Delay tolerant networks (DTNs) are resource-constrained dynamic networks where a continuous end-to-end connectivity is not always available. In such a challenging network, a fixed infrastructure may not be connected when a DTN is partitioned or the message delay in the network is large. Thus, the traditional public key infrastructure system and identity-based encryption (IBE) system are not suitable for DTNs because they rely on centralized infrastructures and require multiple round-trip interactions. To address this issue, we propose a distributed secret key generation system with self-certified identity (SCI-DKG) that does not require any private key generator and threshold cryptosystem. Initially, each node generates a private key and distributes an initial message including a self-certified identity and secret sharings to members in a DTN. Receivers independently authenticate the identity and extracts some encryption parameters corresponding to the identity from this initial message. We prove that SCI-DKG is chosen ciphertext secure in the standard model, and it can resist potential network attacks. Simulation results show that SCI-DKG has smaller delay and higher successful ratio of secret key generation compared with IBE and hierarchical IBE systems implemented in a DTN. Copyright © 2012 John Wiley & Sons, Ltd.