Republic of the Philippines

Department of Education
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE
User Support Division

PHILIPPINE NATIONAL PUBLIC KEY

INFRASTRUCTURE (PNPKI)
Frequently Asked Questions
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

Table of Contents
Table of Contents

What is Public Key Infrastructure (PKI)?

Why is it called ‘public key’? Does it mean open and unrestricted?

Why do I need a PKI?

What is a digital certificate?

How can I have a digital certificate?

Do I have to pay for it?

Where can I use a digital certificate?

How do I use a digital certificate?

Do I have an option not to use it?

When can I use a digital certificate?

Who can avail of a digital certificate?

Can I apply for other people’s certificate?

Where can I use a digital certificate?

How long can I use the digital certificate?

How do I renew and how long is the process of renewal?

Where can I store the digital certificate?

What types of certificates are issued?

What if I lose my certificate?

What if the subscriber resigns, retires or exits from government service?

What are my responsibilities as a digital certificate holder?

How long is the application process?

Is it possible to have multiple certificates?

How big is a digital certificate?

What is the best browser to use when using PKI?

What is the best email provider to use when encrypting and signing emails?

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

What is the Public Key Infrastructure (PKI)?

The Public Key Infrastructure (PKI) is one that secures communications among individuals and
government agencies.

Through the PKI, the government’s delivery of services to citizens and businesses becomes safer,
faster, and more efficient.

Why is it called a “public key”?

The “public key” in PKI refers to the virtual “key” used to secure files sent over an otherwise
unsecure public network like the Internet.

While it is called “public,” it can also work in a private network setting.

Does “public” mean “open” and “unrestricted”?

No.

Why do I need a PKI?

As more people use online applications over insecure networks, the need for file security and
integrity of information increases; this is where the PKI comes in.

It addresses the issue of authenticity, confidentiality and integrity of information.

What is a digital certificate?

A digital certificate is a file issued by a Certificate Authority containing the user’s personal
information just like an ordinary ID; in this case, the certificate is digital.

How can I have a digital certificate?

You can have a digital certificate by personally submitting an application to a Registration Authority
(RA). The RA will then ask the Certificate Authority to generate a key or code and give it to you after
processing.

Do I have to pay for it?

No. The digital certificate is free.

Where can I use a digital certificate?

You can use a digital certificate in the following applications:

● Your email and other documents

● Encrypt a document and/or digitally sign it.

Its use is to authenticate documents or put signatures on them or both.

How do I use a digital certificate?

As an example, people need a digital certificate to send you an encrypted email that only you can
open; they also use it to verify your digital signature on electronic documents.

It is not the certificate that you need to protect but the private key that is associated with it.

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

Hence, in cryptographic tokens, the private key is generated in the token and cannot be extracted
from it.

Soft tokens however store this private key as an ordinary electronic file. It is usually encrypted and
the encryption is computationally infeasible to break.

Nonetheless, this private key, if someone gets a copy of it and also the passphrase to use it, can be
used along with the digital certificate to fraudulently sign documents or open encrypted email.

Do I have an option not to use a digital certificate?

You have that option not to do so.

However, should you choose that option, you will not be able to do the following:

● Open encrypted files

● Access applications that require digital certificates
● Digitally sign documents for authenticity

When can I use a digital certificate?

Whenever you feel like it. Or every time secure communication is needed, or a digital certificate is
required for authenticity, confidentiality and integrity of data.

Who can avail of a digital certificate?

Any individual who is of age and possesses the necessary documents (as stated in the application
form) may apply for a digital certificate.

Can I apply for other people’s certificates?

Yes, as long as the other person is aware, you can submit the required documents for application.
Anyhow the digital certificate will be forwarded to the applicant's email.

Where can I use a digital certificate?

A digital certificate can be used in online transactions, in documents, digital signatures, in office
applications and in software developed in-house.

How long can I use the digital certificate?

A digital certificate is valid for up to two years. After that, you have to apply for a new one.

How do I renew and how long is the process of renewal?

A digital certificate cannot be “renewed”--meaning, you have to apply for a new one every time it
expires and go through the application process again.

All requirements will have to be satisfied and a personal appearance is required.

Where can I store the digital certificate?

It can be stored in a USB flash drive, a PC (desktop or laptop), or a mobile device.

What types of certificates are issued?

You can avail of the following types of certificates:

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

● Authentication certificate – used in applications that require the user to login; it can be used
to encrypt email.
● Signing certificate – used to digitally sign documents.

What if I lose my certificate?

The digital certificate is a public document; the moment you use it you can never lose it.

However, if the private key is lost, compromised or the passphrase to use it is forgotten, then the
certificate needs to be revoked and a new key can be generated as well as the digital certificate that
will be associated with it.

What if the subscriber resigns, retires or exits from government

service?
If it is a soft token, surrendering it is not necessary; the certifying agency (CA) can easily revoke the
token.

However, if it is a cryptographic token and the company or CA owns it, then it needs to be
surrendered. Individual owners may continue to use the certificates for transactions outside the
concerned agency.

What are my responsibilities as a digital certificate holder?

You have the responsibility to protect the certificate from misuse and abuse.

You cannot, for example, lend it to other people or use it to forge documents or commit illegal acts
with it.

Unauthorized and illegal use are punishable according to the severity of the offense. A policy will be
issued detailing the punishment for each administrative or criminal offense committed in the use of
a digital certificate.

How long is the application process?

Upon completion of all the requirements by the applicant, a verification process will start.

This process will take a minimum of one day and a maximum of two days, depending on the
completion of requirements.

After submission of complete documents, the certificate is issued within a day or two. Section 4.2.3
of the RootCA-CP states that the issuance of the digital certificate should not exceed five calendar
days after successful identity verification.

Is it possible to have multiple certificates?

A person may have two digital certificates: one for authentication and another for digital signing.
They may get a third certificate, which is still to be offered, for PKI-enabled machines.

How big is a digital certificate?

A digital certificate takes up only seven to 10 kilobytes (kB) of computer memory.

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

What is the best browser to use when using PKI?

Mozilla Firefox is recommended as it works well with Java, which is needed to run the digital
certificates.

Google Chrome, Microsoft Edge, or other Chromium-based browsers, on the other hand, do not
recognize Java.

What is the best email provider to use when encrypting and signing
emails?
It is recommended to use email providers, such as Mozilla Thunderbird and Microsoft Outlook, for
your digital certificates.

For inquiries and submission of application, please email support.pnpki@deped.gov.ph

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki