diff --git a/DigitalData.Core.Abstractions/Security/IAsymmetricKey.cs b/DigitalData.Core.Abstractions/Security/IAsymmetricKey.cs
index d426aeb..a18a617 100644
--- a/DigitalData.Core.Abstractions/Security/IAsymmetricKey.cs
+++ b/DigitalData.Core.Abstractions/Security/IAsymmetricKey.cs
@@ -1,10 +1,9 @@
-using Microsoft.IdentityModel.Tokens;
-using System.Security.Cryptography;
-
-namespace DigitalData.Core.Abstractions.Security
+namespace DigitalData.Core.Abstractions.Security
 {
-    public interface IAsymmetricKey : IUniqueSecurityContext
+    public interface IAsymmetricKey
     {
+        string Id { get; }
+
         string Content { get; }
     }
 }
\ No newline at end of file
diff --git a/DigitalData.Core.Abstractions/Security/IAsymmetricPrivateKey.cs b/DigitalData.Core.Abstractions/Security/IAsymmetricPrivateKey.cs
index 63e31e8..c8eae1e 100644
--- a/DigitalData.Core.Abstractions/Security/IAsymmetricPrivateKey.cs
+++ b/DigitalData.Core.Abstractions/Security/IAsymmetricPrivateKey.cs
@@ -1,6 +1,4 @@
-using Microsoft.IdentityModel.Tokens;
-
-namespace DigitalData.Core.Abstractions.Security
+namespace DigitalData.Core.Abstractions.Security
 {
     public interface IAsymmetricPrivateKey : IAsymmetricKey
     {
diff --git a/DigitalData.Core.Security/Config/CryptoFactoryParams.cs b/DigitalData.Core.Security/Config/CryptoFactoryParams.cs
index 2bafa28..b64e8d3 100644
--- a/DigitalData.Core.Security/Config/CryptoFactoryParams.cs
+++ b/DigitalData.Core.Security/Config/CryptoFactoryParams.cs
@@ -65,7 +65,7 @@ namespace DigitalData.Core.Security.Config
                     // set default path
                     if (privateKey.IsPemNull)
                     {
-                        var file_name_params = new List<object> { privateKey.Issuer, privateKey.Audience, KeySizeInBits, DateTime.Now.ToTag(DateTagFormat) };
+                        var file_name_params = new List<object> { privateKey.Id, KeySizeInBits, DateTime.Now.ToTag(DateTagFormat) };
                         if (privateKey.IsEncrypted)
                             file_name_params.Add(Secrets.Version);
 
diff --git a/DigitalData.Core.Security/RSAKey/RSAFactory.cs b/DigitalData.Core.Security/RSAKey/RSAFactory.cs
index 6142e31..5b80075 100644
--- a/DigitalData.Core.Security/RSAKey/RSAFactory.cs
+++ b/DigitalData.Core.Security/RSAKey/RSAFactory.cs
@@ -59,8 +59,6 @@ namespace DigitalData.Core.Security.RSAKey
         public IAsymmetricDecryptor CreateDecryptor(string pem, string? issuer = null, string? audience = null, bool encrypt = false, RSAEncryptionPadding? padding = null) => new RSADecryptor()
         {
             Content = pem,
-            Issuer = issuer ?? string.Empty,
-            Audience = audience ?? string.Empty,
             IsEncrypted = encrypt,
             Padding = padding ?? RSAEncryptionPadding.OaepSHA256
         };
diff --git a/DigitalData.Core.Security/RSAKey/RSAKeyBase.cs b/DigitalData.Core.Security/RSAKey/RSAKeyBase.cs
index 1337015..97085a2 100644
--- a/DigitalData.Core.Security/RSAKey/RSAKeyBase.cs
+++ b/DigitalData.Core.Security/RSAKey/RSAKeyBase.cs
@@ -10,10 +10,8 @@ namespace DigitalData.Core.Security.RSAKey
         
         protected virtual RSA RSA { get; } = RSA.Create();
 
-        public string Issuer { get; init; } = string.Empty;
+        public string Id { get; init; }
 
-        public string Audience { get; init; } = string.Empty;
-        
 #pragma warning disable CS8618 // Non-nullable field must contain a non-null value when exiting constructor. Consider declaring as nullable.
         internal RSAKeyBase()
         {
diff --git a/DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs b/DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs
index 189188c..c2bad6f 100644
--- a/DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs
+++ b/DigitalData.Core.Security/RSAKey/RSAPrivateKey.cs
@@ -45,14 +45,12 @@ namespace DigitalData.Core.Security.RSAKey
         private void Init()
         {
             if (string.IsNullOrEmpty(_pem))
-                throw PemIsNullException;
+                throw new InvalidOperationException ($"The content of RSA private key is null or empty. Id: {Id}.");
 
             if (IsEncrypted)
                 RSA.ImportFromEncryptedPem(Content, Secrets.PBE_PASSWORD.AsSpan());
             else
                 RSA.ImportFromPem(Content);
         }
-
-        private InvalidOperationException PemIsNullException => new($"Content is null or empty. Issuer: {Issuer}, Audience: {Audience}.");
     }
 }
\ No newline at end of file
diff --git a/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs b/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs
index c6a3620..b76c5f4 100644
--- a/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs
+++ b/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs
@@ -11,6 +11,11 @@ namespace DigitalData.Core.Security.RSAKey
         public string? ApiRoute { get; init; }
 
         #region SecurityTokenDescriptor Map
+        /// <summary>
+        /// Gets or sets the value of the 'audience' claim.
+        /// </summary>
+        public string Audience { get; set; }
+
         /// <summary>
         /// Defines the compression algorithm that will be used to compress the JWT token payload.
         /// </summary>
@@ -26,6 +31,11 @@ namespace DigitalData.Core.Security.RSAKey
         /// </summary>
         public DateTime? Expires { get; set; }
 
+        /// <summary>
+        /// Gets or sets the issuer of this <see cref="SecurityTokenDescriptor"/>.
+        /// </summary>
+        public string Issuer { get; set; }
+
         /// <summary>
         /// Gets or sets the time the security token was issued. This value should be in UTC.
         /// </summary>