# What Is a Digital Signature? How PKI-Based Signatures Work in the Philippines A **digital signature** is a specific type of [electronic signature](/blog/glossary/electronic-signature/) that uses [Public Key Infrastructure (PKI)](/blog/glossary/public-key-infrastructure/) and cryptographic algorithms to verify the signer's identity and ensure that a document has not been tampered with after signing. It provides the highest level of security, authentication, and non-repudiation among signature types. ## How Digital Signatures Work Digital signatures rely on asymmetric cryptography -- a mathematical process using two related keys: ### The Signing Process 1. **Hash creation** -- A cryptographic hash function creates a unique "fingerprint" (hash value) of the document 2. **Encryption** -- The signer's **private key** encrypts the hash, creating the digital signature 3. **Attachment** -- The encrypted hash is attached to the document along with the signer's digital certificate ### The Verification Process 1. **Decryption** -- The recipient uses the signer's **public key** to decrypt the signature 2. **Hash comparison** -- The decrypted hash is compared to a fresh hash of the received document 3. **Validation** -- If the hashes match, the document is authentic and unaltered; if they don't match, the document has been tampered with This process ensures three things: - **Authentication** -- The document came from the claimed signer - **Integrity** -- The document has not been altered since signing - **Non-repudiation** -- The signer cannot deny having signed the document For a deeper technical explanation, see our article on [how advanced cryptographic technology prevents document fraud](/blog/how-advanced-cryptographic-technology-helps-prevent-document-fraud/). ## Digital Signature vs. Electronic Signature | Feature | Electronic Signature | Digital Signature | |---------|---------------------|-------------------| | Technology | Any electronic mark or process | Cryptographic (PKI-based) | | Identity verification | Varies (can be weak) | Certificate-based (strong) | | Tamper detection | Not inherent | Built-in via hash comparison | | Non-repudiation | Weak | Strong | | Legal weight | Valid under [RA 8792](/blog/glossary/ra-8792/) | Stronger presumption under RA 8792 | | Complexity | Simple | Requires PKI infrastructure | | Cost | Lower | Higher (certificate costs) | **Key takeaway:** All digital signatures are electronic signatures, but not all electronic signatures are digital signatures. For a complete comparison, see [the difference between digital and electronic signatures](/blog/what-is-the-difference-between-digital-signature-and-electronic-signature/). ## Legal Basis in the Philippines Digital signatures are recognized under [RA 8792 (the Electronic Commerce Act)](/blog/glossary/ra-8792/). Under the law and its implementing rules: - Digital signatures using PKI receive a **stronger presumption of validity** than simple electronic signatures - The signer is presumed to have intended to authenticate the document - Any alteration to the document after signing is detectable, which strengthens evidentiary weight under the [Rules on Electronic Evidence](/blog/glossary/rules-on-electronic-evidence/) In the context of [e-notarization](/blog/glossary/e-notarization/), [A.M. No. 24-10-14-SC](/blog/glossary/am-no-24-10-14-sc/) requires that electronic notarial acts use secure electronic signatures -- making digital signatures the preferred method for notarized documents. ## Use Cases Digital signatures are recommended for documents that require the highest level of security and legal enforceability: - **Notarized documents** -- [E-notarization](/blog/glossary/e-notarization/) uses digital signatures for both the principal and the ENP - **Court filings** -- [Making digital signatures court-ready](/blog/how-to-make-your-digital-signatures-court-ready-in-the-philippines/) requires PKI-level security - **Financial transactions** -- Bank and investment documents, [budget sign-offs](/blog/streamline-your-budget-sign-offs-with-secure-digital-workflows/) - **Corporate governance** -- [Board resolutions](/blog/glossary/board-resolution/), [secretary's certificates](/blog/glossary/secretarys-certificate/), and SEC filings - **Government submissions** -- Regulatory filings and compliance documents - **High-value contracts** -- Agreements where [dispute mitigation](/blog/mitigating-contract-disputes-with-tamper-proof-digital-signatures/) is critical ## Digital Certificates A digital signature requires a **digital certificate** -- an electronic credential issued by a Certificate Authority (CA) that binds a person's identity to their public key. The certificate contains: - The signer's name and identifying information - The signer's public key - The issuing Certificate Authority's name - The certificate's validity period - The CA's digital signature (proving the certificate is authentic) In the Philippines, digital certificates for use in legal and government contexts should come from accredited or recognized certificate authorities. ## Related Terms - [Electronic Signature](/blog/glossary/electronic-signature/) - [Public Key Infrastructure (PKI)](/blog/glossary/public-key-infrastructure/) - [Document Audit Trail](/blog/glossary/document-audit-trail/) - [E-Notarization](/blog/glossary/e-notarization/) - [Electronic Notarial Seal](/blog/glossary/electronic-notarial-seal/) --- [NotarialOS](https://notarialos.com) uses PKI-based digital signatures to ensure that every document signed and notarized on the platform is cryptographically secure, legally valid, and tamper-proof.