# Warning: openssl_private_decrypt(): key parameter is not a valid private key in /var/www/app/src/Crypto/Decryptor.php on line 34 - **ID:** `php/openssl-invalid-key-format` - **Domain:** php - **Category:** runtime_error - **Verification:** ai_generated - **Fix Rate:** 82% ## Root Cause The private key provided to openssl_private_decrypt() is malformed, missing header/footer, or in an unsupported format (e.g., PKCS#1 instead of PKCS#8). ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | PHP 8.1 | active | — | — | | PHP 8.2 | active | — | — | | PHP 8.3 | active | — | — | | OpenSSL 1.1.1 | active | — | — | | OpenSSL 3.0 | active | — | — | ## Workarounds 1. **Convert the private key from PKCS#1 to PKCS#8 format using OpenSSL command: `openssl pkcs8 -topk8 -inform PEM -outform PEM -in private.pem -out private_pkcs8.pem -nocrypt`** (85% success) ``` Convert the private key from PKCS#1 to PKCS#8 format using OpenSSL command: `openssl pkcs8 -topk8 -inform PEM -outform PEM -in private.pem -out private_pkcs8.pem -nocrypt` ``` 2. **Ensure the key string includes the correct header and footer (e.g., '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----') and no extra whitespace or line breaks.** (75% success) ``` Ensure the key string includes the correct header and footer (e.g., '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----') and no extra whitespace or line breaks. ``` 3. **Use `openssl_pkey_get_private()` to validate the key before passing it to decryption functions; if it returns false, log the OpenSSL error with `openssl_error_string()`.** (90% success) ``` Use `openssl_pkey_get_private()` to validate the key before passing it to decryption functions; if it returns false, log the OpenSSL error with `openssl_error_string()`. ``` ## Dead Ends - **** — The extension is already installed and functional; the error is about key content, not extension availability. (70% fail) - **** — Memory and time settings do not affect key parsing logic. (90% fail) - **** — The error occurs after the key is loaded; permissions affect file reading, not key validation. (80% fail)