diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
index 7de82e353..6607bb017 100644
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@@ -68,7 +68,8 @@ sa/ike_sa.c sa/ike_sa.h \
 sa/ike_sa_id.c sa/ike_sa_id.h \
 sa/ike_sa_manager.c sa/ike_sa_manager.h \
 sa/task_manager.h sa/task_manager_v2.c sa/task_manager_v2.h \
-sa/task_manager_v1.c sa/task_manager_v1.h sa/keymat.c sa/keymat.h \
+sa/task_manager_v1.c sa/task_manager_v1.h \
+sa/keymat.h sa/keymat_v2.c sa/keymat_v2.h \
 sa/shunt_manager.c sa/shunt_manager.h \
 sa/trap_manager.c sa/trap_manager.h \
 sa/tasks/child_create.c sa/tasks/child_create.h \
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 03d834538..ee3220d1b 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -28,6 +28,7 @@
 #include <daemon.h>
 #include <utils/linked_list.h>
 #include <utils/lexparser.h>
+#include <sa/keymat_v2.h>
 #include <sa/task_manager_v2.h>
 #include <sa/tasks/ike_init.h>
 #include <sa/tasks/ike_natd.h>
@@ -713,7 +714,7 @@ METHOD(ike_sa_t, reset, void,
 	flush_auth_cfgs(this);
 
 	this->keymat->destroy(this->keymat);
-	this->keymat = keymat_create(this->ike_sa_id->is_initiator(this->ike_sa_id));
+	this->keymat = &(keymat_v2_create(this->ike_sa_id->is_initiator(this->ike_sa_id))->keymat);
 
 	this->task_manager->reset(this->task_manager, 0, 0);
 }
@@ -2195,7 +2196,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 		.other_host = host_create_any(AF_INET),
 		.my_id = identification_create_from_encoding(ID_ANY, chunk_empty),
 		.other_id = identification_create_from_encoding(ID_ANY, chunk_empty),
-		.keymat = keymat_create(ike_sa_id->is_initiator(ike_sa_id)),
 		.state = IKE_CREATED,
 		.stats[STAT_INBOUND] = time_monotonic(NULL),
 		.stats[STAT_OUTBOUND] = time_monotonic(NULL),
@@ -2209,6 +2209,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 		.keepalive_interval = lib->settings->get_time(lib->settings,
 									"charon.keep_alive", KEEPALIVE_INTERVAL),
 	);
+	this->keymat = &(keymat_v2_create(ike_sa_id->is_initiator(ike_sa_id))->keymat);
 	this->task_manager = &(task_manager_v2_create(&this->public)->task_manager);
 	this->my_host->set_port(this->my_host, IKEV2_UDP_PORT);
 
diff --git a/src/libcharon/sa/keymat.h b/src/libcharon/sa/keymat.h
index 11e0fa79a..c50d93322 100644
--- a/src/libcharon/sa/keymat.h
+++ b/src/libcharon/sa/keymat.h
@@ -147,12 +147,4 @@ struct keymat_t {
 	void (*destroy)(keymat_t *this);
 };
 
-/**
- * Create a keymat instance.
- *
- * @param initiator		TRUE if we are the initiator
- * @return				keymat instance
- */
-keymat_t *keymat_create(bool initiator);
-
 #endif /** KEYMAT_H_ @}*/
diff --git a/src/libcharon/sa/keymat.c b/src/libcharon/sa/keymat_v2.c
similarity index 93%
rename from src/libcharon/sa/keymat.c
rename to src/libcharon/sa/keymat_v2.c
index 33ece24b2..562a72f14 100644
--- a/src/libcharon/sa/keymat.c
+++ b/src/libcharon/sa/keymat_v2.c
@@ -13,22 +13,22 @@
  * for more details.
  */
 
-#include "keymat.h"
+#include "keymat_v2.h"
 
 #include <daemon.h>
 #include <crypto/prf_plus.h>
 
-typedef struct private_keymat_t private_keymat_t;
+typedef struct private_keymat_v2_t private_keymat_v2_t;
 
 /**
  * Private data of an keymat_t object.
  */
-struct private_keymat_t {
+struct private_keymat_v2_t {
 
 	/**
-	 * Public keymat_t interface.
+	 * Public keymat_v2_t interface.
 	 */
-	keymat_t public;
+	keymat_v2_t public;
 
 	/**
 	 * IKE_SA Role, initiator or responder
@@ -125,7 +125,7 @@ static int lookup_keylen(keylen_entry_t *list, int algo)
 }
 
 METHOD(keymat_t, create_dh, diffie_hellman_t*,
-	private_keymat_t *this, diffie_hellman_group_t group)
+	private_keymat_v2_t *this, diffie_hellman_group_t group)
 {
 	return lib->crypto->create_dh(lib->crypto, group);;
 }
@@ -133,7 +133,7 @@ METHOD(keymat_t, create_dh, diffie_hellman_t*,
 /**
  * Derive IKE keys for a combined AEAD algorithm
  */
-static bool derive_ike_aead(private_keymat_t *this, u_int16_t alg,
+static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg,
 							u_int16_t key_size, prf_plus_t *prf_plus)
 {
 	aead_t *aead_i, *aead_r;
@@ -177,7 +177,7 @@ static bool derive_ike_aead(private_keymat_t *this, u_int16_t alg,
 /**
  * Derive IKE keys for traditional encryption and MAC algorithms
  */
-static bool derive_ike_traditional(private_keymat_t *this, u_int16_t enc_alg,
+static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
 					u_int16_t enc_size, u_int16_t int_alg, prf_plus_t *prf_plus)
 {
 	crypter_t *crypter_i, *crypter_r;
@@ -245,7 +245,7 @@ static bool derive_ike_traditional(private_keymat_t *this, u_int16_t enc_alg,
 }
 
