The Public Key Infrastructure (PKI) is an infrastructure that secures communications between individuals and government agencies. It addresses issues of authenticity, confidentiality and integrity of information. A digital certificate is like an ID issued by a Certificate Authority, containing a user's personal information, and allows for secure online transactions and digitally signed documents. Philippine citizens can obtain a free digital certificate by applying through a Registration Authority, which is valid for two years.
The Public Key Infrastructure (PKI) is an infrastructure that secures communications between individuals and government agencies. It addresses issues of authenticity, confidentiality and integrity of information. A digital certificate is like an ID issued by a Certificate Authority, containing a user's personal information, and allows for secure online transactions and digitally signed documents. Philippine citizens can obtain a free digital certificate by applying through a Registration Authority, which is valid for two years.
The Public Key Infrastructure (PKI) is an infrastructure that secures communications between individuals and government agencies. It addresses issues of authenticity, confidentiality and integrity of information. A digital certificate is like an ID issued by a Certificate Authority, containing a user's personal information, and allows for secure online transactions and digitally signed documents. Philippine citizens can obtain a free digital certificate by applying through a Registration Authority, which is valid for two years.
Philippine Nat’l Public Key Infrastructure (PNKI) What is Public Key Infrastructure (PKI)?
The Public Key Infrastructure (PKI), as its name
implies, is an infrastructure that secures communications among individuals and government agencies. This way, the government’s delivery of services to citizens and businesses becomes safer, faster and more efficient. Why is it called ‘public key’? Does it mean open and unrestricted?
No. The public key in PKI refers to the virtual
‘key’ that subscribers use to secure files sent over an otherwise unsecure ‘public’ network like the Internet. While it is called public, it can also work in a private network setting. Why do I need a PKI?
As more and more people rely on the use of online
applications over unsecure network like the Internet, the need to secure files and ensure their information integrity increases. This is where the PKI comes in. It addresses the issue of authenticity, confidentiality and integrity of information. What is a digital certificate?
A digital certificate is a file issued by a
Certificate Authority containing the user’s personal information just like an ordinary ID, only in this case, it is digital. How can I have a digital certificate?
You can have a digital certificate by personally
submitting an application to a Registration Authority (RA). The RA will then ask the Certificate Authority to generate a key or code and give it to you after processing. Do I have to pay for it?
No. The digital certificate is free.
Do I have an option not to use it?
Of course you do. It’s just that you will not be
able to do the following: open encrypted files, access applications that require digital certificates and digitally sign documents for authenticity. When can I use a digital certificate?
Whenever you feel like it. Or every time secure
communication is needed, or a digital certificate is required for authenticity, confidentiality and integrity of data. Who can avail of a digital certificate?
Any individual who is of age and possesses
the necessary documents (as stated in the application form) may apply for a digital certificate. Can I apply for other people’s certificate?
No since personal appearance is needed in the
application process. Where can I use a digital certificate?
A digital certificate can be used in online
transactions, in documents digital signatures, in office applications and in software developed in-house. How long can I use the digital certificate?
A digital certificate is valid up to two years.
After that, you have to apply for a new one. How do I renew and how long is the process of renewal?
A digital certificate, technically, cannot be
‘renewed.’ It means you have to apply for a new one every time it expires and go through the application process again. All requirements will have to be satisfied and personal appearance is required. What types of certificates are issued?
You can avail of the following types of certificates:
Authentication certificate – used in applications that require the user to login. It can be used to encrypt email. Signing certificate – used to digitally sign documents. SSL certificate – a certificate for machines, like web servers, application servers, routers, Wi-Fi devices, and others. (This is not yet available as of this writing.) What if I lose my certificate?
The digital certificate is a public document. The
moment you use it you can never lose it. However, if the private key is lost, compromised or the passphrase to use it is forgotten, then the certificate needs to be revoked and a new key can be generated as well as the digital certificate that will be associated with it. What if the subscriber resigns, retires or exits from government service?
If it is a soft token, surrendering it is not necessary.
The revocation can be easily done by the CA. However, if it is a cryptographic token and the company or CA owns it, then it needs to be surrendered. Individual owners may continue to use the certificates for transactions outside the concerned agency. How long is the application process?
Upon completion of all the requirements by the applicant, a
verification process will start. This process will take a minimum of one day and a maximum of two days, depending on the completion of requirements. After submission of documents (complete), the certificate is issued within a day or two. According to the policy (Section 4.2.3 of the RootCA-CP), issuance of the digital certificate should not exceed five calendar days after successful identity verification. Is it possible to have multiple certificates?
A person may have two digital certificates: one
for authentication and another for digital signing. He or she may get a third certificate, which is still to be offered, for PKI-enabled machines. How big is a digital certificate?
A digital certificate takes up only 7kb to 10kb
of computer memory. What is the best browser to use when using PKI?
Firefox is recommended as it works well with
Java, which is needed to run the digital certificates. Google Chrome, on the other hand, usually can’t recognize Java. What is the best email provider to use when encrypting and signing emails?
It is recommended to use email providers,
such as Thunderbird and Outlook, for your digital certificates. For further inquiries and submission of application requirements, please email info.pnpki@dict.gov.ph or the PNPKI Cluster Team Offices in the Region.