3242ee9be07a456013008acb318214405daf1824d53520593962a90a8a3d3beced17b6726c5bd2abb53a9df4e5dcbccc336546e050626f9506926934159ebe1820fca4613d39c024cb658691b25ade342af5f5b7a0c696f362d5edcc42c6237b564fd366ccfc9001ca7081739b5aba60c8a246853f06668882b09a6d76479db4053953eb9631356b1ecf528aca29ee5305e1dbee9f8db24471d41fd3a0fbe69a80f2ebaafd6e140a22d463cb40e828434d08942fa4253ebb1cd012be4aaca8250a73e62f3e93072247a0fd15ce850405bb4d2d7a3898ebaac2241ff38a5a5b1d24023d18f295e86a24300ab6cfb4603eb028c6977a9d2f209bfa3e466b08045f45399436c1884cda23c3fe2ea6a0c9b8828c0d3eb71b90dadbd05f326271d69bdecb68ae8f33f4e0701eb225d4f39cd7672c40d24be70e6f1a249b78b85cfff3a6e955dd662683ad4b25ee19efdba5da559b20d73284a0dfac9c49da5cb14ea0559d763115b254a6b0152186571a0d2a5c1b8f3629bbefcfa8bd2e80c6c26badf6210a93a30eeb66668da1985665a9528e68c7ae2f74f04108cdf9e8c23a9b375e3bd1b02c67222ad108b2846b251668b0045d8585d9d75c8a5861d195726e28cd60e9bd25191ce8321b8317d1e190c844a836babaa33c4915eaf3b05902ac19b31183af6f068ab2b7075da542ed02342186260a3ae362b544bd3d7e4e64c523733112295b5dcbf610a423c48c9e5c5ef80e55a0496fe109376e9a2bed03cc91058b25d321ebaf61d79a7526fde6070b16f8d68a6f16477aa9a0f62f82968e84bba959bb34b033ae23677227f2efe908904eb8bf4cda09540bb9e35dcbd8b934a4c7116bd19abba62dd7ff3db3102471dc9231e16bb30fca8b170819aaf6ac014111df5ee4e7fb4747800b1dfba91b02617d750027074977f0805576d72c69052eee50c9f29ba06e89dd1aaf3917b83ee728b8cc9bed9e7490845a79fc6aa40155cab08ddcc0fd543e258d0c80bc5f28544c58199d22cd27fc58214724d8c6adf0cee32ba76883c44d3737571b3d853e45fbb62f6d58de182508d691217ac2beb4a9b673dfac978b794f1002ae4d7cd95e8c8692bb447e2465ea886a726402fdb3e79bd03b432d9b3add6fcd21f77a8457df0f4a6cf923678e40f75797c8658e144f262e55dc990cf28180689268e7d3986315a8d58e7dd18e3a7a4cfcabbcd76feae360fc14723083188514b8e251e747b0b281ad3ca8a0d21bed7b2c4bb3e1e94ee004160e0c1778036fb2f1527d3e8478751843b617952387bfbc879679db63fdb1851278e3bfb493c7df4856831523346b6891f3f897aecc1e2764916bac8f68bc43066fff3d8fc7ef6b8330dd8f4acaa203c6e1bdff11d34db13eccb5bbc35911656723e8fac1134036da93bfbd87f20145b300a925601cc0eaed57e075fea211941f86229cf4adda57cce02032a87c7337ac49684744c2bc07db6b022a665ee83b5282256d2090e19d27114d0906541f5d48d3efab805a740f05382f4a30cf7bd8721c03a244c6924e30edeb3fdd221684d39a31ae580d62f7ee6ffab1ad3407462583de001033a951442080c101e6c7648ab516704621ee84
\ No newline at end of file
diff --git a/tuf/examples/repository_delegations/repository/config.cfg b/tuf/examples/repository_delegations/repository/config.cfg
deleted file mode 100644
index 8a771d20..00000000
--- a/tuf/examples/repository_delegations/repository/config.cfg
+++ /dev/null
@@ -1,23 +0,0 @@
-[expiration]
-days = 730
-years = 0
-minutes = 0
-hours = 0
-seconds = 0
-
-[release]
-keyids = b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92
-threshold = 1
-
-[timestamp]
-keyids = c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885
-threshold = 1
-
-[root]
-keyids = caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8
-threshold = 1
-
-[targets]
-keyids = 0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f
-threshold = 1
-
diff --git a/tuf/examples/repository_delegations/repository/metadata/release.txt b/tuf/examples/repository_delegations/repository/metadata/release.txt
deleted file mode 100644
index 464d1e83..00000000
--- a/tuf/examples/repository_delegations/repository/metadata/release.txt
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92", 
-   "method": "evp", 
-   "sig": "6f9af25e35afe5bb450a48f9af3bb030a1a7665cfde346cd8e32a858608c86cf7cac21c9c61a01f7f466063b9956e09cc97bf480ecbe89be706474cc07b1d3c9ff67980bdc3196856eef59d3fe76856ab5f8a375a3c339057c68eeaf742ad7d78c22f9fea5935287ae458de3b294b42ba84d7447922b578daddf2dcf1d9188eea26351583878699ed1d7088d5e51612e24d6412f19c6bbfd307d3adb91471d740d7aec7a9fafdf0744fbe041cac4c8c4e36c50710e4b79f96e0d57f6d77bf4c9f081c2f68817cbfbe94ec5f3d987d7f60978c9f0594f095546aea25d838a89569ffca5a0d25fc45aa629b38f1551f19cbb948b7347294d6140a2113f526eec997b7dc72ad9250a83596ad5e80a81dbfbdce2d47f9d73dc2acd9313030d8b767e1837d10dcff9033199b24839f04d2bf43c8d893374a9223a920d1f81e6af5a24f75f511c5c26b8d1a4d713ec85969a173976d5efa86436e98ce602e9bda91d6c709695819e095e8e85f6b9fd28d35a66640c5a913b96c7bc9b9eea6a88c899fe"
-  }
- ], 
- "signed": {
-  "_type": "Release", 
-  "expires": "2013-12-17 02:19:33", 
-  "meta": {
-   "root.txt": {
-    "hashes": {
-     "sha256": "5adad012a2d1b3a8d695ac4f17056d205f127d59686d1a4b0c446c8d0beb2acf"
-    }, 
-    "length": 4804
-   }, 
-   "targets.txt": {
-    "hashes": {
-     "sha256": "3de89d8b0bea0a39aa533d08b57c76704f235428a274e21b55cf5f9e8ae05373"
-    }, 
-    "length": 2272
-   }, 
-   "targets/role1.txt": {
-    "hashes": {
-     "sha256": "666e84b3f67efe68e084a22584fbd1f554e232dadd8d0db14b1d43b86092006d"
-    }, 
-    "length": 2292
-   }, 
-   "targets/role1/role2.txt": {
-    "hashes": {
-     "sha256": "a1b60c9e758a9fe9812fb4a5fe0cf769bccb93a1eb066393c9252f0c702b3624"
-    }, 
-    "length": 1208
-   }
-  }, 
-  "ts": "2012-12-17 02:19:33"
- }
-}
diff --git a/tuf/examples/repository_delegations/repository/metadata/root.txt b/tuf/examples/repository_delegations/repository/metadata/root.txt
deleted file mode 100644
index 8281165f..00000000
--- a/tuf/examples/repository_delegations/repository/metadata/root.txt
+++ /dev/null
@@ -1,70 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8", 
-   "method": "evp", 
-   "sig": "47a01d62fc6ffcaaca0c1e3de74306d603a67e554acf00c125aa8b2aaefe73269cfe5875f230e2359eacf75c2cf84f71ae43d4dad9415edc80973bfcc620579f7521fdbd00a8386c54ea9459f714fdc305ba8544b5f157632844cddb18b33c95419490db52cafb564456af403a2db33a4f5ba0588db8736e6bc1c8718979a3818b7c9309d9d6a9b0ad686d48fd3148128bb2b0749f27d8b9e2640e278f0082decd56468e3c1002316b0ea9dc1d244499774c9e4e20896307b6cfcb747f89ed953ab6523dade8de33bd5a5ae5351d6be3d3b4140f131e62d9236313a9df644cc4f365de2107427ce8785a454da122eae1dfca6ccbc9b48eca88ac5c7ded1efffc8b2b0ee9f8cecef170592438aed1153b111d0ca0259c6cc131708a17d901349d6e4a6694b7cd770a40613da3420408da1d83fc34c218e378e1862c893e6a91cd8e8313ce1aed4ef293139762b6b5ed5be15fcc06504ecdc3c18bed1c73b18eac0d55a9788faa99a1dbacf16000da941380a3368a726c3d94990090ce5a0eb0ed"
-  }
- ], 
- "signed": {
-  "_type": "Root", 
-  "expires": "2014-12-17 01:38:35", 
-  "keys": {
-   "0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAw3GRZaihBaYj7TkcoQdJ\n20Oj9GKJaT1P80G4HcjwuRTrP9bF6K2yEmVvsisM7ZXY0tCo7F4LLnVxUf00Y9Cb\nwf7wg238cAF72HfMCU4j8mbxwkEK3yh1+N6A8qXfhJGmmftGzfqqo1e3e4dejZXh\nERiUPc34c2T5Z+ReG0GHMOoQNqES1in90AIUvvCMXkHs7BvWTIMJ34b2+JqF6L1t\ngF4Yax/7nJ+BOGmb21lpfPYdijCnLdI7GWeovqVY+fy7DCtQrrpybCBIn2gp/Cn1\n0EXGhMvKDXNQN1sJsi3M/i81tyCfouTOy//p5/zygEd3WkK986JSzB9SX0oK1X7B\nmytRvG2hVfNb4UarZd4Jfi44y5UPOr5VWd/YiLBnI2QkOLChhpSCus8GGi+yXJr8\nmQ7X0sctgsYxAJoREGB4sm1XmYXnGNuSbH+KSD1jYFhJKYPnJQCth3YCs7p/lfER\nWxMw/YVy+JFT2azLC5dgBXz5dxtTeCPL7mM5OB0ea+/tAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxKsZG4IWgn1vMIzIQtxr\nbXrP2sfeGsqMFpGKJS0/KJXtwTpOAb25fqHW25m9Xku/tSWqZw6EiqKKugeQtPHU\nYV0msWLUiSVYG6UQ4MZkO9wMnEaqF85upf0VALm7uVTcqcoZs0Gc1gIzO0Kl75sq\nB+vo92cqo7/MNAi9Dk2D3rGeYmca0y1QphkRHt2wmtuZyVkurSyXHXERM7d0+gVT\n5eajbP+E9xk70Hm4j4o3VcLBJtldNEclPp70j/8nLoV8S06DcxuPG4szrDuzPLas\nGAtKpJLDsp5nxTFn+6BhC/F6fLdO+I5lsxNg4ZBHVUwkbiwDPMSBb+TRjszFHOZ+\nzYuM7f+r6Ed537LUIJEXu2RKdoY1wsKkyzXiKEo+4Asyzz3dPnuuvuXFAN5jRBhA\nitkKPnyrSL2l1wDUazOfXlcP8uMA3jQrKZam9SqLo8sFnEMwgXAHeK8sNITOrnj6\nVMC39D24sfOLBhRo+N6f2FtgP4p/3MoQ6aw/fvjirWqDAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4vn+PtG6ZJB7JnG7D5wJ\nz8QszLm8EmIznxt50e6nivVj9ttTbJFIk1Mgi/ob91ZvMlys23aYi8AjI74yZZlp\nkunvLSpwAgz4tPnbHy4G5WP/TzDjCsts+CSqcFAZZw7Tuk31Ewvh2cn0XpDWnFhF\ni8M1S6EEX+IifHndPa6pHQWCQHus+VieJuJXfr0COsL1tYFAEk1mOlm9EemBd4iI\nQUDKm89vwpj3/kcYT2EvfKDszF9SV7FO5DxcVNbqoUdkeUYuUVw5tUmFvHb0P00N\n4ak4LoHtR3x/ov4xOJ1IQt+qGa0DFYAre/KpRq+CYOH0OnAhOqmZ5t7zuMDJFhy9\nqiOi8tI2LU6LwUmTjgcmSta2dZudejFH/TxYsixQgY3l0sT27TZcPP9ul0rQHcav\nad1OUOyFtlk3SIM9UM1NA69L78EwEXrikIZCon68Vql56nKBb6XXSTPsQEUeH1gf\nw459RJOIA5iTBAEYJOYEd84QAR6Ut2DjApXSyJFzZAt3AgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }, 
-   "caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8": {
-    "keytype": "rsa", 
-    "keyval": {
-     "private": "", 
-     "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAm2ASrXfbkNOmQ/TQ4uUM\n2o95S6ebcIKhg/h6HWY/HctMblpPaLfJq/5GEFdsNKs3gyo7uJfDUk6Ab5+BjBKm\nMqIDubUUJ7TNrE7EJYM+ml+Wf1MQooglFk+L1sRAh8uFSFOR4Q39cFQ1TS5+BjUF\n0fISXYcPZGL2cp0Fbwo3dD1UM3bXeFGij8KeXZ18Aijjbmkbsfgx4x8/HRO3wsAQ\nKNyqyQvKfkHO0HrzC8r/CLas98rfK79Ib76fheBhizPez4Efom9BljsaAPEaTvYs\nRoYk1UTefXWf+J5cOZcst+C+f6a3Yd108O6FUTVzMZVGp4PUQjtR1GgWhNUPCsyM\nsKenk3X1qTeD2+n4wY69BtBPV4i+8YZ/Qdx1BV6kdFg+WWV8YrPER+0zyUCBZgKx\naKmC5xc1yrcWW1gRrdAZ8HPvzoo6eHUWWSewU40D3xCRHcRXuP3vsAzX62Kpa+Rv\nszCveUWJK8oiwVt0XhtpCHP2ifWGlnUG9MWvI5wdEdXxAgMBAAE=\n-----END PUBLIC KEY-----\n"
-    }
-   }
-  }, 
-  "roles": {
-   "release": {
-    "keyids": [
-     "b6422d4c8a4acb07317b032b89f7d03cc8b42a8b464355141d06a61c13849d92"
-    ], 
-    "threshold": 1
-   }, 
-   "root": {
-    "keyids": [
-     "caa188c0925736af382a61fcdc62ce68e360e9ac5f50abefacb749e20dad23d8"
-    ], 
-    "threshold": 1
-   }, 
-   "targets": {
-    "keyids": [
-     "0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f"
-    ], 
-    "threshold": 1
-   }, 
-   "timestamp": {
-    "keyids": [
-     "c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885"
-    ], 
-    "threshold": 1
-   }
-  }, 
-  "ts": "2012-12-17 01:38:35"
- }
-}
diff --git a/tuf/examples/repository_delegations/repository/metadata/targets.txt b/tuf/examples/repository_delegations/repository/metadata/targets.txt
deleted file mode 100644
index d2015721..00000000
--- a/tuf/examples/repository_delegations/repository/metadata/targets.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "0e4b16ecd2fdde03651fe4d7e069ae3edeabbf781b7f6a2e56a71cc1955e202f", 
-   "method": "evp", 
-   "sig": "aca8ff23c3a666c7c7fe9569db5c84751f1fa173165a2dd9bb7797de572fd6ffad2f4eda95d9fc1cef7e2da04f63e45a3ef39665be01806f8eabe665339016bd00781af7178f399c2b85d815dfc7db58db18485a4a6b5ecbf3e5117163917fd21d4dbfc33c568eb33476241f13b5168b2685e3cd16848d5a249bd90a0876fa6bc1956237c61a25816732c25665a4d6bb08c7fb4d0aee4a6f77a856b34581045cbbf20490756ef2dbb798f4972411abaeaae2e299c41f202f38d7c551026a20db1ca9e3944bd88a4feff9cd3eb2d989beb41b585942ffbe3b86d9971753c5cb9d6836af75748d875cca9c83800d55f3394ac9b13838121dd15c57ef38566f530d1b40130ba7d5f9c9bef34d7e478b33ada036d3dc55eafe542ac67bd932cffc2b93fe93317d919f104b0d2576d084f743f7185d9d899ea4fc6ded1aaba4c9de51ba30af909c49c33292eaf093eb8945b61066fc286eb65beabf8b1cd92afb34d03c49000a77571eb13ffd51bba4015dac87f5c60af7b4f192456e9b8e35620b18"
-  }
- ], 
- "signed": {
-  "_type": "Targets", 
-  "delegations": {
-   "keys": {
-    "649077bc2acbc020e340a4c8f13a106787ca75d026ec60db5c2c0af3b9b60085": {
-     "keytype": "rsa", 
-     "keyval": {
-      "private": "", 
-      "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAycGNqAn3w3H92H3uLnbw\nBoO/JHuPJSS+w/0d14h0Sn9lHigGKkDNBd3xyQNTTTL20WweFcYRS4T6Y/dLl6hH\njudMlHE6ieqDLKGT59zQdRM4X1L6kXxLH/0lwrF10MVz1KLhzFENQFe86sRqjoTP\nr6EoL72xnIvBiuUvRptpIIx5cighaOk7/3e72Xp27XMZWFW9rkjrMxP5MxEEU4Zk\nU9lmdKbYjVctVOtJ+b4XY6JgIGMgiNMUme+K7Jh/Ch7z4BGp83Bt1e6ZSlXAl51S\no/F8qzV32YlydRpbCZGdN0zXlsP46UhzWK08sehmL4o9BIlJEethVYHSl7tXq3jM\nq+BImbM/myghYyLvKKRt0yrdUz5k4Z1eRVtUnq8WAoXfJjLuQdJiPIZZIcL92GQu\nXfyEOef0Ov5V1dqrVrzUykO5S7VeE+hxrPOp/P1VS8GuK5AtVG4cUVXagevJRQ7x\n3mRikxFbXIkM+3NGu1PiulhceB06IQ0vB54bf97c03exAgMBAAE=\n-----END PUBLIC KEY-----\n"
-     }
-    }
-   }, 
-   "roles": {
-    "targets/role1": {
-     "keyids": [
-      "649077bc2acbc020e340a4c8f13a106787ca75d026ec60db5c2c0af3b9b60085"
-     ], 
-     "paths": [
-      "role1/delegated_target1.txt"
-     ], 
-     "threshold": 1
-    }
-   }
-  }, 
-  "expires": "2013-12-17 01:38:35", 
-  "targets": {
-   "LICENSE.txt": {
-    "hashes": {
-     "sha256": "cd65721176ce5fdbb05773c0b1349f993b94ce77a51062cfa7a78b34cc82fc71"
-    }, 
-    "length": 3286
-   }
-  }, 
-  "ts": "2012-12-17 01:38:35"
- }
-}
diff --git a/tuf/examples/repository_delegations/repository/metadata/targets/role1.txt b/tuf/examples/repository_delegations/repository/metadata/targets/role1.txt
deleted file mode 100644
index e81ab5cf..00000000
--- a/tuf/examples/repository_delegations/repository/metadata/targets/role1.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "649077bc2acbc020e340a4c8f13a106787ca75d026ec60db5c2c0af3b9b60085", 
-   "method": "evp", 
-   "sig": "773e4867b722a0a99d38403e03bbf8bd4ba6fbd9138358d1b5f53e2a5310be751ba13201ce1e922d3ce5ea5b5213226ef3eaecf0449db294f460e79b4c40ba086bdb469b9af2dea42338d31b376fde33f0ac91a45ab5df97f2b67ed71e17d86c03c292301e1fb63d5532a1a95cab9a5f9132feefbe7138799ea8fba8c963be696ef478a18f8be8162752aa2e2be14d123514762e1334aefabc6be5f84a22a947ed260fdf1d50dbf0bae7fff92af259c4f18ee16696c2f0b3e9d245bc9fba2ed9a4a770cfd6f51c6b0a75daf7896a943370af36c170b0e92b47cd17b6b5e68fd48e42a31ea12879c89a9914198e446c8cd60f9883545a5c8a59b1f7721c6e06669ecee4716934f5a02b583d0067670068656b00578b54ef0e0d84e1b620c52779d1550260b4c0dd8bfe3d20ecf19ad2e6381fb2de06a2d01729040c593d56da0208b2a3571eba2330efa907dfb467c524795012f3a776da0b3b84220cc89461fb67aa69f1f56bb521f211c0b8e8ecfd83b8495fbee433b9743923d57d864768a3"
-  }
- ], 
- "signed": {
-  "_type": "Targets", 
-  "delegations": {
-   "keys": {
-    "026d535ad9bd3a7b9dd399612f264fb4be4aa88f9668ac6fb86bfc1f891458d8": {
-     "keytype": "rsa", 
-     "keyval": {
-      "private": "", 
-      "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvmDFVDT7uzuINW61XGNz\nAbQTmiyWJse/+oyucZNlVuGZgxlKur81eYyVFr0oEcFBDBk9hKlFZkJmGRENKL9l\nVELKFqtuBetl4ullCQL7wZrGlsBXIYelCTZL6jar+4jYY+pObE3VDa7EDOwOBfbi\nfOq61pom5fwJ04Aprwf4HAI1M/C7N0fo+1Oy1kZfI+PFOgT8Ed3adu7UfRq3I8VY\nsiJZTgsyrvHlD/wHhwIQsxWiZZgXy9ziSeIbjXISznMI6Xsi2rCoihepOT3VonwD\n6emgt69EeOamxjUH/AH5iorMd3yWD3pN6EP0SAxQMIK96005NgfTflQ6mN733wMQ\nkQ1xpXSHlP1XRMuNMH7TovjGE7T9bVsipuDcTQ9HrLMRZfchh/GSZIHu3nC3z8L8\nAgeeGqqin3cLjoHYpXJbtQKZ/qlqo7EsExEoPhC6XYS6A5KFoDWc7YmUhmtDb5KM\nvyXoqeivdGjWSDY2WdSqGPzxdFz6UnZ1LFSHAkLWcJWtAgMBAAE=\n-----END PUBLIC KEY-----\n"
-     }
-    }
-   }, 
-   "roles": {
-    "targets/role1/role2": {
-     "keyids": [
-      "026d535ad9bd3a7b9dd399612f264fb4be4aa88f9668ac6fb86bfc1f891458d8"
-     ], 
-     "paths": [
-      "role2/delegated_target2.txt"
-     ], 
-     "threshold": 1
-    }
-   }
-  }, 
-  "expires": "2013-12-17 01:57:16", 
-  "targets": {
-   "role1/delegated_target1.txt": {
-    "hashes": {
-     "sha256": "863309c54db9b7fb109dec25c54d0dabcbc931ff94516168e10c36de5c9107eb"
-    }, 
-    "length": 19
-   }
-  }, 
-  "ts": "2012-12-17 01:57:16"
- }
-}
diff --git a/tuf/examples/repository_delegations/repository/metadata/targets/role1/role2.txt b/tuf/examples/repository_delegations/repository/metadata/targets/role1/role2.txt
deleted file mode 100644
index e7ce00ae..00000000
--- a/tuf/examples/repository_delegations/repository/metadata/targets/role1/role2.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "026d535ad9bd3a7b9dd399612f264fb4be4aa88f9668ac6fb86bfc1f891458d8", 
-   "method": "evp", 
-   "sig": "b3df7b4eba55cd57fce111ee733f4befeb6f04d61c0bd7ea107142d87d36895e20ee90c13a1b346d9ad5399042ee101782d5b9399a6b8eb5b5ea58606dabd0aca5206ac7051bab37cb9e1a9251b22a26bcbc5745e524d847591eeef4c9e0c88c8bac9f0ec77a362fe279463e08307f5e712e6ccc1261fa406f7fe76aef463c2b6fb16368e85ae8c9816ed8fa1d808d9020ac7157a5ec58bb357cf0c815fd06f5c606c69d5aa40dad35d42c57f8ee4da16d0401454f65875e3f75976f2cd1413a7806adaef8d1f2fcb1afa7beae57196fc8ffb9484e597b60c6f5714fce33df462293f2d00a1e94b2159c016db3cc9af2bdb4497fe1d0879f22343574b803dc27b8c86bd6310981ce46e436ecf2dd50a61f49330fbc8bda42789c6c9e1720434d00fb006afe619a0a7a35b70b1dc5feca1a46fb5353827e37c19d0c5e84b8605ce130e80f8f781bddbdad2a452fb25107c28e26f3f8aa07b54b969971951bd20e8a13561c9b94801b216a5ab08f01ff1fe03177c3498820888c0097d18aceb77a"
-  }
- ], 
- "signed": {
-  "_type": "Targets", 
-  "expires": "2013-12-17 02:00:05", 
-  "targets": {
-   "role2/delegated_target2.txt": {
-    "hashes": {
-     "sha256": "a93f4bdd1cf4219da2ff4cb04e79f596d5bcc9948ef9400615967a2627d0256d"
-    }, 
-    "length": 19
-   }
-  }, 
-  "ts": "2012-12-17 02:00:05"
- }
-}
diff --git a/tuf/examples/repository_delegations/repository/metadata/timestamp.txt b/tuf/examples/repository_delegations/repository/metadata/timestamp.txt
deleted file mode 100644
index 5e74a88c..00000000
--- a/tuf/examples/repository_delegations/repository/metadata/timestamp.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "c577a726a369d412247f1eb5d14234a90d84332b295d31bea42cf482fec0c885", 
-   "method": "evp", 
-   "sig": "1b1c21f942c337b4d3eaa69df927f11093ba17126ca1863442db146ecd81d6c949ff611f53b4f3192a265b422b86e8a832b27c20c15bbfe72cd8aadb036fcdbf6bbe7c1ba37f37f27eb44f610ba4c109421209a07e8a54b44f8817d430e11f64c29376f20802c8b0d0a2b4b79386c4582a9add07910ace07cf8e9a05ece325e4c6f2ae6af4eff4589f1038e07bf93aeca0a7da40aca6711259bc9f3a22a87bdcbaf313e2b0dd431ad3431d36604927047f74f2c24436a28d32676753f512081b1447a4f77354d3eb451dc47cb4d75a716856c9653f2a91e7d05c485ad966d7d990851fcfa007011d6545bb446c114ff486a226f71af36479a1cf7cb14f4525a27624bb837c26146deb6721820a577c233047b3bf7aa3fc1938702962fedbf933b8468f9f170cab4de707a40e9b7e708cfca9ba630c2922eb9a8dfc19d814060c101c6c576253d3fa85eb4a991ee52be8fb316ce26f15a0e5acb7affdcc8c0f899da7fb733952fb1cd19e22501a12f9d7cb98680c1abdbb811848cdd9cb07718d"
-  }
- ], 
- "signed": {
-  "_type": "Timestamp", 
-  "expires": "2013-12-17 02:20:17", 
-  "meta": {
-   "release.txt": {
-    "hashes": {
-     "sha256": "8675d50257f7e12d8fadd252e6a15b819c8b99c34ceca198e9f439ea63a8435b"
-    }, 
-    "length": 1662
-   }
-  }, 
-  "ts": "2012-12-17 02:20:17"
- }
-}
diff --git a/tuf/examples/repository_delegations/repository/targets/LICENSE.txt b/tuf/examples/repository_delegations/repository/targets/LICENSE.txt
deleted file mode 100644
index 544f53dc..00000000
--- a/tuf/examples/repository_delegations/repository/targets/LICENSE.txt
+++ /dev/null
@@ -1,66 +0,0 @@
-        This file contains the license for TUF: The Update Framework.
-
-         It also lists license information for components and source
-                   code used by TUF: The Update Framework.
-
-             If you got this file as a part of a larger bundle,
-        there may be other license terms that you should be aware of.
-
-===============================================================================
-TUF: The Update Framework is distributed under this license:
-
-Copyright (c) 2010, Justin Samuel and Justin Cappos.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and/or hardware specification (the “Work”) to deal in the Work
-without restriction, including without limitation the rights to use, copy,
-modify, merge, publish, distribute, sublicense, and/or sell copies of the Work,
-and to permit persons to whom the Work is furnished to do so, subject to the
-following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Work.
-
-THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER
-DEALINGS IN THE WORK.
-===============================================================================
-Many files are modified from Thandy and are licensed under the
-following license:
-
-Thandy is distributed under this license:
-
-Copyright (c) 2008, The Tor Project, Inc.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-
-    * Neither the names of the copyright owners nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-===============================================================================
diff --git a/tuf/examples/repository_delegations/repository/targets/role1/delegated_target1.txt b/tuf/examples/repository_delegations/repository/targets/role1/delegated_target1.txt
deleted file mode 100644
index cf0e2506..00000000
--- a/tuf/examples/repository_delegations/repository/targets/role1/delegated_target1.txt
+++ /dev/null
@@ -1 +0,0 @@
-delegated target 1
diff --git a/tuf/examples/repository_delegations/repository/targets/role2/delegated_target2.txt b/tuf/examples/repository_delegations/repository/targets/role2/delegated_target2.txt
deleted file mode 100644
index 775db353..00000000
--- a/tuf/examples/repository_delegations/repository/targets/role2/delegated_target2.txt
+++ /dev/null
@@ -1 +0,0 @@
-delegated target 2
diff --git a/tuf/formats.py b/tuf/formats.py
index 50e5bbbc..2544312b 100755
--- a/tuf/formats.py
+++ b/tuf/formats.py
@@ -7,7 +7,7 @@
   Vladimir Diaz <vladimir.v.diaz@gmail.com>
 
 <Started>
-  Refactored April 30, 2012. -Vlad
+  Refactored April 30, 2012. -vladimir.v.diaz
 
 <Copyright>
   See LICENSE for licensing information.
@@ -64,6 +64,7 @@
 import calendar
 import re
 import string
+import datetime
 import time
 
 import tuf
@@ -74,12 +75,17 @@
 # additional keys which are not defined. Thus, any additions to them will be
 # easily backwards compatible with clients that are already deployed.
 
-# A date in 'YYYY-MM-DD HH:MM:SS UTC' format.
-# TODO: Support timestamps according to the ISO 8601 standard.
-TIME_SCHEMA = SCHEMA.RegularExpression(r'\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} UTC')
+# A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format.  The "Z" zone designator
+# for the zero UTC offset is always used (i.e., a numerical offset is not
+# supported.)  Example: '2015-10-21T13:20:00Z'.  Note:  This is a simple format
+# check, and an ISO8601 string should be fully verified when it is parsed.
+ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression(r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z')
 
-# A date in 'YYYY-MM-DD HH:MM:SS UTC' format.
-DATETIME_SCHEMA = SCHEMA.RegularExpression(r'\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}')
+# A Unix/POSIX time format.  An integer representing the number of seconds
+# since the epoch (January 1, 1970.)  Metadata uses this format for the
+# 'expires' field.  Set 'hi' to the upper timestamp limit (year 2038), the max
+# value of an int.
+UNIX_TIMESTAMP_SCHEMA = SCHEMA.Integer(lo=0, hi=2147483647)
 
 # A hexadecimal value in '23432df87ab..' format.
 HASH_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+')
@@ -365,11 +371,6 @@
   keys = KEYDICT_SCHEMA,
   roles = ROLELIST_SCHEMA)
 
-# The number of seconds before metadata expires.  The minimum is 86400 seconds
-# (= 1 day).  This schema is used for the initial expiration date.  Repository
-# maintainers may later modify this value (TIME_SCHEMA).
-EXPIRATION_SCHEMA = SCHEMA.Integer(lo=86400)
-
 # Supported compression extension (e.g., 'gz').
 COMPRESSION_SCHEMA = SCHEMA.OneOf([SCHEMA.String(''), SCHEMA.String('gz')])
 
@@ -384,7 +385,7 @@
   signing_keyids = SCHEMA.Optional(KEYIDS_SCHEMA),
   threshold = THRESHOLD_SCHEMA,
   version = SCHEMA.Optional(METADATAVERSION_SCHEMA),
-  expires = SCHEMA.Optional(SCHEMA.OneOf([EXPIRATION_SCHEMA, TIME_SCHEMA])),
+  expires = SCHEMA.Optional(ISO8601_DATETIME_SCHEMA),
   signatures = SCHEMA.Optional(SIGNATURES_SCHEMA),
   compressions = SCHEMA.Optional(COMPRESSIONS_SCHEMA),
   paths = SCHEMA.Optional(RELPATHS_SCHEMA),
@@ -398,7 +399,7 @@
   _type = SCHEMA.String('Root'),
   version = METADATAVERSION_SCHEMA,
   consistent_snapshot = BOOLEAN_SCHEMA,
-  expires = TIME_SCHEMA,
+  expires = ISO8601_DATETIME_SCHEMA,
   keys = KEYDICT_SCHEMA,
   roles = ROLEDICT_SCHEMA)
 
@@ -407,7 +408,7 @@
   object_name = 'TARGETS_SCHEMA',
   _type = SCHEMA.String('Targets'),
   version = METADATAVERSION_SCHEMA,
-  expires = TIME_SCHEMA,
+  expires = ISO8601_DATETIME_SCHEMA,
   targets = FILEDICT_SCHEMA,
   delegations = SCHEMA.Optional(DELEGATIONS_SCHEMA))
 
@@ -416,7 +417,7 @@
   object_name = 'SNAPSHOT_SCHEMA',
   _type = SCHEMA.String('Snapshot'),
   version = METADATAVERSION_SCHEMA,
-  expires = TIME_SCHEMA,
+  expires = ISO8601_DATETIME_SCHEMA,
   meta = FILEDICT_SCHEMA)
 
 # Timestamp role: indicates the latest version of the snapshot file.
@@ -424,7 +425,7 @@
   object_name = 'TIMESTAMP_SCHEMA',
   _type = SCHEMA.String('Timestamp'),
   version = METADATAVERSION_SCHEMA,
-  expires = TIME_SCHEMA,
+  expires = ISO8601_DATETIME_SCHEMA,
   meta = FILEDICT_SCHEMA)
 
 # A schema containing information a repository mirror may require,
@@ -451,7 +452,7 @@
   object_name = 'MIRRORLIST_SCHEMA',
   _type = SCHEMA.String('Mirrors'),
   version = METADATAVERSION_SCHEMA,
-  expires = TIME_SCHEMA,
+  expires = ISO8601_DATETIME_SCHEMA,
   mirrors = SCHEMA.ListOf(MIRROR_SCHEMA))
 
 # Any of the role schemas (e.g., TIMESTAMP_SCHEMA, SNAPSHOT_SCHEMA, etc.)
@@ -512,8 +513,9 @@ def from_metadata(object):
     TIMESTAMP_SCHEMA.check_match(object) 
 
     version = object['version']
-    expires = parse_time(object['expires'])
+    expires = object['expires']
     filedict = object['meta']
+    
     return TimestampFile(version, expires, filedict)
     
     
@@ -551,7 +553,7 @@ def from_metadata(object):
     ROOT_SCHEMA.check_match(object) 
     
     version = object['version']
-    expires = parse_time(object['expires'])
+    expires = object['expires']
     keys = object['keys']
     roles = object['roles']
     consistent_snapshot = object['consistent_snapshot']
@@ -594,7 +596,7 @@ def from_metadata(object):
     SNAPSHOT_SCHEMA.check_match(object)
     
     version = object['version']
-    expires = parse_time(object['expires'])
+    expires = object['expires']
     filedict = object['meta']
     
     return SnapshotFile(version, expires, filedict)
@@ -637,7 +639,7 @@ def from_metadata(object):
     TARGETS_SCHEMA.check_match(object)
     
     version = object['version']
-    expires = parse_time(object['expires'])
+    expires = object['expires']
     filedict = object.get('targets')
     delegations = object.get('delegations')
     
@@ -708,75 +710,86 @@ def make_metadata():
 
 
 
-def format_time(timestamp):
+def datetime_to_unix_timestamp(datetime_object):
   """
   <Purpose>
-    Encode 'timestamp' in 'YYYY-MM-DD HH:MM:SS UTC' format.
-    'timestamp' is a Unix timestamp value.  For example, it is the time
-    format returned by calendar.timegm(). 
+    Convert 'datetime_object' (in datetime.datetime()) format) to a Unix/POSIX
+    timestamp.  For example, Python's time.time() returns a Unix timestamp, and
+    includes the number of microseconds.  'datetime_object' is converted to UTC.
 
-    >>> format_time(499137720)
-    '1985-10-26 01:22:00 UTC'
+    >>> datetime_object = datetime.datetime(1985, 10, 26, 01, 22)
+    >>> timestamp = datetime_to_unix_timestamp(datetime_object)
+    >>> timestamp 
+    499137720
 
   <Arguments>
-    timestamp:
-      The time to format.  This is a Unix timestamp.
+    datetime_object:
+      The datetime.datetime() object to convert to a Unix timestamp.
 
   <Exceptions>
-    tuf.Error, if 'timestamp' is invalid.
+    tuf.FormatError, if 'datetime_object' is not a datetime.datetime() object.
 
   <Side Effects>
     None.
 
   <Returns>
-    A string in 'YYYY-MM-DD HH:MM:SS UTC' format.
+    A unix (posix) timestamp (e.g., 499137660).
   """
+  
+  # Is 'datetime_object' a datetime.datetime() object?
+  # Raise 'tuf.FormatError' if not.
+  if not isinstance(datetime_object, datetime.datetime):
+    message = repr(datetime_object) + ' is not a datetime.datetime() object.'
+    raise tuf.FormatError(message) 
    
-  try:
-    # Convert the timestamp to 'yyyy-mm-dd HH:MM:SS' format.
-    formatted_time = time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime(timestamp))
-    
-    # Attach 'UTC' to the formatted time string prior to returning.  
-    return formatted_time+' UTC' 
+  unix_timestamp = calendar.timegm(datetime_object.timetuple())
   
-  except (ValueError, TypeError):
-    raise tuf.FormatError('Invalid argument value')
+  return unix_timestamp
 
 
 
 
-def parse_time(string):
+
+def unix_timestamp_to_datetime(unix_timestamp):
   """
   <Purpose>
-    Parse 'string', in 'YYYY-MM-DD HH:MM:SS UTC' format, to a Unix timestamp.
+    Convert 'unix_timestamp' (i.e., POSIX time, in UNIX_TIMESTAMP_SCHEMA format)
+    to a datetime.datetime() object.  'unix_timestamp' is the number of seconds
+    since the epoch (January 1, 1970.)
+   
+    >>> datetime_object = unix_timestamp_to_datetime(1445455680)
+    >>> datetime_object 
+    datetime.datetime(2015, 10, 21, 19, 28)
 
   <Arguments>
-    string:
-      A string representing the time (e.g., '1985-10-26 01:20:00 UTC').
+    unix_timestamp:
+      An integer representing the time (e.g., 1445455680).  Conformant to
+      'tuf.formats.UNIX_TIMESTAMP_SCHEMA'.
 
   <Exceptions>
-    tuf.FormatError, if parsing 'string' fails.
+    tuf.FormatError, if 'unix_timestamp' is improperly formatted.
 
   <Side Effects>
     None.
 
   <Returns>
-    A timestamp (e.g., 499137660).
+    A datetime.datetime() object corresponding to 'unix_timestamp'.
   """
   
-  # Is 'string' properly formatted?
+  # Is 'unix_timestamp' properly formatted?
   # Raise 'tuf.FormatError' if there is a mismatch.
-  TIME_SCHEMA.check_match(string)
- 
-  # Strip the ' UTC' attached to the string.  The string time, minus the ' UTC',
-  # is the time format expected by the time functions called below.
-  string = string[0:string.rfind(' UTC')]
-  try:
-    return calendar.timegm(time.strptime(string, '%Y-%m-%d %H:%M:%S'))
-  
-  except ValueError:
-    raise tuf.FormatError('Malformed time: '+repr(string))
+  UNIX_TIMESTAMP_SCHEMA.check_match(unix_timestamp)
 
+  # Convert 'unix_timestamp' to a 'time.struct_time',  in UTC.  The Daylight
+  # Savings Time (DST) flag is set to zero.  datetime.fromtimestamp() is not
+  # used because it returns a local datetime.
+  struct_time = time.gmtime(unix_timestamp)
+
+  # Extract the (year, month, day, hour, minutes, seconds) arguments for the 
+  # datetime object to be returned.
+  datetime_object = datetime.datetime(*struct_time[:6])
+
+  return datetime_object
 
 
 
@@ -988,7 +1001,7 @@ def make_role_metadata(keyids, threshold, name=None, paths=None,
 
   if paths is not None and path_hash_prefixes is not None:
     raise \
-      tuf.FormatError('Both "paths" and "path_hash_prefixes" are specified!')
+      tuf.FormatError('Both "paths" and "path_hash_prefixes" are specified.')
 
   if path_hash_prefixes is not None:
     role_meta['path_hash_prefixes'] = path_hash_prefixes
diff --git a/tuf/log.py b/tuf/log.py
index fed3a0e8..f57b27d4 100755
--- a/tuf/log.py
+++ b/tuf/log.py
@@ -74,7 +74,7 @@
 
 # Set the format for logging messages.
 # Example format for '_FORMAT_STRING': 
-# [2013-08-13 15:21:18,068 UTC] [tuf] [INFO][_update_metadata:851@updater.py]
+# [2013-08-13 15:21:18,068 localtime] [tuf] [INFO][_update_metadata:851@updater.py]
 _FORMAT_STRING = '[%(asctime)s UTC] [%(name)s] [%(levelname)s] '+\
   '[%(funcName)s:%(lineno)s@%(filename)s]\n%(message)s\n'
 
