What Is Public Key Infrastructure (PKI)? How It Secures Digital Signatures

Public Key Infrastructure (PKI) is a framework of technologies, policies, and procedures that enables secure electronic communication and digital signatures. It uses asymmetric cryptography – a pair of mathematically related keys (one public, one private) – to authenticate identities, encrypt data, and ensure document integrity.

How PKI Works

PKI operates on a simple but powerful principle: what one key encrypts, only the other key can decrypt.

The Key Pair

Every participant in a PKI system has two keys:

• Private key – Known only to the owner, used to create digital signatures and decrypt data
• Public key – Shared with anyone, used to verify signatures and encrypt data for the key owner

The Trust Model

PKI relies on a chain of trust anchored by Certificate Authorities (CAs):

1. A Certificate Authority verifies a person’s identity and issues a digital certificate
2. The digital certificate binds the person’s identity to their public key
3. Anyone who trusts the CA can trust the certificate – and therefore trust that the public key belongs to the claimed person
4. When that person signs a document with their private key, the signature can be verified using the public key in the certificate

PKI and Digital Signatures

PKI is the foundation of digital signatures. Here’s how it works in practice:

Signing a document:

1. A hash (unique fingerprint) of the document is generated
2. The signer’s private key encrypts the hash
3. The encrypted hash + the signer’s digital certificate are attached to the document

Verifying a signature:

1. The verifier extracts the digital certificate and checks that it was issued by a trusted CA
2. The public key from the certificate decrypts the encrypted hash
3. A new hash of the document is generated and compared to the decrypted hash
4. If they match, the document is authentic and unaltered

This mechanism provides three guarantees:

• Authentication – The signer is who they claim to be (verified by the CA)
• Integrity – The document has not been modified after signing (hash comparison)
• Non-repudiation – The signer cannot deny signing (only their private key could have created the signature)

PKI in Philippine E-Notarization

Under A.M. No. 24-10-14-SC (the Rules on Electronic Notarization), PKI plays a role in securing electronic notarial acts:

• The Electronic Notary Public (ENP) uses a PKI-based signature to apply their electronic notarial seal
• The principal’s identity is verified through multi-factor authentication, which may include PKI-based digital certificates
• The Electronic Notarization Facility (ENF) must use secure cryptographic methods to protect notarial records

RA 8792 recognizes PKI-based signatures as having a stronger presumption of validity than other forms of electronic signatures, making them the preferred method for high-security document workflows.

Components of a PKI System

Why PKI Matters for Legal Documents

For Philippine legal professionals and businesses, PKI provides the strongest available assurance that:

1. A signed document is authentic – it came from the person who claims to have signed it
2. The document has not been tampered with – any modification would be detected
3. The signer cannot deny their signature – the cryptographic proof is conclusive
4. A document audit trail backed by PKI is court-admissible under the Rules on Electronic Evidence

This level of assurance is why PKI-based digital signatures are used for e-notarization, board resolutions, and other high-stakes legal documents.

Related Terms

• Digital Signature
• Electronic Signature
• Document Audit Trail
• Electronic Notarial Seal
• A.M. No. 24-10-14-SC

NotarialOS uses PKI-based cryptography to secure every digital signature and notarial act, ensuring document integrity and legal validity for Philippine professionals.