# 警告：openssl_verify()：提供的密钥参数无法转换为公钥，位于/var/www/app/src/Auth/JwtValidator.php:34

- **ID:** `php/openssl-certificate-verify-failed`
- **领域:** php
- **类别:** auth_error
- **验证级别:** ai_generated
- **修复率:** 83%

## 根因

提供给openssl_verify()的公钥不是有效的PEM格式、已损坏或使用了不受支持的算法（例如，未正确支持OpenSSL的Ed25519），导致PHP无法提取公钥资源。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| PHP 8.0 | active | — | — |
| PHP 8.1 | active | — | — |
| PHP 8.2 | active | — | — |
| PHP 8.3 | active | — | — |

## 解决方案

1. ```
   Validate the public key format: ensure it has proper PEM headers (-----BEGIN PUBLIC KEY-----) and is base64-decoded correctly. Use openssl_pkey_get_public() to check: $key = openssl_pkey_get_public($pemString); if ($key === false) { echo openssl_error_string(); }
   ```
2. ```
   If using Ed25519 or other modern algorithms, ensure OpenSSL 1.1.1+ is installed and PHP is compiled with support. Check with: php -i | grep 'OpenSSL' and verify the algorithm is listed.
   ```
3. ```
   Regenerate the key pair using a supported algorithm like RSA-2048 or ECDSA with P-256. Example command: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private.pem && openssl pkey -in private.pem -pubout -out public.pem
   ```

## 无效尝试

- **** — If the key is already malformed or uses an unsupported algorithm, DER conversion will also fail; the issue is the key itself, not the format. (60% 失败率)
- **** — This bypasses security entirely and only works for remote connections, not for local key verification; it does not fix the key parsing issue. (80% 失败率)
- **** — The OpenSSL extension is typically bundled with PHP and rarely the cause; reinstalling it does not fix a malformed key or algorithm mismatch. (50% 失败率)