Scribd Logo
Upload

Welcome to Scribd!

  • Pnpki Vinset 2.0

    Uploaded by

    Neil Roy Masangcay
    28 views34 pages
    PNPKI-VINSET-2.0

    Original Title

    PNPKI-VINSET-2.0

    Copyright

    © © All Rights Reserved

    Available Formats

    PPS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    PNPKI-VINSET-2.0

    Copyright:

    © All Rights Reserved
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views34 pages

    Pnpki Vinset 2.0

    Uploaded by

    Neil Roy Masangcay
    PNPKI-VINSET-2.0

    Copyright:

    © All Rights Reserved
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 34

    MEMORANDA

    Philippine Nat’l
    Public
    Key Infrastructure
    (PNKI)
    What is Public Key Infrastructure (PKI)?

    The Public Key Infrastructure (PKI), as its name


    implies, is an infrastructure that secures
    communications among individuals and
    government agencies. This way, the government’s
    delivery of services to citizens and businesses
    becomes safer, faster and more efficient.
    Why is it called ‘public key’?
    Does it mean open and unrestricted?

    No. The public key in PKI refers to the virtual


    ‘key’ that subscribers use to secure files sent over
    an otherwise unsecure ‘public’ network like the
    Internet. While it is called public, it can also work
    in a private network setting.
    Why do I need a PKI?

    As more and more people rely on the use of online


    applications over unsecure network like the
    Internet, the need to secure files and ensure their
    information integrity increases. This is where the
    PKI comes in. It addresses the issue of authenticity,
    confidentiality and integrity of information.
    What is a digital certificate?

    A digital certificate is a file issued by a


    Certificate Authority containing the user’s
    personal information just like an ordinary ID,
    only in this case, it is digital.
    How can I have a digital certificate?

    You can have a digital certificate by personally


    submitting an application to a Registration
    Authority (RA). The RA will then ask the
    Certificate Authority to generate a key or code
    and give it to you after processing.
    Do I have to pay for it?

    No. The digital certificate is free.


    Do I have an option not to use it?

    Of course you do. It’s just that you will not be


    able to do the following: open encrypted files,
    access applications that require digital
    certificates and digitally sign documents for
    authenticity.
    When can I use a digital certificate?

    Whenever you feel like it. Or every time secure


    communication is needed, or a digital certificate
    is required for authenticity, confidentiality and
    integrity of data.
    Who can avail of a digital certificate?

    Any individual who is of age and possesses


    the necessary documents (as stated in the
    application form) may apply for a digital
    certificate.
    Can I apply for other people’s
    certificate?

    No since personal appearance is needed in the


    application process.
    Where can I use a digital certificate?

    A digital certificate can be used in online


    transactions, in documents digital signatures,
    in office applications and in software
    developed in-house.
    How long can I use the digital certificate?

    A digital certificate is valid up to two years.


    After that, you have to apply for a new one.
    How do I renew and how long is the process
    of renewal?

    A digital certificate, technically, cannot be


    ‘renewed.’ It means you have to apply for a new
    one every time it expires and go through the
    application process again. All requirements will
    have to be satisfied and personal appearance is
    required.
    What types of certificates are issued?

    You can avail of the following types of certificates:


    Authentication certificate – used in applications that
    require the user to login. It can be used to encrypt
    email. Signing certificate – used to digitally sign
    documents. SSL certificate – a certificate for machines,
    like web servers, application servers, routers, Wi-Fi
    devices, and others. (This is not yet available as of this
    writing.)
    What if I lose my certificate?

    The digital certificate is a public document. The


    moment you use it you can never lose it.
    However, if the private key is lost, compromised
    or the passphrase to use it is forgotten, then the
    certificate needs to be revoked and a new key
    can be generated as well as the digital certificate
    that will be associated with it.
    What if the subscriber resigns, retires or exits from
    government service?

    If it is a soft token, surrendering it is not necessary.


    The revocation can be easily done by the CA.
    However, if it is a cryptographic token and the
    company or CA owns it, then it needs to be
    surrendered. Individual owners may continue to use
    the certificates for transactions outside the concerned
    agency.
    How long is the application process?

    Upon completion of all the requirements by the applicant, a


    verification process will start. This process will take a
    minimum of one day and a maximum of two days,
    depending on the completion of requirements. After
    submission of documents (complete), the certificate is issued
    within a day or two. According to the policy (Section 4.2.3
    of the RootCA-CP), issuance of the digital certificate should
    not exceed five calendar days after successful identity
    verification.
    Is it possible to have multiple certificates?

    A person may have two digital certificates: one


    for authentication and another for digital
    signing. He or she may get a third certificate,
    which is still to be offered, for PKI-enabled
    machines.
    How big is a digital certificate?

    A digital certificate takes up only 7kb to 10kb


    of computer memory.
    What is the best browser to use when using
    PKI?

    Firefox is recommended as it works well with


    Java, which is needed to run the digital
    certificates. Google Chrome, on the other hand,
    usually can’t recognize Java.
    What is the best email provider to use when
    encrypting and signing emails?

    It is recommended to use email providers,


    such as Thunderbird and Outlook, for your
    digital certificates.
    For further inquiries and submission of
    application requirements, please email 
    info.pnpki@dict.gov.ph or the 
    PNPKI Cluster Team Offices in the
    Region.

    You might also like