An on-demand key management scheme was proposed based on social attributes,which could conform to the characteristics of intermittent connectivity,high mobility and self-organized management in opportunistic networks.By utilizing the identity-based threshold signature scheme,the authentication of nodes’social attributes was realized.Due to the specialty of the opportunistic routing protocols,nodes selectiv ly issued the identity certificates for each other to establish the Web of trust based on the matching of social attributes.Consequently,the performance of certificate graph was efficiently optimized comparing to the traditional met .Meanwhile,thanks to checking the social attribute evidences,the invalid certificate chains caused by malicious nodes were avoid to be built.Simulation result shows that,the scheme can provide high success ratio for reconstruction of certificate chains and high user reachability through low network costs in opportunistic networks.