Key management in opportunistic networks is a challenging problem that cannot be solved with existing solutions. In this paper, we analyze the requirements of key management in the framework of opportunistic networks and content-based forwarding. We then present a specific key management that enables the bootstrapping of local, topology-dependent security associations between a node and its neighbors along with the discovery of the neighborhood topology, thanks to the use of certificates and signatures chains. This key management solution relies on two phases: a first step where nodes are connected to an Identity Manager that provides them with unique pseudonyms to prevent Sybil attacks, and a second step where the opportunistic communication and the security associations bootstrapping take place without the need for the Identity Manager. This solution with an offline Identity Manager is well-suited to opportunistic networks and can be used as an anchor to provide end-to-end confidentiality based on local and self-organized key management.