diff --git a/tuf/pushtools/push.cfg.sample b/tuf/pushtools/push.cfg.sample
deleted file mode 100755
index bd0e6efa..00000000
--- a/tuf/pushtools/push.cfg.sample
+++ /dev/null
@@ -1,10 +0,0 @@
-[general]
-transfer_module = scp
-metadata_path = /var/tuf/test-repo/metadata/targets.txt
-targets_directory = /var/tuf/test-repo/targets
-
-[scp]
-host = localhost 
-user = user
-identity_file = ~/.ssh/id_rsa
-remote_directory = ~/pushes 
diff --git a/tuf/pushtools/push.py b/tuf/pushtools/push.py
deleted file mode 100755
index 17a3b19c..00000000
--- a/tuf/pushtools/push.py
+++ /dev/null
@@ -1,187 +0,0 @@
-#!/usr/bin/env python
-
-"""
-<Program Name>
-  push.py
-
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-
-<Started>
-  August 2012.  Based on a previous version by Geremy Condra.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  This script provides a way for developers to push a signed targets metadata
-  file (i.e., 'targets.txt') and the referenced targets to a repository. The
-  repository adds these files to the repository by running the
-  'tuf/pushtools/receivetools/receive.py' script.
-
-  'push.py' is not a required module of The Update Framework, but is provided
-  to allow developers to remotely update the target files served by a
-  repository.  The actual file transfers are completed by a separate command
-  available on the client machine.  The 'SCP' (secure copy) command is currently
-  supported.  This script may be viewed as a front-end to the python transfer
-  modules (e.g., 'tuf.pushtools.transfer.scp').  A configuration file can be
-  specified allowing the user to customize the transfer and supply the locations
-  of targets and metadata.
-
-  Usage:
-    $ python push.py --config <config path>
-    
-  Example:
-    $ python push.py --config ./push.cfg
-
-  Details of the 'push.py' script:
-
-  The developer provides the path to a configuration file that lists:
-    * The path to the targets metadata file.
-    * The name of the transfer module to use for transferring the
-      files to the repository (e.g., 'scp').
-    * Configuration information that is specific to the transfer
-      module.
-
-  See the 'push.cfg.sample' file for an example configuration file.
-
-  The transfer module needs the following functionality:
-    * A way to transfer target files and the new metadata file to the
-      repository.  The 'scp' transfer modules is currently supported.
-      
-  The transfer module may also include the following functionality:
-    * A way to determine whether the repository has rejected the push and, if
-      so, the reason for the rejection.
-
-"""
-
-import os
-import sys
-import optparse
-
-import tuf
-import tuf.formats
-import tuf.pushtools.pushtoolslib
-import tuf.pushtools.transfer.scp
-
-
-
-def push(config_filepath):
-  """
-  <Purpose>
-    Perform a push/transfer of target files to a host.  The configuration file
-    'config_filepath' provides the required settings needed by the transfer
-    command.  In the case of an 'scp' configuration file, the configuration
-    file would contain 'host', 'user', 'identity file', and 'remote directory'
-    entries.
-     
-  <Arguments>
-    config_filepath:
-      The push configuration file (i.e., 'push.cfg').
-      
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are incorrectly formatted.
-
-    tuf.Error, if there was an error while processing the push.
-
-  <Side Effects>
-    The 'config_filepath' file is read and its contents stored, the files
-    in the targets directory (specified in the config file) are copied,
-    and the copied targets transfered to a specified host.
-
-  <Returns>
-    None.
-  
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(config_filepath)
- 
-  # Is the path to the configuration file valid?
-  if not os.path.isfile(config_filepath):
-    message = 'The configuration file path is invalid.'
-    raise tuf.Error(message)
-  config_filepath = os.path.abspath(config_filepath)
-
-  # Retrieve the push configuration settings required by the transfer
-  # modules.  Raise ('tuf.FormatError', 'tuf.Error') if a valid
-  # configuration file cannot be retrieved.
-  config_dict = tuf.pushtools.pushtoolslib.read_config_file(config_filepath, 'push')
-
-  # Extract the transfer module identified in the configuration file.
-  transfer_module = config_dict['general']['transfer_module']
- 
-  # 'scp' is the only transfer module currently supported.  Perform
-  # an scp-transfer of the targets located in the targets directory as
-  # listed in the configuration file.
-  if transfer_module == 'scp':
-    tuf.pushtools.transfer.scp.transfer(config_dict)
-  else:
-    message = 'Cannot perform a transfer using '+repr(transfer_module) 
-    raise tuf.Error(message)
-
-
-
-
-
-def parse_options():
-  """
-  <Purpose>
-    Parse the command-line options.  'push.py' expects the '--config'
-    option to be set by the user.
-
-    Example:
-      $ python push.py --config ./push.cfg
-
-    The '--config' option accepts a path argument to the push configuration
-    file (i.e., 'push.cfg').  If the required option is unset, a parser error
-    is printed and the script exits.
-
-  <Arguments>
-    None.
-
-  <Exceptions>
-    None.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    The options object returned by the parser's parse_args() method.
-
-  """
-
-  usage = 'usage: %prog --config <config path>'
-  option_parser = optparse.OptionParser(usage=usage)
-
-  # Add the options supported by 'push.py' to the option parser.
-  option_parser.add_option('--config', action='store', type='string',
-                            help='Specify the "push.cfg" configuration file.')
-
-  (options, remaining_arguments) = option_parser.parse_args()
-
-  # Ensure the '--config' option is set.  If the required option is unset,
-  # option_parser.error() will print an error message and exit.
-  if options.config is None:
-    message = '"--config" must be set on the command-line.'
-    option_parser.error(message)
-
-  return options
-
-
-
-
-
-if __name__ == '__main__':
-  options = parse_options()
-
-  # Perform a 'push' of the target files specified in the configuration file.
-  try:
-    push(options.config)
-  except (tuf.FormatError, tuf.Error), e:
-    sys.stderr.write('Error: '+str(e)+'\n')
-    sys.exit(1)
-
-  # The 'push' and command-line options were processed successfully.
-  sys.exit(0)
diff --git a/tuf/pushtools/pushtoolslib.py b/tuf/pushtools/pushtoolslib.py
deleted file mode 100755
index 995a2ab2..00000000
--- a/tuf/pushtools/pushtoolslib.py
+++ /dev/null
@@ -1,154 +0,0 @@
-"""
-<Program Name>
-  pushtoolslib.py
-
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-
-<Started>
-  September 2012.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Provide a central location for functions and data useful to multiple
-  'tuf.pushtools' modules.  A 'read_config_file' function is currently
-  provided that returns correctly formatted configuration dictionaries
-  needed by the 'push.py' and 'receive.py' scripts.
-
-"""
-
-import ConfigParser
-import os
-
-import tuf.formats
-
-PUSH_CONFIG = 'push.cfg'
-RECEIVE_CONFIG = 'receive.cfg'
-TRANSFER_MODULES = ['scp']
-CONFIG_TYPES = ['push', 'receive']
-
-
-def read_config_file(filename, config_type):
-  """
-  <Purpose>
-    Return a dictionary where the keys are section names and the values
-    dictionaries of the keys/values in that section.  The returned
-    dict should be correctly formatted, contain the required data
-    according to its config type, and be valid (i.e., a correctly named
-    file and available).
-    
-    Example config:
-
-    config_dict = {'general': {'transfer_module': 'scp', ...},
-                   'scp': {'host': 'localhost', 'user': 'McFly', ...}}
-
-  <Arguments>
-    filename:
-      The filepath to the configuration file.
-
-    config_type:
-      A string identifying the type of config file expected.  Supported
-      config types: 'push' and  'receive'.
-      
-  <Exceptions>
-    tuf.FormatError, if the arguments are improperly formatted.
-
-    tuf.Error, if there is an error processing the config contents.
-
-  <Side Effects>
-    The contents of 'filename' are read and stored.
-
-  <Returns>
-    A dictionary containing the data loaded from the configuration file.
-
-  """
-  
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(filename)
-  tuf.formats.NAME_SCHEMA.check_match(config_type)
-  
-  # RawConfigParser is used because unlike ConfigParser,
-  # it does not provide magical interpolation/expansion
-  # of variables (e.g., '%(option)s' would be ignored).
-  config = ConfigParser.RawConfigParser()
-  try:
-    config.read(filename)
-  except ConfigParser.MissingSectionHeaderError, error:
-    raise tuf.Error(error)
-
-  if config.sections() is None:
-    raise tuf.Error('Could not read '+repr(filename))
-
-  # Extract the relevant information from the config and build the
-  # 'config_dict' dictionary.
-  config_dict = {}
-  for section in config.sections():
-    config_dict[section] = {}
-    for key, value in config.items(section):
-      # Split comma-separated entries and store them in a list.
-      # 'pushroots' is the only entry that currently accepts
-      # multiple values.
-      if key in ['pushroots']:
-        value = value.split(',')
-      config_dict[section][key] = value
- 
-  # Before returning a 'push' config dict, check the config is properly
-  # formatted, valid, and contains the required data.
-  if config_type == 'push':
-    # Ensure 'filename' is an appropriately named push config file.
-    if os.path.basename(filename) != PUSH_CONFIG:
-      message = repr(filename)+' is not a valid push config file.'+\
-        '  The push config file should be named: '+repr(PUSH_CONFIG)
-      raise tuf.Error(message)
-    
-    # Retrieve the transfer module from the push config.  The caller
-    # expects a valid config dict containing the required keys/values.
-    try:
-      transfer_module = config_dict['general']['transfer_module']
-    except KeyError, e:
-      message = 'The push config file did not contain the required '+\
-        '"transfer_module" entry under "[general]".'
-      raise tuf.Error(message)
-   
-    # Determine the transfer module and ensure the config file is properly
-    # formatted for an "scp configuration file".  Raise 'tuf.FormatError'
-    # if there is mismatch.
-    if transfer_module == 'scp':
-      try:
-        tuf.formats.SCPCONFIG_SCHEMA.check_match(config_dict)
-      except tuf.FormatError, e:
-        message = repr(PUSH_CONFIG)+' rejected.  '+str(e)
-        raise tuf.FormatError(message)
-    # A supported transfer module was not found.  Raise 'tuf.Error'. 
-    else:
-      message = 'The config file contains an invalid "transfer_module" entry '+\
-        'Supported transfer modules: '+repr(TRANSFER_MODULES)
-      raise tuf.Error(message)
-
-  # Before returning a 'receive' config dict, check the config is properly
-  # formatted, valid, and contains the required data.
-  elif config_type == 'receive':
-    # Ensure 'filename' is an appropriately named receive config file.
-    if os.path.basename(filename) != RECEIVE_CONFIG:
-      message = repr(filename)+' is not a valid receive config file.'+\
-      '  The receive config file should be named: '+repr(RECEIVE_CONFIG)
-      raise tuf.Error(message)
-    
-    # Determine if the config file is properly formatted for a "receive
-    # configuration file".  Raise 'tuf.FormatError' if there is a
-    # mismatch.
-    try: 
-      tuf.formats.RECEIVECONFIG_SCHEMA.check_match(config_dict)
-    except tuf.FormatError, e:
-      message = repr(RECEIVE_CONFIG)+' rejected.  '+str(e)
-      raise tuf.FormatError(message)
-
-  # Invalid 'config_type' requested.
-  else:
-    message = 'Invalid "config_type" argument.  Supported: '+repr(CONFIG_TYPES)
-    raise tuf.Error(message)
-
-  return config_dict
diff --git a/tuf/pushtools/receivetools/receive.cfg.sample b/tuf/pushtools/receivetools/receive.cfg.sample
deleted file mode 100755
index c8d8b1f8..00000000
--- a/tuf/pushtools/receivetools/receive.cfg.sample
+++ /dev/null
@@ -1,6 +0,0 @@
-[general]
-pushroots = /home/user/pushes,/home/user2/pushes
-repository_directory = /var/tuf/test-repo
-metadata_directory = /var/tuf/test-repo/metadata
-targets_directory = /var/tuf/test-repo/targets
-backup_directory = /var/tuf/test-repo/replaced
diff --git a/tuf/pushtools/receivetools/receive.py b/tuf/pushtools/receivetools/receive.py
deleted file mode 100755
index 9fe81121..00000000
--- a/tuf/pushtools/receivetools/receive.py
+++ /dev/null
@@ -1,861 +0,0 @@
-#!/usr/bin/env python
-
-"""
-<Program Name>
-  receive.py
-
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-
-<Started>
-  September 2012.  Based on a previous version by Geremy Condra.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  This script can be run on a repository to import new targets metadata and
-  target files into the repository. This is intended to work with the
-  developer 'push.py' tool. When this script finds a new directory pushed
-  by a developer, it checks the metadata and target files and, if everything
-  is correct, adds the files to the repository.
-
-  Like the 'push.py' script, 'receive.py' is provided as an optional tool for
-  maintainers who wish to support the remote updating of target files.  The
-  target files are provided by an outside developer.  The developer generates a
-  correctly signed 'targets.txt' metatada file, along with the target files
-  specified in it, and uploads them to his/her developer directory on the
-  repository with 'push.py'.  A repository maintainer would then run this script
-  to ensure a valid targets metadata file is provided and the target files match
-  to what is listed.  Lastly, the maintainer manually generates the new
-  'release.txt' and 'timestamp.txt' metadata files so that clients may download
-  the newly added target files.
-
-
-  Details:
-
-  The script looks in a set of pre-defined push locations that one or more
-  developers may have uploaded files to using the push tool. If it finds
-  a valid push, it moves the push directory to a 'processing' directory and
-  also copies the pushed files to a temporary directory (these files are the
-  ones used by this script).
-
-  Once the repository has received and copied a set of target files and the
-  corresponding targets metadata file, it performs the following checks:
-
-    * The metadata file is newer than the last metadata file of that type.
-    * The metadata has not expired.
-    * The metadata is signed by a threshold of keys that belong to the
-      appropriate role.
-    * The target files described in the metadata are the same target files as
-      were provided.
-
-  Once the verification is complete, the script backs up the files to be
-  replaced or obsoleted, and then adds the new files to the repository. The
-  script then moves the push directory from the pushroot's 'processing'
-  directory to its 'processed' directory and writes a 'received.result' file
-  to the push directory.  The 'received.result' file contains either the word
-  SUCCESS or FAILURE. There may also be a 'received.log' file written.  The
-  client can check these files to determine whether the push was accepted and,
-  if not, what the problem was.
-
-  This script does not generate a new 'release.txt' file or 'timestamp.txt' file.
-  That needs to be done after this script runs if any pushes have been received.
-  In some cases, it may make sense to have this script operate on a non-live
-  copy of the repository and then rsync the files after all changes have been
-  made.
-
-  This script does not handle delegated targets metadata. When the time comes to
-  implement that here, care needs to be taken to ensure that a delegated targets
-  metadata file can't replace a target it shouldn't. Such untrusted files would
-  not trick clients, but they would prevent clients from obtaining updates. It
-  may be the case that making this script general enough to handle delegated
-  targets metadata may not be worth it. Such situations may be better suited to
-  customization per-project because the script could then leverage knowledge
-  about how the delegation is supposed to be done.
-
-  Usage:
-  
-    $ python receive.py --config <config path>
-  
-  Options:
- 
-    --config <config path>
-
-    --verbose <1-5>
-  
-  Example output of this script:
-
-  $ python receive.py --verbose 1 --config ./receive.cfg
-  
-
-  [2012-09-23 21:25:35,822] [tuf.receive] [DEBUG] Looking for pushes in pushroot
-  /home/user/pushes
-  [2012-09-23 21:25:35,822] [tuf.receive] [INFO] Processing /home/user/pushes/
-  1348449811.39
-  [2012-09-23 21:25:35,822] [tuf.receive] [DEBUG] Moving push directory to
-  /home/user/pushes/processing/1348449811.39
-  [2012-09-23 21:25:35,828] [tuf.receive] [DEBUG] New metadata timestamp is
-  2012-09-23 23:24:17.  Replacing old metadata with timestamp 2012-09-23 23:14:19
-  [2012-09-23 21:25:35,829] [tuf.receive] [DEBUG] Metadata will expire at
-  2013-09-23 23:24:17
-  [2012-09-23 21:25:35,834] [tuf.receive] [DEBUG] {'unknown_method_sigs': [],
-  'untrusted_sigs': [], 'bad_sigs': [], 'threshold': 1, 'good_sigs': 
-  [u'efed647da99d1759637a80d225fc18e1d2a778812dd753f2d98b0311f19f26a1'],
-  'unknown_sigs': []}
-  [2012-09-23 21:25:35,834] [tuf.receive] [INFO] Number of targets specified: 3
-  [2012-09-23 21:25:35,835] [tuf.receive] [DEBUG] Size of target
-  /tmp/tmpQr4P_j/push/targets/helloworld.py is correct (19 bytes).
-  [2012-09-23 21:25:35,835] [tuf.receive] [DEBUG] 1 hash(es) to check.
-  [2012-09-23 21:25:35,835] [tuf.receive] [DEBUG] sha256 hash of target
-  /tmp/tmpQr4P_j/push/targets/helloworld.py is correct (9df93f8cd91e085db74d88c
-  788ed00c9b865370fd484884c8db077f979788376).
-  [2012-09-23 21:25:35,835] [tuf.receive] [DEBUG] Size of target /tmp/tmpQr4P_j
-  /push/targets/LICENSE is correct (12 bytes).
-  [2012-09-23 21:25:35,836] [tuf.receive] [DEBUG] 1 hash(es) to check.
-  [2012-09-23 21:25:35,836] [tuf.receive] [DEBUG] sha256 hash of target /tmp/tmp
-  Qr4P_j/push/targets/LICENSE is correct (f9f661288421a20acf49017975e51dd09a662b
-  8e6b3ca5f676d9d1feb153986c).
-  [2012-09-23 21:25:35,836] [tuf.receive] [DEBUG] Size of target /tmp/tmpQr4P_j/
-  push/targets/new_file.txt is correct (10 bytes).
-  [2012-09-23 21:25:35,836] [tuf.receive] [DEBUG] 1 hash(es) to check.
-  [2012-09-23 21:25:35,836] [tuf.receive] [DEBUG] sha256 hash of target /tmp/tmp
-  Qr4P_j/push/targets/new_file.txt is correct (f1fc221623f24cc1a31d972ddba368481
-  dd03b8bb124632fef78544342797215).
-  [2012-09-23 21:25:35,837] [tuf.receive] [INFO] Backing up target /var/tuf/test
-  -repo/targets/helloworld.py to /var/tuf/test-repo/replaced/1348449811.39aicLFk
-  /targets/helloworld.py
-  [2012-09-23 21:25:35,837] [tuf.receive] [INFO] Backing up target /var/tuf/test-
-  repo/targets/LICENSE to /var/tuf/test-repo/replaced/1348449811.39aicLFk/target
-  s/LICENSE
-  [2012-09-23 21:25:35,837] [tuf.receive] [INFO] Backing up old metadata /var/tuf
-  /src/tuf/test-repo/metadata/targets.txt to /var/tuf/test-repo/replaced/13484498
-  11.39aicLFk/targets.txt
-  [2012-09-23 21:25:35,838] [tuf.receive] [INFO] Adding target to repository: /va
-  r/tuf/test-repo/targets/helloworld.py
-  [2012-09-23 21:25:35,838] [tuf.receive] [INFO] Adding target to repository: /va
-  r/tuf/test-repo/targets/LICENSE
-  [2012-09-23 21:25:35,839] [tuf.receive] [INFO] Adding target to repository: /va
-  r/tuf/test-repo/targets/new_file.txt
-  [2012-09-23 21:25:35,839] [tuf.receive] [INFO] Adding new targets metadata to 
-  repository: /var/tuf/test-repo/metadata/targets.txt
-  [2012-09-23 21:25:35,840] [tuf.receive] [DEBUG] Moving push directory to /home
-  /user/pushes/processed/1348449811.39
-  [2012-09-23 21:25:35,840] [tuf.receive] [INFO] Completed processing of all pus
-  hes.  Push successes = 1, failures = 0.
-
-"""
-
-import errno
-import os
-import shutil
-import sys
-import tempfile
-import time
-import logging
-import optparse
-
-import tuf
-import tuf.formats
-import tuf.keydb
-import tuf.roledb
-import tuf.sig
-import tuf.hash
-import tuf.util
-import tuf.log
-import tuf.pushtools.pushtoolslib
-
-# See 'log.py' to learn how logging is handled in TUF.
-logger = logging.getLogger('tuf.pushtools.receivetools.receive')
-
-
-def receive(config_filepath):
-  """
-  <Purpose> 
-    Locate and process the pushes found in any of the pushroots directories.
-    The pushroots are specified in the 'receive.cfg' configuration file.
-
-                              pushroot
-                                 |
-          ===============================================
-          |             |                 |             |
-      processed     processing      12345(push1)    54321(push2) 
-
-  <Arguments>
-    config_filepath:
-      The receive configuration file (i.e., 'receive.cfg').
-
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are incorrectly formatted.
-
-    tuf.Error, if there was error processing the receive.
-
-  <Side Effects>
-    If a push is processed successfully, the repository specified in the
-    configuration file is updated with new target files and a 'targets.txt'
-    metadata file.
-
-  <Returns>
-    None.
-
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(config_filepath)
-
-  # Save a reference to the 'tuf.pushtools.pushtoolslib' module
-  # to avoid long lines of code.  'pushtoolslib' is needed here
-  # to read the 'receive.cfg' configuration file.
-  pushtoolslib = tuf.pushtools.pushtoolslib
-
-  # Is the path to the configuration file valid?
-  if not os.path.isfile(config_filepath):
-    message = 'The configuration file path is invalid.'
-    raise tuf.Error(message)
-  config_filepath = os.path.abspath(config_filepath)
-
-  # Retrieve the configuration settings required by 'receive'.
-  # Raise ('tuf.FormatError', 'tuf.Error') if a valid configuration file
-  # cannot be retrieved.
-  config_dict = pushtoolslib.read_config_file(config_filepath, 'receive')
-  
-  # These are the locations where developers may push files using the
-  # push tools. Each push will be in its own directory with the
-  # developer's push root. Each developer's push must have the directories
-  # 'processed' and 'processing' writable by this script.
-  pushroots = config_dict['general']['pushroots']
-
-  # This is the directory where the repository resides. As far as this
-  # script is concerned, this is the live repository. Changes will be made
-  # to this repository directory.
-  repository_directory = config_dict['general']['repository_directory']
-  repository_directory = os.path.expanduser(repository_directory)
-
-  # This is the metadata directory within the repository.
-  # The successfully processed 'targets.txt' metadata file is saved here.
-  metadata_directory = config_dict['general']['metadata_directory']
-  metadata_directory = os.path.expanduser(metadata_directory)
-
-  # This is the targets directory within the repository.
-  # The successfully processed target files are saved here.
-  targets_directory = config_dict['general']['targets_directory']
-  targets_directory = os.path.expanduser(targets_directory)
-
-  # Where replaced files will be stored. This will be used globally rather
-  # than a separate backup/replaced files directory for each pushroot.
-  backup_directory = config_dict['general']['backup_directory']
-  backup_directory = os.path.expanduser(backup_directory)
-  
-  # Check that the various defined directories exist.
-  # We don't check the 'pushroots' here because we consider it non-fatal
-  # if those are missing. A log message is issued if any of those are
-  # missing.
-  directories_to_check = {'repository': repository_directory,
-                          'metadata': metadata_directory,
-                          'targets': targets_directory,
-                          'backup': backup_directory}
-  
-  for directory_name, path in directories_to_check.items():
-    if not os.path.exists(path):
-      message = directory_name+' directory does not exist: '+repr(path)
-      logger.error(message)
-      raise tuf.Error(message)
-  
-  # Keep track of the number of pushes that were successfully processed,
-  # or that failed.  These values are used to log/print detailed results
-  # after a pushroot is processed.
-  success_count = 0
-  failure_count = 0
-
-  # Process all the pushes for each of the pushroots.
-  for pushroot in pushroots:
-    if not os.path.exists(pushroot):
-      logger.error('The pushroot '+repr(pushroot)+' does not exist. Skipping.')
-      continue
-   
-    # Add the 'processed' and 'processing' directories if not present.
-    # These directories must exist so that we can properly process
-    # a push.
-    logger.debug('Looking for pushes in pushroot '+repr(pushroot))
-    if not os.path.exists(os.path.join(pushroot, 'processed')):
-      os.mkdir(os.path.join(pushroot, 'processed'))
-    if not os.path.exists(os.path.join(pushroot, 'processing')):
-      os.mkdir(os.path.join(pushroot, 'processing'))
-   
-    # Locate all the pushed directories and process them.  'pushname'
-    # should be a directory with a timestamp as its directory name.
-    # TODO: Use only the newest push and move the others to the 'processed'
-    # directory, adding an appropriate log file.
-    for pushname in os.listdir(pushroot):
-      # Skip over the 'processed' and 'processing' directories. 
-      if pushname == 'processed' or pushname == 'processing':
-        continue
-     
-      # Found a directory we can potentially process.
-      pushpath = os.path.join(pushroot, pushname)
-      if os.path.isdir(pushpath):
-        # Ensure the 'info' file exists.  A successful push operation creates
-        # and saves this 'info' file to the push directory.
-        if not os.path.exists(os.path.join(pushpath, 'info')):
-          message = 'Skipping incomplete push '+repr(pushpath)+' (no info file).'
-          logger.warn(message)
-          continue
-        
-        # Process the new push and record if it was processed successfully.
-        # Raise 'tuf.Error' if a push processing error cannot be logged
-        # to a file properly. 
-        success = _process_new_push(pushroot, pushname, metadata_directory,
-                                    targets_directory, backup_directory)
-        if success:
-          success_count += 1
-        else:
-          failure_count += 1
-   
-    # Done.  Log the result of processing the pushes for 'pushroot'.
-    message = 'Completed processing of all pushes.  Push successes = '+\
-               repr(success_count)+', failures = '+repr(failure_count)+'.'
-    logger.info(message)
-
-
-
-
-
-def _process_new_push(pushroot, pushname, metadata_directory,
-                      targets_directory, backup_directory):
-  """
-  <Purpose>
-    Process a push.
-    
-    This will check the validity of targets metadata in the push (including
-    whether the signatures are trusted) and, if valid, will copy the targets
-    metadata and target files to the repository.
-  
-  <Arguments>
-    pushroot:
-      The root directory containing the developer's pushes.  This root is one
-      of multiple directories listed under the 'pushroots' entry in the
-      'receive.cfg' configuration file.
-    
-    pushname:
-      The name of the directory (i.e., '1348449811.39') containing the pushed
-      files.
-
-    metadata_directory:
-      The directory where the repository's metadata files (e.g., 'targets.txt',
-      'root.txt') are stored.
-
-    targets_directory:
-      The directory where the repository's target files are stored.
-
-    backup_directory:
-      The directory where the pushed directories are saved after a 
-      successful 'receive'.
-  
-  <Exceptions>
-    tuf.Error, if a push processing error cannot be written to
-    'receive.result'.
-
-  <Side Effects>
-    Directories are created, the repository updated, and log files
-    added.
-
-  <Returns>
-    Boolean.  True on success, False on failure.
-  
-  """
-    
-  logger.info('Processing '+repr(pushroot)+'/'+repr(pushname))
-
-  # Move the pushed directory to the 'processing' directory.
-  pushpath = os.path.join(pushroot, 'processing', pushname)
-  logger.debug('Moving push directory to '+repr(pushpath))
-  if os.path.isdir(pushpath) or os.path.isfile(pushpath):
-    os.remove(pushpath)
-  os.rename(os.path.join(pushroot, pushname), pushpath)
-
-  # Process 'pushpath' and log the appropriate results.
-  try:
-    try:
-      # Raise 'tuf.Error' if the copied push cannot be properly processed.
-      _process_copied_push(pushpath, metadata_directory,
-                           targets_directory, backup_directory)
-      # Write the '{pushpath}/receive.result' file that indicates SUCCESS.
-      # The developer may later read this file to quickly determine if
-      # the push was successfully processed.
-      try:
-        file_object = open(os.path.join(pushpath, 'receive.result'), 'w')
-      except IOError, e:
-        raise tuf.Error('Unable to open "receive.result" file: '+str(e))
-      try:
-        file_object.write('SUCCESS')
-        file_object.write('\n')
-      finally:
-        file_object.close()
-      return True
-    
-    except tuf.Error, e:
-      # Write the '{pushpath}/receive.result' file that indicates FAILURE.
-      try:
-        file_object = open(os.path.join(pushpath, 'receive.result'), 'w')
-      except IOError, e:
-        raise tuf.Error('Unable to open "receive.result" file: '+str(e))
-      try:
-        file_object.write("FAILURE")
-        file_object.write('\n')
-      finally:
-        file_object.close()
-      
-      # Log the error message to {pushpath}/receive.log
-      # The developer may later search this log file for specific
-      # error messages on failed push attempts.
-      try:
-        file_object = open(os.path.join(pushpath, 'receive.log'), 'a')
-      except IOError, e:
-        raise tuf.Error('Unable to open receive log file: '+str(e))
-      try:
-        file_object.write(str(e))
-        file_object.write('\n')
-      finally:
-        file_object.close()
-      
-      message = 'Could not process: '+repr(pushroot)+'/'+repr(pushname)
-      logger.exception(message)
-      return False
-  
-  # On success or failure, move 'pushpath' to the processed directory.
-  finally:
-    processedpath = os.path.join(pushroot, 'processed', pushname)
-    logger.debug('Moving push directory to '+repr(processedpath))
-    if os.path.isdir(processedpath) or os.path.isfile(processedpath):
-      os.remove(processedpath)
-    os.rename(pushpath, processedpath)
-
-
-
-
-
-def _process_copied_push(pushpath, metadata_directory,
-                         targets_directory, backup_directory):
-  """
-  <Purpose>
-    Helper function for _process_new_push().
-    
-    This does the actual work of copying pushpath to a temp directory,
-    checking the metadata and targets, and copying the files to the
-    repository on success. The push is valid and successfully processed
-    if no exception is raised.
-  
-  <Arguments>
-    pushpath:
-      The push directory currently being processed (i.e., the 'processing'
-      directory on the developer's pushroot)
-    
-    metadata_directory:
-      The directory where the repository's metadata files (e.g., 'targets.txt',
-      'root.txt') are stored.
-
-    targets_directory:
-      The directory where the repository's target files are stored.
-
-    backup_directory:
-      The directory where the pushed directories are saved after a 
-      successful 'receive'.
-
-  <Exceptions>
-    tuf.Error, if there is an error processing the push.
-  
-  <Side Effects>
-    The repository is updated if the push is successful.
-
-  <Returns>
-    None.
-
-  """
-  
-  # The push's timestamp directory name (e.g., '1348449811.39')
-  pushname = os.path.basename(pushpath)
-
-  # Copy the contents of pushpath to a temp directory. We don't want the
-  # user modifying the files we work with.  The temp directory is only
-  # accessible by the calling process.
-  temporary_directory = tempfile.mkdtemp()
-  push_temporary_directory = os.path.join(temporary_directory, 'push')
-  shutil.copytree(pushpath, push_temporary_directory)
-  
-  # Read the 'root' metadata of the current repository.  'root.txt'
-  # is needed to authorize the 'targets' metadata file.
-  root_metadatapath = os.path.join(metadata_directory, 'root.txt')
-  root_signable = tuf.util.load_json_file(root_metadatapath)
-  
-  # Ensure 'root_signable' is properly formatted.
-  try:
-    tuf.formats.check_signable_object_format(root_signable)
-  except tuf.FormatError, e:
-    raise tuf.Error('The repository contains an invalid "root.txt".')
- 
-  # Extract the metadata object and load the key and role databases.
-  # The keys and roles are needed to verify the signatures of the
-  # metadata files.
-  root_metadata = root_signable['signed']
-  tuf.keydb.create_keydb_from_root_metadata(root_metadata)
-  tuf.roledb.create_roledb_from_root_metadata(root_metadata)
-
-  # Determine the name of the targets metadata file that was pushed.
-  # The required 'info' file should list the metadata file that was
-  # pushed by the developer.  Only 'targets.txt' currently supported
-  # (i.e., no delegated roles are accepted).
-  new_targets_metadata_file = None
-  try:
-    file_object = open(os.path.join(push_temporary_directory, 'info'), 'r')
-  except IOError, e:
-    raise tuf.Error('Unable to open push "info" file: '+str(e))
-  try:
-    # Inspect each line of the 'info' file, searching for the line that
-    # specifies the targets metadata file.  Raise an exception if all
-    # the lines are processed without finding the 'metadata=' line.
-    for line in file_object:
-      # Search 'info' for a 'metadata=.../targets.txt' line.
-      parts = line.strip().split('=')
-      if parts[0] == 'metadata':
-        metadata_basename = os.path.basename(parts[1])
-        if metadata_basename != 'targets.txt':
-          message = 'No support yet for pushing delegated targets metadata.'
-          raise tuf.Error(message)
-        else:
-          new_targets_metadata_file = parts[1]
-          break
-    else:
-      raise tuf.Error('No "metadata=" line in push info file.')
-  finally:
-    file_object.close()
-
-  # Read the new targets metadata that was pushed.
-  new_targets_metadatapath = os.path.join(push_temporary_directory,
-                                      new_targets_metadata_file)
-  new_targets_signable = tuf.util.load_json_file(new_targets_metadatapath)
-
-  # Ensure 'new_targets_signable' is properly formatted.
-  try:
-    tuf.formats.check_signable_object_format(new_targets_signable)
-  except tuf.FormatError, e:
-    raise tuf.Error('The pushed targets metadata file is invalid.')
-  
-  # Read the existing targets metadata from the repository.
-  targets_metadatapath = os.path.join(metadata_directory, 'targets.txt')
-
-  # Check the metadata. This is mostly to make sure we don't replace good
-  # metadata with bad metadata as clients do their own security checking.
-  # This is what we check:
-  #   * it is newer than the last metadata.
-  #   * it has not expired.
-  #   * all signatures valid.
-  #   * a threshold of trusted signatures. only check the delegating
-  #     role rather than the trust hierachy all the way up.
-  #   * all of the files listed in the metadata were provided and have
-  #     the sizes and hashes listed in the metadata.
-
-  # Check that the new metadata file is newer than the existing metadata.
-  if os.path.exists(targets_metadatapath):
-    targets_signable = tuf.util.load_json_file(targets_metadatapath)
-
-    # Ensure 'targets_signable' is properly formatted.
-    try:
-      tuf.formats.check_signable_object_format(targets_signable)
-    except tuf.FormatError, e:
-      raise tuf.Error('The repository\'s targets metadata file is invalid.')
-   
-    # Extract the timestamp value of the current targets metadata.
-    # This value is used to determine if the new metadata is newer.
-    timestamp = targets_signable['signed']['ts']
-    formatted_timestamp = tuf.formats.parse_time(timestamp)
-
-    # Extract the timestamp of the new targets metadata.
-    new_timestamp = new_targets_signable['signed']['ts']
-    new_formatted_timestamp = tuf.formats.parse_time(new_timestamp)
-
-    # Allowing equality makes testing/development easier.
-    if formatted_timestamp > new_formatted_timestamp:
-      message = 'Existing metadata timestamp '+repr(timestamp)+' is newer '+\
-      'than the new metadata\'s timestamp '+repr(new_timestamp)
-      raise tuf.Error(message)
-    else:
-      message = 'New metadata timestamp is '+repr(new_timestamp)+'. '+\
-        ' Replacing old metadata with timestamp '+repr(timestamp)
-      logger.debug(message)
-
-  # There appears to be no 'targets.txt' metadata file on the repository.
-  else:
-    message = 'The old targets metadata file '+repr(targets_metadatapath)+'. '+\
-      'doesn\'t exist in the repo. Skipping the timestamp check.'
-    logger.warn(message)
-
-  # Ensure the new metadata is not expired.
-  expiration = new_targets_signable['signed']['expires']
-  formatted_expiration = tuf.formats.parse_time(expiration)
-  
-  if formatted_expiration <= time.time():
-    message = 'Pushed metadata expired at '+repr(expiration)
-    raise tuf.Error(message)
-  else:
-    message = 'Metadata will expire at '+repr(expiration)
-    logger.debug(message)
-
-  # Verify the signatures of the new targets metadata.
-  if not tuf.sig.verify(new_targets_signable, 'targets'):
-    message = 'The pushed targets metadata file does not '+\
-      'have the required number of good signatures.'
-    raise tuf.Error(message)
-  # Log the status of the signatures.  For example, the number of good,
-  # bad, untrusted, unknown, signatures. 
-  status = tuf.sig.get_signature_status(new_targets_signable, 'targets')
-  logger.debug(repr(status))
-
-  # Log the number of targets specified in the new targets metadata file.
-  targets_count = len(new_targets_signable['signed']['targets'].keys())
-  message = 'Number of targets specified: '+repr(targets_count)
-  logger.info(message)
-
-  # Verify the files of the new targets metadata file.
-  new_targets_dict = new_targets_signable['signed']['targets']
-  for target_relativepath, target_info in new_targets_dict.items():
-    targets_basename = os.path.basename(targets_directory)
-    targetpath = os.path.join(push_temporary_directory, targets_basename,
-                               target_relativepath)
-    
-    # Check that the target was provided.
-    if not os.path.exists(targetpath):
-      message = 'The specified target file was not provided: '+\
-        repr(target_relativepath)
-      raise tuf.Error(message)
-
-    # Check the target's size.  A valid size is required of target files.
-    target_size = os.path.getsize(targetpath)
-    if target_size != target_info['length']:
-      message = 'The size of target file '+repr(target_relativepath)+\
-        ' is incorrect: was '+repr(target_size)+', expected '+\
-        repr(target_info['length'])
-      raise tuf.Error(message)
-    else:
-      message = 'Size of target '+repr(targetpath)+' is correct '+\
-        '('+repr(target_size)+' bytes).'
-      logger.debug(message)
-
-    # Check hashes.  Valid target files is required.
-    hash_count = len(target_info['hashes'].items())
-    if hash_count == 0:
-      message = repr(targetpath)+' contains an empty hashes dictionary.'
-      raise tuf.Error(message)
-    else:
-      logger.debug(repr(hash_count)+' hash(es) to check.')
-    
-    for algorithm, digest in target_info['hashes'].items():
-      digest_object = tuf.hash.digest_filename(targetpath, algorithm=algorithm)
-      if digest_object.hexdigest() != digest:
-        message = repr(algorithm)+' hash does not match: '+\
-          ' was '+repr(digest_object.hexdigest())+', expected '+\
-          repr(digest)
-        raise tuf.Error(message)
-      else:
-        message = repr(algorithm)+' hash of target '+repr(targetpath)+\
-          ' is correct ('+repr(digest)+').'
-        logger.debug(message)
-
-  # At this point, the targets metadata and all specified files have been
-  # verified.  Remove the files referenced by the old targets metadata as
-  # well as the old targets metadata itself.
-  # Raise 'tuf.Error' if there is an error backing up the old targets.
-  _remove_old_files(targets_metadatapath, pushname,
-                    targets_directory, backup_directory)
-
-  # Copy the new target files into place on the repository.
-  for target_relativepath in new_targets_signable['signed']['targets'].keys():
-    targets_basename = os.path.basename(targets_directory)
-    source_path = os.path.join(push_temporary_directory, targets_basename,
-                               target_relativepath)
-    destination_path = os.path.join(targets_directory, target_relativepath)
-    logger.info('Adding target to repository: '+repr(destination_path))
-    destination_directory = os.path.dirname(destination_path)
-    if not os.path.exists(destination_directory):
-      os.mkdir(destination_directory)
-    shutil.copy(source_path, destination_path)
-
-  # Copy the new targets metadata file into place on the repository.
-  message = 'Adding new targets metadata to repository: '+repr(targets_metadatapath)
-  logger.info(message)
-  shutil.copy(new_targets_metadatapath, targets_metadatapath)
-
-
-
-
-
-def _remove_old_files(targets_metadatapath, pushname,
-                      targets_directory, backup_directory):
-  """
-  <Purpose>
-    Remove metadata and target files that will be replaced.
-    
-    This does not take into account any targets that are the same between
-    the old and new metadata. For simplicity, all old targets are removed
-    and thus even targets that remained the same will need to be copied
-    into place after this has been called.
-    
-    This function currently assumes that the the metadata file is the
-    top-level 'targets.txt' file rather than a delegated metadata file
-    and that the arguments have been validated (i.e., exist, correct, etc).
-    
-  <Arguments>
-    targets_metadatapath:
-      The old targets metadata file to be replaced, along with all of
-      its referenced targets.
-
-    pushname:
-      The name of the directory (i.e., timestamp name) containing the pushed
-      files.
-    
-    targets_directory:
-      The directory where the repository's target files are stored.
-
-    backup_directory:
-      The directory where the pushed directories are saved to after a 
-      successful 'receive'.
-
-  <Exceptions>
-    tuf.Error, if there is an error backing up the old targets. 
-
-  <Side Effects>
-    Replaces the old 'targets.txt' metadata file and removes all of the old
-    target files.
-
-  <Returns>
-    None.
-
-  """
-    
-  # Create the backup destination directories.  The old target files
-  # and target metadata are backed up to these directories.
-  backup_destdirectory = os.path.join(backup_directory, pushname)
-  os.mkdir(backup_destdirectory)
-  targets_basename = os.path.basename(targets_directory)
-  backup_targetsdirectory = os.path.join(backup_destdirectory, targets_basename)
-  os.mkdir(backup_targetsdirectory)
-
-  # Load the old 'targets.txt' file and determine all the targets to be replaced.
-  # Need to ensure we only remove target files specified by 'targets.txt'.
-  targets_signable = tuf.util.load_json_file(targets_metadatapath)
-  for target_relativepath in targets_signable['signed']['targets'].keys():
-    targetpath = os.path.join(targets_directory, target_relativepath)
-    backup_targetpath = os.path.join(backup_targetsdirectory, target_relativepath)
-    message = 'Backing up target '+repr(targetpath)+' to '+repr(backup_targetpath)
-    logger.info(message)
-   
-    # Move the old target file to the backup directory.  Create any
-    # directories along the way.
-    if os.path.exists(targetpath):
-      try:
-        os.makedirs(os.path.dirname(backup_targetpath))
-      except OSError, e:
-        if e.errno == errno.EEXIST:
-          pass
-        else:
-          raise tuf.Error(str(e))
-      os.rename(targetpath, backup_targetpath)
-    else:
-      message = 'The old target '+repr(targetpath)+' doesn\'t exist in the repo.'
-      logger.warn(message)
-
-  # Backup the old 'targets.txt' metadata file.
-  backup_targets_metadatafile = os.path.join(backup_destdirectory, 'targets.txt')
-  message = 'Backing up old metadata '+repr(targets_metadatapath)+\
-    ' to '+repr(backup_targets_metadatafile)
-  logger.info(message)
-  if os.path.isfile(backup_targets_metadatafile):
-    os.remove(backup_targets_metadatafile)
-  os.rename(targets_metadatapath, backup_targets_metadatafile)
-
-
-
-
-
-def parse_options():
-  """
-  <Purpose>
-    Parse the command-line options.  'receive.py' expects the '--config'
-    option to be set by the user.
-
-    Example:
-      $ python receive.py --config ./receive.cfg
-
-    The '--config' option accepts a path argument to the receive configuration
-    file (i.e., 'receive.cfg').  If the required option is unset, a parser error
-    is printed and the script exits.
-
-    The '--verbose' option sets the verbosity level of the TUF logger.  Accepts
-    values 1-5.
-
-  <Arguments>
-    None.
-
-  <Exceptions>
-    None.
-
-  <Side Effects>
-    Sets the logging level of the TUF logger.
-
-  <Returns>
-    The options object returned by the parser's parse_args() method.
-
-  """
-
-  usage = 'usage: %prog --config <config path>'
-  option_parser = optparse.OptionParser(usage=usage)
-
-  # Add the options supported by 'receive' to the option parser.
-  option_parser.add_option('--config', action='store', type='string',
-                           help='Specify the "receive.cfg" configuration file.')
-
-  option_parser.add_option('--verbose', dest='VERBOSE', type=int, default=2,
-                           help='Set the verbosity level (1-5) of logging '
-                           'messages.  The lower the setting, the greater the '
-                           'verbosity.')
-  
-  (options, remaining_arguments) = option_parser.parse_args()
-
-  # Ensure the '--config' option is set.  If the required option is unset,
-  # option_parser.error() will print an error message and exit.
-  if options.config is None:
-    message = '"--config" must be set on the command-line.'
-    option_parser.error(message)
-
-  # Set the logging level.
-  if options.VERBOSE == 5:
-    tuf.log.set_log_level(logging.CRITICAL)
-  elif options.VERBOSE == 4:
-    tuf.log.set_log_level(logging.ERROR)
-  elif options.VERBOSE == 3:
-    tuf.log.set_log_level(logging.WARNING)
-  elif options.VERBOSE == 2:
-    tuf.log.set_log_level(logging.INFO)
-  elif options.VERBOSE == 1:
-    tuf.log.set_log_level(logging.DEBUG)
-  else:
-    tuf.log.set_log_level(logging.NOTSET)
-
-  return options
-
-
-
-
-
-if __name__ == '__main__':
-  options = parse_options()
-
-  # Perform a 'receive' of the pushroots specified in the configuration file.
-  try:
-    receive(options.config)
-  except (tuf.FormatError, tuf.Error), e:
-    sys.stderr.write('Error: '+str(e)+'\n')
-    sys.exit(1)
-
-  # The 'receive' and command-line options were processed successfully.
-  sys.exit(0)
diff --git a/tuf/pushtools/transfer/__init__.py b/tuf/pushtools/transfer/__init__.py
deleted file mode 100755
index e69de29b..00000000
diff --git a/tuf/pushtools/transfer/scp.py b/tuf/pushtools/transfer/scp.py
deleted file mode 100755
index d4aa7b0d..00000000
--- a/tuf/pushtools/transfer/scp.py
+++ /dev/null
@@ -1,172 +0,0 @@
-"""
-<Program Name>
-  scp.py
-
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-
-<Started>
-  August 2012.  Based on a previous version of this module by Geremy Condra.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  SCP (secure copy) transfer module for the developer push mechanism.
-
-  This will use scp to upload a push directory to the repository. The directory
-  will be named with the current timestamp in the format XXXXXXXXXX.XX. The
-  directory will contain a file named 'info' that provides information about
-  the push, the signed metadata file, and a 'targets' directory that contains
-  the targets specified in the metadata.
-
-  Use of this module requires the following section to be present in the push
-  configuration file provided to 'push.py':
-
-  [scp]
-  host = host
-  user = user
-  identity_file = optional_path_to_ssh_key
-  remote_directory = ~/pushes
-
-  The 'remote_directory' should correspond to a pushroot configured in the
-  repository's 'receive.py' configuration file.
-
-  This transfer module will output to stdout the commands it runs and the output
-  of those commands.
-
-  Example:
-
-  $ python pushtools/push.py --config ./push.cfg 
-  
-  Running command: scp -r /tmp/tmpXi0GZH user@host:~/pushes/1348352878.31
-  
-  helloworld.py                                  100%   13     0.0KB/s   00:00    
-  LICENSE                                        100%   12     0.0KB/s   00:00    
-  targets.txt                                    100%    7     0.0KB/s   00:00    
-  info                                           100%   32     0.0KB/s   00:00    
-
-"""
-
-import os
-import shutil
-import subprocess
-import tempfile
-import time
-
-import tuf
-import tuf.formats
-
-
-def transfer(scp_config_dict):
-  """
-  <Purpose>
-    Create a local temporary directory with an added 'info' file used to
-    communicate additional information to the repository. This directory
-    will be transferred to the repository.
-    
-  <Arguments>
-    scp_config_dict:
-      The dict containing the options to use with the SCP command.
-
-  <Exceptions>
-    tuf.FormatError, if the arguments are improperly formatted.
-
-    tuf.Error, if the transfer failed. 
-
-  <Side Effects>
-    Files specified in 'push.cfg' will be transfered to a host using
-    'scp'.
-  
-  <Returns>
-    None.
-  
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.SCPCONFIG_SCHEMA.check_match(scp_config_dict)
- 
-  # Extract the required 'scp' entries.  If an entry contains
-  # a path argument, Tilde Expansions or user home symbols
-  # are converted.
-  host = scp_config_dict['scp']['host']
-  user = scp_config_dict['scp']['user']
- 
-  # The SCP command accepts an optional path to an SSH private key file.
