diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java
index 706b30d05..f9439e338 100644
--- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java
+++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java
@@ -54,6 +54,16 @@ public class KeychainContract {
         String RANK = "rank";
     }
 
+    interface CertsColumns {
+        String KEY_RING_ROW_ID = "key_ring_row_id"; // verified id, foreign key to key_rings._ID
+        String RANK = "rank"; // rank of verified key
+        String KEY_ID = "key_id"; // verified id, not a database id
+        String KEY_ID_CERTIFIER = "key_id_certifier"; // verifying id, not a database id
+        String CREATION = "creation";
+        String VERIFIED = "verified";
+        String KEY_DATA = "key_data"; // certification blob
+    }
+
     interface ApiAppsColumns {
         String PACKAGE_NAME = "package_name";
         String PACKAGE_SIGNATURE = "package_signature";
@@ -82,6 +92,8 @@ public class KeychainContract {
 
     public static final String PATH_BY_MASTER_KEY_ID = "master_key_id";
     public static final String PATH_BY_KEY_ID = "key_id";
+    public static final String PATH_BY_KEY_ROW_ID = "key_row_id";
+    public static final String PATH_BY_CERTIFIER_ID = "certifier_id";
     public static final String PATH_BY_EMAILS = "emails";
     public static final String PATH_BY_LIKE_EMAIL = "like_email";
 
@@ -91,6 +103,8 @@ public class KeychainContract {
     public static final String BASE_API_APPS = "api_apps";
     public static final String PATH_BY_PACKAGE_NAME = "package_name";
 
+    public static final String BASE_CERTS = "certs";
+
     public static class KeyRings implements KeyRingsColumns, BaseColumns {
         public static final Uri CONTENT_URI = BASE_CONTENT_URI_INTERNAL.buildUpon()
                 .appendPath(BASE_KEY_RINGS).build();
@@ -260,6 +274,32 @@ public class KeychainContract {
         }
     }
 
+    public static class Certs implements CertsColumns, BaseColumns {
+        public static final Uri CONTENT_URI = BASE_CONTENT_URI_INTERNAL.buildUpon()
+                .appendPath(BASE_CERTS).build();
+
+        // do we even need this one...? just using it as default for database insert notifications~
+        public static Uri buildCertsUri(String rowId) {
+            return CONTENT_URI.buildUpon().appendPath(rowId).build();
+        }
+
+        public static Uri buildCertsByKeyRowIdUri(String keyRingRowId) {
+            return CONTENT_URI.buildUpon().appendPath(PATH_BY_KEY_ROW_ID)
+                    .appendPath(keyRingRowId).build();
+        }
+
+        public static Uri buildCertsByKeyIdUri(String keyId) {
+            return CONTENT_URI.buildUpon().appendPath(PATH_BY_KEY_ID).appendPath(keyId)
+                    .build();
+        }
+
+        public static Uri buildCertsByCertifierKeyIdUri(String keyId) {
+            return CONTENT_URI.buildUpon().appendPath(PATH_BY_CERTIFIER_ID).appendPath(keyId)
+                    .build();
+        }
+
+    }
+
     public static class DataStream {
         public static final Uri CONTENT_URI = BASE_CONTENT_URI_INTERNAL.buildUpon()
                 .appendPath(BASE_DATA).build();
diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java
index 5f18ed6f9..1a2853dbe 100644
--- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java
+++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java
@@ -22,6 +22,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.ApiAppsColumns;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRingsColumns;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeysColumns;
 import org.sufficientlysecure.keychain.provider.KeychainContract.UserIdsColumns;
+import org.sufficientlysecure.keychain.provider.KeychainContract.CertsColumns;
 import org.sufficientlysecure.keychain.util.Log;
 
 import android.content.Context;
@@ -31,13 +32,14 @@ import android.provider.BaseColumns;
 
 public class KeychainDatabase extends SQLiteOpenHelper {
     private static final String DATABASE_NAME = "apg.db";
-    private static final int DATABASE_VERSION = 7;
+    private static final int DATABASE_VERSION = 8;
 
     public interface Tables {
         String KEY_RINGS = "key_rings";
         String KEYS = "keys";
         String USER_IDS = "user_ids";
         String API_APPS = "api_apps";
+        String CERTS = "certs";
     }
 
     private static final String CREATE_KEY_RINGS = "CREATE TABLE IF NOT EXISTS " + Tables.KEY_RINGS
@@ -83,6 +85,18 @@ public class KeychainDatabase extends SQLiteOpenHelper {
             + ApiAppsColumns.HASH_ALORITHM + " INTEGER, "
             + ApiAppsColumns.COMPRESSION + " INTEGER)";
 
