Republic of the Philippines

Department of Education
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE
User Support Division

PHILIPPINE NATIONAL PUBLIC KEY

INFRASTRUCTURE (PNPKI)
Frequently Asked Questions
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

Table of Contents
Table of Contents

What is the Public Key Infrastructure (PKI)?

Why is it called a “public key”?

Does “public” mean “open” and “unrestricted”?

Why do I need a PKI?

What is a digital certificate?

How can I have a digital certificate?

Do I have to pay for the digital certificate?

Where can I use a digital certificate?

How do I use a digital certificate?

Do I have an option not to use a digital certificate?

When can I use a digital certificate?

Who can avail of a digital certificate?

Can I apply for other people’s certificates?

Where can I use a digital certificate?

How long can I use the digital certificate?

How do I renew, and how long is the process of renewal?

Where can I store the digital certificate?

What types of certificates are issued?

What if I lose my certificate?

What if the subscriber resigns, retires, or exits from government service?

What are my responsibilities as a digital certificate holder?

How long is the application process?

Is it possible to have multiple certificates?

How big is a digital certificate?

What is the best browser to use when using PKI?

On the other hand, what is the best email provider to use when encrypting and signing emails?

Contact Us

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

What is the Public Key Infrastructure (PKI)?

The Public Key Infrastructure (PKI) secures communications among individuals and government
agencies.

Through the PKI, the government’s delivery of services to citizens and businesses becomes safer,
faster, and more efficient.

Why is it called a “public key”?

The “public key” in PKI refers to the virtual “key” used to secure files sent over an otherwise
unsecured public network like the Internet.

While it is called “public,” it can also work in a private network setting.

Does “public” mean “open” and “unrestricted”?

No.

Why do I need a PKI?

As more people use online applications over insecure networks, the need for file security and
integrity of information increases.

This need is where the PKI comes in; it addresses authenticity, confidentiality, and integrity of
information.

What is a digital certificate?

A digital certificate is a file issued by a Certificate Authority that contains the user’s personal
information, just like an ordinary ID; in this case, the certificate is digital.

How can I have a digital certificate?

You can have a digital certificate by personally applying to a Registration Authority (RA).

The RA will then ask the Certificate Authority to generate a key or code and give it to you after
processing.

Do I have to pay for the digital certificate?

No.

The digital certificate is free.

Where can I use a digital certificate?

You can use a digital certificate in the following applications:

● Your email and other documents

● Encrypt a document or digitally sign it.

Its use is to authenticate documents, put signatures on them, or both.

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

How do I use a digital certificate?

For example, people need a digital certificate to send you an encrypted email that only you can
open.

They can use it to verify your digital signature on electronic documents.

It is not the certificate you need to protect but the private key associated with it.

Hence, in cryptographic tokens, the private key is generated and cannot be extracted from it.

Soft tokens, however, store this private key as an encrypted electronic file; you cannot easily
decipher it.

If someone fraudulently gets a copy of the token and the passphrase, use the private key and the
digital certificate to sign documents or open encrypted email.

Do I have an option not to use a digital certificate?

You have the option not to do so.

However, should you choose that option, you will not be able to:

● Open encrypted files;

● Access applications that require digital certificates; or
● Digitally sign documents for authenticity.

When can I use a digital certificate?

You can use it whenever you feel like doing so.

Or you can use the certificate every time you need secure communication or require the certificate
for authenticity, confidentiality, and integrity of data.

Who can avail of a digital certificate?

Anyone of age who possesses the necessary documents (as stated in the application form) may
apply for a digital certificate.

Can I apply for other people’s certificates?

Yes.

As long as the other person is aware, you can submit the required documents for the application on
their behalf.

The applicant will be the one to receive their digital certificate through email.

Where can I use a digital certificate?

You can use your digital certificate in online transactions, comments, digital signatures, office
applications, and in-house platforms, among others.

How long can I use the digital certificate?

A digital certificate is valid for up to two years; after that, you have to apply for a new one.

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

How do I renew, and how long is the process of renewal?

A digital certificate cannot be “renewed.”

You have to apply for a new certificate every time it expires and go through the application process
again.

All requirements will have to be satisfied, and a personal appearance is required.

Where can I store the digital certificate?

You can store the digital certificate in a USB flash drive, a PC (desktop or laptop), or a mobile device.

What types of certificates are issued?

You can acquire the following types of certificates:

● Authentication certificate – used in applications that require the user to log in and encrypt
email.
● Signing certificate – used to sign documents digitally.

What if I lose my certificate?

The digital certificate is a public document; the moment you use it, you can never lose it.

If the private key or the paraphrase is lost or compromised, the infrastructure revokes the
certificate; in that case, it shall generate a new key and its associated digital certificate.

What if the subscriber resigns, retires, or exits from government

service?
If it is a soft token, surrendering it is unnecessary; the certifying agency (CA) can easily revoke it.

If it is a cryptographic token and the company or CA owns it, the user should surrender it.

Individual owners may continue using the certificates for transactions outside the concerned agency.

What are my responsibilities as a digital certificate holder?

You have the responsibility to protect the certificate from misuse and abuse.

For example, you cannot lend it to other people or use it to forge documents or commit illegal acts
with it.

UNAUTHORIZED AND ILLEGAL USE OF THE DIGITAL CERTIFICATE IS PUNISHABLE BY LOCAL AND
INTERNATIONAL LAW.

A policy document will be issued specifying penalties for every administrative or criminal offense
committed involving or using a digital certificate.

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki
INFORMATION AND COMMUNICATIONS TECHNOLOGY SERVICE | User Support Division

How long is the application process?

The verification process will start after you complete all requirements.

This process will take one to two days, depending on the completion of requirements.

After submission of complete documents, you receive the certificate within a day or two.

Section 4.2.3 of the RootCA-CP states that the issuance of the digital certificate should not exceed
five calendar days after successful identity verification.

Is it possible to have multiple certificates?

A person may have two digital certificates: one for authentication and another for digital signing.

They may get a third certificate, which is yet to apply for PKI-enabled machines.

How big is a digital certificate?

A digital certificate takes up only seven to ten kilobytes (kB) of computer storage.

What is the best browser to use when using PKI?

PKI requires Mozilla Firefox as it works with Java, which is needed to run the digital certificates.

Google Chrome, Microsoft Edge, Apple Safari, and other browsers do not recognize Java.

On the other hand, what is the best email provider to use when
encrypting and signing emails?
We recommend using email clients such as Mozilla Thunderbird and Microsoft Outlook for your
digital certificates.

Contact Us
For inquiries and submission of applications, please email support.pnpki@deped.gov.ph.

Philippine National Public Key Infrastructure (PNPKI) – FAQ’s

Reference :https://dict.gov.ph/frequently-asked-questions-pnpki