 METHOD(keymat_t, derive_ike_keys, bool,
-	private_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+	private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh,
 	chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
 	pseudo_random_function_t rekey_function, chunk_t rekey_skd)
 {
@@ -421,7 +421,7 @@ METHOD(keymat_t, derive_ike_keys, bool,
 }
 
 METHOD(keymat_t, derive_child_keys, bool,
-	private_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+	private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh,
 	chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
 	chunk_t *encr_r, chunk_t *integ_r)
 {
@@ -526,20 +526,20 @@ METHOD(keymat_t, derive_child_keys, bool,
 }
 
 METHOD(keymat_t, get_skd, pseudo_random_function_t,
-	private_keymat_t *this, chunk_t *skd)
+	private_keymat_v2_t *this, chunk_t *skd)
 {
 	*skd = this->skd;
 	return this->prf_alg;
 }
 
 METHOD(keymat_t, get_aead, aead_t*,
-	private_keymat_t *this, bool in)
+	private_keymat_v2_t *this, bool in)
 {
 	return in ? this->aead_in : this->aead_out;
 }
 
 METHOD(keymat_t, get_auth_octets, chunk_t,
-	private_keymat_t *this, bool verify, chunk_t ike_sa_init,
+	private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
 	chunk_t nonce, identification_t *id, char reserved[3])
 {
 	chunk_t chunk, idx, octets;
@@ -569,7 +569,7 @@ METHOD(keymat_t, get_auth_octets, chunk_t,
 #define IKEV2_KEY_PAD_LENGTH 17
 
 METHOD(keymat_t, get_psk_sig, chunk_t,
-	private_keymat_t *this, bool verify, chunk_t ike_sa_init,
+	private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
 	chunk_t nonce, chunk_t secret, identification_t *id, char reserved[3])
 {
 	chunk_t key_pad, key, sig, octets;
@@ -595,7 +595,7 @@ METHOD(keymat_t, get_psk_sig, chunk_t,
 }
 
 METHOD(keymat_t, destroy, void,
-	private_keymat_t *this)
+	private_keymat_v2_t *this)
 {
 	DESTROY_IF(this->aead_in);
 	DESTROY_IF(this->aead_out);
@@ -609,20 +609,22 @@ METHOD(keymat_t, destroy, void,
 /**
  * See header
  */
-keymat_t *keymat_create(bool initiator)
+keymat_v2_t *keymat_v2_create(bool initiator)
 {
-	private_keymat_t *this;
+	private_keymat_v2_t *this;
 
 	INIT(this,
 		.public = {
-			.create_dh = _create_dh,
-			.derive_ike_keys = _derive_ike_keys,
-			.derive_child_keys = _derive_child_keys,
-			.get_skd = _get_skd,
-			.get_aead = _get_aead,
-			.get_auth_octets = _get_auth_octets,
-			.get_psk_sig = _get_psk_sig,
-			.destroy = _destroy,
+			.keymat = {
+				.create_dh = _create_dh,
+				.derive_ike_keys = _derive_ike_keys,
+				.derive_child_keys = _derive_child_keys,
+				.get_skd = _get_skd,
+				.get_aead = _get_aead,
+				.get_auth_octets = _get_auth_octets,
+				.get_psk_sig = _get_psk_sig,
+				.destroy = _destroy,
+			},
 		},
 		.initiator = initiator,
 		.prf_alg = PRF_UNDEFINED,
@@ -630,4 +632,3 @@ keymat_t *keymat_create(bool initiator)
 
 	return &this->public;
 }
-
diff --git a/src/libcharon/sa/keymat_v2.h b/src/libcharon/sa/keymat_v2.h
new file mode 100644
index 000000000..6026a0296
--- /dev/null
+++ b/src/libcharon/sa/keymat_v2.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup keymat_v2 keymat_v2
+ * @{ @ingroup sa
+ */
+
+#ifndef KEYMAT_V2_H_
+#define KEYMAT_V2_H_
+
+#include <sa/keymat.h>
+
+typedef struct keymat_v2_t keymat_v2_t;
+
+/**
+ * Derivation and management of sensitive keying material, IKEv2 variant.
+ */
+struct keymat_v2_t {
+
+	/**
+	 * Implements keymat_t.
+	 */
+	keymat_t keymat;
+};
+
+/**
+ * Create a keymat instance.
+ *
+ * @param initiator			TRUE if we are the initiator
+ * @return					keymat instance
+ */
+keymat_v2_t *keymat_v2_create(bool initiator);
+
+#endif /** KEYMAT_V2_H_ @}*/