-  identity_file = scp_config_dict['scp']['identity_file']
-  identity_file = os.path.expanduser(identity_file)
- 
-  # The directory on the host the target files will be pushed to.
-  remote_directory = scp_config_dict['scp'].get('remote_directory', '.')
-  remote_directory = os.path.expanduser(remote_directory)
- 
-  # The 'targets.txt' metadata file to be pushed to the host. 
-  metadata_path = scp_config_dict['general']['metadata_path']
-  metadata_path = os.path.expanduser(metadata_path)
- 
-  # The local targets directory containing the target to be pushed.
-  targets_directory = scp_config_dict['general']['targets_directory']
-  targets_directory = os.path.expanduser(targets_directory)
-  
-  basecommand = ['scp']
-  if identity_file:
-    basecommand.extend(['-i', identity_file])
-
-  # Build the destination.
-  # Example: 'user@localhost:~/pushes/1273704893.55'
-  timestamp = time.time()
-  destination = ''
-  if user:
-    destination = destination+user+'@'
-  destination = destination+host+':'+remote_directory+'/'+str(timestamp)
-
-  temporary_directory = tempfile.mkdtemp()
-  try:
-    # Make sure the temp directory is world-readable, as the permissions
-    # get carried over in the scp'ing.
-    os.chmod(temporary_directory, 0755)
-
-    # Create a file that tells the repository the name of the targets
-    # metadata file. For delegation, this will be the only way the
-    # the repository knows the full role name.
-    file_object = open(os.path.join(temporary_directory, 'info'), 'w')
-    file_object.write('metadata='+metadata_path+'\n')
-    file_object.close()
-
-    # Copy the targets metadata.
-    basename = os.path.basename(metadata_path)
-    shutil.copy(metadata_path, os.path.join(temporary_directory, basename))
-
-    # Create a directory that all target files will be put in before
-    # being transferred.
-    temporary_targets_directory = os.path.join(temporary_directory, 'targets')
-
-    # Copy all the targets into the correct directory structure.
-    shutil.copytree(targets_directory, temporary_targets_directory)
-
-    # This will create the 'timestamp' directory on the remote host.  The
-    # 'timestamp' directory will contain the 'info' file, targets metadata,
-    # and the targets directory being pushed.
-    command = basecommand[:]
-    # Add the recursive option, which will add the full contents of
-    # 'temporary_directory'
-    command.append('-r')
-    command.append(temporary_directory)
-    command.append(destination)
-    # Example 'command':
-    # ['scp', '-i', '/home/user/.ssh/id_dsa', '-r', '/tmp/tmpmxWxLS',
-    #  'user@host:~/pushes/1348349228.4']
-    print 'Running command: '+' '.join(command)
-    
-    # 'subprocess.CalledProcessError' raised on scp command failure.
-    # Catch the exception and raise 'tuf.Error'.
-    # For important security information on 'subprocess',
-    # See http://docs.python.org/library/subprocess.html
-    try: 
-      subprocess.check_call(command)
-    except subprocess.CalledProcessError, e:
-      message = 'scp.transfer failed.'
-      raise tuf.Error(message)
-  finally:
-    shutil.rmtree(temporary_directory)
diff --git a/tuf/repo/__init__.py b/tuf/repo/__init__.py
deleted file mode 100755
index e69de29b..00000000
diff --git a/tuf/repo/keystore.py b/tuf/repo/keystore.py
deleted file mode 100755
index b16f7ca1..00000000
--- a/tuf/repo/keystore.py
+++ /dev/null
@@ -1,696 +0,0 @@
-"""
-<Program Name>
-  keystore.py
-  
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-  
-<Started>
-  March 28, 2012.  Based on a previous version of this module by Geremy Condra.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Help store private keys in encrypted files and provide functions to load and
-  save a keystore database. The database contains all of the keys needed to
-  sign a repository's Metadata files, such as 'root.txt' and 'release.txt'.
-
-  Originally, this stored the keys in one file- we've changed that so that it
-  instead encrypts them separately, naming them according to their keyid value.
-
-  This changes the semantics of the system considerably- first, the 'fname'
-  passed in was originally treated as a filename. We now treat it as the name
-  of a directory.
-
-  Secondly, it no longer makes sense to provide access to keys which do not
-  match the given decryption key.
-
-  Thirdly, the semantics of adding keys has changed. It does not make sense to 
-  have only one key for the entire keystore, and as a result, we're requiring 
-  that the password be set at the point where the key is added.
-
-  The <keyid>.key files are encrypted with the AES-256-CTR-Mode symmetric key
-  algorithm.  User passwords are strengthened with PBKDF2, currently set to
-  100,000 passphrase iterations.  The previous evpy implementation used 1,000
-  iterations.
-"""
-
-import os
-import binascii
-import logging
-
-# Import PyCrypto's Key Derivation Function (KDF) module.  'keystore.py'
-# needs this module to derive a secret key according to the Password-Based
-# Key Derivation Function 2 specification.  The derived key is used as the
-# symmetric key to encrypt TUF key information.  PyCrypto's implementation:
-# Crypto.Protocol.KDF.PBKDF2().  PKCS#5 v2.0 PBKDF2 specification:
-# http://tools.ietf.org/html/rfc2898#section-5.2 
-import Crypto.Protocol.KDF
-
-# PyCrypto's AES implementation.  AES is a symmetric key algorithm that
-# operates on fixed block sizes of 128-bits.
-# https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
-import Crypto.Cipher.AES
-
-# 'Crypto.Random' is a cryptographically strong version of Python's standard
-# "random" module.  Random bits of data is needed for salts and 
-# initialization vectors suitable for the encryption algorithms used in 
-# 'keystore.py'.
-import Crypto.Random
-
-# The mode of operation is presently set to CTR (CounTeR Mode) for symmetric
-# block encryption (AES-256, where the symmetric key is 256 bits).  PyCrypto
-# provides a callable stateful block counter that can update successive blocks
-# when needed.  The initial random block, or initialization vector (IV), can
-# be set to begin the process of incrementing the 128-bit blocks and allowing
-# the AES algorithm to perform cipher block operations on them. 
-import Crypto.Util.Counter
-
-import tuf.keys
-import tuf.util
-import tuf.conf
-
-
-# See 'log.py' to learn how logging is handled in TUF.
-logger = logging.getLogger('tuf.keystore')
-
-json = tuf.util.import_json()
-
-# The delimiter symbol used to separate the different sections
-# of encrypted files (i.e., salt, iterations, hmac, IV, ciphertext).
-# This delimiter is arbitrarily chosen and should not occur in
-# the hexadecimal representations of the fields it is separating.
-_ENCRYPTION_DELIMITER = '@@@@'
-
-# AES key size.  Default key size = 32 bytes = AES-256.
-_AES_KEY_SIZE = 32
-
-# Default salt size, in bytes.  A 128-bit salt (i.e., a random sequence of data
-# to protect against attacks that use precomputed rainbow tables to crack
-# password hashes) is generated for PBKDF2.  
-_SALT_SIZE = 16 
-
-# Default PBKDF2 passphrase iterations.  The current "good enough" number
-# of passphrase iterations.  We recommend that important keys, such as root,
-# be kept offline.  'tuf.conf.PBKDF2_ITERATIONS' should increase as CPU
-# speeds increase, set here at 100,000 iterations by default (in 2013).
-# Repository maintainers may opt to modify the default setting according to
-# their security needs and computational restrictions.  A strong user password
-# is still important.  Modifying the number of iterations will result in a new
-# derived key+PBDKF2 combination if the key is loaded and re-saved, overriding
-# any previous iteration setting used by the old '<keyid>.key'.
-# https://en.wikipedia.org/wiki/PBKDF2
-_PBKDF2_ITERATIONS = tuf.conf.PBKDF2_ITERATIONS
-
-# 
-_SUPPORTED_KEY_TYPES = ['rsa', 'ed25519']
-
-# A user password is read and a derived key generated.  The derived key returned
-# by the key derivation function (PBKDF2) is saved in '_derived_keys', along
-# with the salt and iterations used, which has the form:
-# {keyid: {'salt': '\x9b\x90\xf1g\xb9li\x04\x8d\x10h\xb5T\xaa\xc1',
-#          'iterations': 10000, 
-#          'derived_key': '\xda\xed\xf2\xe0\x8f\x03\xeb\xde!\xc4RJ'},
-#  keyid2: ...}
-_derived_keys = {}
-
-# The keystore database, which has the form:
-# {keyid: key,
-#  keyid2: key2,
-#  ...}
-_keystore = {}
-
-
-def add_rsakey(rsakey_dict, password, keyid=None):
-  """
-  <Purpose>
-    Add 'rsakey_dict' to the keystore database while ensuring only
-    unique keys are added.  If 'keyid' is provided, verify it is the
-    correct keyid for 'rsakey_dict' and raise an exception otherwise.
-  
-  <Arguments>
-    rsakey_dict:
-      A dictionary conformant to 'tuf.formats.RSAKEY_SCHEMA', which
-      has the form:
-      {'keytype': 'rsa',
-       'keyid': keyid,
-       'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-                  'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-
-    password:
-      The object containing the password needed to encrypt and decrypt
-      the key file (i.e., '<keyid>.key').  It must conform to
-      'PASSWORD_SCHEMA'.
-
-    keyid:
-      An object conformant to 'KEYID_SCHEMA'.  It is used as an identifier
-      for RSA keys.  This particular keyid should be extracted by the caller
-      from the file name used by the key file ('<keyid>.key') to ensure it
-      was correctly named.
-
-  <Exceptions>
-    tuf.FormatError, if 'rsakey_dict' or 'keyid' has an incorrect format.
-
-    tuf.Error, if 'keyid' argument does not match the keyid for 'rsakey_dict'.
-
-    tuf.KeyAlreadyExistsError, if 'rsakey_dict' is found in the keystore.
-
-  <Side Effects>
-    The '_keystore' and '_derived_keys' dictionaries are modified.
-
-  <Returns>
-    None.
-  """
-  
-  # Does 'rsakey_dict' have the correct format?
-  # This check will ensure 'rsakey_dict' has the appropriate number of objects
-  # and object types, and that all dict keys are properly named.
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict)
-
-  # Does 'password' have the correct format?
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.PASSWORD_SCHEMA.check_match(password)
-
-  # If 'keyid' was passed as an argument, does it
-  # have the correct format?
-  if keyid is not None:
-    # Raise 'tuf.FormatError' if the check fails.
-    tuf.formats.KEYID_SCHEMA.check_match(keyid)
-
-    # Check if the keyid found in 'rsakey_dict' matches
-    # the 'keyid' supplied as an argument. 
-    if keyid != rsakey_dict['keyid']:
-      message = 'Incorrect keyid: '+repr(rsakey_dict['keyid'])+'.'+\
-        'Expected: '+repr(keyid)
-      raise tuf.Error(message)
- 
-  # Check if the keyid belonging to 'rsakey_dict' is not already available in
-  # the key database.
-  keyid = rsakey_dict['keyid']
-  if keyid in _keystore:
-    message = 'Keyid: '+repr(keyid)+' already exists.'
-    raise tuf.KeyAlreadyExistsError(message)
- 
-  # The '_derived_keys' dictionary does not store the user's password.  A key
-  # derivation function is applied to 'password' prior to storing it in
-  # _derived_key and may then be used as a symmetric key.
-  salt, iterations, derived_key = _generate_derived_key(password)
-  _derived_keys[keyid] = {'salt': salt,
-                          'derived_key': derived_key,
-                          'iterations': iterations}
-  _keystore[keyid] = rsakey_dict
-
-
-
-
-
-def load_keystore_from_keyfiles(directory_name, keyids, passwords):
-  """
-  <Purpose>
-    Populate the keystore database with the key files found in
-    'directory_name'.  Use the user-supplied passwords in 'passwords' to
-    decrypt the key files.  Each '<keyid>.key' file has a corresponding
-    password.
-
-  <Arguments>
-    directory_name:
-      The name of the directory containing the key files ('<keyid>.key'),
-      conformant to 'tuf.formats.RELPATH_SCHEMA'.
-
-    keyids:
-      A list containing the keyids of the signing keys to load.
-
-    passwords:
-      A list containing the password objects to encrypt and decrypt
-      the key files ('<keyid>.key').
-
-  <Exceptions>
-    tuf.FormatError, if 'directory_name' or 'passwords' has an incorrect
-    format.
-
-  <Side Effects>
-    The '_keystore' and '_derived_keys' dictionaries are modified.
-    The key files found in 'directory_name' are read.
-
-  <Returns>
-    A list containing the keyids of the loaded keys.
-  """
-
-  # Does 'directory_name' have the correct format?
-  # This check will ensure 'directory_name' has the appropriate number of
-  # objects and object types, and that all dict keys are properly named.
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.RELPATH_SCHEMA.check_match(directory_name)
-
-  # Does 'keyids' have the correct format?
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.KEYIDS_SCHEMA.check_match(keyids)
-  
-  # Does 'passwords' have the correct format?
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.PASSWORDS_SCHEMA.check_match(passwords)
-
-  # Keep a list of the keyids loaded, which is returned to the caller.
-  loaded_keyids = [] 
-  
-  logger.info('Loading private key(s) from '+repr(directory_name))
-
-  # Load the private key(s) if 'directory_name' exists, otherwise log a warning.
-  if os.path.exists(directory_name):
-    # Decrypt the keys we can from those stored in 'keyids'.
-    for keyid in keyids:
-      try:
-        keyfilename = keyid+'.key'
-        full_filepath = os.path.join(directory_name, keyfilename)
-        raw_contents = open(full_filepath, 'rb').read()
-      except (OSError, IOError), e:
-        logger.warn('Could not load key file: '+repr(full_filepath)+'.')
-      else:
-        # Try to decrypt the file using one of the passwords in 'passwords'.
-        for password in passwords:
-          try:
-            json_data = _decrypt(raw_contents, password)
-          except tuf.CryptoError, e:
-            logger.warn(repr(full_filepath)+' could not be decrypted.')
-            continue
-
-          try:
-            keydata = tuf.util.load_json_string(json_data)
-          except ValueError:
-            # 'keydata' could not be decoded.  This will be the case
-            # if the encrypted file could not be decrypted (e.g.,
-            # invalid password).
-            continue
-
-          # Create the key based on its key type.  RSA keys currently
-          # supported.
-          if keydata['keytype'] in _SUPPORTED_KEY_TYPES:
-            # 'keydata' is stored in KEY_SCHEMA format.  Call
-            # format_metadata_to_key() to get the key in RSAKEY_SCHEMA
-            # format, which is the format expected by 'add_rsakey()'.
-            rsa_key = tuf.keys.format_metadata_to_key(keydata)
-
-            # Ensure the keyid for 'rsa_key' is one of the keys specified in
-            # 'keyids'.  If not, do not load the key.
-            if rsa_key['keyid'] not in keyids:
-              continue
-
-            # Ensure the '.key' extension is removed, as we only
-            # need the basefilename containing the full keyid.
-            try:
-              add_rsakey(rsa_key, password, keyid=keyid)
-              logger.info('Loaded key: '+rsa_key['keyid'])
-            except tuf.KeyAlreadyExistsError, e:
-              logger.info('Key already loaded: '+rsa_key['keyid'])
-            loaded_keyids.append(rsa_key['keyid'])
-            continue
-          else:
-            logger.warn(repr(full_filepath)+' contains an invalid key type.')
-            continue
-
-  else:
-    logger.warn('...no such directory.  Keystore cannot be loaded.')
-
-  logger.info('Done.')
-
-  return loaded_keyids
-
-
-
-
-
-def save_keystore_to_keyfiles(directory_name):
-  """
-  <Purpose>
-    Save all the keys found in the keystore to individual files.  The derived
-    symmetric key and salt for each key is stored when it is added to the
-    keystore.  Use the symmetric key to encrypt the key files and save the
-    the ciphertext to 'directory_name' (Note: salt, IV, etc. is also appended
-    to the generated '<keyid>.key').
-
-  <Arguments>
-    directory_name:
-      The name of the directory containing the key files ('<keyid>.key'),
-      conformant to 'tuf.formats.RELPATH_SCHEMA'.
-
-  <Exceptions>
-    tuf.FormatError if 'directory_name is incorrectly formatted.
-
-  <Side Effects>
-    'directory_name' created if it does not exist.
-
-  <Returns>
-    None.
-  """
-
-  # Does 'directory_name' have the correct format?
-  # This check will ensure 'directory_name' has the appropriate number of
-  # objects and object types, and that all dict keys are properly named.
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.RELPATH_SCHEMA.check_match(directory_name)
-
-  logger.info('Saving private key(s) to '+repr(directory_name))
-
-  # Make sure the directory exists, otherwise create it.
-  if not os.path.exists(directory_name):
-    logger.info('...no such directory.  The directory will be created.')
-    os.mkdir(directory_name)
-
-  # Iterate the keystore keys and save them individually to a file.
-  for keyid, key in _keystore.items():
-    basefilename = os.path.join(directory_name, str(keyid)+'.key')
-    file_object = open(basefilename, 'w')
-    
-    # Determine the appropriate format to save the key based on its key type.
-    if key['keytype'] in _SUPPORTED_KEY_TYPES:
-      keytype = key['keytype']
-      keyval = key['keyval']
-      key_metadata_format = \
-            tuf.keys.format_keyval_to_metadata(keytype, keyval, private=True)
-    else:
-      logger.warn('The keystore has a key with an unrecognized key type.')
-      continue
-    
-    # Encrypt 'key_metadata_format' and save it.
-    encrypted_key = _encrypt(json.dumps(key_metadata_format),
-                             _derived_keys[keyid])
-    file_object.write(encrypted_key)
-    file_object.close()
-    logger.info(repr(basefilename)+' saved.')
-
-  logger.info('Done.')
-
-
-
-
-
-def clear_keystore():
-  """
-  <Purpose>
-    Clear '_keystore', containing the all key data, and '_derived_keys',
-    containing the salt and symmetric keys.
-
-  <Arguments>
-    None.
-
-  <Exceptions>
-    None.
-
-  <Side Effect>
-    The keystore and password dicts are reset.
-
-  <Returns>
-    None.
-  """
-
-  _keystore.clear()
-  _derived_keys.clear()
-
-
-
-
-
-def change_password(keyid, old_password, new_password):
-  """
-  <Purpose>
-    Change the password for 'keyid'.  'old_password' is verified prior to
-    any changes.  Since user passwords are not stored, the derived key
-    information generated from these passwords is what's verified and updated. 
-
-  <Arguments>
-    keyid:
-      The keyid for the signing key.
-
-    old_password:
-      The old password for the signing key to modify.
-
-    new_password:
-      The new password to set for the signing key.
-
-  <Exceptions>
-    tuf.UnknownKeyError, if 'keyid' is not found in the
-    keystore.
-    
-    tuf.BadPasswordError, if 'old_password' is invalid or
-    'new_password' does not have the correct format.
-
-  <Side Effects>
-    The old key information generated from the user password for 'keyid'
-    is changed for the new key information from 'new_password'.
-
-  <Returns>
-    None.
-  """
-  
-  # Does 'keyid' have the correct format?
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.KEYID_SCHEMA.check_match(keyid)
-  
-  # Does 'old_password' and 'new_password' have the correct format?
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.PASSWORD_SCHEMA.check_match(old_password)
-  tuf.formats.PASSWORD_SCHEMA.check_match(new_password)
-  
-  # Check if 'keyid' is in the keystore.
-  if keyid not in _keystore or keyid not in _derived_keys:
-    message = repr(keyid)+' not recognized.'
-    raise tuf.UnknownKeyError(message)
-
-  # Check if the old password is valid.  The _derived_keys dictionary
-  # stores derived keys instead of user passwords, according to the
-  # key derivation function used by _generate_derived_key().
-  salt = _derived_keys[keyid]['salt']
-  iterations = _derived_keys[keyid]['iterations']
-  
-  # Discard the old "salt" and "iterations" values, as we only need the old
-  # derived key.
-  junk_old_salt, junk_old_iterations, old_derived_key = \
-    _generate_derived_key(old_password, salt, iterations)
-  if _derived_keys[keyid]['derived_key'] != old_derived_key:
-    message = 'Old password invalid.'
-    raise tuf.BadPasswordError(message)
-
-  # Update '_derived_keys[keyid]' with the new derived key and salt.
-  salt, iterations, new_derived_key = _generate_derived_key(new_password)
-  _derived_keys[keyid] = {}
-  _derived_keys[keyid]['salt'] = salt
-  _derived_keys[keyid]['derived_key'] = new_derived_key
-  _derived_keys[keyid]['iterations'] = iterations
-
-
-
-
-
-def get_key(keyid):
-  """
-  <Purpose>
-    Return the key for 'keyid'.  If 'keyid' corresponds to an
-    RSA key, the object returned would conform to
-    'tuf.formats.RSAKEY_SCHEMA'.  A different key type would return
-    its corresponding key schema.
-
-  <Arguments>
-    keyid:
-      The key identifier.
-
-  <Exceptions>
-    tuf.FormatError, if 'keyid' does not have the correct format.
-
-    tuf.UnknownKeyError, if 'keyid' is not found in the keystore.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    The key belonging to 'keyid' (e.g., RSA key).
-  """
-
-  # Does 'keyid' have the correct format?
-  # Raise 'tuf.FormatError' if the check fails.
-  tuf.formats.KEYID_SCHEMA.check_match(keyid)
-
-  try:
-    key = _keystore[keyid]
-  except KeyError:
-    raise tuf.UnknownKeyError('The keyid was not found in the keystore')
-
-  return key
-
-
-
-
-
-def _generate_derived_key(password, salt=None, iterations=None):
-  """
-  Generate a derived key by feeding 'password' to the Password-Based Key
-  Derivation Function (PBKDF2).  PyCrypto's PBKDF2 implementation is
-  currently used.  'salt' may be specified so that a previous derived key
-  may be regenerated.
-  """
-  
-  if salt is None:
-    salt = Crypto.Random.new().read(_SALT_SIZE) 
-
-  if iterations is None:
-    iterations = _PBKDF2_ITERATIONS
-
-
-  def pseudorandom_function(password, salt):
-    """
-    PyCrypto's PBKDF2() expects a callable function for its optional
-    'prf' argument.  'prf' is set to HMAC-SHA1 (in PyCrypto's PBKDF2 function)
-    by default.  'pseudorandom_function' instead sets 'prf' to HMAC-SHA256. 
-    """
-    
-    return Crypto.Hash.HMAC.new(password, salt, Crypto.Hash.SHA256).digest()  
-
-
-  # 'dkLen' is the desired key length.  'count' is the number of password
-  # iterations performed by PBKDF2.  'prf' is a pseudorandom function, which
-  # must be callable. 
-  derived_key = Crypto.Protocol.KDF.PBKDF2(password, salt,
-                                           dkLen=_AES_KEY_SIZE,
-                                           count=iterations,
-                                           prf=pseudorandom_function)
-
-  return salt, iterations, derived_key
-
-
-
-
-
-def _encrypt(key_data, derived_key_information):
-  """
-  Encrypt 'key_data' using the Advanced Encryption Standard (AES-256) algorithm.
-  'derived_key_information' should contain a key strengthened by PBKDF2.  The
-  key size is 256 bits and AES's mode of operation is set to CTR (CounTeR Mode).
-  The HMAC of the ciphertext is generated to ensure the ciphertext has not been
-  modified.
-
-  'key_data' is the JSON string representation of the key.  In the case
-  of RSA keys, this format would be 'tuf.formats.RSAKEY_SCHEMA':
-  {'keytype': 'rsa',
-   'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-              'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-
-  'derived_key_information' is a dictionary of the form:
-    {'salt': '...',
-     'derived_key': '...',
-     'iterations': '...'}
-
-  'tuf.CryptoError' raised if the encryption fails.
-  """
-  
-  # Generate a random initialization vector (IV).  The 'iv' is treated as the
-  # initial counter block to a stateful counter block function (i.e.,
-  # PyCrypto's 'Crypto.Util.Counter').  The AES block cipher operates on 128-bit
-  # blocks, so generate a random 16-byte initialization block.  PyCrypto expects
-  # the initial value of the stateful counter to be an integer.
-  # Follow the provably secure encrypt-then-MAC approach, which affords the
-  # ability to verify ciphertext without needing to decrypt it and preventing
-  # an attacker from feeding the block cipher malicious data.  Modes like GCM
-  # provide both encryption and authentication, whereas CTR only provides
-  # encryption.  
-  iv = Crypto.Random.new().read(16)
-  stateful_counter_128bit_blocks = Crypto.Util.Counter.new(128,
-                                      initial_value=long(iv.encode('hex'), 16)) 
-  symmetric_key = derived_key_information['derived_key'] 
-  aes_cipher = Crypto.Cipher.AES.new(symmetric_key,
-                                     Crypto.Cipher.AES.MODE_CTR,
-                                     counter=stateful_counter_128bit_blocks)
- 
-  # Use AES-256 to encrypt 'key_data'.  The key size determines how many cycle
-  # repetitions are performed by AES, 14 cycles for 256-bit keys.
-  try:
-    ciphertext = aes_cipher.encrypt(key_data)
-  
-  # Raise generic exception message to avoid revealing sensitive information,
-  # such as invalid passwords, encryption keys, etc., that an attacker can use
-  # to his advantage.
-  except Exception, e:
-    message = 'The key data could not be encrypted.' 
-    raise tuf.CryptoError(message)
-
-  # Generate the hmac of the ciphertext to ensure it has not been modified.
-  # The decryption routine may verify a ciphertext without having to perform
-  # a decryption operation.
-  salt = derived_key_information['salt'] 
-  hmac_object = Crypto.Hash.HMAC.new(symmetric_key, ciphertext,
-                                     Crypto.Hash.SHA256)
-  hmac = hmac_object.hexdigest()
-
-  # Store the number of PBKDF2 iterations used to derive the symmetric key so
-  # that the decryption routine can regenerate the symmetric key successfully.
-  # The pbkdf2 iterations are allowed to vary for the keys loaded and saved.
-  iterations = derived_key_information['iterations']
-
-  # Return the salt, iterations, hmac, initialization vector, and ciphertext
-  # as a single string.  These five values are delimited by
-  # '_ENCRYPTION_DELIMITER' to make extraction easier.  This delimiter is
-  # arbitrarily chosen and should not occur in the hexadecimal representations
-  # of the fields it is separating.
-  return binascii.hexlify(salt) + _ENCRYPTION_DELIMITER + \
-         binascii.hexlify(str(iterations)) + _ENCRYPTION_DELIMITER + \
-         binascii.hexlify(hmac) + _ENCRYPTION_DELIMITER + \
-         binascii.hexlify(iv) + _ENCRYPTION_DELIMITER + \
-         binascii.hexlify(ciphertext)
-
-
-
-
-
-def _decrypt(file_contents, password):
-  """
-  The corresponding decryption routine for _encrypt().
-
-  'tuf.CryptoError' raised if the decryption fails.
-  """
- 
-  # Extract the salt, iterations, hmac, initialization vector, and ciphertext
-  # from 'file_contents'.  These five values are delimited by
-  # '_ENCRYPTION_DELIMITER'.  This delimiter is arbitrarily chosen and should
-  # not occur in the hexadecimal representations of the fields it is separating.
-  salt, iterations, hmac, iv, ciphertext = \
-    file_contents.split(_ENCRYPTION_DELIMITER)
-  
-  # Ensure we have the expected raw data for the delimited cryptographic data. 
-  salt = binascii.unhexlify(salt)
-  iterations = int(binascii.unhexlify(iterations))
-  hmac = binascii.unhexlify(hmac)
-  iv = binascii.unhexlify(iv)
-  ciphertext = binascii.unhexlify(ciphertext)
-
-  # Generate derived key from 'password'.  The salt and iterations are specified
-  # so that the expected derived key is regenerated correctly.  Discard the old
-  # "salt" and "iterations" values, as we only need the old derived key.
-  junk_old_salt, junk_old_iterations, derived_key = \
-    _generate_derived_key(password, salt, iterations)
-
-  # Verify the hmac to ensure the ciphertext is valid and has not been altered.
-  # See the encryption routine for why we use the encrypt-then-MAC approach.
-  generated_hmac_object = Crypto.Hash.HMAC.new(derived_key, ciphertext,
-                                               Crypto.Hash.SHA256)
-  generated_hmac = generated_hmac_object.hexdigest()
-
-  if generated_hmac != hmac:
-    raise tuf.CryptoError('Decryption failed.')
-
-  # The following decryption routine assumes 'ciphertext' was encrypted with
-  # AES-256.
-  stateful_counter_128bit_blocks = Crypto.Util.Counter.new(128,
-                                      initial_value=long(iv.encode('hex'), 16)) 
-  aes_cipher = Crypto.Cipher.AES.new(derived_key,
-                                     Crypto.Cipher.AES.MODE_CTR,
-                                     counter=stateful_counter_128bit_blocks)
-  try:
-    key_plaintext = aes_cipher.decrypt(ciphertext)
-  
-  # Raise generic exception message to avoid revealing sensitive information,
-  # such as invalid passwords, encryption keys, etc., that an attacker can
-  # use to his advantage.
-  except Exception, e: 
-    raise tuf.CryptoError('Decryption failed.')
-
-  return key_plaintext
diff --git a/tuf/repo/quickstart.py b/tuf/repo/quickstart.py
deleted file mode 100755
index e51373da..00000000
--- a/tuf/repo/quickstart.py
+++ /dev/null
@@ -1,478 +0,0 @@
-#!/usr/bin/env python
-
-"""
-<Program Name>
-  quickstart.py
-
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-
-<Started>
-  June 2012.  Based on a previous version by Geremy Condra.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  This script acts as a handy quickstart for TUF, helping project and
-  repository maintainers get into the game as quickly and painlessly as
-  possible.  'quickstart.py' creates the metadata files for all the top-level
-  roles (along with their respective cryptographic keys), all of the
-  target files specified by the user, and a configuration file named
-  'config.cfg'.  The user may then use the 'signercli' script to modify,
-  if they wish, the basic repository created by 'quickstart.py'.
-
-  If executed successfully, 'quickstart.py' saves the 'repository', 'keystore',
-  and 'client' directories to the current directory.  The 'repository' directory
-  should be transferred to the server responding to TUF repository requests.
-  'keystore' and the individual encrypted key files should be securely stored
-  and managed by the repository maintainer; these files will be needed again
-  when modifying the metadata files.  'client' should be initially distributed
-  to users by the software updater utilizing TUF.
-
-  The Update Framework may be tested locally with the output of 'quickstart.py'
-  in two easy steps.
-
-  # If you need a basic server for testing purposes
-  $ cd repository; python -m SimpleHTTPServer 8001
-
-  # This next step is performed by the client.  Here we are using the basic
-  # client, which will securely update all target files.  In a new terminal ...
-  $ cd client; python basic_client.py --repo http://localhost:8001
-
-  # You can also test a custom client by running the 'example_client.py' script
-  # provided with TUF.
-  $ cd client; python example_client.py
-
-
-  'quickstart.py' is invoked once to set up the repository.  'signercli.py' is
-  used to update the repository on the server.  In the case of updated targets,
-  the repository maintainer would simply add/delete target files from the
-  'targets' directory on the server and execute the following three commands to
-  generate updated metadata files:
-
-  $ python signercli.py --maketargets ./keystore
-  $ python signercli.py --makerelease ./keystore
-  $ python signercli.py --maketimestamp ./keystore
-
-  The next time the client queries the server, the top-level metadata files are
-  updated and any updated target files downloaded.
-
-
-<Usage>
-  $ python quickstart.py --<option> argument
-
-  Examples:
-  $ python quickstart.py --project ./project-files/
-  $ python quickstart.py --project ./project-files/ --verbose 1
-
-
-  'quickstart.py' will request threshold values for the top-level roles.
-  For recommended values and more information on the files generated by
-  this script, consult the documentation provided in the 'docs' directory.
-
-<Options>
-  --verbose:
-    Set the verbosity level of logging messages.  Accepts values 1-5.
-    The lower the setting, the greater the verbosity.
-
-  --project:
-    Specify the project directory containing the target files to be
-    served by the TUF repository.
-
-"""
-
-import time
-import datetime
-import getpass
-import sys
-import os
-import optparse
-import ConfigParser
-import shutil
-import tempfile
-import logging
-import errno
-
-import tuf
-import tuf.repo.signerlib
-import tuf.repo.keystore
-import tuf.formats
-import tuf.util
-import tuf.log
-
-# See 'log.py' to learn how logging is handled in TUF.
-logger = logging.getLogger('tuf.quickstart')
-
-# Set the default file names for the top-level roles.
-# For instance: in 'signerlib.py', ROOT_FILENAME = 'root.txt'.
-ROOT_FILENAME = tuf.repo.signerlib.ROOT_FILENAME
-TARGETS_FILENAME = tuf.repo.signerlib.TARGETS_FILENAME
-RELEASE_FILENAME = tuf.repo.signerlib.RELEASE_FILENAME
-TIMESTAMP_FILENAME = tuf.repo.signerlib.TIMESTAMP_FILENAME
-
-# Expiration date, in seconds, of the top-level roles (excluding 'Root').
-# The expiration time of the 'Root' role is set by the user.  A metadata
-# expiration date is set by taking the current time and adding the expiration
-# seconds listed below.
-# Initial 'targets.txt' expiration time of 3 months. 
-TARGETS_EXPIRATION = 7889230 
-
-# Initial 'release.txt' expiration time of 1 week. 
-RELEASE_EXPIRATION = 604800 
-
-# Initial 'timestamp.txt' expiration time of 1 day.
-TIMESTAMP_EXPIRATION = 86400
-
-# The maximum number of attempts the user has to enter
-# valid input.
-MAX_INPUT_ATTEMPTS = 3
-
-
-def _prompt(message, result_type=str):
-  """
-    Prompt the user for input by printing 'message', converting
-    the input to 'result_type', and returning the value to the
-    caller.
-
-  """
-
-  return result_type(raw_input(message))
-
-
-
-
-
-def _get_password(prompt='Password: ', confirm=False):
-  """
-    Return the password entered by the user.  If 'confirm'
-    is True, the user is asked to enter the previously
-    entered password once again.  If they match, the
-    password is returned to the caller.
-
-  """
-
-  while True:
-    # getpass() prompts the user for a password without echoing
-    # the user input.
-    password = getpass.getpass(prompt, sys.stderr)
-    if not confirm:
-      return password
-    password2 = getpass.getpass('Confirm: ', sys.stderr)
-    if password == password2:
-      return password
-    else:
-      print 'Mismatch; try again.'
-
-
-
-
-
-def build_repository(project_directory):
-  """
-  <Purpose>
-    Build a basic TUF repository.  All of the required files needed by a
-    repository mirror are created, such as the metadata files of the top-level
-    roles, cryptographic keys, and the directories containing all of the target
-    files.
-
-  <Arguments>
-    project_directory:
-      The directory containing the target files to be copied over to the
-      targets directory of the repository.
-
-  <Exceptions>
-    tuf.RepositoryError, if there was an error building the repository.
-
-  <Side Effects>
-    The repository files created are written to disk to the current
-    working directory.
-
-  <Returns>
-    None.
-
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.RepositoryError' if there is a mismatch.
-  try:
-    tuf.formats.PATH_SCHEMA.check_match(project_directory)
-  except tuf.FormatError, e:
-    message = str(e)
-    raise tuf.RepositoryError(message)
-  
-  # Verify the 'project_directory' argument.
-  project_directory = os.path.abspath(project_directory)
-  try:
-    tuf.repo.signerlib.check_directory(project_directory)
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)
-    raise tuf.RepositoryError(message)
-  
-  # Handle the expiration time.  The expiration date determines when
-  # the top-level roles expire.
-  prompt_message = \
-    '\nWhen would you like your "root.txt" metadata to expire? (mm/dd/yyyy): '
-  timeout = None
-  for attempt in range(MAX_INPUT_ATTEMPTS):
-    # Get the difference between the user's entered expiration date and today's
-    # date.  Convert and store the difference to total days till expiration.
-    try:
-      input_date = _prompt(prompt_message)
-      expiration_date = datetime.datetime.strptime(input_date, '%m/%d/%Y')
-      time_difference = expiration_date - datetime.datetime.now()
-      timeout = time_difference.days
-      if timeout < 1:
-        raise ValueError
-      break
-    except ValueError, e:
-      message = 'Invalid expiration date entered'
-      logger.error(message)
-      timeout = None
-      continue
-
-  # Was a valid value for 'timeout' set?
-  if timeout is None:
-    raise tuf.RepositoryError('Could not get a valid expiration date\n')
-
-  # Build the repository directories.
-  metadata_directory = None
-  targets_directory = None
-
-  # Save the repository directory to the current directory, with
-  # an initial name of 'repository'.  The repository maintainer
-  # may opt to rename this directory and should transfer it elsewhere,
-  # such as the webserver that will respond to TUF requests.
-  repository_directory = os.path.join(os.getcwd(), 'repository')
-  
-  # Copy the files from the project directory to the repository's targets
-  # directory.  The targets directory will hold all the individual
-  # target files.
-  targets_directory = os.path.join(repository_directory, 'targets')
-  temporary_directory = tempfile.mkdtemp()
-  temporary_targets = os.path.join(temporary_directory, 'targets')
-  shutil.copytree(project_directory, temporary_targets)
-  
-  # Remove the log file created by the tuf logger, if it exists.
-  # It might exist if the current directory was specified as the
-  # project directory on the command-line.
-  log_filename = tuf.log._DEFAULT_LOG_FILENAME
-  if log_filename in os.listdir(temporary_targets):
-    log_file = os.path.join(temporary_targets, log_filename)
-    os.remove(log_file)
-
-  # Try to create the repository directory.
-  try:
-    os.mkdir(repository_directory)
-  # 'OSError' raised if the directory cannot be created.
-  except OSError, e:
-    message = 'Trying to create a new repository over an old repository '+\
-      'installation.  Remove '+repr(repository_directory)+' before '+\
-      'trying again.'
-    if e.errno == errno.EEXIST:
-      raise tuf.RepositoryError(message)
-    else:
-      raise
-
-  # Move the temporary targets directory into place now that repository
-  # directory has been created and remove previously created temporary
-  # directory.
-  shutil.move(temporary_targets, targets_directory)
-  os.rmdir(temporary_directory)
-  
-  # Try to create the metadata directory that will hold all of the
-  # metadata files, such as 'root.txt' and 'release.txt'.
-  try:
-    metadata_directory = os.path.join(repository_directory, 'metadata')
-    message = 'Creating '+repr(metadata_directory)
-    logger.info(message)
-    os.mkdir(metadata_directory)
-  except OSError, e:
-    if e.errno == errno.EEXIST:
-      pass
-    else:
-      raise
-
-  # Set the keystore directory.
-  keystore_directory = os.path.join(os.getcwd(), 'keystore')
-
-  # Try to create the keystore directory.
-  try:
-    os.mkdir(keystore_directory)
-  # 'OSError' raised if the directory cannot be created.
-  except OSError, e:
-    if e.errno == errno.EEXIST:
-      pass
-    else:
-      raise
-
-  # Build the keystore and save the generated keys.
-  role_info = {}
-  for role in ['root', 'targets', 'release', 'timestamp']:
-    # Ensure the user inputs a valid threshold value.
-    role_threshold = None
-    for attempt in range(MAX_INPUT_ATTEMPTS):
-      prompt_message = \
-        '\nEnter the desired threshold for the role '+repr(role)+': '
-
-      # Check for non-integers and values less than one.
-      try:
-        role_threshold = _prompt(prompt_message, int)
-        if not tuf.formats.THRESHOLD_SCHEMA.matches(role_threshold):
-          raise ValueError
-        break
-      except ValueError, e:
-        message = 'Invalid role threshold entered'
-        logger.warning(message)
-        role_threshold = None
-        continue
-
-    # Did the user input a valid threshold value?
-    if role_threshold is None:
-      raise tuf.RepositoryError('Could not build the keystore\n')
-
-    # Retrieve the password(s) for 'role', generate the key(s),
-    # and save them to the keystore.
-    for threshold in range(role_threshold):
-      message = 'Enter a password for '+repr(role)+' ('+str(threshold+1)+'): '
-      password = _get_password(message, confirm=True)
-      key = tuf.repo.signerlib.generate_and_save_rsa_key(keystore_directory,
-                                                         password)
-      try:
-        role_info[role]['keyids'].append(key['keyid'])
-      except KeyError:
-        info = {'keyids': [key['keyid']], 'threshold': role_threshold}
-        role_info[role] = info
-
-  # At this point the keystore is built and the 'role_info' dictionary
-  # looks something like this:
-  # {'keyids : [keyid1, keyid2] , 'threshold' : 2}
-
-  # Build the configuration file.
-  config_filepath = tuf.repo.signerlib.build_config_file(repository_directory,
-                                                         timeout, role_info)
-
-  # Generate the 'root.txt' metadata file. 
-  # Newly created metadata start at version 1.  The expiration date for the
-  # 'Root' role is extracted from the configuration file that was set, above,
-  # by the user.
-  root_keyids = role_info['root']['keyids']
-  tuf.repo.signerlib.build_root_file(config_filepath, root_keyids,
-                                     metadata_directory, 1)
-
-  # Generate the 'targets.txt' metadata file.
-  targets_keyids = role_info['targets']['keyids']
-  expiration_date = tuf.formats.format_time(time.time()+TARGETS_EXPIRATION)
-  tuf.repo.signerlib.build_targets_file([targets_directory], targets_keyids,
-                                        metadata_directory, 1,
-                                        expiration_date)
-
-  # Generate the 'release.txt' metadata file.
-  release_keyids = role_info['release']['keyids']
-  expiration_date = tuf.formats.format_time(time.time()+RELEASE_EXPIRATION)
-  tuf.repo.signerlib.build_release_file(release_keyids, metadata_directory,
-                                        1, expiration_date)
-
-  # Generate the 'timestamp.txt' metadata file.
-  timestamp_keyids = role_info['timestamp']['keyids']
-  expiration_date = tuf.formats.format_time(time.time()+TIMESTAMP_EXPIRATION)
-  tuf.repo.signerlib.build_timestamp_file(timestamp_keyids, metadata_directory,
-                                          1, expiration_date)
-
-  # Generate the 'client' directory containing the metadata of the created
-  # repository.  'tuf.client.updater.py' expects the 'current' and 'previous'
-  # directories to exist under 'metadata'.
-  client_metadata_directory = os.path.join(os.getcwd(), 'client', 'metadata')
-  try:
-    os.makedirs(client_metadata_directory)
-  except OSError, e:
-    if e.errno == errno.EEXIST:
-      message = 'Cannot create a fresh client metadata directory: '+\
-        repr(client_metadata_directory)+'.  The client metadata '+\
-        'will need to be manually created.  See the README file.'
-      logger.warn(message)
-    else:
-      raise
-
-  # Move the metadata to the client's 'current' and 'previous' directories.
-  client_current = os.path.join(client_metadata_directory, 'current')
-  client_previous = os.path.join(client_metadata_directory, 'previous')
-  shutil.copytree(metadata_directory, client_current)
-  shutil.copytree(metadata_directory, client_previous)
-
-
-
-
-
-def parse_options():
-  """
-  <Purpose>
-    Parse the command-line options and set the logging level,
-    as specified by the user using the '--verbose' option.
-    The user must also set the '--project' option.  If unset,
-    the current directory is used as the location of the project
-    files.  The project files are copied by 'quickstart.py' and
-    saved to the repository's targets directory.
-
-  <Arguments>
-    None.
-
-  <Exceptions>
-    None.
-
-  <Side Effects>
-    Sets the logging level for TUF logging.
-
-  <Returns>
-    The 'options.PROJECT_DIRECTORY' string.
-
-  """
-
-  parser = optparse.OptionParser()
-
-  # Add the options supported by 'quickstart' to the option parser.
-  parser.add_option('--verbose', dest='VERBOSE', type=int, default=3,
-                    help='Set the verbosity level of logging messages.'
-                         'The lower the setting, the greater the verbosity.')
-
-  parser.add_option('--project', dest='PROJECT_DIRECTORY', type='string',
-                    default='.', help='Specify the directory containing the '
-                    'project files to host on the TUF repository.')
-
-  options, args = parser.parse_args()
-
-  # Set the logging level.
-  if options.VERBOSE == 5:
-    tuf.log.set_log_level(logging.CRITICAL)
-  elif options.VERBOSE == 4:
-    tuf.log.set_log_level(logging.ERROR)
-  elif options.VERBOSE == 3:
-    tuf.log.set_log_level(logging.WARNING)
-  elif options.VERBOSE == 2:
-    tuf.log.set_log_level(logging.INFO)
-  elif options.VERBOSE == 1:
-    tuf.log.set_log_level(logging.DEBUG)
-  else:
-    tuf.log.set_log_level(logging.NOTSET)
-
-  # Return the directory containing the project files.  These files
-  # are copied over to the targets directory of the repository.
-  return options.PROJECT_DIRECTORY 
-
-
-
-if __name__ == '__main__':
-
-  # Parse the options and set the logging level.
-  project_directory = parse_options()
-
-  # Build the repository.  The top-level metadata files, cryptographic keys,
-  # target files, and the configuration file are created.
-  try:
-    build_repository(project_directory)
-  except tuf.RepositoryError, e:
-    sys.stderr.write(str(e)+'\n')
-    sys.exit(1)
-
-  print '\nSuccessfully created the repository.'
-  sys.exit(0)
diff --git a/tuf/repo/signercli.py b/tuf/repo/signercli.py
deleted file mode 100755
index 70013e88..00000000
--- a/tuf/repo/signercli.py
+++ /dev/null
@@ -1,1566 +0,0 @@
-#!/usr/bin/env python
-
-"""
-<Program Name>
-  signercli.py
-
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-
-<Started>
-  April 5, 2012.  Based on a previous version of this module by Geremy Condra.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Provide an interactive command-line interface to create and sign metadata.
-  This script can be used to create all of the top-level role files required
-  by TUF, which include 'root.json', 'targets.json', 'release.json', and
-  'timestamp.json'. It also provides options to generate RSA keys, change the
-  encryption/decryption keys of encrypted key files, list the keyids of
-  the signing keys stored in a keystore directory, create delegated roles,
-  and dump the contents of signing keys (i.e., public and private keys, key
-  type, etc.)
-
-  This module can be best understood if read starting with the parse_option()
-  call in __main__.  All of the options accept a single keystore
-  directory argument.  Beyond this point, the script is interactive.
-  If any additional arguments is required, the user will be asked to input
-  these values.  The script will process one command-line option and
-  raise an error for any other options that might be supplied.
-
-  Initially, the 'quickstart.py' script is utilized when the repository is
-  first created.  'signercli.py' would then be executed to update the state
-  of the repository.  For example, the repository owner wants to change the
-  'targets.json' signing key.  The owner would run 'signercli.py' to
-  generate a new RSA key, add the new key to the configuration file created
-  by 'quickstart.py', and then run 'signercli.py' to update the metadata files.
-
-<Usage>
-  $ python signercli.py --<option> <keystore_directory>
-
-  Examples:
-  S python signercli.py --genrsakey ./keystore
-  $ python signercli.py --changepass ./keystore
-
-<Options>
-  See the parse_options() function for the full list of supported options.
-"""
-
-import os
-import optparse
-import getpass
-import time
-import sys
-import logging
-import errno
-
-import tuf
-import tuf.formats
-import tuf.repo.signerlib
-import tuf.repo.keystore
-import tuf.util
-import tuf.log
-
-# See 'log.py' to learn how logging is handled in TUF.
-logger = logging.getLogger('tuf.signercli')
-
-json = tuf.util.import_json()
-
-# The maximum number of attempts the user has to enter
-# valid input.
-MAX_INPUT_ATTEMPTS = 3
-
-
-def _check_directory(directory):
-  try:
-    directory = tuf.repo.signerlib.check_directory(directory)
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-  return directory
-
-
-
-
-def _get_password(prompt='Password: ', confirm=False):
-  """
-    Return the password entered by the user.  If 'confirm'
-    is True, the user is asked to enter the previously
-    entered password once again.  If they match, the
-    password is returned to the caller.
-  """
-
-  while True:
-    password = getpass.getpass(prompt, sys.stderr)
-    if not confirm:
-      return password
-    password2 = getpass.getpass('Confirm: ', sys.stderr)
-    if password == password2:
-      return password
-    else:
-      message = 'Mismatch; try again.'
-      logger.info(message)
-
-
-
-
-
-def _prompt(message, result_type=str):
-  """
-    Prompt the user for input by printing 'message', converting
-    the input to 'result_type', and returning the value to the
-    caller.
-
-  """
-
-  return result_type(raw_input(message))
-
-
-
-
-
-def _get_metadata_directory():
-  """
-    Get the metadata directory from the user.  The user
-    is asked to enter the directory, and if validated, is
-    returned to the caller.  'tuf.FormatError' is raised
-    if the directory is not properly formatted, and 'tuf.Error'
-    if it does not exist.
-  """
-
-  metadata_directory = _prompt('\nEnter the metadata directory: ', str)
-
-  # Raises 'tuf.RepositoryError'.
-  metadata_directory = _check_directory(metadata_directory)
-
-  return metadata_directory
-
-
-
-
-
-def _list_keyids(keystore_directory, metadata_directory):
-  """
-    List the key files found in 'keystore_directory'.
