{
  "id": "php/openssl-key-format-mismatch",
  "signature": "Warning: openssl_verify(): Supplied key param cannot be coerced into a public key in /var/www/app/src/Auth/JwtValidator.php on line 42",
  "signature_zh": "警告：openssl_verify()：提供的密钥参数无法转换为公钥，位置：/var/www/app/src/Auth/JwtValidator.php第42行",
  "regex": "Warning:\\s+openssl_verify\\(\\):\\s+Supplied\\s+key\\s+param\\s+cannot\\s+be\\s+coerced\\s+into\\s+a\\s+public\\s+key",
  "domain": "php",
  "category": "auth_error",
  "subcategory": null,
  "root_cause": "The public key provided to openssl_verify() is in an unsupported format (e.g., PKCS#1 instead of PKCS#8, or missing proper PEM headers), causing OpenSSL to reject the key.",
  "root_cause_type": "generic",
  "root_cause_zh": "提供给openssl_verify()的公钥格式不受支持（例如PKCS#1而非PKCS#8，或缺少正确的PEM头），导致OpenSSL拒绝该密钥。",
  "versions": [
    {
      "version": "PHP 7.4",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "PHP 8.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "PHP 8.1",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "PHP 8.2",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "PHP 8.3",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "OpenSSL 1.1.1",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "OpenSSL 3.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "The issue is the key format structure (PEM headers, line breaks), not just encoding. A raw binary key without proper boundaries will fail the same way.",
      "fail_rate": 0.9,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Extra whitespace or BOM can corrupt the PEM header; OpenSSL requires exact format: `-----BEGIN PUBLIC KEY-----` on its own line.",
      "fail_rate": 0.85,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Ensure the public key is in PKCS#8 PEM format. Convert if needed using OpenSSL CLI: `openssl pkey -in private_key.pem -pubout -out public_key.pem`. Then load it in PHP with `$key = file_get_contents('/path/to/public_key.pem');` and ensure no extra whitespace.",
      "success_rate": 0.95,
      "how": "Ensure the public key is in PKCS#8 PEM format. Convert if needed using OpenSSL CLI: `openssl pkey -in private_key.pem -pubout -out public_key.pem`. Then load it in PHP with `$key = file_get_contents('/path/to/public_key.pem');` and ensure no extra whitespace.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Use `openssl_get_publickey()` instead of passing the key string directly; this function auto-detects and converts formats. Example: `$pubKey = openssl_get_publickey(file_get_contents('key.pem')); if ($pubKey === false) { echo openssl_error_string(); }`",
      "success_rate": 0.9,
      "how": "Use `openssl_get_publickey()` instead of passing the key string directly; this function auto-detects and converts formats. Example: `$pubKey = openssl_get_publickey(file_get_contents('key.pem')); if ($pubKey === false) { echo openssl_error_string(); }`",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Ensure the public key is in PKCS#8 PEM format. Convert if needed using OpenSSL CLI: `openssl pkey -in private_key.pem -pubout -out public_key.pem`. Then load it in PHP with `$key = file_get_contents('/path/to/public_key.pem');` and ensure no extra whitespace.",
    "Use `openssl_get_publickey()` instead of passing the key string directly; this function auto-detects and converts formats. Example: `$pubKey = openssl_get_publickey(file_get_contents('key.pem')); if ($pubKey === false) { echo openssl_error_string(); }`"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://www.php.net/manual/en/function.openssl-verify.php",
  "official_doc_section": null,
  "error_code": "E_WARNING",
  "verification_tier": "ai_generated",
  "confidence": 0.88,
  "fix_success_rate": 0.9,
  "resolvable": "true",
  "first_seen": "2023-09-05",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}