So here's a question from my project.
In this task, we will use OpenSSL to generate digital signatures. Please prepare a file (example.txt) of any size. Also prepare an RSA public/private key pair. Then do the following:
1. Sign the SHA256 hash of example.txt; save the output in example.sha256.
2. Verify the digital signature in example.sha256.
3. Slightly modify example.txt, and verify the digital signature again.
Please describe how you performed the above three operations (e.g., the exact commands that you used, etc.). Describe what you observed and explain your observations. Please also explain why digital signatures are useful in general.
So, I do the following.
1.Create private/public key pair
openssl genrsa -out private.pem 1024
2. Extracting Public key.
openssl rsa -in private.pem -out public.pem -outform PEM -pubout
3. Create hash of the data.
echo 'data to sign' > example.txt
openssl dgst -sha256 < example.txt > hash
4. Sign the hash using Private key to a file called example.sha256
openssl rsautl -sign -inkey private.pem -keyform PEM -in hash > example.sha256
5. Verify the file (example.txt)and the digital signature (example.sha256)
openssl dgst -sha256 -verify public.pem -signature example.sha256 example.txt
After doing all this, I get an error message saying "Verification Failure"
Please correct me if I went wrong somewhere.