-    It is assumed the directory arguments exist and have been validated by
-    the caller.  The keyids are listed without the '.key' extension,
-    along with their associated roles.
-  """
-
-  # Determine the 'root.json' filename.  This metadata file is needed
-  # to extract the keyids belonging to the top-level roles.
-  filenames = tuf.repo.signerlib.get_metadata_filenames(metadata_directory)
-  root_filename = filenames['root']
- 
-  # Load the root metadata file.  The loaded object should conform to
-  # 'tuf.formats.SIGNABLE_SCHEMA'.
-  metadata_signable = tuf.util.load_json_file(root_filename)
-
-  # Ensure the loaded json object is properly formatted.
-  try: 
-    tuf.formats.check_signable_object_format(metadata_signable)
-  except tuf.FormatError, e:
-    message = 'Invalid metadata format: '+repr(root_filename)+'.'
-    raise tuf.RepositoryError(message)
-
-  # Extract the 'signed' role object from 'metadata_signable'.
-  root_metadata = metadata_signable['signed']
- 
-  # Extract the 'roles' dict, where the dict keys are top-level roles and dict
-  # values a dictionary containing a list of corresponding keyids and a 
-  # threshold.
-  top_level_keyids = root_metadata['roles']
-
-  # Determine the keyids associated with all the targets roles.
-  try: 
-    targets_keyids = tuf.repo.signerlib.get_target_keyids(metadata_directory)
-  except tuf.FormatError, e:
-    raise tuf.RepositoryError('Format error: '+str(e))
-
-  # Extract the key files ending in a '.key' extension.
-  key_paths = []
-  for filename in os.listdir(keystore_directory):
-    full_path = os.path.join(keystore_directory, filename)
-    if filename.endswith('.key') and not os.path.isdir(full_path):
-      key_paths.append(filename)
-
-  # For each keyid listed in the keystore, search 'top_level_keyids'
-  # and 'targets_keyids' for a possible entry.  'keyids_dict' stores
-  # the associated roles for each keyid.
-  keyids_dict = {}
-  for keyid in key_paths:
-    # Strip the '.key' extension.  These raw keyids are needed to search
-    # for the roles attached to them in the metadata files.
-    keyid = keyid[0:keyid.rfind('.key')]
-    keyids_dict[keyid] = []
-    # Is 'keyid' listed in any of the top-level roles?
-    for top_level_role in top_level_keyids:
-      if keyid in top_level_keyids[top_level_role]['keyids']:
-        # To avoid a duplicate, ignore the 'targets.json' role for now.
-        # 'targets_keyids' will also contain the keyids for this top-level role.
-        if top_level_role != 'targets':
-          keyids_dict[keyid].append(top_level_role)
-    # Is 'keyid' listed in any of the targets roles? 
-    for targets_role, keyids in targets_keyids.items():
-      if keyid in keyids:
-        keyids_dict[keyid].append(targets_role)
-  
-  # Log the keyids without the '.key' extension and the roles
-  # associated with them.
-  message = 'Listing the keyids in '+repr(keystore_directory)
-  logger.info(message)
-  for keyid in keyids_dict:
-    message = keyid+' : '+str(keyids_dict[keyid])
-    logger.info(message)
-
-
-
-
-
-def _get_keyids(keystore_directory):
-  """
-    Load the keyids in 'keystore_directory'.  The keystore
-    database is populated with the keyids that are found
-    and successfully loaded.  A list containing the keyids
-    of the loaded keys is returned to the caller.  Since the
-    key files are stored in encrypted form, the user is asked
-    to enter the password that was used to encrypt the key
-    file.
-  """
-
-  # The keyids list containing the keys loaded.
-  loaded_keyids = []
-
-  # Save the 'load_keystore_from_keyfiles' function call.
-  # Set to improve readability.
-  load_key = tuf.repo.keystore.load_keystore_from_keyfiles
-
-  # Ask the user for the keyid and password.  Next, try to load the specified
-  # keyid/password combination.  If loaded, append the loaded key's keyid to
-  # 'loaded_keyids'.  Loop the steps above or exit when the user enters 'quit'.
-  while True:
-    keyid_prompt = '\nEnter the keyid or "quit" when done: '
-    keyid = _prompt(keyid_prompt, str)
-    if keyid.lower() == 'quit':
-      break
-
-    # Get the password from the user so we can decrypt the key file.
-    password = _get_password('\nEnter the keyid\'s password: ')
-
-    # Try to load the keyfile with the keyid and password credentials.
-    loaded_keyid = load_key(keystore_directory, [keyid], [password])
-    # Was 'keyid' loaded?
-    if keyid not in loaded_keyid:
-      message = 'Could not load keyid: '+keyid
-      logger.error(message)
-      continue
-
-    # Append 'keyid' to the loaded list of keyids.
-    loaded_keyids.append(loaded_keyid[0])
-
-  return loaded_keyids
-
-
-
-
-
-def _get_all_config_keyids(config_filepath, keystore_directory):
-  """
-    Retrieve the contents of the config file and load
-    the keys for the top-level roles.  After this function
-    returns successfully, all the required roles are loaded
-    in the keystore.  The arguments should be absolute paths.
-
-    <Exceptions>
-      tuf.Error, if the required top-level keys could
-      not be loaded.
-
-    <Returns>
-      A dictionary containing the keyids for the top-level roles.
-      loaded_keyids = {'root': [1233d3d, 598djdks, ..],
-                       'release': [sdfsd323, sdsd9090s, ..]
-                       ...}
-  """
-
-  # Save the 'load_keystore_from_keyfiles' function call.
-  load_key = tuf.repo.keystore.load_keystore_from_keyfiles
-
-  # 'tuf.Error' raised if the configuration file cannot be read.
-  config_dict = tuf.repo.signerlib.read_config_file(config_filepath)
-
-  loaded_keyids = {}
-  # Extract the sections from the config file.  We are only
-  # interested in role sections.
-  for key, value in config_dict.items():
-    if key in ['root', 'targets', 'release', 'timestamp']:
-      # Try to load the keyids for each role.
-      loaded_keyids[key] = []
-      for keyid in value['keyids']:
-        for attempt in range(MAX_INPUT_ATTEMPTS):
-          message = '\nEnter the password for the '+key+' role ('+keyid+'): '
-          password = _get_password(message)
-          loaded_key = load_key(keystore_directory, [keyid], [password])
-          if not loaded_key or keyid not in loaded_key:
-            message = 'Could not load keyid: '+keyid
-            logger.error(message)
-            continue
-          loaded_keyids[key].append(keyid)
-          break
-        if keyid not in loaded_keyids[key]:
-          raise tuf.Error('Could not load a required top-level role key.')
-
-  # Ensure we loaded keys for the required top-level roles.
-  for key in ['root', 'targets', 'release', 'timestamp']:
-    if key not in loaded_keyids:
-      message = 'The configuration file did not contain the required roles.'
-      raise tuf.Error(message)
-
-  return loaded_keyids
-
-
-
-
-
-def _get_role_config_keyids(config_filepath, keystore_directory, role):
-  """
-    Retrieve and load the key(s) for 'role', as listed in the keyids
-    found in 'config_filepath'.  'config_filepath' and 'keystore_directory'
-    should be absolute paths.
-
-  <Exceptions>
-    tuf.Error, if the required keys could not be loaded.
-  """
-
-  # Save the 'load_keystore_from_keyfiles' function call.
-  load_key = tuf.repo.keystore.load_keystore_from_keyfiles
-
-  # 'tuf.Error' raised if the configuration file cannot be read.
-  config_dict = tuf.repo.signerlib.read_config_file(config_filepath)
-
-  role_keyids = []
-  # Extract the sections from the config file.  We are only interested
-  # in the 'role' section.
-  for key, value in config_dict.items():
-    if key == role:
-      for keyid in value['keyids']:
-        for attempt in range(MAX_INPUT_ATTEMPTS):
-          message = '\nEnter the password for the '+key+' role ('+keyid+'): '
-          password = _get_password(message)
-          loaded_key = load_key(keystore_directory, [keyid], [password])
-          if not loaded_key or keyid not in loaded_key:
-            message = 'Could not load keyid: '+keyid
-            logger.error(message)
-            continue
-          role_keyids.append(keyid)
-          break
-      # Ensure we loaded all the keyids.
-      for keyid in value['keyids']:
-        if keyid not in role_keyids:
-          raise tuf.Error('Could not load a required role key: '+keyid+'.')
-  if not role_keyids:
-    raise tuf.Error('Could not load the required keys for '+role)
-
-  return role_keyids
-
-
-
-
-
-def _sign_and_write_metadata(metadata, keyids, filename):
-  """
-    Sign 'metadata' and write it to 'filename' (an absolute path),
-    overwriting the original file if it exists.  If any of the
-    keyids have already signed the file, the old signatures of
-    those keyids will be replaced.
-
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are incorrectly formatted.
-
-    tuf.Error, if an error is encountered.
-
-  """
-
-  # Sign the metadata object.  The 'signable' object contains the keyids
-  # used in the signing process, including the signatures generated.
-  signable = tuf.repo.signerlib.sign_metadata(metadata, keyids, filename)
-
-  # Write the 'signable' object to 'filename'.  The 'filename' file is
-  # the final metadata file, such as 'root.json' and 'targets.json'.
-  tuf.repo.signerlib.write_metadata_file(signable, filename)
-
-
-
-
-
-def _get_metadata_version(metadata_filename):
-  """
-    If 'metadata_filename' exists, load it and extract the current version.
-    This version number is incremented by one prior to returning.  If
-    'metadata_filename' does not exist, return a version value of 1.
-    Raise 'tuf.RepositoryError' if 'metadata_filename' cannot be read or
-    validated.
-  """
-  
-  # If 'metadata_filename' does not exist on the repository, this means
-  # it will be newly created and thus version 1 of the file.
-  if not os.path.exists(metadata_filename):
-    return 1
-
-  # Open 'metadata_filename', extract the version number, and return it
-  # incremented by 1.  A metadata's version is used to determine newer metadata
-  # from older.  The client should only accept newer metadata.
-  try:
-    signable = tuf.repo.signerlib.read_metadata_file(metadata_filename)
-    tuf.formats.check_signable_object_format(signable)
-  except (tuf.FormatError, tuf.Error), e:
-    message = repr(metadata_filename)+' could not be opened or is invalid.'+\
-      '  Backup or replace it and try again.'
-    raise tuf.RepositoryError(message)
-  current_version = signable['signed']['version']
-
-  return current_version+1
-
-
-
-
-
-def _get_metadata_expiration():
-  """
-    Prompt the user for the expiration date of the metadata file.
-    If the entered date is valid, it is returned unmodified.
-
-    <Exceptions>
-      tuf.RepositoryError, if the entered expiration date is invalid.
-  """
-
-  message = '\nCurrent time: '+tuf.formats.format_time(time.time())+'.\n'+\
-    'Enter the expiration date, in UTC, of the metadata file (yyyy-mm-dd HH:MM:SS): '
-    
-  try:
-    input_date = _prompt(message, str)
-    input_date = input_date+' UTC'
-    expiration_date = tuf.formats.parse_time(input_date)
-  except (tuf.FormatError, ValueError), e:
-    raise tuf.RepositoryError('Invalid date entered.')
-  
-  if expiration_date < time.time():
-    message = 'The expiration date must occur after the current date.'
-    raise tuf.RepositoryError(message)
-  
-  return input_date
-
-
-
-
-
-def change_password(keystore_directory):
-  """
-  <Purpose>
-    Change the password for the signing key specified by the user.
-    All the values required by the user will be interactively
-    retrieved by this function.
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if a bad password was given, the keystore directory
-      was invalid, or a required key could not be loaded.
-
-  <Side Effects>
-    The key file specified by the user is modified, including the encryption
-    key.
-
-  <Returns>
-    None.
-  """
-
-  # Save the 'load_keystore_from_keyfiles' function call.
-  load_key = tuf.repo.keystore.load_keystore_from_keyfiles
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-  # Retrieve the metadata directory.  The 'root.json' and all the targets
-  # metadata are needed to extract rolenames and their corresponding
-  # keyids.
-  try:
-    metadata_directory = _get_metadata_directory()
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-  
-  # List the keyids in the keystore and prompt the user for the keyid they
-  # wish to modify.
-  _list_keyids(keystore_directory, metadata_directory)
-
-  # Retrieve the keyid from the user.
-  message = '\nEnter the keyid for the password you wish to change: '
-  keyid = _prompt(message, str)
-
-  # Get the old password from the user.
-  old_password_prompt = '\nEnter the old password for the keyid: '
-  old_password = _get_password(old_password_prompt)
-
-  # Try to load the keyfile
-  loaded_keys = load_key(keystore_directory, [keyid], [old_password])
-
-  # Was 'keyid' loaded?
-  if keyid not in loaded_keys:
-    message = 'Could not load keyid: '+keyid+'\n'
-    raise tuf.RepositoryError(message)
-
-  # Retrieve the new password.
-  new_password = _get_password('\nNew password: ', confirm=True)
-
-  # Now that we have all the required information, try to change the password.
-  try:
-    tuf.repo.keystore.change_password(keyid, old_password, new_password)
-  except (tuf.BadPasswordError, tuf.UnknownKeyError), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-  # Save the changes.
-  tuf.repo.keystore.save_keystore_to_keyfiles(keystore_directory)
-
-
-
-
-
-def generate_rsa_key(keystore_directory):
-  """
-  <Purpose>
-    Generate an RSA key and save it to the keystore directory.
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if the keystore directory is invalid or an rsa key
-      cannot be generated.
-
-  <Side Effects>
-    An RSA key will be generated and added to tuf.repo.keystore.
-    The RSA key will be saved to the keystore directory specified
-    on the command-line.
-
-  <Returns>
-    None.
-  """
-
-  # Save a reference to the generate_and_save_rsa_key() function.
-  save_rsa_key = tuf.repo.signerlib.generate_and_save_rsa_key
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-  # Retrieve the number of bits for the RSA key from the user.
-  rsa_key_bits = _prompt('\nEnter the number of bits for the RSA key: ', int)
-
-  # Retrieve the password used to encrypt/decrypt the key file from the user.
-  message = '\nEnter a password to encrypt the generated RSA key: '
-  password = _get_password(message, confirm=True)
-
-  # Generate the RSA key and save it to 'keystore_directory'.
-  try:
-    rsa_key = save_rsa_key(keystore_directory=keystore_directory,
-                 password=password, bits=rsa_key_bits)
-    logger.info('Generated a new key: '+rsa_key['keyid'])
-  except (tuf.FormatError, tuf.CryptoError), e:
-    message = 'The RSA key could not be generated. '+str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-
-
-
-
-def list_signing_keys(keystore_directory):
-  """
-  <Purpose>
-    Print the key IDs of the signing keys listed in the keystore directory.
-    The associated roles of each keyid is also listed.
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if the keystore directory is invalid or if the
-    required metadata files cannot be read.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    None.
-  """
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-  # Retrieve the metadata directory.  The 'root.json' file and all the metadata
-  # for the targets roles are needed to extract rolenames and their associated
-  # keyids.
-  try:
-    metadata_directory = _get_metadata_directory()
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-  
-  _list_keyids(keystore_directory, metadata_directory)
-
-
-
-
-
-def dump_key(keystore_directory):
-  """
-  <Purpose>
-    Dump the contents of the signing key specified by the user.
-    This dumped information includes the keytype, signing method,
-    the public key, and the private key (if requested by the user).
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if the keystore directory is invalid, a required
-      key cannot be loaded, or the keystore contains an invalid key,
-
-  <Side Effects>
-    The contents of encrypted key files are extracted and printed.
-
-  <Returns>
-    None.
-  """
-
-  # Save the 'load_keystore_from_keyfiles' function call.
-  load_key = tuf.repo.keystore.load_keystore_from_keyfiles
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-  # Retrieve the metadata directory.  The 'root.json' and all the targets
-  # role metadata files are needed to extract rolenames and their corresponding
-  # keyids.
-  try:
-    metadata_directory = _get_metadata_directory()
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-  
-  # List the keyids found in 'keystore_directory', minus the '.key' extension.
-  _list_keyids(keystore_directory, metadata_directory)
-
-  # Retrieve the keyid and password from the user.
-  message = '\nEnter the keyid for the signing key you wish to dump: '
-  keyid = _prompt(message, str)
-  password = _get_password('\nEnter the password for the keyid: ')
-
-  # Try to load the keyfile
-  loaded_keys = load_key(keystore_directory, [keyid], [password])
-
-  # Was 'keyid' loaded?
-  if keyid not in loaded_keys:
-    message = 'Could not load keyid: '+keyid+'\n'
-    raise tuf.RepositoryError(message)
-
-  # Get the key object.
-  key = tuf.repo.keystore.get_key(keyid)
-
-  # Ask the user if they would like to print the private key as well.
-  show_private = False
-  prompt = 'Should the private key be printed as well?' \
-           ' (if yes, enter \'private\'): '
-  message = '*WARNING* Printing the private key reveals' \
-        ' sensitive information *WARNING*'
-  logger.warning(message)
-  input = _prompt(prompt, str)
-  if input.lower() == 'private':
-    show_private = True
-
-  # Retrieve the key metadata according to the keytype.
-  if key['keytype'] == 'rsa':
-    keytype = key['keytype']
-    keyval = key['keyval']
-    key_metadata = tuf.keys.format_keyval_to_metadata(keytype, keyval,
-    #key_metadata = tuf.keys.create_in_metadata_format(keytype, keyval,
-                                                      private=show_private)
-  else:
-    message = 'The keystore contains an invalid key type.'
-    raise tuf.RepositoryError(message)
-
-  # Print the contents of the key metadata.
-  logger.info(json.dumps(key_metadata, indent=2, sort_keys=True))
-
-
-
-
-
-def make_root_metadata(keystore_directory):
-  """
-  <Purpose>
-    Create the 'root.json' file.
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if required directories cannot be validated, 
-      required keys cannot be loaded, or a properly formatted root
-      metadata file cannot be created.
-
-  <Side Effects>
-    The contents of an existing root metadata file is overwritten.
-
-  <Returns>
-    None.
-  """
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-  # Get the metadata directory and the metadata filenames.
-  try:
-    metadata_directory = _get_metadata_directory()
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-  filenames = tuf.repo.signerlib.get_metadata_filenames(metadata_directory)
-  root_filename = filenames['root']
-
-  # If the metadata file currently exists, extract the version number and
-  # increment it by 1.  Otherwise, set the version to 1.  Incrementing
-  # the version number ensures the newly created metadata file is considered
-  # newer.
-  version = _get_metadata_version(root_filename)
-
-  # Get the configuration file.
-  config_filepath = _prompt('\nEnter the configuration file path: ', str)
-  config_filepath = os.path.abspath(config_filepath)
-
-  # Load the keys for the top-level roles.
-  try:
-    loaded_keyids = _get_all_config_keyids(config_filepath, keystore_directory)
-  except (tuf.Error, tuf.FormatError), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-  root_keyids = loaded_keyids['root']
-
-  # Generate the root metadata and write it to 'root.json'.
-  try:
-    tuf.repo.signerlib.build_root_file(config_filepath, root_keyids,
-                                       metadata_directory, version)
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-
-
-
-def make_targets_metadata(keystore_directory):
-  """ 
-  <Purpose>
-    Create the 'targets.json' metadata file.  The targets must exist at the
-    same path they should on the repository.  This takes a list of targets.
-    We're not worrying about custom metadata at the moment. It's allowed to
-    not provide keys.
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if required directories cannot be validated, 
-      required keys cannot be loaded, or a properly formatted targets
-      metadata file cannot be created.
-
-  <Side Effects>
-    The contents of an existing targets metadata file is overwritten.
-
-  <Returns>
-    None.
-  """
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-  # Retrieve the target files.  The target paths entered by the user should be
-  # separated by white space.  'targets' is a list of the target path strings
-  # extracted from user input.
-  prompt_targets = '\nInput may be a directory, directories, or any '+\
-    'number of file paths.\nEnter the target files: '
-  targets_input = _prompt(prompt_targets, str)
-  targets = targets_input.split()
-
-  # Retrieve the metadata directory and the 'targets' filename.
-  try:
-    metadata_directory = _get_metadata_directory()
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-  filenames = tuf.repo.signerlib.get_metadata_filenames(metadata_directory)
-  targets_filename = filenames['targets']
-
-  # If the metadata file currently exists, extract the version number and
-  # increment it by 1.  Otherwise, set the version to 1.  Incrementing
-  # the version number ensures the newly created metadata file is considered
-  # newer.
-  version = _get_metadata_version(targets_filename)
-
-  # Prompt the user the metadata file's expiration date.
-  # Raise 'tuf.RepositoryError' if invalid date is entered
-  # by the user.
-  expiration_date = _get_metadata_expiration()
-
-
-  # Get the configuration file.
-  config_filepath = _prompt('\nEnter the configuration file path: ', str)
-  config_filepath = os.path.abspath(config_filepath)
-
-  try:
-    # Retrieve and load the 'targets' signing keys.
-    targets_keyids = _get_role_config_keyids(config_filepath,
-                                           keystore_directory, 'targets')
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-  try:
-    # Create, sign, and write the "targets.json" file.
-    tuf.repo.signerlib.build_targets_file(targets, targets_keyids,
-                                       metadata_directory, version,
-                                       expiration_date)
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-
-
-
-
-
-def make_release_metadata(keystore_directory):
-  """
-  <Purpose>
-    Create the release metadata file.
-    The minimum metadata must exist. This is root.json and targets.json.
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if required directories cannot be validated, 
-      required keys cannot be loaded, or a properly formatted release
-      metadata file cannot be created.
-
-  <Side Effects>
-    The contents of an existing release metadata file is overwritten.
-
-  <Returns>
-    None.
-  """
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-  # Retrieve the metadata directory and the release filename.
-  try:
-    metadata_directory = _get_metadata_directory()
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-  filenames = tuf.repo.signerlib.get_metadata_filenames(metadata_directory)
-  release_filename = filenames['release']
-
-  # If the metadata file currently exists, extract the version number and
-  # increment it by 1.  Otherwise, set the version to 1.  Incrementing
-  # the version number ensures the newly created metadata file is considered
-  # newer.
-  version = _get_metadata_version(release_filename)
-
-  # Prompt the user the metadata file's expiration date.
-  # Raise 'tuf.RepositoryError' if invalid date is entered
-  # by the user.
-  expiration_date = _get_metadata_expiration()
-
-  # Get the configuration file.
-  config_filepath = _prompt('\nEnter the configuration file path: ', str)
-  config_filepath = os.path.abspath(config_filepath)
-
-  # Retrieve and load the 'release' signing keys.
-  try:
-    release_keyids = _get_role_config_keyids(config_filepath,
-                                              keystore_directory, 'release')
-    # Generate the release metadata and write it to 'release.json'
-    tuf.repo.signerlib.build_release_file(release_keyids, metadata_directory,
-                                          version, expiration_date)
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-
-
-
-
-def make_timestamp_metadata(keystore_directory):
-  """
-  <Purpose>
-    Create the timestamp metadata file.  The 'release.json' file must exist.
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if required directories cannot be validated, 
-      required keys cannot be loaded, or a properly formatted timestamp
-      metadata file cannot be created.
-
-  <Side Effects>
-    The contents of an existing timestamp metadata file is overwritten.
-
-  <Returns>
-    None.
-  """
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-
-  # Retrieve the metadata directory and the timestamp filename.
-  try:
-    metadata_directory = _get_metadata_directory()
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-  filenames = tuf.repo.signerlib.get_metadata_filenames(metadata_directory)
-  timestamp_filename = filenames['timestamp']
-
-  # If the metadata file currently exists, extract the version number and
-  # increment it by 1.  Otherwise, set the version to 1.  Incrementing
-  # the version number ensures the newly created metadata file is considered
-  # newer.
-  version = _get_metadata_version(timestamp_filename)
-
-  # Prompt the user the metadata file's expiration date.
-  # Raise 'tuf.RepositoryError' if invalid date is entered
-  # by the user.
-  expiration_date = _get_metadata_expiration()
-
-  # Get the configuration file.
-  config_filepath = _prompt('\nEnter the configuration file path: ', str)
-  config_filepath = os.path.abspath(config_filepath)
-
-  # Retrieve and load the 'timestamp' signing keys.
-  try:
-    timestamp_keyids = _get_role_config_keyids(config_filepath,
-                                               keystore_directory, 'timestamp')
-    # Generate the timestamp metadata and write it to 'timestamp.json'
-    tuf.repo.signerlib.build_timestamp_file(timestamp_keyids, metadata_directory,
-                                            version, expiration_date)
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-
-
-
-
-def sign_metadata_file(keystore_directory):
-  """
-  <Purpose>
-    Sign the metadata file specified by the user.
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if required directories cannot be validated, 
-      required keys cannot be loaded, or the specified metadata file
-      is invalid.
-
-  <Side Effects>
-    The contents of an existing metadata file is overwritten.
-
-  <Returns>
-    None.
-  """
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-  # Retrieve the metadata directory.  The 'root.json' and all the targets
-  # role metadata files are needed to extract rolenames and their corresponding
-  # keyids.
-  try:
-    metadata_directory = _get_metadata_directory()
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-  
-  # List the keyids available in the keystore.
-  _list_keyids(keystore_directory, metadata_directory)
-
-  # Retrieve the keyids of the signing keys from the user.
-  message = 'The keyids that will sign the metadata file must be loaded.'
-  logger.info(message)
-  loaded_keyids = _get_keyids(keystore_directory)
-
-  if len(loaded_keyids) == 0:
-    message = 'No keyids were loaded\n'
-    raise tuf.RepositoryError(message)
-
-  # Retrieve the metadata file the user intends to sign.
-  metadata_filename = _prompt('\nEnter the metadata filename: ', str)
-
-  metadata_filename = os.path.abspath(metadata_filename)
-  if not os.path.isfile(metadata_filename):
-    message = repr(metadata_filename)+' is an invalid file.\n'
-    raise tuf.RepositoryError(message)
-
-  # Create, sign, and write the metadata file.
-  metadata = tuf.repo.signerlib.read_metadata_file(metadata_filename)
-  _sign_and_write_metadata(metadata, loaded_keyids, metadata_filename)
-
-
-
-
-
-def make_delegation(keystore_directory):
-  """
-  <Purpose>
-    Create a delegation by updating the 'delegations' field of a parent's
-    metadata file (targets) and creating the delegated role's metadata file.
-    The user specifies the delegated role's name and target files.
-    The parent's metadata file must exist.
-
-  <Arguments>
-    keystore_directory:
-      The directory containing the signing keys (i.e., key files ending
-      in '.key').
-
-  <Exceptions>
-    tuf.RepositoryError, if required directories cannot be validated, the
-      parent role cannot be loaded, the delegated role metadata file
-      cannot be created, or the parent role metadata file cannot be updated. 
-
-  <Side Effects>
-    The parent targets metadata file is modified.  The 'delegations' field of
-    is added or updated.
-
-  <Returns>
-    None.
-  """
-
-  # Verify the 'keystore_directory' argument.
-  keystore_directory = _check_directory(keystore_directory)
-
-  # Get the metadata directory.
-  try:
-    metadata_directory = _get_metadata_directory()
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-  # Get the delegated role's target paths, which should be located within
-  # the repository's targets directory.  We need these directory/file paths to
-  # generate the delegated role's metadata file.
-  prompt = '\nThe paths entered below should be located within the '+\
-    'repository\'s targets directory.\nEnter the directory, directories, or '+\
-    'any number of file paths containing the delegated role\'s target files: '
-  delegated_targets_input = _prompt(prompt, str)
-  delegated_targets_input = delegated_targets_input.split()
-
-  # Verify the format of the delegated targets specified by the user.
-  # The paths in 'delegated_targets_input' will be verified in
-  # in the _make_delegated_metadata() call.
-  try:
-    tuf.formats.PATHS_SCHEMA.check_match(delegated_targets_input)
-  except (tuf.FormatError, tuf.Error), e:
-    message = str(e)+'\n'
-    raise tuf.RepositoryError(message)
-
-  # Get all the target roles and their respective keyids.
-  # These keyids will let the user know which roles are currently known.
-  # signerlib.get_target_keyids() returns a dictionary that has the form:
-  # {'targets': [keyid1, ...], 'targets/role1': [keyid1, ...] ...}
-  targets_roles = tuf.repo.signerlib.get_target_keyids(metadata_directory)
-
-  # Load the parent role specified by the user.  The parent role must be loaded
-  # so its 'delegations' field can be updated.
-  parent_role, parent_keyids = _load_parent_role(metadata_directory,
-                                                 keystore_directory,
-                                                 targets_roles)
-
-  # Load the delegated role specified by the user.  The delegated role must be
-  # loaded so its metadata file can be created.
-  delegated_role, delegated_keyids = _get_delegated_role(keystore_directory,
-                                                         metadata_directory)
-
-  # Create, sign, and write the delegated role's metadata file.
-  delegated_paths = _make_delegated_metadata(metadata_directory,
-                                             delegated_targets_input,
-                                             parent_role, delegated_role,
-                                             delegated_keyids)
-
-  # Update the parent role's metadata file.  The parent role's delegation
-  # field must be updated with the newly created delegated role.
-  _update_parent_metadata(metadata_directory, delegated_role, delegated_keyids,
-                          parent_role, parent_keyids,
-                          delegated_paths=delegated_paths)
-
-
-
-
-
-def _load_parent_role(metadata_directory, keystore_directory, targets_roles):
-  """
-    Load the parent role specified by the user.  The user is presented with a
-    list of known targets roles and asked to enter the parent role to load.
-    Ensure the parent role is loaded properly and return a string containing
-    the parent role's full rolename and a list of keyids belonging to the parent.
-  """
-
-  # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'.
-  # Set to improve readability.
-  load_key = tuf.repo.keystore.load_keystore_from_keyfiles
-  
-  # Get the parent role.  We need to modify the parent role's metadata file.
-  parent_role = None
-  # Retrieve the parent role from the user.
-  for attempt in range(MAX_INPUT_ATTEMPTS):
-    prompt = '\nChoose and enter the parent role\'s full name: '
-    parent_role = _prompt(prompt, str)
-    if parent_role not in targets_roles:
-      message = 'Invalid role name entered'
-      logger.info(message)
-      parent_role = None
-      continue
-    else:
-      break
-
-  # Ensure we loaded a valid parent role.
-  if parent_role is None:
-    message = 'Could not get a valid parent role.\n'
-    raise tuf.RepositoryError(message)
-
-  # Load the parent's key(s).  The key needs to be loaded because
-  # its metadata file will be modified.
-  parent_keyids = []
-  for keyid in targets_roles[parent_role]:
-    for attempt in range(MAX_INPUT_ATTEMPTS):
-      prompt = '\nEnter the password for '+parent_role+' ('+keyid+'): '
-      password = _get_password(prompt)
-      loaded_keyid = load_key(keystore_directory, [keyid], [password])
-      if keyid not in loaded_keyid:
-        message = 'The keyid could not be loaded.'
-        logger.info(message)
-        continue
-      parent_keyids.append(loaded_keyid[0])
-      break
-    if keyid not in parent_keyids:
-      message = 'Could not load the keys for the parent role.\n'
-      raise tuf.RepositoryError(message)
-  
-  return parent_role, parent_keyids
-
-
-
-
-
-def _get_delegated_role(keystore_directory, metadata_directory):
-  """
-    Get the delegated role specified by the user.  The user is presented with
-    a list of keyids available in the keystore and asked to enter the keyid
-    belonging to the delegated role.  Return a string containing
-    the delegated role's full rolename and its keyids.
-  """
-  
-  # Retrieve the delegated rolename from the user (e.g., 'role1').
-  delegated_role = _prompt('\nEnter the delegated role\'s name: ', str)
-  delegated_role = unicode(delegated_role, encoding="utf-8")
-
-  # Retrieve the delegated role\'s keyids from the user.
-  message = 'The keyid of the delegated role must be loaded.'
-  logger.info(message)
-  delegated_keyids = _get_keyids(keystore_directory)
-
-  # Ensure at least one delegated key was loaded.
-  if not tuf.formats.THRESHOLD_SCHEMA.matches(len(delegated_keyids)):
-    message = 'The minimum required threshold of keyids was not loaded.\n'
-    raise tuf.RepositoryError(message)
-
-  return delegated_role, delegated_keyids
-
-
-
-
-
-def _make_delegated_metadata(metadata_directory, delegated_targets,
-                             parent_role, delegated_role, delegated_keyids):
-  """
-    Create, sign, and write the metadata file for the newly added delegated
-    role.  Determine the target files from the paths in 'delegated_targets'
-    and the other information needed to generate the targets metadata file for 
-    delegated_role'.  Return the delegated paths to the caller.
-  """
-
-  repository_directory, junk = os.path.split(metadata_directory)
-  
-  # Retrieve the file paths for the delegated targets.  Keep track of the valid
-  # paths in 'delegated_targets', which will be stored in the 'paths' entry
-  # of the parent's metadata.  Directories are preserved in the returned
-  # 'delegated_paths' list.
-  delegated_paths = []
-  delegated_filepaths = []
-  
-  # The 'delegated_paths' list contains either file paths or the paths of
-  # directories.  A child role may list any target(s) under a directory or sub-
-  # directory.  Replicate directory wildcards using os.path.commonprefix()
-  # instead of regular expressions, which may be abused by input
-  # carefully-crafted for this purpose.
-  for path in delegated_targets:
-    path = os.path.abspath(path)
-    relative_path = path[len(repository_directory)+1:]
-    if os.path.isfile(path):
-      # The target paths need to be relative to the repository's targets
-      # directory (e.g., 'targets/role1/target_file.gif').
-      # [len(repository_directory)+1:] strips the repository path, including
-      # its trailing path separator.
-      delegated_filepaths.append(relative_path)
-      delegated_paths.append(relative_path)
-    # A directory implies the child role may list any targets under this
-    # directory.
-    elif os.path.isdir(path):
-      for entry in os.listdir(path):
-        filepath = os.path.join(path, entry)
-        if os.path.isfile(filepath):
-          relative_filepath = os.path.join(relative_path, entry)
-          delegated_filepaths.append(relative_filepath)
-      for delegated_path in delegated_paths:
-        if os.path.commonprefix([relative_path, delegated_path]) == delegated_path:
-          break
-      # Add the relative path of 'path' to 'delegated_paths'.  'relative_path'
-      # has not been added to 'delegated_paths', nor a parent directory of it.
-      else: 
-        delegated_paths.append(relative_path+os.sep)
-  message = 'There are '+repr(len(delegated_filepaths))+' target paths for '+\
-    repr(delegated_role)
-  logger.info(message)
-
-  # Create, sign, and write the delegated role's metadata file.
-  # The first time a parent role creates a delegation, a directory
-  # containing the parent role's name is created in the metadata
-  # directory.  For example, if the targets roles creates a delegated
-  # role 'role1', the metadata directory would then contain:
-  # '{metadata_directory}/targets/role1.json', where 'role1.json' is the
-  # delegated role's metadata file.
-  # If delegated role 'role1' creates its own delegated role 'role2', the
-  # metadata directory would then contain:
-  # '{metadata_directory}/targets/role1/role2.json'.
-  # When creating a delegated role, if the parent directory already
-  # exists, this means a prior delegation has been perform by the parent. 
-  parent_directory = os.path.join(metadata_directory, parent_role)
-
-  try:
-    os.mkdir(parent_directory)
-  except OSError, e:
-    if e.errno == errno.EEXIST:
-      pass
-    else:
-      raise
-
-  # Prompt the user the metadata file's expiration date.
-  # Raise 'tuf.RepositoryError' if invalid date is entered
-  # by the user.
-  expiration_date = _get_metadata_expiration()
- 
-  # Sign and write the delegated metadata file.
-  delegated_role_filename = delegated_role+'.json'
-  metadata_filename = os.path.join(parent_directory, delegated_role_filename)
-  repository_directory, junk = os.path.split(metadata_directory)
-  generate_metadata = tuf.repo.signerlib.generate_targets_metadata
-  delegated_metadata = generate_metadata(repository_directory, delegated_filepaths,
-                                         1, expiration_date)
-  _sign_and_write_metadata(delegated_metadata, delegated_keyids,
-                           metadata_filename)
-
-  return delegated_paths
-
-
-
-
-def _update_parent_metadata(metadata_directory, delegated_role,
-                            delegated_keyids, parent_role, parent_keyids,
-                            delegated_paths=None, path_hash_prefixes=None):
-  """
-    Update the parent role's metadata file.  The delegations field of the
-    metadata file is updated with the key and role information belonging
-    to the newly added delegated role.  Finally, the metadata file
-    is signed and written to the metadata directory.
-  """
-
-  # According to the specification, the 'paths' and 'path_hash_prefixes'
-  # attributes must be mutually exclusive. However, at the time of writing we
-  # do not always ensure that this is the case with the schema checks (see
-  # #83). Therefore, we must do it for ourselves.
-
-  if delegated_paths is not None and path_hash_prefixes is not None:
-    raise \
-      tuf.FormatError('Both "paths" and "path_hash_prefixes" are specified!')
-
-  if delegated_paths is None and path_hash_prefixes is None:
-    raise \
-      tuf.FormatError('Neither "paths" nor`"path_hash_prefixes" is specified!')
-
-  # The 'delegated_paths' are relative to 'repository'.
-  # The 'relative_paths' are relative to 'repository/targets'.
-  if delegated_paths is None:
-    relative_paths = None
-  else:
-    relative_paths = []
-    for path in delegated_paths:
-      relative_paths.append(os.path.sep.join(path.split(os.path.sep)[1:]))
-
-  # Extract the metadata from the parent role's file.
-  parent_filename = os.path.join(metadata_directory, parent_role)
-  parent_filename = parent_filename+'.json'
-  parent_signable = tuf.repo.signerlib.read_metadata_file(parent_filename)
-  parent_metadata = parent_signable['signed']
-
-  # Extract the delegations structure if it exists.
-  delegations = parent_metadata.get('delegations', {})
-
-  # Update the keys field.
-  keys = delegations.get('keys', {})
-  for delegated_keyid in delegated_keyids:
-    # Retrieve the key belonging to 'delegated_keyid' from the keystore.
-    role_key = tuf.repo.keystore.get_key(delegated_keyid)
-    if role_key['keytype'] == 'rsa':
-      keytype = role_key['keytype']
-      keyval = role_key['keyval']
-      keys[delegated_keyid] = tuf.keys.format_keyval_to_metadata(keytype, keyval)
-      #keys[delegated_keyid] = tuf.keys.create_in_metadata_format(keytype, keyval)
-    else:
-      message = 'Invalid keytype encountered: '+delegated_keyid+'\n'
-      raise tuf.RepositoryError(message)
- 
-  # Add the full list of keys belonging to 'delegated_role' to the delegations
-  # field.
-  delegations['keys'] = keys
-
-  # Update the 'roles' field.
-  roles = delegations.get('roles', [])
-  threshold = len(delegated_keyids)
-  delegated_role = parent_role+'/'+delegated_role
-
-  # Write either the "paths" or the "path_hash_prefixes" attribute.
-  role_metadata = \
-    tuf.formats.make_role_metadata(delegated_keyids, threshold,
-                                   name=delegated_role, paths=relative_paths,
-                                   path_hash_prefixes=path_hash_prefixes)
-
-  # Find the appropriate role to create or update.
-  role_index = tuf.repo.signerlib.find_delegated_role(roles, delegated_role)
-
-  if role_index is None:
-    # Append role to the end of the list of delegated roles.
-    logger.info('Appending role '+delegated_role+' to '+parent_role)
-    roles.append(role_metadata)
-  else:
-    # Update role with the same name.
-    logger.info('Replacing role '+delegated_role+' in '+parent_role)
-    roles[role_index] = role_metadata
-
-  delegations['roles'] = roles
-
-  # Update the larger metadata structure.
-  parent_metadata['delegations'] = delegations
-
-  # Increment the parent role's version.
-  version = parent_metadata['version']
-  parent_metadata['version'] = version+1 
-
-  # Try to write the modified targets file.
-  parent_signable = tuf.formats.make_signable(parent_metadata)
-  _sign_and_write_metadata(parent_signable, parent_keyids, parent_filename)
-
-
-
-
-
-def process_option(options):
-  """
-  <Purpose>
-    Determine the command-line option chosen by the user and call its
-    corresponding function.  If 'signercli' is invoked with the --genrsakey
-    command-line option, its corresponding 'generate_rsa_key()' function
-    is called.
-
-  <Arguments>
-    options:
-      An optparse OptionValues instance, returned by parser.parse_args().
-
-  <Exceptions>
-    tuf.RepositoryError, raised by one of the supported option
-    functions.
-
-    tuf.Error, if a valid option was not encountered.
-
-  <Side Effects>
-    Files in the repository are either created or modified
-    depending on the command-line option chosen by the user.
-
-  <Returns>
-    None.
-  """
-
-  # Determine which option was chosen and call its corresponding
-  # internal function with the option's keystore directory argument.
-  if options.genrsakey is not None:
-    generate_rsa_key(options.genrsakey)
-  elif options.listkeys is not None:
-    list_signing_keys(options.listkeys)
-  elif options.changepass is not None:
-    change_password(options.changepass)
-  elif options.dumpkey is not None:
-    dump_key(options.dumpkey)
-  elif options.makeroot is not None:
-    make_root_metadata(options.makeroot)
-  elif options.maketargets is not None:
-    make_targets_metadata(options.maketargets)
-  elif options.makerelease is not None:
-    make_release_metadata(options.makerelease)
-  elif options.maketimestamp is not None:
-    make_timestamp_metadata(options.maketimestamp)
-  elif options.sign is not None:
-    sign_metadata_file(options.sign)
-  elif options.makedelegation is not None:
-    make_delegation(options.makedelegation)
-  else:
-    raise tuf.Error('A valid option was not encountered.\n')
-
-
-
-
-def parse_options():
-  """
-  <Purpose>
-    Parse the command-line options.  'signercli' expects a single
-    command-line option and one keystore directory argument.
-    Example:
-      $ python signercli.py --genrsakey ./keystore
-
-    All supported command-line options expect a single keystore
-    directory argument.  If 'signercli' is invoked with an incorrect
-    number of command-line options or arguments, a parser error
-    is printed and the script exits.
-
-  <Arguments>
-    None.
-
-  <Exceptions>
-    None.
-
-  <Side Effects>
-    A file is a created or modified depending on the option
-    encountered on the command-line.
-
-  <Returns>
-    The options object returned by the parser's parse_args() method.
-  """
-
-  usage = 'usage: %prog [option] <keystore_directory>'
-  option_parser = optparse.OptionParser(usage=usage)
-
-  # Add the options supported by 'signercli' to the option parser.
-  option_parser.add_option('--genrsakey', action='store', type='string',
-                           help='Generate an RSA key and save it to '\
-                           'the keystore.')
-
-  option_parser.add_option('--listkeys', action='store', type='string',
-                           help='List the key IDs of the signing '\
-                           'keys located in the keystore.')
-
-  option_parser.add_option('--changepass', action='store', type='string',
-                           help='Change the password for one of '\
-                           'the signing keys.')
-
-  option_parser.add_option('--dumpkey', action='store', type='string',
-                           help='Dump the contents of an encrypted '\
-                           'key file.')
-
-  option_parser.add_option('--makeroot', action='store', type='string',
-                           help='Create the Root metadata file '\
-                           '(root.json).')
-
-  option_parser.add_option('--maketargets', action='store', type='string',
-                           help='Create the Targets metadata file '\
-                           '(targets.json).')
-
-  option_parser.add_option('--makerelease', action='store', type='string',
-                           help='Create the Release metadata file '\
-                           '(release.json).')
-
-  option_parser.add_option('--maketimestamp', action='store', type='string',
-                           help='Create the Timestamp metadata file '\
-                           '(timestamp.json).')
-
-  option_parser.add_option('--sign', action='store', type='string',
-                           help='Sign a metadata file.')
-
-  option_parser.add_option('--makedelegation', action='store', type='string',
-                           help='Create a delegated role by creating '\
-                           'its metadata file and updating the parent '\
-                           'role\'s metadata file.')
-
-  (options, remaining_arguments) = option_parser.parse_args()
-
-  # Ensure the script was invoked with the correct number of arguments
-  # (i.e., one command-line option and a single keystore directory argument).
-  # Return the options object to the caller to determine the option chosen
-  # by the user.  option_parser.error() will print the argument error message
-  # and exit.
-  if len(sys.argv) != 3:
-    option_parser.error('Expected a single option and one keystore argument.')
-
-  return options
-
-
-
-
-
-if __name__ == '__main__':
-  options = parse_options()
-
-  # Process the command-line option chosen by the user.
-  # 'tuf.RepositoryError' raised by the option's corresponding
-  # function if an error occurs.  'tuf.Error' raised if a valid
-  # option is not provided by the user.
-  try:
-    process_option(options)
-  except (tuf.RepositoryError, tuf.Error), e:
-    sys.stderr.write('Error: '+str(e))
-    sys.exit(1)
-
-  # The command-line option was processed successfully.
-  sys.exit(0)
diff --git a/tuf/repo/signerlib.py b/tuf/repo/signerlib.py
deleted file mode 100755
index 4682348c..00000000
--- a/tuf/repo/signerlib.py
+++ /dev/null
@@ -1,1529 +0,0 @@
-"""
-<Program Name>
-  signerlib.py
-
-<Author>
-  Vladimir Diaz <vladimir.v.diaz@gmail.com>
-
-<Started>
-  April 5, 2012.  Based on a previous version of this module by Geremy Condra.
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  Provide helper functions to the 'signercli.py' and 'quickstart.py' scripts.
-  These functions contain code that can extract or create needed repository
-  data, such as the extraction of role and keyid information from a config file,
-  and the generation of actual metadata content.
-"""
-
-import gzip
-import os
-import ConfigParser
-import logging
-import time
-
-import tuf
-import tuf.formats
-import tuf.hash
-import tuf.keys
-import tuf.repo.keystore
-import tuf.keys
-import tuf.util
-
-# See 'log.py' to learn how logging is handled in TUF.
-logger = logging.getLogger('tuf.signerlib')
-
-json = tuf.util.import_json()
-
-# Recommended RSA key sizes:
-# http://www.emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm#table1 
-# According to the document above, revised May 6, 2003, RSA keys of
-# size 3072 provide security through 2031 and beyond.  2048-bit keys