+    private static final String CREATE_CERTS = "CREATE TABLE IF NOT EXISTS " + Tables.CERTS
+            + " (" + BaseColumns._ID + " INTEGER PRIMARY KEY AUTOINCREMENT, "
+            + CertsColumns.KEY_RING_ROW_ID + " INTEGER NOT NULL "
+                + " REFERENCES " + Tables.KEY_RINGS + "(" + BaseColumns._ID + ") ON DELETE CASCADE, "
+            + CertsColumns.KEY_ID + " INTEGER, " // certified key
+            + CertsColumns.RANK + " INTEGER, " // key rank of certified uid
+            + CertsColumns.KEY_ID_CERTIFIER + " INTEGER, " // certifying key
+            + CertsColumns.CREATION + " INTEGER, "
+            + CertsColumns.VERIFIED + " INTEGER, "
+            + CertsColumns.KEY_DATA+ " BLOB)";
+
+
     KeychainDatabase(Context context) {
         super(context, DATABASE_NAME, null, DATABASE_VERSION);
     }
@@ -95,6 +109,7 @@ public class KeychainDatabase extends SQLiteOpenHelper {
         db.execSQL(CREATE_KEYS);
         db.execSQL(CREATE_USER_IDS);
         db.execSQL(CREATE_API_APPS);
+        db.execSQL(CREATE_CERTS);
     }
 
     @Override
@@ -134,6 +149,11 @@ public class KeychainDatabase extends SQLiteOpenHelper {
                     db.execSQL("ALTER TABLE " + Tables.KEYS + " ADD COLUMN " + KeysColumns.FINGERPRINT
                             + " BLOB;");
                     break;
+                case 7:
+                    // new table: certs
+                    db.execSQL(CREATE_CERTS);
+
+                    break;
                 default:
                     break;
 
diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java
index 85e01ae53..bd74de1d7 100644
--- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java
+++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java
@@ -29,6 +29,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.Keys;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeysColumns;
 import org.sufficientlysecure.keychain.provider.KeychainContract.UserIds;
 import org.sufficientlysecure.keychain.provider.KeychainContract.UserIdsColumns;
+import org.sufficientlysecure.keychain.provider.KeychainContract.Certs;
 import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables;
 import org.sufficientlysecure.keychain.util.Log;
 
@@ -83,6 +84,11 @@ public class KeychainProvider extends ContentProvider {
 
     private static final int UNIFIED_KEY_RING = 401;
 
+    private static final int CERTS = 401;
+    private static final int CERTS_BY_KEY_ID = 402;
+    private static final int CERTS_BY_ROW_ID = 403;
+    private static final int CERTS_BY_CERTIFIER_ID = 404;
+
     // private static final int DATA_STREAM = 401;
 
     protected UriMatcher mUriMatcher;
@@ -238,6 +244,20 @@ public class KeychainProvider extends ContentProvider {
         matcher.addURI(authority, KeychainContract.BASE_KEY_RINGS + "/"
                 + KeychainContract.PATH_UNIFIED, UNIFIED_KEY_RING);
 
+        /**
+         * certifications
+         * <pre>
+         *
+         * key_rings/unified
+         *
+         */
+        matcher.addURI(authority, KeychainContract.BASE_CERTS, CERTS);
+        matcher.addURI(authority, KeychainContract.BASE_CERTS + "/#", CERTS_BY_ROW_ID);
+        matcher.addURI(authority, KeychainContract.BASE_CERTS + "/"
+                + KeychainContract.PATH_BY_KEY_ID + "/#", CERTS_BY_KEY_ID);
+        matcher.addURI(authority, KeychainContract.BASE_CERTS + "/"
+                + KeychainContract.PATH_BY_CERTIFIER_ID + "/#", CERTS_BY_CERTIFIER_ID);
+
         /**
          * data stream
          *
@@ -783,6 +803,12 @@ public class KeychainProvider extends ContentProvider {
                     rowId = db.insertOrThrow(Tables.API_APPS, null, values);
                     rowUri = ApiApps.buildIdUri(Long.toString(rowId));
 
+                    break;
+                case CERTS_BY_ROW_ID:
+                    rowId = db.insertOrThrow(Tables.CERTS, null, values);
+                    // kinda useless :S
+                    rowUri = Certs.buildCertsUri(Long.toString(rowId));
+
                     break;
                 default:
                     throw new UnsupportedOperationException("Unknown uri: " + uri);