Delay- and Disruption-tolerant Networks (DTNs) enable communication in challenging environments like space and underwater. Despite the need for secure communication, key management remains an unresolved challenge in DTNs. Both DTN security protocols, BSP and BPSec, explicitly exclude key management from their scope, and research in this area remains limited. Traditional Internet-based key management methods are largely unsuitable due to the unique constraints of DTNs. In this paper, we present BERMUDA, a BPSec-compatible key management framework for unicast messaging. Our approach combines established building blocks, including a hierarchical PKI and ECDH, with an adapted version of NOVOMODO for certificate revocation. To evaluate its applicability, we implement a DTN chat application as an example use case and analyze the system’s scalability. While our findings demonstrate the feasibility of BERMUDA for DTNs, we also show limitations related to scalability and computational load in resource-constrained scenarios. By bridging the gap between conceptual designs and practical deployment, this work advances key management research in DTNs, contributing to secure communication in these demanding networks.