-# are the recommended minimum and are good from the present through 2030.
-DEFAULT_RSA_KEY_BITS = 3072
-
-# The metadata filenames for the top-level roles.
-ROOT_FILENAME = 'root.json'
-TARGETS_FILENAME = 'targets.json'
-SNAPSHOT_FILENAME = 'snapshot.json'
-TIMESTAMP_FILENAME = 'timestamp.json'
-
-# The filename for the repository configuration file.
-# This file holds the keyids and threshold values for
-# the top-level roles and their expiration date.
-CONFIG_FILENAME = 'config.cfg'
-
-
-def read_config_file(filename):
-  """
-  <Purpose>
-    Read the TUF configuration file at filepath 'filename'.  Return a
-    dictionary where the keys are section names and the values dictionaries
-    of the keys/values in that section.
-    For example:
-    config_dict = {'expiration': {'days': 290, 'years': 8, ...},
-                   'root': {'keyids': [1234bc33dfba, 13213123dbfdd]},
-                   ...}
-
-  <Arguments>
-    filename:
-      The absolute path of the configuration file.
-
-  <Exceptions>
-    tuf.FormatError, if 'filename' is improperly formatted.
-
-    tuf.Error, if 'filename' could not be read.
-
-  <Side Effects>
-    The contents of 'filename' are read and stored.
-
-  <Returns>
-    A dictionary containing the data loaded from the configuration file.
-  """
-
-  # Does 'filename' have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(filename)
-
-  # Ensure 'filename' is an absolutized path and is a valid file.
-  if not os.path.isabs(filename):
-    raise tuf.Error(repr(filename)+' is not an absolute path.')
-  if not os.path.isfile(filename):
-    raise tuf.Error(repr(filename)+' is not a valid file.')
-
-  # Check if 'filename' is an appropriately named config file.  If it is not,
-  # we want to indicate this and prevent the reading of an invalid file.
-  if not filename.endswith(CONFIG_FILENAME):
-    raise tuf.Error(repr(filename)+' is not a config file.')
-
-  # RawConfigParser is used because unlike ConfigParser,
-  # it does not provide magical interpolation/expansion
-  # of variables (e.g., '%(option)s' would be ignored).
-  config = ConfigParser.RawConfigParser()
-  config.read(filename)
-  config_dict = {}
-
-  # Extract the relevant information from the config and build the
-  # 'config_dict' dictionary.
-  for section in config.sections():
-    config_dict[section] = {}
-    for key, value in config.items(section):
-      if key in ['threshold', 'years', 'seconds', 'minutes', 'days', 'hours']:
-        value = int(value)
-      elif key in ['keyids']:
-        value = value.split(',')
-      config_dict[section][key] = value
-
-  return config_dict
-
-
-
-
-
-def get_metadata_file_info(filename):
-  """
-  <Purpose>
-    Retrieve the file information for 'filename'.  The object returned
-    conforms to 'tuf.formats.FILEINFO_SCHEMA'.  The information
-    generated for 'filename' is stored in metadata files like 'targets.json'.
-    The fileinfo object returned has the form:
-    fileinfo = {'length': 1024,
-                'hashes': {'sha256': 1233dfba312, ...},
-                'custom': {...}}
-
-  <Arguments>
-    filename:
-      The metadata file whose file information is needed.
-
-  <Exceptions>
-    tuf.FormatError, if 'filename' is improperly formatted.
-
-    tuf.Error, if 'filename' doesn't exist.
-
-  <Side Effects>
-    The file is opened and information about the file is generated,
-    such as file size and its hash.
-
-  <Returns>
-    A dictionary conformant to 'tuf.formats.FILEINFO_SCHEMA'.  This
-    dictionary contains the length, hashes, and custom data about
-    the 'filename' metadata file.
-  """
-
-  # Does 'filename' have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(filename)
-
-  if not os.path.isfile(filename):
-    message = repr(filename)+' is not a file.'
-    raise tuf.Error(message)
-  
-  # Note: 'filehashes' is a dictionary of the form
-  # {'sha256': 1233dfba312, ...}.  'custom' is an optional
-  # dictionary that a client might define to include additional
-  # file information, such as the file's author, version/revision
-  # numbers, etc.
-  filesize, filehashes = tuf.util.get_file_details(filename)
-  custom = None
-
-  return tuf.formats.make_fileinfo(filesize, filehashes, custom)
-
-
-
-
-
-def get_metadata_filenames(metadata_directory=None):
-  """
-  <Purpose>
-    Return a dictionary containing the filenames of the top-level roles.
-    If 'metadata_directory' is set to 'metadata', the dictionary
-    returned would contain:
-
-    filenames = {'root': 'metadata/root.json',
-                 'targets': 'metadata/targets.json',
-                 'snapshot': 'metadata/snapshot.json',
-                 'timestamp': 'metadata/timestamp.json'}
-
-    If the metadata directory is not set by the caller, the current
-    directory is used.
-
-  <Arguments>
-    metadata_directory:
-      The directory containing the metadata files.
-
-  <Exceptions>
-    tuf.FormatError, if 'metadata_directory' is improperly formatted.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    A dictionary containing the expected filenames of the top-level
-    metadata files, such as 'root.json' and 'snapshot.json'.
-  """
-
-  if metadata_directory is None:
-    metadata_directory = '.'
-
-  # Does 'metadata_directory' have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch. 
-  tuf.formats.PATH_SCHEMA.check_match(metadata_directory)
-
-  filenames = {}
-  filenames['root'] = os.path.join(metadata_directory, ROOT_FILENAME)
-  filenames['targets'] = os.path.join(metadata_directory, TARGETS_FILENAME)
-  filenames['snapshot'] = os.path.join(metadata_directory, SNAPSHOT_FILENAME)
-  filenames['timestamp'] = os.path.join(metadata_directory, TIMESTAMP_FILENAME)
-
-  return filenames
-
-
-
-
-
-def generate_root_metadata(config_filepath, version):
-  """
-  <Purpose>
-    Create the root metadata.  'config_filepath' is read
-    and the information contained in this file will be
-    used to generate the root metadata object.
-
-  <Arguments>
-    config_filepath:
-      The file containing metadata information such as the keyids
-      of the top-level roles and expiration data.  'config_filepath'
-      is an absolute path.
-    
-    version:
-      The metadata version number.  Clients use the version number to
-      determine if the downloaded version is newer than the one currently trusted.
-
-  <Exceptions>
-    tuf.FormatError, if the generated root metadata object could not
-    be generated with the correct format.
-
-    tuf.Error, if an error is encountered while generating the root
-    metadata object.
-  
-  <Side Effects>
-    'config_filepath' is read and its contents stored.
-
-  <Returns>
-    A root 'signable' object conformant to 'tuf.formats.SIGNABLE_SCHEMA'.
-  """
-
-  # Does 'config_filepath' have the correct format?
-  # Raise 'tuf.FormatError' if the match fails.
-  tuf.formats.PATH_SCHEMA.check_match(config_filepath)
-  tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-
-  # 'tuf.Error' raised if 'config_filepath' cannot be read. 
-  config = read_config_file(config_filepath)
-
-  # The role and key dictionaries to be saved in the root metadata object.
-  roledict = {}
-  keydict = {}
-
-  # Extract the role, threshold, and keyid information from the config.
-  # The necessary role metadata is generated from this information.
-  for rolename in ['root', 'targets', 'snapshot', 'timestamp']:
-    # If a top-level role is missing from the config, raise an exception.
-    if rolename not in config:
-      raise tuf.Error('No '+rolename+' section found in config file.')
-    keyids = []
-    # Generate keys for the keyids listed by the role being processed.
-    for config_keyid in config[rolename]['keyids']:
-      key = tuf.repo.keystore.get_key(config_keyid)
-
-      # If 'key' is an RSA key, it would conform to 'tuf.formats.RSAKEY_SCHEMA',
-      # and have the form:
-      # {'keytype': 'rsa',
-      #  'keyid': keyid,
-      #  'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-      #             'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-      keyid = key['keyid']
-      # This appears to be a new keyid.  Let's generate the key for it.
-      if keyid not in keydict:
-        if key['keytype'] in ['rsa', 'ed25519']:
-          keytype = key['keytype']
-          keyval = key['keyval']
-          keydict[keyid] = tuf.keys.format_keyval_to_metadata(keytype, keyval)
-        # This is not a recognized key.  Raise an exception.
-        else:
-          raise tuf.Error('Unsupported keytype: '+keyid)
-      # Do we have a duplicate?  Raise an exception if so.
-      if keyid in keyids:
-        raise tuf.Error('Same keyid listed twice: '+keyid)
-      # Add the loaded keyid for the role being processed.
-      keyids.append(keyid)
-    # Generate and store the role data belonging to the processed role.
-    role_metadata = tuf.formats.make_role_metadata(keyids, config[rolename]['threshold'])
-    roledict[rolename] = role_metadata
-
-  # Extract the expiration information from the config.  The root metadata
-  # object stores this expiration information in total seconds.
-  expiration = config['expiration']
-  expiration_seconds = (expiration['seconds'] + 60 * expiration['minutes'] +
-                        3600 * expiration['hours'] +
-                        3600 * 24 * expiration['days'])
-
-  # Generate the root metadata object.
-  expiration_date = tuf.formats.format_time(time.time()+expiration_seconds)
-  root_metadata = tuf.formats.RootFile.make_metadata(version, expiration_date,
-                                                     keydict, roledict, False)
-
-  # Note: make_signable() returns the following dictionary:
-  # {'signed' : role_metadata, 'signatures' : []}
-  return tuf.formats.make_signable(root_metadata)
-
-
-
-
-
-def generate_targets_metadata(repository_directory, target_files, version,
-                              expiration_date):
-  """
-  <Purpose>
-    Generate the targets metadata object. The targets must exist at the same
-    path they should on the repo.  'target_files' is a list of targets. We're
-    not worrying about custom metadata at the moment. It is allowed to not
-    provide keys.
-
-  <Arguments>
-    target_files:
-      The target files tracked by 'targets.json'.  'target_files' is a list of
-      paths/directories of target files that are relative to the repository
-      (e.g., ['targets/file1.json', ...]).  If the target files are saved in
-      the root folder 'targets' on the repository, then 'targets' must be
-      included in the target paths.  The repository does not have to name
-      this folder 'targets'.
-
-    repository_directory:
-      The directory (absolute path) containing the metadata and target
-      directories.
-
-    version:
-      The metadata version number.  Clients use the version number to
-      determine if the downloaded version is newer than the one currently trusted.
-
-    expiration_date:
-      The expiration date, in UTC, of the metadata file.
-      Conformant to 'tuf.formats.TIME_SCHEMA'.
-  
-  <Exceptions>
-    tuf.FormatError, if an error occurred trying to generate the targets
-    metadata object.
-
-    tuf.Error, if any of the target files could not be read. 
-
-  <Side Effects>
-    The target files are read and file information generated about them.
-
-  <Returns>
-    A targets 'signable' object, conformant to 'tuf.formats.SIGNABLE_SCHEMA'.
-  """
-
-  # Do the arguments have the correct format.
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATHS_SCHEMA.check_match(target_files)
-  tuf.formats.PATH_SCHEMA.check_match(repository_directory)
-  tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
-
-  filedict = {}
-
-  repository_directory = check_directory(repository_directory)
-
-  # Generate the file info for all the target files listed in 'target_files'.
-  for target in target_files:
-    # Strip 'targets/' from from 'target' and keep the rest (e.g.,
-    # 'targets/more_targets/somefile.txt' -> 'more_targets/somefile.txt'
-    relative_targetpath = os.path.sep.join(target.split(os.path.sep)[1:])
-    target_path = os.path.join(repository_directory, target)
-    if not os.path.exists(target_path):
-      message = repr(target_path)+' could not be read.  Unable to generate '+\
-        'targets metadata.'
-      raise tuf.Error(message)
-    filedict[relative_targetpath] = get_metadata_file_info(target_path)
-
-  # Generate the targets metadata object.
-  targets_metadata = tuf.formats.TargetsFile.make_metadata(version,
-                                                           expiration_date,
-                                                           filedict)
-
-  return tuf.formats.make_signable(targets_metadata)
-
-
-
-
-
-def generate_snapshot_metadata(metadata_directory, version, expiration_date):
-  """
-  <Purpose>
-    Create the snapshot metadata.  The minimum metadata must exist
-    (i.e., 'root.json' and 'targets.json'). This will also look through
-    the 'targets/' directory in 'metadata_directory' and the resulting
-    snapshot file will list all the delegated roles.
-
-  <Arguments>
-    metadata_directory:
-      The directory containing the 'root.json' and 'targets.json' metadata
-      files.
-    
-    version:
-      The metadata version number.  Clients use the version number to
-      determine if the downloaded version is newer than the one currently trusted.
-
-    expiration_date:
-      The expiration date, in UTC, of the metadata file.
-      Conformant to 'tuf.formats.TIME_SCHEMA'.
-
-  <Exceptions>
-    tuf.FormatError, if 'metadata_directory' is improperly formatted.
-
-    tuf.Error, if an error occurred trying to generate the snapshot metadata
-    object.
-
-  <Side Effects>
-    The 'root.json' and 'targets.json' files are read.
-
-  <Returns>
-    The snapshot 'signable' object, conformant to 'tuf.formats.SIGNABLE_SCHEMA'.
-  """
-
-  # Does 'metadata_directory' have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(metadata_directory)
-  tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
-
-  metadata_directory = check_directory(metadata_directory)
-
-  # Retrieve the full filepath of the root and targets metadata file.
-  root_filename = os.path.join(metadata_directory, 'root.json')
-  targets_filename = os.path.join(metadata_directory, 'targets.json')
-
-  # Retrieve the file info of 'root.json' and 'targets.json'.  This file
-  # information includes data such as file length, hashes of the file, etc.
-  filedict = {}
-  filedict['root.json'] = get_metadata_file_info(root_filename)
-  filedict['targets.json'] = get_metadata_file_info(targets_filename)
-
-  # Walk the 'targets/' directory and generate the file info for all
-  # the files listed there.  This information is stored in the 'meta'
-  # field of the snapshot metadata object.
-  targets_metadata = os.path.join(metadata_directory, 'targets')
-  if os.path.exists(targets_metadata) and os.path.isdir(targets_metadata):
-    for directory_path, junk, files in os.walk(targets_metadata):
-      # 'files' here is a list of target file names.
-      for basename in files:
-        metadata_path = os.path.join(directory_path, basename)
-        metadata_name = metadata_path[len(metadata_directory):].lstrip(os.path.sep)
-        filedict[metadata_name] = get_metadata_file_info(metadata_path)
-
-  # Generate the snapshot metadata object.
-  snapshot_metadata = tuf.formats.SnapshotFile.make_metadata(version,
-                                                             expiration_date,
-                                                             filedict)
-
-  return tuf.formats.make_signable(snapshot_metadata)
-
-
-
-
-
-def generate_timestamp_metadata(snapshot_filename, version,
-                                expiration_date, compressions=()):
-  """
-  <Purpose>
-    Generate the timestamp metadata object.  The 'snapshot.json' file must exist.
-
-  <Arguments>
-    snapshot_filename:
-      The required filename of the snapshot metadata file.
-    
-    version:
-      The metadata version number.  Clients use the version number to
-      determine if the downloaded version is newer than the one currently trusted.
-
-    expiration_date:
-      The expiration date, in UTC, of the metadata file.
-      Conformant to 'tuf.formats.TIME_SCHEMA'.
-
-    compressions:
-      Compression extensions (e.g., 'gz').  If 'snapshot.json' is also saved in
-      compressed form, these compression extensions should be stored in
-      'compressions' so the compressed timestamp files can be added to the
-      timestamp metadata object.
-
-  <Exceptions>
-    tuf.FormatError, if the generated timestamp metadata object could
-    not be formatted correctly.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    A timestamp 'signable' object, conformant to 'tuf.formats.SIGNABLE_SCHEMA'.
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is  mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(snapshot_filename)
-  tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
-
-  # Retrieve the file info for the snapshot metadata file.
-  # This file information contains hashes, file length, custom data, etc.
-  fileinfo = {}
-  fileinfo['snapshot.json'] = get_metadata_file_info(snapshot_filename)
-
-  # Save the file info of the compressed versions of 'timestamp.json'.
-  for file_extension in compressions:
-    compressed_filename = snapshot_filename + '.' + file_extension
-    try:
-      compressed_fileinfo = get_metadata_file_info(compressed_filename)
-    except:
-      logger.warn('Could not get fileinfo about '+str(compressed_filename))
-    else:
-      logger.info('Including fileinfo about '+str(compressed_filename))
-      fileinfo['snapshot.json.' + file_extension] = compressed_fileinfo
-
-  # Generate the timestamp metadata object.
-  timestamp_metadata = tuf.formats.TimestampFile.make_metadata(version,
-                                                               expiration_date,
-                                                               fileinfo)
-
-  return tuf.formats.make_signable(timestamp_metadata)
-
-
-
-
-
-def write_metadata_file(metadata, filename, compression=None):
-  """
-  <Purpose>
-    Create the file containing the metadata.
-
-  <Arguments>
-    metadata:
-      The object that will be saved to 'filename'.
-
-    filename:
-      The filename (absolute path) of the metadata to be
-      written (e.g., 'root.json').
-
-    compression:
-      Specify an algorithm as a string to compress the file; otherwise, the
-      file will be left uncompressed. Available options are 'gz' (gzip).
-
-  <Exceptions>
-    tuf.FormatError, if the arguments are improperly formatted.
-
-    tuf.Error, if 'filename' doesn't exist.
-
-    Any other runtime (e.g. IO) exception.
-
-  <Side Effects>
-    The 'filename' file is created or overwritten if it exists.
-
-  <Returns>
-    The path to the written metadata file.
-  """
-
-  # Are the arguments properly formatted?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.SIGNABLE_SCHEMA.check_match(metadata)
-  tuf.formats.PATH_SCHEMA.check_match(filename)
-
-  # Verify 'filename' directory.
-  check_directory(os.path.dirname(filename))
-
-  # We choose a file-like object that depends on the compression algorithm.
-  file_object = None
-  # We may modify the filename, depending on the compression algorithm, so we
-  # store it separately.
-  filename_with_compression = filename
-
-  # Take care of compression.
-  if compression is None:
-    logger.info('No compression for '+str(filename))
-    file_object = open(filename_with_compression, 'w')
-  elif compression == 'gz':
-    logger.info('gzip compression for '+str(filename))
-    filename_with_compression += '.gz'
-    file_object = gzip.open(filename_with_compression, 'w')
-  else:
-    raise tuf.FormatError('Unknown compression algorithm: '+str(compression))
-
-  try:
-    tuf.formats.PATH_SCHEMA.check_match(filename_with_compression)
-    logger.info('Writing to '+str(filename_with_compression))
-
-    # The metadata object is saved to 'file_object'.  The keys
-    # of the objects are sorted and indentation is used.
-    json.dump(metadata, file_object, indent=1, sort_keys=True)
-
-    file_object.write('\n')
-  except:
-    # Raise any runtime exception.
-    raise
-  else:
-    # Otherwise, return the written filename.
-    return filename_with_compression
-  finally:
-    # Always close the file.
-    file_object.close()
-
-
-
-
-
-def read_metadata_file(filename):
-  """
-  <Purpose>
-    Extract the metadata object from 'filename'.
-
-  <Arguments>
-    filename:
-      The filename of the file containing the metadata object.
-
-  <Exceptions>
-    tuf.FormatError, if 'filename' is improperly formatted.
-
-    tuf.Error, if 'filename' cannot be opened.
-
-  <Side Effects>
-    The contents of 'filename' are extracted.
-
-  <Returns>
-   The metadata object.
-  """
-
-  return tuf.util.load_json_file(filename)
-
-
-
-
-
-def sign_metadata(metadata, keyids, filename):
-  """
-  <Purpose>
-    Sign a metadata object. If any of the keyids have already signed the file,
-    the old signature will be replaced.  The keys in 'keyids' must already be
-    loaded in the keystore.
-
-  <Arguments>
-    metadata:
-      The metadata object to sign.  For example, 'metadata' might correspond to
-      'tuf.formats.ROOT_SCHEMA' or 'tuf.formats.TARGETS_SCHEMA'.
-
-    keyids:
-      The keyids list of the signing keys.
-
-    filename:
-      The intended filename of the signed metadata object.
-      For example, 'root.json' or 'targets.json'.  This function
-      does NOT save the signed metadata to this filename.
-
-  <Exceptions>
-    tuf.FormatError, if a valid 'signable' object could not be generated.
-
-    tuf.Error, if an invalid keytype was found in the keystore. 
-  
-  <Side Effects>
-    None.
-
-  <Returns>
-    A signable object conformant to 'tuf.formats.SIGNABLE_SCHEMA'.
-  """
-
-  # Does 'keyids' and 'filename' have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.KEYIDS_SCHEMA.check_match(keyids)
-  tuf.formats.PATH_SCHEMA.check_match(filename)
-
-  # Make sure the metadata is in 'signable' format.  That is,
-  # it contains a 'signatures' field containing the result
-  # of signing the 'signed' field of 'metadata' with each
-  # keyid of 'keyids'.
-  signable = tuf.formats.make_signable(metadata)
-
-  # Sign the metadata with each keyid in 'keyids'.
-  for keyid in keyids:
-    # Load the signing key.
-    key = tuf.repo.keystore.get_key(keyid)
-    logger.info('Signing '+repr(filename)+' with '+key['keyid'])
-
-    # Create a new signature list.  If 'keyid' is encountered,
-    # do not add it to new list.
-    signatures = []
-    for signature in signable['signatures']:
-      if not keyid == signature['keyid']:
-        signatures.append(signature)
-    signable['signatures'] = signatures
-
-    # Generate the signature using the appropriate signing method.
-    if key['keytype'] == 'rsa':
-      signed = signable['signed']
-      signature = tuf.keys.create_signature(key, signed)
-      signable['signatures'].append(signature)
-    else:
-      raise tuf.Error('The keystore contains a key with an invalid key type')
-
-  # Raise 'tuf.FormatError' if the resulting 'signable' is not formatted
-  # correctly.
-  tuf.formats.check_signable_object_format(signable)
-
-  return signable
-
-
-
-
-
-def generate_and_save_rsa_key(keystore_directory, password,
-                              bits=DEFAULT_RSA_KEY_BITS):
-  """
-  <Purpose>
-    Generate a new RSA key and save it as an encrypted key file
-    to 'keystore_directory'.  The encrypted key file is named:
-    <keyid>.key.  'password' is used as the encryption key.
-
-  <Arguments>
-    keystore_directory:
-      The directory to save the generated encrypted key file.
-
-    password:
-      The password used to encrypt the RSA key file.
-
-    bits:
-      The key size, or key length, of the RSA key.
-      If 'bits' is unspecified, a 3072-bit RSA key is generated, which is the
-      key size recommended by TUF, although 2048-bit keys are accepted
-      (minimum key size).
-
-  <Exceptions>
-    tuf.FormatError, if 'bits' or 'password' does not have the
-    correct format.
-
-    tuf.CryptoError, if there was an error while generating the key.
-
-  <Side Effects>
-    An encrypted key file is created in 'keystore_directory'.
-
-  <Returns>
-    The generated RSA key.
-    The object returned conforms to 'tuf.formats.RSAKEY_SCHEMA' of the form:
-    {'keytype': 'rsa',
-     'keyid': keyid,
-     'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
-                'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
-  """
-
-  # Are the arguments correctly formatted?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(keystore_directory)
-  tuf.formats.PASSWORD_SCHEMA.check_match(password)
-
-  keystore_directory = check_directory(keystore_directory)
-
-  # tuf.FormatError or tuf.CryptoError raised.
-  rsakey = tuf.keys.generate_rsa_key(bits)
-
-  logger.info('Generated a new key: '+rsakey['keyid'])
-
-  # Store the generated RSA key in the keystore and save the
-  # key file '<keyid>.key' in 'keystore_directory'.
-  try:
-    tuf.repo.keystore.add_rsakey(rsakey, password)
-    tuf.repo.keystore.save_keystore_to_keyfiles(keystore_directory)
-  except tuf.FormatError:
-    raise
-  except tuf.KeyAlreadyExistsError:
-    logger.warn('The generated RSA key already exists.')
-
-  return rsakey
-
-
-
-
-
-def check_directory(directory):
-  """
-  <Purpose>
-    Ensure 'directory' is valid and it exists.  This is not a security check,
-    but a way for the caller to determine the cause of an invalid directory
-    provided by the user.  If the directory argument is valid, it is returned
-    normalized and as an absolute path.
-
-  <Arguments>
-    directory:
-      The directory to check.
-
-  <Exceptions>
-    tuf.Error, if 'directory' could not be validated.
-
-    tuf.FormatError, if 'directory' is not properly formatted.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    The normalized absolutized path of 'directory'.
-  """
-
-  # Does 'directory' have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(directory)
-
-  # Check if the directory exists.
-  if not os.path.isdir(directory):
-    raise tuf.Error(repr(directory)+' directory does not exist')
-
-  directory = os.path.abspath(directory)
-  
-  return directory
-
-
-
-
-
-def get_target_keyids(metadata_directory):
-  """
-  <Purpose>
-    Retrieve the role keyids for all the target roles located
-    in 'metadata_directory'.  The target's '.json' metadata
-    file is inspected and the keyids extracted.  The 'targets.json'
-    role, including delegated roles (e.g., 'targets/role1.json'),
-    are all read.
-
-  <Arguments>
-    metadata_directory:
-      The directory containing the 'targets.json' metadata file and
-      the metadata for optional delegated roles.  The delegated role
-      'role1' whose parent is 'targets', would be located in the
-      '{metadata_directory}/targets/role1' directory.
-
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are improperly formatted.
-
-    tuf.RepositoryError, if there was an error reading a target file.
-
-  <Side Effects>
-    Reads all of the target metadata found in 'metadata_directory'
-    and stores the information extracted.
-
-  <Returns>
-    A dictionary containing the role information extracted from the
-    metadata.
-    Ex: {'targets':[keyid1, ...], 'targets/role1':[keyid], ...}
-  """
-
-  # Does 'metadata_directory' have the correct format?
-  # Raise 'tuf.FormatError, if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(metadata_directory)
-
-  metadata_directory = check_directory(metadata_directory)
-
-  # The dict holding the keyids for all the target roles.
-  # This dict will be returned to the caller. 
-  role_keyids = {}
-
-  # Read the 'targets.json' file.  This file must exist.
-  targets_filepath = os.path.join(metadata_directory, 'targets.json')
-  if not os.path.exists(targets_filepath):
-    raise tuf.RepositoryError('"targets.json" not found')
-
-  # Read the contents of 'targets.json' and save the signable.
-  targets_signable = tuf.util.load_json_file(targets_filepath)
-
-  # Ensure the signable is properly formatted.
-  try:
-    tuf.formats.check_signable_object_format(targets_signable)
-  except tuf.FormatError, e:
-    raise tuf.RepositoryError('"targets.json" is improperly formatted')
-
-  # Store the keyids of the 'targets' role.  This target role is
-  # required.
-  role_keyids['targets'] = []
-  for signature in targets_signable['signatures']:
-    role_keyids['targets'].append(signature['keyid'])
-
-  # Walk the 'targets/' directory and generate the file info for all
-  # the targets.  This information is stored in the 'meta' field of
-  # the snapshot metadata object.  The keyids for the optional
-  # delegated roles will now be extracted.
-  targets_metadata = os.path.join(metadata_directory, 'targets')
-  if os.path.exists(targets_metadata) and os.path.isdir(targets_metadata):
-    for directory_path, junk, files in os.walk(targets_metadata):
-      for basename in files:
-        # Store the metadata's file path and the role's full name (without
-        # the '.json').   The target role is identified by its full name.
-        # The metadata's file path is needed so it can be loaded.
-        metadata_path = os.path.join(directory_path, basename)
-        metadata_name = metadata_path[len(metadata_directory):].lstrip(os.path.sep)
-        metadata_name = metadata_name[:-len('.json')]
-
-        # Read the contents of 'metadata_path' and save the signable.
-        targets_signable = tuf.util.load_json_file(metadata_path)
-
-        # Ensure the signable is properly formatted.
-        try:
-          tuf.formats.check_signable_object_format(targets_signable)
-        except tuf.FormatError, e:
-          continue
-
-        # Store the signature keyids of the 'metadata_name' role.
-        role_keyids[metadata_name] = []
-        for signature in targets_signable['signatures']:
-          role_keyids[metadata_name].append(signature['keyid'])
-
-  return role_keyids
-
-
-
-
-
-def build_config_file(config_file_directory, timeout, role_info):
-  """
-  <Purpose>
-    Build the configuration file containing the keyids, threshold,
-    and expiration time for the top-level metadata files.
-
-  <Arguments>
-    config_file_directory:
-      The absolute path of the directory to save the configuration file.
-
-    timeout:
-      The the number of days left before the top-level metadata files expire.
-
-    role_info:
-      A dictionary containing the keyids and threshold values for the
-      top-level roles.  Must conform to 'tuf.formats.ROLEDICT_SCHEMA':
-      {'rolename': {'keyids': ['34345df32093bd12...'],
-                    'threshold': 1
-                    'paths': ['path/to/role.json']}}
-
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are improperly formatted.
-
-  <Side Effects>
-    The configuration file is written to 'config_filepath'.
-
-  <Returns>
-    The normalized absolutized path of the saved configuration file.
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if any of them is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(config_file_directory)
-  tuf.formats.LENGTH_SCHEMA.check_match(timeout)
-  tuf.formats.ROLEDICT_SCHEMA.check_match(role_info)
-
-  config_file_directory = check_directory(config_file_directory) 
-  
-  # Construct the configuration file parser (hint: .ini).
-  config_parser = ConfigParser.ConfigParser()
-
-  # Verify that only the top-level roles are presented.
-  for role in role_info.keys():
-    if role not in ['root', 'targets', 'snapshot', 'timestamp']:
-      msg = ('\nCannot build configuration file: role '+repr(role)+
-             ' is not a top-level role.')
-      raise tuf.Error(msg)
-
-  # Handle the expiration data.
-  config_parser.add_section('expiration')
-  config_parser.set('expiration', 'days', timeout)
-  config_parser.set('expiration', 'years', 0)
-  config_parser.set('expiration', 'minutes', 0)
-  config_parser.set('expiration', 'hours', 0)
-  config_parser.set('expiration', 'seconds', 0)
-
-  # Build the role data.
-  for role in role_info:
-    config_parser.add_section(role)
-
-    # Each role has an associated list of keyids and a threshold.
-    keyids = role_info[role]['keyids']
-    threshold = role_info[role]['threshold']
-
-    # Convert 'keyids' into a string list it can read.
-    # This is done because in ConfigParser.set(section, option, value)
-    # the 'value' parameter should always be a string.
-    # keyid_list has the form: 'keyid1, keyid2, keyid3'
-    keyid_list = ','.join(keyids)
-
-    # And add that data to the appropriate section.
-    config_parser.set(role, 'keyids', keyid_list)
-    config_parser.set(role, 'threshold', threshold)
-
-  # We want to write this to '{config_file_directory}/CONFIG_FILENAME'.
-  file_path = os.path.join(config_file_directory, CONFIG_FILENAME)
-  file_object = open(file_path, 'w')
-  config_parser.write(file_object)
-  file_object.close()
-
-  return file_path
-
-
-
-
-
-def build_root_file(config_filepath, root_keyids, metadata_directory, version):
-  """
-  <Purpose>
-    Build the root metadata file using the information available in the
-    configuration file and sign the root file with 'root_keyids'.
-    The generated metadata file is saved to 'metadata_directory'.
-
-  <Arguments>
-    config_filepath:
-      The absolute path of the configuration file.
-
-    root_keyids:
-      The list of keyids to be used as the signing keys for the root file.
-
-    metadata_directory:
-      The directory to save the root metadata file.
-    
-    version:
-      The metadata version number.  Clients use the version number to
-      determine if the downloaded version is newer than the one currently trusted.
-
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are improperly formatted.
-
-    tuf.Error, if there was an error building the root file.
-
-  <Side Effects>
-    The root metadata file is written to a file.
-
-  <Returns>
-    The path for the written root metadata file.
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(config_filepath)
-  tuf.formats.KEYIDS_SCHEMA.check_match(root_keyids)
-  tuf.formats.PATH_SCHEMA.check_match(metadata_directory)
-  tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-
-  metadata_directory = check_directory(metadata_directory)
-  
-  root_filepath = os.path.join(metadata_directory, ROOT_FILENAME)
-
-  root_metadata = generate_root_metadata(config_filepath, version)
-  signable = sign_metadata(root_metadata, root_keyids, root_filepath)
-
-  return write_metadata_file(signable, root_filepath)
-
-
-
-
-
-def build_targets_file(target_paths, targets_keyids, metadata_directory,
-                       version, expiration_date):
-  """
-  <Purpose>
-    Build the targets metadata file using the signing keys in 'targets_keyids'.
-    The generated metadata file is saved to 'metadata_directory'.  The target
-    files listed in 'target_paths' will be tracked by the built targets
-    metadata.
-
-  <Arguments>
-    target_paths:
-      The list of directories and/or filepaths specifying
-      the target files of the targets metadata.  For example:
-      ['targets/2.5/', 'targets/3.0/file.json', 'targes/3.2/']
-
-    targets_keyids:
-      The list of keyids to be used as the signing keys for the targets file.
-
-    metadata_directory:
-      The metadata directory (absolute path) containing all the metadata files.
-
-    version:
-      The metadata version number.  Clients use the version number to
-      determine if the downloaded version is newer than the one currently trusted.
-
-    expiration_date:
-      The expiration date, in UTC, of the metadata file.
-      Conformant to 'tuf.formats.TIME_SCHEMA'.
-
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are improperly formatted.
-
-    tuf.Error, if there was an error while building the targets file.
-
-  <Side Effects>
-    The targets metadata file is written to a file.
-
-  <Returns>
-    The path for the written targets metadata file.
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATHS_SCHEMA.check_match(target_paths)
-  tuf.formats.KEYIDS_SCHEMA.check_match(targets_keyids)
-  tuf.formats.PATH_SCHEMA.check_match(metadata_directory)
-  tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
-  
-  # Check if 'metadata_directory' is valid.
-  metadata_directory = check_directory(metadata_directory)
-
-  # The metadata directory is expected to live directly under
-  # the repository directory.  
-  repository_directory, junk = os.path.split(metadata_directory)
-  repository_directory_length = len(repository_directory)
-
-  # Retrieve the list of targets.  generate_targets_metadata() expects individual
-  # target paths relative to the targets directory on the repository.
-  targets = []
-  
-  # Extract the filepaths and/or directories from the 'target_paths' list
-  # and append the individual target files to 'targets'.
-  for path in target_paths:
-    path = os.path.abspath(path)
-    if os.path.isfile(path):
-      # '+1' in the line below removes the leading '/'.
-      filename = path[repository_directory_length+1:]
-      targets.append(filename)
-    elif os.path.isdir(path):
-      for root, directories, files in os.walk(path):
-        for target_file in files:
-          # '+1' in the line below removes the leading '/'.
-          filename = os.path.join(root, target_file)[repository_directory_length+1:]
-          targets.append(filename)
-    else:
-      # Invalid directory or file, so log a warning.
-      logger.warn('Skipping: '+repr(path))
-
-  # Create the targets metadata object.
-  targets_metadata = generate_targets_metadata(repository_directory, targets,
-                                               version, expiration_date)
-
-  # Sign it.
-  targets_filepath = os.path.join(metadata_directory, TARGETS_FILENAME)
-  signable = sign_metadata(targets_metadata, targets_keyids, targets_filepath)
-
-  return write_metadata_file(signable, targets_filepath)
-
-
-
-
-
-def build_snapshot_file(snapshot_keyids, metadata_directory,
-                       version, expiration_date, compress=False):
-  """
-  <Purpose>
-    Build the snapshot metadata file using the signing keys in 'snapshot_keyids'.
-    The generated metadata file is saved in 'metadata_directory'.
-
-  <Arguments>
-    snapshot_keyids:
-      The list of keyids to be used as the signing keys for the snapshot file.
-
-    metadata_directory:
-      The directory (absolute path) to save the snapshot metadata file.
-    
-    version:
-      The metadata version number.  Clients use the version number to
-      determine if the downloaded version is newer than the one currently trusted.
-
-    expiration_date:
-      The expiration date, in UTC, of the metadata file.
-      Conformant to 'tuf.formats.TIME_SCHEMA'.
-
-    compress:
-      Should we *include* a compressed version of the snapshot file? By default,
-      the answer is no.
-
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are improperly formatted.
-
-    tuf.Error, if there was an error while building the snapshot file.
-
-  <Side Effects>
-    The snapshot metadata file is written to a file.
-
-  <Returns>
-    The path for the written snapshot metadata file.
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.KEYIDS_SCHEMA.check_match(snapshot_keyids)
-  tuf.formats.PATH_SCHEMA.check_match(metadata_directory)
-  tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
-
-  metadata_directory = check_directory(metadata_directory)
-
-  # Generate the file path of the snapshot metadata.
-  snapshot_filepath = os.path.join(metadata_directory, SNAPSHOT_FILENAME)
-
-  # Generate and sign the snapshot metadata.
-  snapshot_metadata = generate_snapshot_metadata(metadata_directory,
-                                               version, expiration_date)
-  signable = sign_metadata(snapshot_metadata, snapshot_keyids, snapshot_filepath)
-
-  # Should we also include a compressed version of snapshot.json?
-  if compress:
-    # If so, write a gzip version of snapshot.json.
-    compressed_written_filepath = \
-        write_metadata_file(signable, snapshot_filepath, compression='gz')
-    logger.info('Wrote '+str(compressed_written_filepath))
-  else:
-    logger.debug('No compressed version of snapshot metadata will be included.')
-
-  written_filepath = write_metadata_file(signable, snapshot_filepath)
-  logger.info('Wrote '+str(written_filepath))
-
-  return written_filepath
-
-
-
-
-
-def build_timestamp_file(timestamp_keyids, metadata_directory,
-                         version, expiration_date,
-                         include_compressed_snapshot=True):
-  """
-  <Purpose>
-    Build the timestamp metadata file using the signing keys in 'timestamp_keyids'.
-    The generated metadata file is saved in 'metadata_directory'.
-
-  <Arguments>
-    timestamp_keyids:
-      The list of keyids to be used as the signing keys for the timestamp file.
-
-    metadata_directory:
-      The directory (absolute path) to save the timestamp metadata file.
-
-    version:
-      The metadata version number.  Clients use the version number to
-      determine if the downloaded version is newer than the one currently trusted.
-
-    expiration_date:
-      The expiration date, in UTC, of the metadata file.
-      Conformant to 'tuf.formats.TIME_SCHEMA'.
-
-    include_compressed_snapshot:
-      Should the timestamp role *include* compression versions of the snapshot
-      metadata, if any? We do this by default.
-  
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are improperly formatted.
-
-    tuf.Error, if there was an error while building the timestamp file.
-
-  <Side Effects>
-    The timestamp metadata file is written to a file.
-
-  <Returns>
-    The path for the written timestamp metadata file.
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.KEYIDS_SCHEMA.check_match(timestamp_keyids)
-  tuf.formats.PATH_SCHEMA.check_match(metadata_directory)
-  tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
-
-  metadata_directory = check_directory(metadata_directory)
-
-  # Generate the file path of the snapshot and timestamp metadata.
-  snapshot_filepath = os.path.join(metadata_directory, SNAPSHOT_FILENAME)
-  timestamp_filepath = os.path.join(metadata_directory, TIMESTAMP_FILENAME)
-
-  # Should we include compressed versions of snapshot in timestamp?
-  compressions = ()
-  if include_compressed_snapshot:
-    # Presently, we include only gzip versions by default.
-    compressions = ('gz',)
-    logger.info('Including '+str(compressions)+' versions of snapshot in '\
-                'timestamp.')
-  else:
-    logger.warn('No compressed versions of snapshot will be included in '\
-                'timestamp.')
-
-  # Generate and sign the timestamp metadata.
-  timestamp_metadata = generate_timestamp_metadata(snapshot_filepath,
-                                                   version,
-                                                   expiration_date,
-                                                   compressions=compressions)
-  signable = sign_metadata(timestamp_metadata, timestamp_keyids,
-                           timestamp_filepath)
-
-  return write_metadata_file(signable, timestamp_filepath)
-
-
-
-
-
-def build_delegated_role_file(delegated_targets_directory, delegated_keyids, 
-                              metadata_directory, delegation_metadata_directory,
-                              delegation_role_name, version, expiration_date):
-  """
-  <Purpose>
-    Build the targets metadata file using the signing keys in
-    'delegated_keyids'.  The generated metadata file is saved to
-    'metadata_directory'.  The target files located in 'targets_directory' will
-    be tracked by the built targets metadata.
-
-  <Arguments>
-    delegated_targets_directory:
-      The directory (absolute path) containing all the delegated target
-      files.
-
-    delegated_keyids:
-      The list of keyids to be used as the signing keys for the delegated
-      role file.
-
-    metadata_directory:
-      The metadata directory (absolute path) containing all the metadata files.
-
-    delegation_metadata_directory:
-      The location of the delegated role's metadata.
-
-    delegation_role_name:
-      The delegated role's file name ending in '.json'.  Ex: 'role1.json'.
-
-    version:
-      The metadata version number.  Clients use the version number to
-      determine if the downloaded version is newer than the one currently
-      trusted.
-
-    expiration_date:
-      The expiration date, in UTC, of the metadata file.
-      Conformant to 'tuf.formats.TIME_SCHEMA'.
-
-  <Exceptions>
-    tuf.FormatError, if any of the arguments are improperly formatted.
-
-    tuf.Error, if there was an error while building the targets file.
-
-  <Side Effects>
-    The targets metadata file is written to a file.
-
-  <Returns>
-    The path for the written targets metadata file.
-  """
-
-  # Do the arguments have the correct format?
-  # Raise 'tuf.FormatError' if there is a mismatch.
-  tuf.formats.PATH_SCHEMA.check_match(delegated_targets_directory)
-  tuf.formats.KEYIDS_SCHEMA.check_match(delegated_keyids)
-  tuf.formats.PATH_SCHEMA.check_match(metadata_directory)
-  tuf.formats.PATH_SCHEMA.check_match(delegation_metadata_directory)
-  tuf.formats.NAME_SCHEMA.check_match(delegation_role_name)
-
-  # Check if 'targets_directory' and 'metadata_directory' are valid.
-  targets_directory = check_directory(delegated_targets_directory)
-  metadata_directory = check_directory(metadata_directory)
-
-  repository_directory, junk = os.path.split(metadata_directory)
-  repository_directory_length = len(repository_directory)
-
-  # Get the list of targets.
-  targets = []
-  for root, directories, files in os.walk(targets_directory):
-    for target_file in files:
-      # Note: '+1' in the line below is there to remove '/'.
-      filename = os.path.join(root, target_file)[repository_directory_length+1:]
-      targets.append(filename)
-
-  # Create the targets metadata object.
-  targets_metadata = generate_targets_metadata(repository_directory, targets,
-                                               version, expiration_date)
-
-  # Sign it.
-  targets_filepath = os.path.join(delegation_metadata_directory,
-                                  delegation_role_name)
-  signable = sign_metadata(targets_metadata, delegated_keyids, targets_filepath)
-
-  return write_metadata_file(signable, targets_filepath)
-
-
-
-
-
-def find_delegated_role(roles, delegated_role):
-  """
-  <Purpose>
-    Find the index, if any, of a role with a given name in a list of roles.
-
-  <Arguments>
-    roles:
-      The list of roles, each of which must have a name.
-
-    delegated_role:
-      The name of the role to be found in the list of roles.
-
-  <Exceptions>
-    tuf.RepositoryError, if the list of roles has invalid data.
-
-  <Side Effects>
-    No known side effects.
-
-  <Returns>
-    None, if the role with the given name does not exist, or its unique index
-    in the list of roles.
-  """
-
-  # Check argument types.
-  tuf.formats.ROLELIST_SCHEMA.check_match(roles)
-  tuf.formats.ROLENAME_SCHEMA.check_match(delegated_role)
-
-  # The index of a role, if any, with the same name.
-  role_index = None
-
-  for index in xrange(len(roles)):
-    role = roles[index]
-    name = role.get('name')
-    # This role has no name.
-    if name is None:
-      no_name_message = 'Role with no name!'
-      raise tuf.RepositoryError(no_name_message)
-    # Does this role have the same name?
-    else:
-      # This role has the same name, and...
-      if name == delegated_role:
-        # ...it is the only known role with the same name.
-        if role_index is None:
-          role_index = index
-        # ...there are at least two roles with the same name!
-        else:
-          duplicate_role_message = 'Duplicate role ('+str(delegated_role)+')!'
-          raise tuf.RepositoryError(duplicate_role_message)
-      # This role has a different name.
-      else:
-        continue
-
-  return role_index
-
-
-
-
-
-def accept_any_file(full_target_path):
-  """
-  <Purpose>
-    Simply accept any given file.
-
-  <Arguments>
-    full_target_path:
-      The absolute path to a target file.
-
-  <Exceptions>
-    None.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    True.
-  """
-
-  return True
-
-
-
-
-
-def get_targets(files_directory, recursive_walk=False, followlinks=True,
-                file_predicate=accept_any_file):
-  """
-  <Purpose>
-    Walk the given files_directory to build a list of target files in it.
-
-  <Arguments>
-    files_directory:
-      The path to a directory of target files.
-
-    recursive_walk:
-      To recursively walk the directory, set recursive_walk=True.
-
-    followlinks:
-      To follow symbolic links, set followlinks=True.
-
-    file_predicate:
-      To filter a file based on a predicate, set file_predicate to a function
-      which accepts a full path to a file and returns a Boolean.
-
-  <Exceptions>
-    Python IO exceptions.
-
-  <Side Effects>
-    None.
-
-  <Returns>
-    A list of absolute paths to target files in the given files_directory.
-  """
-
-  targets = []
-
-  # FIXME: We need a way to tell Python 2, but not Python 3, to return
-  # filenames in Unicode; see #61 and:
-  # http://docs.python.org/2/howto/unicode.html#unicode-filenames
-
-  for dirpath, dirnames, filenames in os.walk(files_directory,
-                                              followlinks=followlinks):
-    for filename in filenames:
-      full_target_path = os.path.join(dirpath, filename)
-      if file_predicate(full_target_path):
-        targets.append(full_target_path)
-
-    # Prune the subdirectories to walk right now if we do not wish to
-    # recursively walk files_directory.
-    if recursive_walk is False:
-      del dirnames[:]
-
-  return targets
diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py
index 5e1a3866..d6283f12 100755
--- a/tuf/repository_tool.py
+++ b/tuf/repository_tool.py
@@ -29,6 +29,7 @@
 import errno
 import sys
 import time
+import datetime
 import getpass
 import logging
 import tempfile
@@ -46,7 +47,7 @@
 import tuf.sig
 import tuf.log
 import tuf.conf
-
+import tuf._vendor.iso8601 as iso8601
 
