void SecurityManager::verifyPIB(dtn::data::Bundle &bundle) const throw (VerificationFailedException)
		{
			IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify signed bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

			// iterate through all blocks
			for (dtn::data::Bundle::iterator it = bundle.begin(); it != bundle.end();)
			{
				const dtn::data::Block &block = (**it);

				if (block.getType() == dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) {
					// payload after a PCB can not verified until the payload is decrypted
					break;
				}

				try {
					const dtn::security::PayloadIntegrityBlock& pib = dynamic_cast<const dtn::security::PayloadIntegrityBlock&>(block);

					const SecurityKey key = SecurityKeyManager::getInstance().get(pib.getSecuritySource(bundle), SecurityKey::KEY_PUBLIC);

					// try to verify the bundle with the key for the current PIB
					dtn::security::PayloadIntegrityBlock::verify(bundle, key);

					// if we are the security destination
					if (pib.isSecurityDestination(bundle, dtn::core::BundleCore::local)) {
						// remove the valid PIB
						bundle.erase(it++);
					} else {
						++it;
					}

					// set the verify bit, after verification
					bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, true);

					IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 5) << "Bundle " << bundle.toString() << " successfully verified" << IBRCOMMON_LOGGER_ENDL;
					continue;
				} catch (const dtn::security::VerificationSkippedException&) {
					// un-set the verify bit
					bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
				} catch (const SecurityKey::KeyNotFoundException&) {
					// un-set the verify bit
					bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
				} catch (const std::bad_cast&) {
					// current block is not a PIB
				}

				++it;
			}
		}
		void BundleAuthenticationBlock::strip(dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key)
		{
			// store the correlator of the verified BABs
			dtn::data::Number correlator;

			// verify the babs of the bundle
			verify(bundle, key, correlator);

			// iterate over all BABs
			dtn::data::Bundle::find_iterator it(bundle.begin(), BundleAuthenticationBlock::BLOCK_TYPE);
			while (it.next(bundle.end()))
			{
				const BundleAuthenticationBlock &bab = dynamic_cast<const BundleAuthenticationBlock&>(**it);

				// if the correlator is already authenticated, then remove the BAB
				if ((bab._ciphersuite_flags & SecurityBlock::CONTAINS_CORRELATOR) && (bab._correlator == correlator))
				{
					bundle.erase(it);
				}
			}
		}
		void BundleAuthenticationBlock::strip(dtn::data::Bundle& bundle)
		{
			bundle.erase(std::remove(bundle.begin(), bundle.end(), BundleAuthenticationBlock::BLOCK_TYPE), bundle.end());
		}
		void PayloadIntegrityBlock::strip(dtn::data::Bundle& bundle)
		{
			bundle.erase(std::remove(bundle.begin(), bundle.end(), PayloadIntegrityBlock::BLOCK_TYPE), bundle.end());
		}