php
runtime_error
ai_generated
true
Warning: openssl_private_decrypt(): key parameter is not a valid private key in /var/www/app/src/Crypto/Decryptor.php on line 34
ID: php/openssl-invalid-key-format
82%Fix Rate
85%Confidence
1Evidence
2024-03-12First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| PHP 8.1 | active | — | — | — |
| PHP 8.2 | active | — | — | — |
| PHP 8.3 | active | — | — | — |
| OpenSSL 1.1.1 | active | — | — | — |
| OpenSSL 3.0 | active | — | — | — |
Root Cause
The private key provided to openssl_private_decrypt() is malformed, missing header/footer, or in an unsupported format (e.g., PKCS#1 instead of PKCS#8).
generic中文
提供给 openssl_private_decrypt() 的私钥格式错误,缺少头部/尾部标记,或使用了不支持的格式(如 PKCS#1 而非 PKCS#8)。
Official Documentation
https://www.php.net/manual/en/function.openssl-private-decrypt.phpWorkarounds
-
85% success Convert the private key from PKCS#1 to PKCS#8 format using OpenSSL command: `openssl pkcs8 -topk8 -inform PEM -outform PEM -in private.pem -out private_pkcs8.pem -nocrypt`
Convert the private key from PKCS#1 to PKCS#8 format using OpenSSL command: `openssl pkcs8 -topk8 -inform PEM -outform PEM -in private.pem -out private_pkcs8.pem -nocrypt`
-
75% success Ensure the key string includes the correct header and footer (e.g., '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----') and no extra whitespace or line breaks.
Ensure the key string includes the correct header and footer (e.g., '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----') and no extra whitespace or line breaks.
-
90% success Use `openssl_pkey_get_private()` to validate the key before passing it to decryption functions; if it returns false, log the OpenSSL error with `openssl_error_string()`.
Use `openssl_pkey_get_private()` to validate the key before passing it to decryption functions; if it returns false, log the OpenSSL error with `openssl_error_string()`.
中文步骤
使用 OpenSSL 命令将私钥从 PKCS#1 转换为 PKCS#8 格式:`openssl pkcs8 -topk8 -inform PEM -outform PEM -in private.pem -out private_pkcs8.pem -nocrypt`
确保密钥字符串包含正确的头部和尾部(如 '-----BEGIN PRIVATE KEY-----' 和 '-----END PRIVATE KEY-----'),且没有多余的空格或换行。
在传递给解密函数之前,使用 `openssl_pkey_get_private()` 验证密钥;如果返回 false,使用 `openssl_error_string()` 记录 OpenSSL 错误。
Dead Ends
Common approaches that don't work:
-
70% fail
The extension is already installed and functional; the error is about key content, not extension availability.
-
90% fail
Memory and time settings do not affect key parsing logic.
-
80% fail
The error occurs after the key is loaded; permissions affect file reading, not key validation.