 # See 'log.py' to learn how logging is handled in TUF.
 logger = logging.getLogger('tuf.repository_tool')
@@ -108,6 +109,13 @@
 # Initial 'timestamp.json' expiration time of 1 day.
 TIMESTAMP_EXPIRATION = 86400
 
+# Log warning when metadata expires in n days, or less.
+# root = 1 month, snapshot = 1 day, targets = 10 days, timestamp = 1 day.
+ROOT_EXPIRES_WARN_SECONDS = 2630000
+SNAPSHOT_EXPIRES_WARN_SECONDS = 86400
+TARGETS_EXPIRES_WARN_SECONDS = 864000
+TIMESTAMP_EXPIRES_WARN_SECONDS = 86400
+
 
 class Repository(object):
   """
@@ -120,7 +128,7 @@ class Repository(object):
     access by default:
 
     repository.root.version = 2
-    repository.timestamp.expiration = "2015-08-08 12:00:00"
+    repository.timestamp.expiration = datetime.datetime(2015, 08, 08, 12, 00)
     repository.snapshot.add_verification_key(...)
     repository.targets.delegate('unclaimed', ...)
 
@@ -1087,39 +1095,39 @@ def expiration(self):
       None.
 
     <Returns>
-      The role's expiration datetime, conformant to
-      'tuf.formats.DATETIME_SCHEMA'.
+      The role's expiration datetime, a datetime.datetime() object.
     """
     
     roleinfo = tuf.roledb.get_roleinfo(self.rolename)
+    expires = roleinfo['expires']
 
-    return roleinfo['expires']
+    expires_datetime_object = iso8601.parse_date(expires)
+    
+    return expires_datetime_object 
 
 
 
   @expiration.setter
-  def expiration(self, expiration_datetime_utc):
+  def expiration(self, datetime_object):
     """
     <Purpose>
       A setter method for the role's expiration datetime.  The top-level
       roles have a default expiration (e.g., ROOT_EXPIRATION), but may later
       be modified by this setter method.
       
-      TODO: expiration_datetime_utc in ISO 8601 format.
-      
       >>>  
       >>> 
       >>> 
 
     <Arguments>
-      expiration_datetime_utc:
-        The datetime expiration of the role, conformant to  
-        'tuf.formats.DATETIME_SCHEMA'.
+      datetime_object:
+        The datetime expiration of the role, a datetime.datetime() object.
 
     <Exceptions>
-      tuf.FormatError, if 'expiration_datetime_utc' is improperly formatted,
-      or invalid (e.g., already expired).
-    
+      tuf.FormatError, if 'datetime_object' is not a datetime.datetime() object. 
+   
+      tuf.Error, if 'datetime_object' has already expired.
+
     <Side Effects>
       Modifies the expiration attribute of the Repository object.
 
@@ -1127,31 +1135,25 @@ def expiration(self, expiration_datetime_utc):
       None.
     """
     
-    # Does 'expiration_datetime_utc' have the correct format?
-    # Ensure the arguments have the appropriate number of objects and object
-    # types, and that all dict keys are properly named.
-    # Raise 'tuf.FormatError' if any are improperly formatted.
-    tuf.formats.DATETIME_SCHEMA.check_match(expiration_datetime_utc)
-  
-    # Further validate the datetime, such as a correct date, time, expiration.
-    # Convert 'expiration_datetime_utc' to a unix timestamp so that it can be
-    # compared with time.time().
-    expiration_datetime_utc = expiration_datetime_utc + ' UTC'
-    try:
-      unix_timestamp = tuf.formats.parse_time(expiration_datetime_utc)
+    # Is 'datetime_object' a datetime.datetime() object?
+    # Raise 'tuf.FormatError' if not.
+    if not isinstance(datetime_object, datetime.datetime):
+      message = repr(datetime_object) + ' is not a datetime.datetime() object.'
+      raise tuf.FormatError(message) 
+
+    # Ensure the expiration has not already passed.
+    current_datetime_object = \
+      tuf.formats.unix_timestamp_to_datetime(int(time.time()))
     
-    except (tuf.FormatError, ValueError), e:
-      message = 'Invalid datetime argument: '+repr(expiration_datetime_utc)
-      raise tuf.FormatError(message)
+    if datetime_object < current_datetime_object:
+      message = repr(self.rolename) + ' has already expired.'
+      raise tuf.Error(message)
    
-    # Ensure the expiration has not already passed. 
-    if unix_timestamp < time.time():
-      message = 'The expiration date must occur after the current date.'
-      raise tuf.FormatError(message)
-   
-    # Update the role's 'expires' entry in 'tuf.roledb.py'. 
+    # Update the role's 'expires' entry in 'tuf.roledb.py'.
     roleinfo = tuf.roledb.get_roleinfo(self.rolename)
-    roleinfo['expires'] = expiration_datetime_utc
+    expires = datetime_object.isoformat() + 'Z'
+    roleinfo['expires'] = expires 
+    
     tuf.roledb.update_roleinfo(self.rolename, roleinfo)
   
   
@@ -1307,7 +1309,9 @@ def __init__(self):
    
     # By default, 'snapshot' metadata is set to expire 1 week from the current
     # time.  The expiration may be modified.
-    expiration = tuf.formats.format_time(time.time()+ROOT_EXPIRATION)
+    expiration = \
+      tuf.formats.unix_timestamp_to_datetime(int(time.time() + ROOT_EXPIRATION))
+    expiration = expiration.isoformat() + 'Z'
 
     roleinfo = {'keyids': [], 'signing_keyids': [], 'threshold': 1, 
                 'signatures': [], 'version': 0, 'consistent_snapshot': False,
@@ -1367,7 +1371,9 @@ def __init__(self):
 
     # By default, 'snapshot' metadata is set to expire 1 week from the current
     # time.  The expiration may be modified.
-    expiration = tuf.formats.format_time(time.time()+TIMESTAMP_EXPIRATION)
+    expiration = \
+      tuf.formats.unix_timestamp_to_datetime(int(time.time() + TIMESTAMP_EXPIRATION))
+    expiration = expiration.isoformat() + 'Z'
 
     roleinfo = {'keyids': [], 'signing_keyids': [], 'threshold': 1,
                 'signatures': [], 'version': 0, 'compressions': [''],
@@ -1421,8 +1427,10 @@ def __init__(self):
    
     # By default, 'snapshot' metadata is set to expire 1 week from the current
     # time.  The expiration may be modified.
-    expiration = tuf.formats.format_time(time.time()+SNAPSHOT_EXPIRATION)
-    
+    expiration = \
+      tuf.formats.unix_timestamp_to_datetime(int(time.time() + SNAPSHOT_EXPIRATION))
+    expiration = expiration.isoformat() + 'Z'
+
     roleinfo = {'keyids': [], 'signing_keyids': [], 'threshold': 1,
                 'signatures': [], 'version': 0, 'compressions': [''],
                 'expires': expiration, 'partial_loaded': False}
@@ -1507,7 +1515,9 @@ def __init__(self, targets_directory, rolename='targets', roleinfo=None):
   
     # By default, Targets objects are set to expire 3 months from the current
     # time.  May be later modified.
-    expiration = tuf.formats.format_time(time.time()+TARGETS_EXPIRATION)
+    expiration = \
+      tuf.formats.unix_timestamp_to_datetime(int(time.time() + TARGETS_EXPIRATION))
+    expiration = expiration.isoformat() + 'Z'
 
     # If 'roleinfo' is not provided, set an initial default.
     if roleinfo is None:
@@ -2049,7 +2059,10 @@ def delegate(self, rolename, public_keys, list_of_targets,
    
     # Create a new Targets object for the 'rolename' delegation.  An initial
     # expiration is set (3 months from the current time).
-    expiration = tuf.formats.format_time(time.time()+TARGETS_EXPIRATION)
+    expiration = \
+      tuf.formats.unix_timestamp_to_datetime(int(time.time() + TARGETS_EXPIRATION))
+    expiration = expiration.isoformat() + 'Z'
+    
     roleinfo = {'name': full_rolename, 'keyids': keyids, 'signing_keyids': [],
                 'threshold': threshold, 'version': 0, 'compressions': [''],
                 'expires': expiration, 'signatures': [], 'partial_loaded': False,
@@ -2370,6 +2383,9 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial,
   if rolename == 'root':
     metadata = generate_root_metadata(roleinfo['version'],
                                       roleinfo['expires'], consistent_snapshot)
+    
+    _log_warning_if_expires_soon(ROOT_FILENAME, roleinfo['expires'],
+                                 ROOT_EXPIRES_WARN_SECONDS)
  
   # Check for the Targets role, including delegated roles.
   elif rolename.startswith('targets'):
@@ -2379,6 +2395,9 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial,
                                          roleinfo['expires'],
                                          roleinfo['delegations'],
                                          consistent_snapshot)
+    if rolename == 'targets':    
+      _log_warning_if_expires_soon(TARGETS_FILENAME, roleinfo['expires'],
+                                   TARGETS_EXPIRES_WARN_SECONDS)
   
   elif rolename == 'snapshot':
     root_filename = filenames['root']
@@ -2387,7 +2406,10 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial,
                                          roleinfo['version'],
                                          roleinfo['expires'], root_filename,
                                          targets_filename,
-                                         consistent_snapshot )
+                                         consistent_snapshot)
+      
+    _log_warning_if_expires_soon(SNAPSHOT_FILENAME, roleinfo['expires'],
+                                 SNAPSHOT_EXPIRES_WARN_SECONDS)
   
   elif rolename == 'timestamp':
     snapshot_filename = filenames['snapshot'] 
@@ -2395,6 +2417,9 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial,
                                            roleinfo['version'],
                                            roleinfo['expires'],
                                            snapshot_compressions)
+    
+    _log_warning_if_expires_soon(TIMESTAMP_FILENAME, roleinfo['expires'],
+                                 TIMESTAMP_EXPIRES_WARN_SECONDS)
 
   signable = sign_metadata(metadata, roleinfo['signing_keyids'],
                            metadata_filename)
@@ -3033,6 +3058,7 @@ def load_repository(repository_directory):
         if metadata_name.endswith(METADATA_EXTENSION): 
           extension_length = len(METADATA_EXTENSION)
           metadata_name = metadata_name[:-extension_length]
+        
         else:
           continue
         
@@ -3157,6 +3183,9 @@ def _load_top_level_metadata(repository, top_level_filenames):
     if _metadata_is_partially_loaded('root', signable, roleinfo):
       roleinfo['partial_loaded'] = True
     
+    _log_warning_if_expires_soon(ROOT_FILENAME, roleinfo['expires'],
+                                 ROOT_EXPIRES_WARN_SECONDS)
+    
     tuf.roledb.update_roleinfo('root', roleinfo)
 
     # Ensure the 'consistent_snapshot' field is extracted.
@@ -3184,6 +3213,9 @@ def _load_top_level_metadata(repository, top_level_filenames):
     if _metadata_is_partially_loaded('timestamp', signable, roleinfo):
       roleinfo['partial_loaded'] = True
     
+    _log_warning_if_expires_soon(TIMESTAMP_FILENAME, roleinfo['expires'],
+                                 TIMESTAMP_EXPIRES_WARN_SECONDS)
+    
     tuf.roledb.update_roleinfo('timestamp', roleinfo)
   
   else:
@@ -3214,6 +3246,9 @@ def _load_top_level_metadata(repository, top_level_filenames):
     if _metadata_is_partially_loaded('snapshot', signable, roleinfo):
       roleinfo['partial_loaded'] = True
     
+    _log_warning_if_expires_soon(SNAPSHOT_FILENAME, roleinfo['expires'],
+                                 SNAPSHOT_EXPIRES_WARN_SECONDS)
+    
     tuf.roledb.update_roleinfo('snapshot', roleinfo)
   
   else:
@@ -3246,6 +3281,9 @@ def _load_top_level_metadata(repository, top_level_filenames):
    
     if _metadata_is_partially_loaded('targets', signable, roleinfo):
       roleinfo['partial_loaded'] = True
+   
+    _log_warning_if_expires_soon(TARGETS_FILENAME, roleinfo['expires'],
+                                 TARGETS_EXPIRES_WARN_SECONDS)
     
     tuf.roledb.update_roleinfo('targets', roleinfo)
 
@@ -3282,6 +3320,33 @@ def _load_top_level_metadata(repository, top_level_filenames):
 
 
 
+def _log_warning_if_expires_soon(rolename, expires_iso8601_timestamp,
+                                 seconds_remaining_to_warn):
+  """
+  Non-public function that logs a warning if 'rolename' expires in
+  'seconds_remaining_to_warn' seconds, or less.
+  """
+ 
+  # Metadata stores expiration datetimes in ISO8601 format.  Convert to
+  # unix timestamp, subtract from from current time.time() (also in POSIX time)
+  # and compare against 'seconds_remaining_to_warn'.  Log a warning message
+  # to console if 'rolename' expires soon.
+  datetime_object = iso8601.parse_date(expires_iso8601_timestamp)
+  expires_unix_timestamp = \
+    tuf.formats.datetime_to_unix_timestamp(datetime_object) 
+  seconds_until_expires = expires_unix_timestamp - int(time.time())
+  
+  if seconds_until_expires <= seconds_remaining_to_warn:
+    days_until_expires = seconds_until_expires / 86400
+    
+    message = repr(rolename) + ' expires ' + datetime_object.ctime() + \
+      ' (UTC).\n' + repr(days_until_expires) + ' day(s) until it expires.'
+    
+    logger.warn(message)
+
+
+
+
 
 def generate_and_write_rsa_keypair(filepath, bits=DEFAULT_RSA_KEY_BITS,
                                    password=None):
@@ -3860,8 +3925,8 @@ def generate_root_metadata(version, expiration_date, consistent_snapshot):
       trusted.
     
     expiration_date:
-      The expiration date, in UTC, of the metadata file.  Conformant to
-      'tuf.formats.TIME_SCHEMA'.
+      The expiration date of the metadata file.  Conformant to
+      'tuf.formats.ISO8601_DATETIME_SCHEMA'.
 
     consistent_snapshot:
       Boolean.  If True, a file digest is expected to be prepended to the
@@ -3887,7 +3952,7 @@ def generate_root_metadata(version, expiration_date, consistent_snapshot):
   # types, and that all dict keys are properly named.
   # Raise 'tuf.FormatError' if any of the arguments are improperly formatted.
   tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
+  tuf.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date)
   tuf.formats.BOOLEAN_SCHEMA.check_match(consistent_snapshot)
 
   # The role and key dictionaries to be saved in the root metadata object.
@@ -3980,8 +4045,8 @@ def generate_targets_metadata(targets_directory, target_files, version,
       trusted.
 
     expiration_date:
-      The expiration date, in UTC, of the metadata file.  Conformant to
-      'tuf.formats.TIME_SCHEMA'.
+      The expiration date of the metadata file.  Conformant to
+      'tuf.formats.ISO8601_DATETIME_SCHEMA'.
 
     delegations:
       The delegations made by the targets role to be generated.  'delegations'
@@ -4011,7 +4076,7 @@ def generate_targets_metadata(targets_directory, target_files, version,
   tuf.formats.PATH_SCHEMA.check_match(targets_directory)
   tuf.formats.PATHS_SCHEMA.check_match(target_files)
   tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
+  tuf.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date)
   tuf.formats.BOOLEAN_SCHEMA.check_match(write_consistent_targets)
 
   if delegations is not None:
@@ -4090,8 +4155,8 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date,
       trusted.
 
     expiration_date:
-      The expiration date, in UTC, of the metadata file.
-      Conformant to 'tuf.formats.TIME_SCHEMA'.
+      The expiration date of the metadata file.
+      Conformant to 'tuf.formats.ISO8601_DATETIME_SCHEMA'.
 
     root_filename:
       The filename of the top-level root role.  The hash and file size of this
@@ -4125,7 +4190,7 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date,
   # Raise 'tuf.FormatError' if the check fails.
   tuf.formats.PATH_SCHEMA.check_match(metadata_directory)
   tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
+  tuf.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date)
   tuf.formats.PATH_SCHEMA.check_match(root_filename)
   tuf.formats.PATH_SCHEMA.check_match(targets_filename)
   tuf.formats.BOOLEAN_SCHEMA.check_match(consistent_snapshot)
@@ -4212,8 +4277,8 @@ def generate_timestamp_metadata(snapshot_filename, version,
       trusted.
 
     expiration_date:
-      The expiration date, in UTC, of the metadata file, conformant to
-      'tuf.formats.TIME_SCHEMA'.
+      The expiration date of the metadata file, conformant to
+      'tuf.formats.ISO8601_DATETIME_SCHEMA'.
 
     compressions:
       Compression extensions (e.g., 'gz').  If 'snapshot.json' is also saved in
@@ -4238,7 +4303,7 @@ def generate_timestamp_metadata(snapshot_filename, version,
   # Raise 'tuf.FormatError' if the check fails.
   tuf.formats.PATH_SCHEMA.check_match(snapshot_filename)
   tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
-  tuf.formats.TIME_SCHEMA.check_match(expiration_date)
+  tuf.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date)
   tuf.formats.COMPRESSIONS_SCHEMA.check_match(compressions)
 
