{
  "id": "php/openssl-certificate-verify-failed",
  "signature": "Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in /var/www/app/src/Auth/JwtValidator.php:34",
  "signature_zh": "警告：openssl_verify()：提供的密钥参数无法转换为公钥，位于/var/www/app/src/Auth/JwtValidator.php:34",
  "regex": "/openssl_verify\\(\\): Supplied key param cannot be coerced into a public key/",
  "domain": "php",
  "category": "auth_error",
  "subcategory": null,
  "root_cause": "The public key provided to openssl_verify() is not in a valid PEM format, is corrupted, or uses an unsupported algorithm (e.g., Ed25519 without proper OpenSSL support), preventing PHP from extracting the public key resource.",
  "root_cause_type": "generic",
  "root_cause_zh": "提供给openssl_verify()的公钥不是有效的PEM格式、已损坏或使用了不受支持的算法（例如，未正确支持OpenSSL的Ed25519），导致PHP无法提取公钥资源。",
  "versions": [
    {
      "version": "PHP 8.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "PHP 8.1",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "PHP 8.2",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "PHP 8.3",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "If the key is already malformed or uses an unsupported algorithm, DER conversion will also fail; the issue is the key itself, not the format.",
      "fail_rate": 0.6,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "This bypasses security entirely and only works for remote connections, not for local key verification; it does not fix the key parsing issue.",
      "fail_rate": 0.8,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "The OpenSSL extension is typically bundled with PHP and rarely the cause; reinstalling it does not fix a malformed key or algorithm mismatch.",
      "fail_rate": 0.5,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Validate the public key format: ensure it has proper PEM headers (-----BEGIN PUBLIC KEY-----) and is base64-decoded correctly. Use openssl_pkey_get_public() to check: $key = openssl_pkey_get_public($pemString); if ($key === false) { echo openssl_error_string(); }",
      "success_rate": 0.8,
      "how": "Validate the public key format: ensure it has proper PEM headers (-----BEGIN PUBLIC KEY-----) and is base64-decoded correctly. Use openssl_pkey_get_public() to check: $key = openssl_pkey_get_public($pemString); if ($key === false) { echo openssl_error_string(); }",
      "condition": "",
      "sources": []
    },
    {
      "action": "If using Ed25519 or other modern algorithms, ensure OpenSSL 1.1.1+ is installed and PHP is compiled with support. Check with: php -i | grep 'OpenSSL' and verify the algorithm is listed.",
      "success_rate": 0.75,
      "how": "If using Ed25519 or other modern algorithms, ensure OpenSSL 1.1.1+ is installed and PHP is compiled with support. Check with: php -i | grep 'OpenSSL' and verify the algorithm is listed.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Regenerate the key pair using a supported algorithm like RSA-2048 or ECDSA with P-256. Example command: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private.pem && openssl pkey -in private.pem -pubout -out public.pem",
      "success_rate": 0.9,
      "how": "Regenerate the key pair using a supported algorithm like RSA-2048 or ECDSA with P-256. Example command: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private.pem && openssl pkey -in private.pem -pubout -out public.pem",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Validate the public key format: ensure it has proper PEM headers (-----BEGIN PUBLIC KEY-----) and is base64-decoded correctly. Use openssl_pkey_get_public() to check: $key = openssl_pkey_get_public($pemString); if ($key === false) { echo openssl_error_string(); }",
    "If using Ed25519 or other modern algorithms, ensure OpenSSL 1.1.1+ is installed and PHP is compiled with support. Check with: php -i | grep 'OpenSSL' and verify the algorithm is listed.",
    "Regenerate the key pair using a supported algorithm like RSA-2048 or ECDSA with P-256. Example command: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private.pem && openssl pkey -in private.pem -pubout -out public.pem"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://www.php.net/manual/en/function.openssl-verify.php",
  "official_doc_section": null,
  "error_code": null,
  "verification_tier": "ai_generated",
  "confidence": 0.86,
  "fix_success_rate": 0.83,
  "resolvable": "true",
  "first_seen": "2024-06-10",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}