警告:openssl_verify():提供的密钥参数无法转换为公钥,位于/var/www/app/src/Auth/JwtValidator.php:34
Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in /var/www/app/src/Auth/JwtValidator.php:34
ID: php/openssl-certificate-verify-failed
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| PHP 8.0 | active | — | — | — |
| PHP 8.1 | active | — | — | — |
| PHP 8.2 | active | — | — | — |
| PHP 8.3 | active | — | — | — |
根因分析
提供给openssl_verify()的公钥不是有效的PEM格式、已损坏或使用了不受支持的算法(例如,未正确支持OpenSSL的Ed25519),导致PHP无法提取公钥资源。
English
The public key provided to openssl_verify() is not in a valid PEM format, is corrupted, or uses an unsupported algorithm (e.g., Ed25519 without proper OpenSSL support), preventing PHP from extracting the public key resource.
官方文档
https://www.php.net/manual/en/function.openssl-verify.php解决方案
-
Validate the public key format: ensure it has proper PEM headers (-----BEGIN PUBLIC KEY-----) and is base64-decoded correctly. Use openssl_pkey_get_public() to check: $key = openssl_pkey_get_public($pemString); if ($key === false) { echo openssl_error_string(); } -
If using Ed25519 or other modern algorithms, ensure OpenSSL 1.1.1+ is installed and PHP is compiled with support. Check with: php -i | grep 'OpenSSL' and verify the algorithm is listed.
-
Regenerate the key pair using a supported algorithm like RSA-2048 or ECDSA with P-256. Example command: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private.pem && openssl pkey -in private.pem -pubout -out public.pem
无效尝试
常见但无效的做法:
-
60% 失败
If the key is already malformed or uses an unsupported algorithm, DER conversion will also fail; the issue is the key itself, not the format.
-
80% 失败
This bypasses security entirely and only works for remote connections, not for local key verification; it does not fix the key parsing issue.
-
50% 失败
The OpenSSL extension is typically bundled with PHP and rarely the cause; reinstalling it does not fix a malformed key or algorithm mismatch.