   # Retrieve the fileinfo of the snapshot metadata file.
diff --git a/tuf/sig.py b/tuf/sig.py
index d789aa5e..cacf3265 100755
--- a/tuf/sig.py
+++ b/tuf/sig.py
@@ -133,11 +133,13 @@ def get_signature_status(signable, role=None):
           if keyid not in tuf.roledb.get_role_keyids(role):
             untrusted_sigs.append(keyid)
             continue
+        
         # Unknown role, re-raise exception. 
         except tuf.UnknownRoleError:
           raise
       # Identify good/authorized key.
       good_sigs.append(keyid)
+    
     else:
       # Identify bad key.
       bad_sigs.append(keyid)
diff --git a/tuf/tests/__init__.py b/tuf/tests/__init__.py
deleted file mode 100644
index ac4c493e..00000000
--- a/tuf/tests/__init__.py
+++ /dev/null
@@ -1,4 +0,0 @@
-# The tuf.tests package is intended to export as little utility as possible to
-# enable easier testing of TUF.
-
-__all__ = ['repository_setup', 'unittest_toolbox', 'util_test_tools']
diff --git a/tuf/tests/repository_setup.py b/tuf/tests/repository_setup.py
deleted file mode 100644
index 60161438..00000000
--- a/tuf/tests/repository_setup.py
+++ /dev/null
@@ -1,382 +0,0 @@
-"""
-<Program Name>
-  repository_setup.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  October 15, 2012
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  To provide a quick repository structure to be used in conjunction with
-  test modules like test_updater.py for instance.
-"""
-
-import os
-import sys
-import time
-import shutil
-import tempfile
-
-import tuf.formats
-import tuf.repo.keystore as keystore
-import tuf.repo.signerlib as signerlib
-import tuf.repository_tool as repo_tool
-import tuf.repo.signercli as signercli
-import tuf.tests.unittest_toolbox as unittest_toolbox
-
-
-#  Role:keyids dictionary.
-role_keyids = {}
-
-
-def _init_role_keyids():
-  # Populating 'rsa_keystore' and 'rsa_passwords' dictionaries.
-  # We will need them in creating the keystore directory and metadata files.
-  unittest_toolbox.Modified_TestCase.bind_keys_to_roles()
-
-  global role_keyids
-
-  for role in unittest_toolbox.Modified_TestCase.semi_roledict.keys():
-    role_keyids[role] = unittest_toolbox.Modified_TestCase.semi_roledict[role]['keyids']
-
-
-
-
-def _create_keystore(keystore_directory):
-  """
-  <Purpose>
-    Populate 'keystore_directory' with keys (.key files).
-  """
-  
-  _rsa_keystore = unittest_toolbox.Modified_TestCase.rsa_keystore
-  _rsa_derived_keys = unittest_toolbox.Modified_TestCase.rsa_derived_keys
-  if not _rsa_keystore or not _rsa_derived_keys:
-    msg = 'Populate \'rsa_keystore\' and \'rsa_passwords\''+\
-          ' before invoking this method.'
-    sys.exit(msg)
-
-  keystore._keystore = _rsa_keystore
-  keystore._derived_keys = _rsa_derived_keys
-  keystore.save_keystore_to_keyfiles(keystore_directory)
-
-
-
-
-
-def build_server_repository(server_repository_dir, targets_dir):
-  """
-  <Purpose>
-    'build_server_repository' builds a complete repository based on target
-    files provided in the 'targets_dir'.  Delegated roles are included.
-  """
-
-  # Save the originals of the functions patched by this function.
-  # The patched functions will be restored prior to returning.
-  original_get_metadata = signercli._get_metadata_directory
-  original_prompt = signercli._prompt
-  original_get_password = signercli._get_password
-  original_get_keyids = signercli._get_keyids
- 
-  # The expiration date for created metadata, required by the 'signercli.py'
-  # script.  The expiration date is set to 259200 seconds ahead of the current
-  # time.  Set all the metadata versions numbers to 1.
-  expiration_date = tuf.formats.format_time(time.time()+259200)
-  expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] 
-  version = 1
-  
-  server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
-  keystore_dir = os.path.join(server_repository_dir, 'keystore')
-
-  #  Remove 'server_metadata_dir' and 'keystore_dir' if they already exist.
-  if os.path.exists(server_metadata_dir):
-    shutil.rmtree(server_metadata_dir)
-  if os.path.exists(keystore_dir):
-    shutil.rmtree(keystore_dir)
-
-  #  Make metadata directory inside server repository dir.
-  os.mkdir(server_metadata_dir)
-
-  #  Make a keystore directory inside server's repository and populate it.
-  os.mkdir(keystore_dir)
-  _create_keystore(keystore_dir)
-
-  #  Build config file.
-  build_config = signerlib.build_config_file
-  top_level_role_info = unittest_toolbox.Modified_TestCase.top_level_role_info
-  config_filepath = build_config(server_repository_dir, 365, top_level_role_info)
-
-
-  # BUILD ROLE FILES.
-  #  Build root file.
-  signerlib.build_root_file(config_filepath, role_keyids['root'],
-                            server_metadata_dir, version)
-
-  #  Build targets file.
-  signerlib.build_targets_file([targets_dir], role_keyids['targets'],
-                            server_metadata_dir, version, expiration_date+' UTC')
-
-  # MAKE DELEGATIONS.
-  #  We will need to patch a few signercli prompts.
-  #  Specifically, signercli.make_delegations() asks user input for:
-  #  metadata directory, delegated targets directory, parent role,
-  #  passwords for parent role's keyids, delegated role's name, and
-  #  the keyid to be assigned to the delegated role.  Take a look at
-  #  signercli's make_delegation() to gain bit more insight in what is
-  #  happening.
-
-  # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'.
-  load_keys = keystore.load_keystore_from_keyfiles
-
-  #  Setup first level delegated role.
-  delegated_level1 = os.path.join(targets_dir, 'delegated_level1')
-  delegated_targets_dir = delegated_level1
-  parent_role = 'targets'
-  delegated_role_name = 'delegated_role1'
-  signing_keyids = role_keyids['targets/delegated_role1'] 
-  
-
-  #  Patching the 'signercli' prompts.
-  
-  #  Mock method for signercli._get_metadata_directory().
-  def _mock_get_metadata_directory():
-    return server_metadata_dir
-
-  #  Mock method for signercli._prompt().
-  def _mock_prompt(msg, junk):
-    if msg.startswith('\nThe paths entered'):
-      return delegated_targets_dir
-    elif msg.startswith('\nChoose and enter the parent'):
-      return parent_role
-    elif msg.startswith('\nEnter the delegated role\'s name: '):
-      return delegated_role_name
-    elif msg.startswith('\nCurrent time:'):
-      return expiration_date
-    else:
-      error_msg = ('Prompt: '+'\''+msg+'\''+
-                   ' did not match any predefined mock prompts.')
-      sys.exit(error_msg)
-   
-  #  Mock method for signercli._get_password().
-  def _mock_get_password(msg):
-    for keyid in unittest_toolbox.Modified_TestCase.rsa_keyids:
-      if msg.endswith('('+keyid+'): '):
-        return unittest_toolbox.Modified_TestCase.rsa_passwords[keyid]
-
-
-  #  Method to patch signercli._get_keyids()
-  def _mock_get_keyids(junk):
-    if signing_keyids:
-      for keyid in signing_keyids:
-        password = unittest_toolbox.Modified_TestCase.rsa_passwords[keyid]
-        #  Load the keyfile.
-        load_keys(keystore_dir, [keyid], [password])
-    return signing_keyids
-
-
-  #  Patch signercli._get_metadata_directory().
-  signercli._get_metadata_directory = _mock_get_metadata_directory
-  
-  #  Patch signercli._prompt().
-  signercli._prompt = _mock_prompt
-
-  #  Patch signercli._get_password().
-  signercli._get_password = _mock_get_password
-
-  #  Patch signercli._get_keyids().
-  signercli._get_keyids = _mock_get_keyids
- 
-  #  Clear kestore's dictionaries, by detaching them from unittest_toolbox's
-  #  dictionaries.
-  keystore._keystore = {}
-  keystore._derived_keys = {}
-
-  #  Make first level delegation.
-  signercli.make_delegation(keystore_dir)
-
-  #  Setup second level delegated role.
-  delegated_level2 =  os.path.join(delegated_level1, 'delegated_level2')
-  delegated_targets_dir = delegated_level2
-  parent_role = 'targets/delegated_role1'
-  delegated_role_name = 'delegated_role2'
-  signing_keyids = role_keyids['targets/delegated_role1/delegated_role2']
-
-  #  Clear kestore's dictionaries.
-  keystore.clear_keystore()
-
-  #  Make second level delegation.
-  signercli.make_delegation(keystore_dir)
-
-
-  keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore
-  keystore._derived_keys = unittest_toolbox.Modified_TestCase.rsa_passwords
-
-  #  Build snapshot file.
-  signerlib.build_snapshot_file(role_keyids['snapshot'], server_metadata_dir,
-                               version, expiration_date+' UTC')
-
-  #  Build timestamp file.
-  signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir,
-                                 version, expiration_date+' UTC')
-
-  keystore._keystore = {}
-  keystore._derived_keys = {}
-
-  # RESTORE
-  signercli._get_metadata_directory = original_get_metadata
-  signercli._prompt = original_prompt
-  signercli._get_password = original_get_password
-  signercli._get_keyids = original_get_keyids
-
-
-
-#  Create a complete server and client repositories.
-def create_repositories():
-  """
-  Main directories have the following structure:
-
-                        main_repository
-                             |
-                     ------------------
-                     |                |
-       client_repository_dir      server_repository_dir
-
-
-
-                      client_repository
-                             |
-                          metadata
-                             |
-                      ----------------
-                      |              |
-                  previous        current
-
-
-                      server_repository
-                             |
-                 ----------------------------
-                 |           |              |
-             metadata     targets        keystore
-                             |
-                      delegation_level1
-                             |
-                      delegation_level2
-
-
-
-  NOTE: Do not forget to remove the directory using remove_all_repositories
-        after the tests.
-
-  <Return>
-    A dictionary of all repositories, with the following keys:
-    (main_repository, client_repository, server_repository)
-  """
-
-  # Ensure the keyids for the required roles are loaded.  Role keyids are
-  # needed for the creation of metadata file and the keystore.
-  _init_role_keyids()
-
-  #  Make a temporary general repository directory.
-  repository_dir = tempfile.mkdtemp()
-
-
-  #  Make server repository and client repository directories.
-  server_repository_dir  = os.path.join(repository_dir, 'server_repository')
-  client_repository_dir  = os.path.join(repository_dir, 'client_repository')
-  os.mkdir(server_repository_dir)
-  os.mkdir(client_repository_dir)
-
-
-  #  Make metadata directory inside client repository dir.
-  client_metadata_dir = os.path.join(client_repository_dir, 'metadata')
-  os.mkdir(client_metadata_dir)
-
-  #  Create a 'targets' directory.
-  targets = os.path.join(server_repository_dir, 'targets')
-  delegated_level1 = os.path.join(targets, 'delegated_level1')
-  delegated_level2 = os.path.join(delegated_level1, 'delegated_level2')
-  os.makedirs(delegated_level2)
-
-  #  Populate the project directory with files.
-  file_path_1 = tempfile.mkstemp(suffix='.txt', dir=targets)
-  file_path_2 = tempfile.mkstemp(suffix='.txt', dir=targets)
-  file_path_3 = tempfile.mkstemp(suffix='.txt', dir=delegated_level1)
-  file_path_4 = tempfile.mkstemp(suffix='.txt', dir=delegated_level2)
-
-  def data():
-    return 'Stored data: '+unittest_toolbox.Modified_TestCase.random_string()
-
-  file_1 = open(file_path_1[1], 'wb')
-  file_1.write(data())
-  file_1.close()
-  file_2 = open(file_path_2[1], 'wb')
-  file_2.write(data())
-  file_2.close()
-  file_3 = open(file_path_3[1], 'wb')
-  file_3.write(data())
-  file_3.close()
-  file_4 = open(file_path_4[1], 'wb')
-  file_4.write(data())
-  file_4.close()
-
-
-  #  Build server's repository.
-  build_server_repository(server_repository_dir, targets)
-
-  #  Build client's repository.
-  client_repository_include_all_role_files(repository_dir)
-
-  repositories = {'main_repository': repository_dir,
-                  'client_repository': client_repository_dir,
-                  'server_repository': server_repository_dir,
-                  'targets_directory': targets}
-
-  return repositories
-
-
-
-
-
-#  client_repository_include_all_role_files() copies all of the metadata file.
-def client_repository_include_all_role_files(repository_dir):
-  if repository_dir is None:
-    msg = ('Please provide main repository directory where client '+
-           'repository is located.')
-    sys.exit(msg)
-
-  #  Destination directories.
-  current_dir = os.path.join(repository_dir, 'client_repository', 'metadata',
-                             'current')
-  previous_dir = os.path.join(repository_dir, 'client_repository', 'metadata',
-                             'previous')
-  #  Source directory.
-  metadata_files = os.path.join(repository_dir, 'server_repository',
-                                'metadata')
-
-  #  Copy the whole source directory to destination directories.
-  shutil.copytree(metadata_files, current_dir)
-  shutil.copytree(metadata_files, previous_dir)
-
-
-
-
-
-#  Supply the main repository directory.
-def remove_all_repositories(repository_directory):
-  #  Check if 'repository_directory' is an existing directory.
-  if os.path.isdir(repository_directory):
-    shutil.rmtree(repository_directory)
-  else:
-    print '\nInvalid repository directory.'
-
-
-
-
-
-if __name__ == '__main__':
-  repos = create_repositories()
-  remove_all_repositories(repos['main_repository'])
diff --git a/tuf/tests/util_test_tools.py b/tuf/tests/util_test_tools.py
deleted file mode 100644
index 2b8834f0..00000000
--- a/tuf/tests/util_test_tools.py
+++ /dev/null
@@ -1,681 +0,0 @@
-"""
-<Program Name>
-  util_test_tools.py
-
-<Author>
-  Konstantin Andrianov
-
-<Started>
-  February 19, 2012
-
-<Copyright>
-  See LICENSE for licensing information.
-
-<Purpose>
-  A utility modules that provides convenient methods to make the laborious
-  process of test construction a bit easier.  
-
-  A structure that does NOT implementing TUF.  A direct download over http.
-  Repository + Server    <--------------->    Client
-
-  The TUF structure is described bellow in the class and tuf_tearDown() docs.
-  Repository + TUF + Server    <--------->    TUF + Client
-
-<Directories>
-  Initialized by init_repo()
-
-  The server is pointing to 'root_repo' directory, including the '/'.
-
-                          root_repo
-                              |
-           ----------------------------------------
-           |          |            |              |
-        reg_repo    tuf_repo    tuf_client     downloads
-
-  '{root_repo}/downloads/': stores all direct downloads made by the client.
-  '{root_repo}/tuf_downloads/': stores all downloads made by the client using
-  tuf.
-
-      
-                          reg_repo
-                              |
-                -----------------------------
-                |          |      ...       |
-            file(1)    file(2)    ...     file(n)
-
-  '{root_repo}/reg_repo/': main developer's repository that contains files or
-  updates that need to be distributed.
-
-
-                           tuf_repo
-                              |
-        --------------------------------------------
-        |                     |                    |
-    keystore              metadata              targets
-        |                     |                    |
-  key1.key ...          role.json ...           file(1) ...
-
-  '{root_repo}/tuf_repo/': developer's tuf-repository directory containing
-  following subdirectories:
-  '{root_repo}/tuf_repo/keystore/': directory where all signing keys are
-  stored.
-  '{root_repo}/tuf_repo/metadata/': directory where all metadata signed 
-  metadata files are stored.
-  '{root_repo}/tuf_repo/targets/': directory where all tuf verified files
-  are stored.
- 
-                          tuf_client
-                              |
-                           metadata
-                              |
-                  ---------------------------
-                  |                         |  
-               current                   previous
-                  |                         | 
-             role.json ...              role.json ...
-
-  '{root_repo}/tuf_client/': client directory containing tuf metadata.
-  '{root_repo}/tuf_client/metadata/current': directory where client stores 
-  latest metadata files.
-  '{root_repo}/tuf_client/metadata/current': directory where client stores 
-  previous metadata files.
-
-<Methods>
-  init_repo(using_tuf=True):
-    Initializes the repositories (depicted in the diagram above) and
-    starts the server process.  init_repo takes one boolean argument
-    which when True sets-up tuf repository i.e. adds all of the
-    directories that start with 'tuf_' in the root_repo (depicted above).
-    Returns a tuple - full path of the 'root_repo' directory, and the url.
-    This should be sufficient to construct the tests.
-
-  cleanup():
-    Deletes all of the created repositories and shuts down the server.
-
-  add_file_to_repository(data):
-    Adds a file to the 'reg_repo' directory and writes 'data' into it.
-    Returns full file path of the new file.
-
-  modify_file_at_repository(filepath, data):
-    Modifies a file at the 'reg_repo' directory by writing 'data' into it.
-    'filepath' has to be an existing file at the 'reg_repo' directory.
-    Returns full file path of the modified file.
-
-  delete_file_at_repository(filepath):
-    Deletes a file at the 'reg_repo' directory.
-    'filepath' has to be an existing file at the 'reg_repo' directory.
-
-  read_file_content(filepath):
-    Returns data string of the 'filepath' content.
-
-  init_tuf():
-    Builds tuf repository creating all necessary directories, metadata files,
-    and keys.
-
-  tuf_refresh_repo():
-    Refreshes metadata files at the 'tuf_repo' directory i.e. role.json's at
-    '{root_repo}/tuf_repo/metadata/'.  Following roles are refreshed:
-    targets, snapshot and timestamp.  Also, the whole 'reg_repo' directory is
-    copied to targets directory i.e. '{root_repo}/tuf_repo/targets/'.
-
-Note: metadata files are root.json, targets.json, snapshot.json and
-timestamp.json (denoted as 'role.json in the diagrams').  There could be
-more metadata files such us mirrors.json.  The metadata files are signed
-by their corresponding roles i.e. root, targets etc.
-
-More documentation is provided in the comment and doc blocks.
-
-"""
-
-import os
-import sys
-import time
-import shutil
-import random
-import logging
-import tempfile
-import subprocess
-import json
-
-import tuf
-import tuf.client.updater
-import tuf.formats
-import tuf.interposition
-import tuf.log
-import tuf.repo.signercli as signercli
-import tuf.repo.signerlib as signerlib
-import tuf.repo.keystore as keystore
-import tuf.util
-
-logger = logging.getLogger('tuf.tests.system_tests.util_test_tools')
-
-PASSWD = 'test'
-version = 1
-# Where we keep TUF configurations, if any, between every iteration.
-tuf_configurations = None
-
-
-def init_repo(using_tuf=False, port=None):
-  # Temp root directory for regular and tuf repositories.
-  # WARNING: tuf client stores files in '{root_repo}/downloads/' directory!
-  # Make sure regular download are NOT stored in the that directory when
-  # tuf stores its downloads there.  If regular download needs to happen at
-  # the time when tuf has or will have tuf downloads stored there, create
-  # a separate directory in {root_repo} to store regular downloads in.
-  # Ex: mkdir(root_repo, 'reg_downloads').
-  root_repo = tempfile.mkdtemp(dir=os.getcwd())
-  os.mkdir(os.path.join(root_repo, 'reg_repo'))
-  os.mkdir(os.path.join(root_repo, 'downloads'))
-  server_proc = None
-  if port is None:
-    # Start a simple server pointing to the repository directory.
-    port = random.randint(30000, 45000)
-    command = ['python', '-m', 'SimpleHTTPServer', str(port)]
-    server_proc = subprocess.Popen(command, stdout=subprocess.PIPE,
-                                   stderr=subprocess.PIPE)
-
-  # Tailor url for the repository.  In order to download a 'file.json' 
-  # from 'reg_repo' do: url+'reg_repo/file.json'
-  relpath = os.path.basename(root_repo)
-  url = 'http://localhost:'+str(port)+'/'+relpath+'/'
-
-  # NOTE: The delay is needed to make up for asynchronous subprocess.
-  # Otherwise following error might be raised:
-  #    <urlopen error [Errno 111] Connection refused>
-  time.sleep(.2)
-
-  keyids = None
-  if using_tuf:
-    # We remove the console handler so that tests are silent by default.
-    tuf.log.remove_console_handler()
-    keyids = init_tuf(root_repo)
-    create_interposition_config(root_repo, url)
-
-  return root_repo, url, server_proc, keyids
-
-
-
-
-
-def cleanup(root_repo, server_process=None):
-  global tuf_configurations
-
-  if server_process is not None:
-    if server_process.returncode is None:
-      server_process.kill()
-      
-    logger.info('Server terminated.\n')
-
-  # Clear the keystore.
-  keystore.clear_keystore()
-
-  # Deconfigure interposition.
-  if tuf_configurations is not None:
-    tuf.interposition.deconfigure(tuf_configurations)
-    tuf_configurations = None
-
-  # Removing repository directory.
-  try:
-    shutil.rmtree(root_repo)
-  except OSError, e:
-    pass
-
-
-
-
-
-def add_file_to_repository(directory, data='Test String'):
-  junk, filepath = tempfile.mkstemp(dir=directory)
-  fileobj = open(filepath, 'wb')
-  fileobj.write(data)
-  fileobj.close()
-  return filepath
-
-
-
-
-
-def modify_file_at_repository(filepath, data='Modified String'):
-  if not os.path.isfile(filepath):
-    msg = ('Cannot modify file path '+repr(filepath)+', it does not exist.')
-    sys.exit(msg)
-
-  fileobj = open(filepath, 'wb')
-  fileobj.write(data)
-  fileobj.close()
-  return filepath
-
-
-
-
-
-def delete_file_at_repository(filepath):
-  """
-  <Purpose>
-    Attempt to delete a file at the repository setup_info['repo_path'].
-
-  """
-
-  if not os.path.isfile(filepath):
-    msg = ('Cannot remove file path '+repr(filepath)+', it does not exist.')
-    sys.exit(msg)
-
-  os.remove(filepath)
-
-
-
-
-
-def read_file_content(filepath):
-  if not os.path.isfile(filepath):
-    msg = ('File path '+repr(filepath)+' does not exist.  '+
-           'Provide a valid file to read.')
-    sys.exit(msg)
-
-  fileobj = open(filepath, 'rb')
-  data = fileobj.read()
-  fileobj.close()
-  return data
-
-
-
-
-
-def init_tuf(root_repo):
-  """
-  <Purpose>
-    Setup TUF directory structure and populated it with TUF metadata and 
-    congfiguration files.
-
-  """ 
-
-  threshold = 1
-  global version
-  version = version+1
-  expiration = tuf.formats.format_time(time.time()+86400)
-
-  # Setup TUF-repo directory structure.
-  tuf_repo = os.path.join(root_repo, 'tuf_repo')
-  keystore_dir = os.path.join(tuf_repo, 'keystore')
-  metadata_dir = os.path.join(tuf_repo, 'metadata')
-  targets_dir = os.path.join(tuf_repo, 'targets')
-
-  os.mkdir(tuf_repo)
-  os.mkdir(keystore_dir)
-  os.mkdir(metadata_dir)
-  shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)
-
-  # Setting TUF-client directory structure.
-  # 'tuf.client.updater.py' expects the 'current' and 'previous'
-  # directories to exist under client's 'metadata' directory.
-  tuf_client = os.path.join(root_repo, 'tuf_client')
-  tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
-  current_dir = os.path.join(tuf_client_metadata_dir, 'current')
-  previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
-  os.makedirs(tuf_client_metadata_dir)
-
-  # Generate at least one rsa key.
-  key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD)
-  keyids = [key['keyid']]
-
-  # Set role info.
-  info = {'keyids': [key['keyid']], 'threshold': threshold}
-
-  # 'role_info' dictionary looks like this:
-  # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
-  # In our case 'role_info[keyids]' will only have on entry since only one
-  # is being used.
-  role_info = {}
-  role_list = ['root', 'targets', 'snapshot', 'timestamp']
-  for role in role_list:
-    role_info[role] = info
-
-  # At this point there is enough information to create TUF configuration 
-  # and metadata files.
-
-  # Build the configuration file.
-  conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)
-
-  # Generate the 'root.json' metadata file.
-  signerlib.build_root_file(conf_path, keyids, metadata_dir, version)
-
-  # Generate the 'targets.json' metadata file. 
-  signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version,
-                               expiration)
-
-  # Generate the 'snapshot.json' metadata file.
-  signerlib.build_snapshot_file(keyids, metadata_dir, version, expiration)
-
-  # Generate the 'timestamp.json' metadata file.
-  signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
-
-  # Move the metadata to the client's 'current' and 'previous' directories.
-  shutil.copytree(metadata_dir, current_dir)
-  shutil.copytree(metadata_dir, previous_dir)
-
-  # The repository is now setup!
-  return keyids
-
-
-
-
-
-def create_interposition_config(root_repo, url):
-  """
-  <Purpose>
-    Create a configuration file for tuf interposition.
-    Usage:
-       from tuf.interposition import urllib_tuf 
-       (urllib_tuf replaces urllib module)
-       urllib_tuf.urlretrieve(url, filename)
-
-  """
-
-  global tuf_configurations
-
-  tuf_repo = os.path.join(root_repo, 'tuf_repo')
-  tuf_client = os.path.join(root_repo, 'tuf_client')
-
-  # Here is a mirrors dictionary that will allow a client to seek out
-  # places to download the metadata and targets from.
-  tuf_repo_relpath = os.path.basename(tuf_repo)
-  tuf_url = url+tuf_repo_relpath
-
-  # Adjusting configuration file (tuf.conf.py).
-  tuf.conf.repository_directory = tuf_client
-
-  # In order to implement interposition we need to have a config file with
-  # the following dictionary JSON-serialized.
-  hostname = 'localhost:9999'
-  interposition_dict = {"configurations":
-                          {hostname: 
-                            {"repository_directory": tuf_client+'/',
-                             "repository_mirrors" : 
-                              {"mirror1": 
-                                {"url_prefix": tuf_url,
-                                 "metadata_path": "metadata",
-                                 "targets_path": "targets",
-                                 "confined_target_dirs": [ "" ]}}}}}
-
-  # We write the interposition JSON configuration at a deterministic location.
-  interpose_json = os.path.join(root_repo, 'tuf.interposition.json')
-  with open(interpose_json, 'wb') as fileobj:
-    tuf.util.json.dump(interposition_dict, fileobj)
-
-  assert tuf_configurations is None
-  tuf_configurations = tuf.interposition.configure(filename=interpose_json)
-
-
-
-
-
-def tuf_refresh_repo(root_repo, keyids):
-  """
-  <Purpose>
-    Update TUF metadata files.  Call this method whenever targets files have
-    changed in the 'reg_repo'.
-
-  """
-
-  global version
-  expiration = tuf.formats.format_time(time.time()+86400)
-
-  reg_repo = os.path.join(root_repo, 'reg_repo')
-  tuf_repo = os.path.join(root_repo, 'tuf_repo')
-  targets_dir = os.path.join(tuf_repo, 'targets')
-  metadata_dir = os.path.join(tuf_repo, 'metadata')
-
-  for directory in [reg_repo, tuf_repo, targets_dir, metadata_dir]:
-    if not os.path.isdir(directory):
-      msg = ('Directory '+repr(directory)+' does not exist.  '+
-             'Verify that all directories were setup properly.')
-      raise OSError(msg)
-
-  shutil.rmtree(targets_dir)
-  shutil.copytree(reg_repo, targets_dir)
-
-  version = version+1
-  # Regenerate the 'targets.json' metadata file.
-  signerlib.build_targets_file([targets_dir], keyids, metadata_dir,
-                               version, expiration)
-
-  # Regenerate the 'snapshot.json' metadata file.
-  signerlib.build_snapshot_file(keyids, metadata_dir, version, expiration)
-
-  # Regenerate the 'timestamp.json' metadata file.
-  signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
-
-
-
-
-
-
-def tuf_refresh_snapshot_timestamp(metadata_dir, keyids):
-  # Regenerate the 'snapshot.json' metadata file.
-  signerlib.build_snapshot_file(keyids, metadata_dir)
-
-
-
-def tuf_refresh_and_download():
-  """
-  Combines tuf_refresh_repo(), tuf_refresh_client_metadata(), and
-  tuf_download_updates().
-  Returns 'tuf_downloads' directory.
-  """
-  tuf_refresh_repo()
-  tuf_refresh_client_metadata()
-  tuf_download_updates()
-  return setup_info['downloads']
-
-
-
-def _get_metadata_directory(metadata_dir):
-  def _mock_get_meta_dir(directory=metadata_dir):
-    return directory
-  #  Patch signercli._get_metadata_directory()
-  signercli._get_metadata_directory = _mock_get_meta_dir
-
-
-#  This method patches signercli._prompt() that are called from
-#  make_role_metadata methods (e.g., tuf.signercli.make_root_metadata()).
-def _make_metadata_mock_prompts(targets_dir, conf_path, expiration):
-  def _mock_prompt(msg, junk):
-    if msg.startswith('\nInput may be a directory, directories, or any'):
-      return targets_dir
-    elif msg.startswith('\nEnter the configuration file path'):
-      return conf_path
-    elif msg.startswith('\nCurrent time: '):
-      return expiration
-    else:
-      error_msg = ('Prompt: '+'\''+msg[1:]+'\''+
-          ' did not match any predefined mock prompts.')
-      self.fail(error_msg)
-
-  #  Patch signercli._prompt().
-  signercli._prompt = _mock_prompt
-
-
-
-def _get_password(password):
-  #  Mock '_get_password' method.
-  def _mock_get_password(msg, password=password):
-    return password
-  #  Monkey patch '_prompt'.
-  signercli._get_password = _mock_get_password
-
-
-
-def _make_role_metadata_wrapper(root_repo, func):
-  expiration = tuf.formats.format_time(time.time()+86400)
-  expiration = expiration[0:expiration.rfind(' UTC')]
-  original_get_metadata_directory = signercli._get_metadata_directory
-  original_prompt = signercli._prompt
-  original_get_password = signercli._get_password
-
-  tuf_repo = os.path.join(root_repo, 'tuf_repo')
-  reg_repo = os.path.join(root_repo, 'reg_repo')
-  targets_dir = os.path.join(tuf_repo, 'targets')
-  metadata_dir = os.path.join(tuf_repo, 'metadata')
-  keystore_dir = os.path.join(tuf_repo, 'keystore')
-  conf_path = os.path.join(metadata_dir, 'config.cfg')
-
-  _get_metadata_directory(metadata_dir)
-  _get_password(PASSWD)
-
-  if func.__name__ == 'make_targets_metadata':
-    shutil.rmtree(targets_dir)
-    shutil.copytree(reg_repo, targets_dir)
-    _make_metadata_mock_prompts(targets_dir, conf_path, expiration)
-  else:
-    _make_metadata_mock_prompts(reg_repo, conf_path, expiration)
-
-  func(keystore_dir)
-
-  keystore.clear_keystore()
-  signercli._get_password = original_get_password
-  signercli._prompt = original_prompt
-  signercli._get_metadata_directory = original_get_metadata_directory
-
-
-
-def make_targets_meta(root_repo):
-  _make_role_metadata_wrapper(root_repo, signercli.make_targets_metadata)
-
-
-def make_snapshot_meta(root_repo):
-  _make_role_metadata_wrapper(root_repo, signercli.make_snapshot_metadata)
-
-
-def make_timestamp_meta(root_repo):
-  _make_role_metadata_wrapper(root_repo, signercli.make_timestamp_metadata)
-
-
-
-
-def create_delegation(tuf_repo, delegated_targets_path, keyid, keyid_password,
-                      parent_role, new_role_name, expiration_date):
-  keystore_dir = os.path.join(tuf_repo, 'keystore')
-  metadata_dir = os.path.join(tuf_repo, 'metadata')
-
-  original_get_metadata_directory = signercli._get_metadata_directory
-  original_prompt = signercli._prompt
-  original_get_password = signercli._get_password
-  original_get_keyids = signercli._get_keyids
-
-  #  Patch signercli._get_metadata_directory()
-  _get_metadata_directory(metadata_dir)
-
-
-  #  Mock method for signercli._prompt().
-  def _mock_prompt(msg, junk, targets_path=delegated_targets_path,
-                  parent_role=parent_role, new_role_name=new_role_name,
-                  expiration=expiration_date):
-    if msg.startswith('\nThe paths entered below should be located'):
-      return targets_path
-    elif msg.startswith('\nChoose and enter the parent'):
-      return parent_role
-    elif msg.startswith('\nEnter the delegated role\'s name: '):
-      return new_role_name
-    elif msg.startswith('\nCurrent time: '):
-      return expiration
-    else:
-      error_msg = ('Prompt: '+'\''+msg+'\''+
-                   ' did not match any predefined mock prompts.')
-      sys.exit(error_msg)
-
-  #  Patch signercli._prompt().
-  signercli._prompt = _mock_prompt
-
-
-  #  Mock method for signercli._get_password().
-  def _mock_get_password(msg, keyid=keyid, password=keyid_password):
-    _keyid = keyid[0]
-    if msg.endswith('('+_keyid+'): '):
-      return keyid_password
-    else:
-      return PASSWD  # password for targets' keyid.
-
-  #  Patch signercli._get_password().
-  signercli._get_password = _mock_get_password
-
-
-  #  Method to patch signercli._get_keyids()
-  def _mock_get_keyid(junk, keyid=keyid):
-    return keyid
-
-  #  Patch signercli._get_keyids().
-  signercli._get_keyids = _mock_get_keyid
-
-  signercli.make_delegation(keystore_dir)
-
-  keystore.clear_keystore()
-  signercli._get_keyids = original_get_keyids
-  signercli._get_password = original_get_password
-  signercli._prompt = original_prompt
-  signercli._get_metadata_directory = original_get_metadata_directory
-
-
-def update_target_in_metadata(signee_filepath, signer_filepath):
-  """
-  <Purpose>
-    Update targets metadata to reflect a modified target's new hash and length,
-    WITHOUT signing it. This is meant to simulate something a clever attacker
-    might do.
-
-  <Arguments>
-    signee_filepath:
-      filepath of the target file that has been modified since the metadata was
-      generated
-    
-    signer_filepath:
-      filepath of the targets role that signs the modified file
-  """
-
-  signer_file = open(signer_filepath, 'r+')
-  metadata = json.load(signer_file)
-
-  modified_file_length, modified_file_hash =\
-                                tuf.util.get_file_details(signee_filepath)
-
-  # Modify the metadata to reflect signee's new hash and length.
-  signee_basename = os.path.basename(signee_filepath)
-  metadata['signed']['targets'][signee_basename]['hashes'] = modified_file_hash
-  metadata['signed']['targets'][signee_basename]['length'] =\
-                                                          modified_file_length
-
-  # Rewrite signer using the modified metadata.
-  signer_file.seek(0)
-  json.dump(metadata, signer_file, indent=1, sort_keys=True)
-  signer_file.close()
-
-
-def update_role_in_metadata(signee_filepath, signer_filepath):
-  """
-  <Purpose>
-    Update metadata to reflect another metadata file's new hash and length,
-    WITHOUT signing it. This is meant to simulate something a clever attacker
-    might do.
-
-  <Arguments>
-    signee_filepath:
-      filepath of the role metadata that has been modified since the metadata
-      was generated
-    signer_filepath:
-      filepath of the role that signs the modified file
-  """
-
-  signer_file = open(signer_filepath, 'r+')
-  metadata = json.load(signer_file)
-
-  modified_file_length, modified_file_hash =\
-                                tuf.util.get_file_details(signee_filepath)
-
-  # Modify the metadata to reflect signee's new hash and length.
-  signee_basename = os.path.basename(signee_filepath)
-  metadata['signed']['meta'][signee_basename]['hashes'] = modified_file_hash
-  metadata['signed']['meta'][signee_basename]['length'] = modified_file_length
-
-  # Rewrite signer using the modified metadata.
-  signer_file.seek(0)
-  json.dump(metadata, signer_file, indent=1, sort_keys=True)
-  signer_file.close()
diff --git a/tuf/time_ed25519.py b/tuf/time_ed25519.py
deleted file mode 100755
index 89e8e726..00000000
--- a/tuf/time_ed25519.py
+++ /dev/null
@@ -1,38 +0,0 @@
-from __future__ import print_function, absolute_import, division
-import sys
-import timeit
-
-import tuf
-from tuf.ed25519_keys import *
-
-use_pynacl = False
-if '--pynacl' in sys.argv:
-  use_pynacl = True
-  
-print('Time generate_public_and_private()')
-print(timeit.timeit('generate_public_and_private(use_pynacl)',
-                    setup='from __main__ import generate_public_and_private, \
-                                                use_pynacl',
-                    number=1))
-
-print('\nTime create_signature()')
-print(timeit.timeit('create_signature(public, private, data, use_pynacl)',
-                    setup='from __main__ import generate_public_and_private, \
-                                                create_signature, \
-                                                use_pynacl; \
-                          public, private = \
-                            generate_public_and_private(use_pynacl); \
-                          data = "The quick brown fox jumps over the lazy dog"',
-                    number=1))
-
-print('\nTime verify_signature()')
-print(timeit.timeit('verify_signature(public, method, signature, data, use_pynacl)',
-                    setup='from __main__ import generate_public_and_private, \
-                                                create_signature, \
-                                                verify_signature, use_pynacl; \
-                          public, private = \
-                            generate_public_and_private(use_pynacl); \
-                          data = "The quick brown fox jumps over the lazy dog";\
-                          signature, method = \
-                            create_signature(public, private, data, use_pynacl)',
-                    number=1))