# What Is Public Key Infrastructure (PKI)? How It Secures Digital Signatures **Public Key Infrastructure (PKI)** is a framework of technologies, policies, and procedures that enables secure electronic communication and [digital signatures](/blog/glossary/digital-signature/). It uses asymmetric cryptography -- a pair of mathematically related keys (one public, one private) -- to authenticate identities, encrypt data, and ensure document integrity. ## How PKI Works PKI operates on a simple but powerful principle: what one key encrypts, only the other key can decrypt. ### The Key Pair Every participant in a PKI system has two keys: - **Private key** -- Known only to the owner, used to create digital signatures and decrypt data - **Public key** -- Shared with anyone, used to verify signatures and encrypt data for the key owner ### The Trust Model PKI relies on a chain of trust anchored by **Certificate Authorities (CAs)**: 1. A **Certificate Authority** verifies a person's identity and issues a digital certificate 2. The digital certificate binds the person's identity to their public key 3. Anyone who trusts the CA can trust the certificate -- and therefore trust that the public key belongs to the claimed person 4. When that person signs a document with their private key, the signature can be verified using the public key in the certificate ## PKI and Digital Signatures PKI is the foundation of [digital signatures](/blog/glossary/digital-signature/). Here's how it works in practice: **Signing a document:** 1. A hash (unique fingerprint) of the document is generated 2. The signer's **private key** encrypts the hash 3. The encrypted hash + the signer's digital certificate are attached to the document **Verifying a signature:** 1. The verifier extracts the digital certificate and checks that it was issued by a trusted CA 2. The public key from the certificate decrypts the encrypted hash 3. A new hash of the document is generated and compared to the decrypted hash 4. If they match, the document is authentic and unaltered This mechanism provides three guarantees: - **Authentication** -- The signer is who they claim to be (verified by the CA) - **Integrity** -- The document has not been modified after signing (hash comparison) - **Non-repudiation** -- The signer cannot deny signing (only their private key could have created the signature) ## PKI in Philippine E-Notarization Under [A.M. No. 24-10-14-SC](/blog/glossary/am-no-24-10-14-sc/) (the Rules on Electronic Notarization), PKI plays a role in securing electronic notarial acts: - The [Electronic Notary Public (ENP)](/blog/glossary/electronic-notary-public/) uses a PKI-based signature to apply their [electronic notarial seal](/blog/glossary/electronic-notarial-seal/) - The principal's identity is verified through multi-factor authentication, which may include PKI-based digital certificates - The [Electronic Notarization Facility (ENF)](/blog/glossary/electronic-notarization-facility/) must use secure cryptographic methods to protect notarial records [RA 8792](/blog/glossary/ra-8792/) recognizes PKI-based signatures as having a stronger presumption of validity than other forms of [electronic signatures](/blog/glossary/electronic-signature/), making them the preferred method for high-security document workflows. ## Components of a PKI System | Component | Function | |-----------|----------| | **Certificate Authority (CA)** | Issues and manages digital certificates | | **Registration Authority (RA)** | Verifies identity before certificate issuance | | **Digital Certificate** | Binds an identity to a public key | | **Certificate Revocation List (CRL)** | Lists revoked certificates | | **Key Management** | Generates, stores, and protects key pairs | ## Why PKI Matters for Legal Documents For Philippine legal professionals and businesses, PKI provides the strongest available assurance that: 1. A signed document is **authentic** -- it came from the person who claims to have signed it 2. The document has **not been tampered with** -- any modification would be detected 3. The signer **cannot deny** their signature -- the cryptographic proof is conclusive 4. A [document audit trail](/blog/glossary/document-audit-trail/) backed by PKI is **court-admissible** under the [Rules on Electronic Evidence](/blog/glossary/rules-on-electronic-evidence/) This level of assurance is why PKI-based digital signatures are used for [e-notarization](/blog/glossary/e-notarization/), [board resolutions](/blog/glossary/board-resolution/), and other high-stakes legal documents. ## Related Terms - [Digital Signature](/blog/glossary/digital-signature/) - [Electronic Signature](/blog/glossary/electronic-signature/) - [Document Audit Trail](/blog/glossary/document-audit-trail/) - [Electronic Notarial Seal](/blog/glossary/electronic-notarial-seal/) - [A.M. No. 24-10-14-SC](/blog/glossary/am-no-24-10-14-sc/) --- [NotarialOS](https://notarialos.com) uses PKI-based cryptography to secure every digital signature and notarial act, ensuring document integrity and legal validity for Philippine professionals.